My app has this url mapping:
"/"(controller: 'app', action: 'index')
And I'm using a domain class to store RequestMap instances in the database. The access to app/index is restricted to certain roles, so when a user hits / or /app/index, the login form is shown.
When a user, that has permissions to see / or /app/index logs in, the app is showing a message: "Sorry, you're not authorized to view this page.", so for some reason Spring Security is not considering my RequestMaps.
I tried a lot of combinations, maybe I'm missing something. What I have right now is (Bootstrap.groovy):
new RequestMap(url: '/', configAttribute: 'ROLE_ADMIN').save()
new RequestMap(url: '/app/index', configAttribute: 'ROLE_ADMIN').save()
new RequestMap(url: '/**', configAttribute: 'ROLE_ADMIN').save()
The user I'm using to login has ROLE_ADMIN assigned, this is the console log on login:
userDetails grails.plugin.springsecurity.userdetails.GrailsUser@586034f:
Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true;
credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN
auth com.cabolabs.security.UserPassOrgAuthToken@40a3c9e2:
Principal: grails.plugin.springsecurity.userdetails.GrailsUser@586034f:
Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true;
credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN;
Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ADMIN
FYI, I customized the login to use user+pass+organization, that's why there is a UserPassOrgAuthToken instead of the standard UsernamePasswordAuthenticationToken
Edit
I also have rejectIfNoRule = true and defaultTargetUrl = '/app/index', not sure if this is affecting anything:
grails.plugin.springsecurity.rejectIfNoRule = true
grails.plugin.springsecurity.successHandler.defaultTargetUrl = '/app/index' // "/" is mapped to "/app/index"
