Spring security 3.0.3 - YML security config not working if defined inside plugin or sub plugin

Question

Problem Statement

Envt: JDK 1.7 Grails 3.1.4 Spring Securty 3.0.3

We have following project structure Grails App -- My Custom Security Plugin -- Grails Spring Security 3.0.3

I have following YML defined inside Custom Security Plugin Application.YML

grails:
    plugin:
        springsecurity:
            active: true
            password.algorithm: 'bcrypt'
            userLookup.userDomainClassName: 'com.etorient.products.smeerp.User'
            userLookup.userAuthorityGroupsPropertyName: 'activeRightGroups'
            userLookup.userGroupPropertyName: 'activeUserGroups'
            userLookup.userGroupAuthoritiesPropertyName: 'activeAccessRights'
            userLookup.userGroupAuthorityGroupsPropertyName: 'activeRightGroups'
            userLookup.groupAuthoritiesPropertyName: 'activeAccessRights'
            userLookup.enabledPropertyName: "active"
            authority.className: 'com.etorient.products.smeerp.AccessRight'
            authority.nameField: 'rightText'
            authority.userLookup.authoritiesPropertyName: 'activeAccessRights'
            authority.userLookup.authorityJoinClassName: 'com.etorient.products.smeerp.SecUserAccessRight'
            useRoleGroups: true
            logout.postOnly: false
            rejectIfNoRule: false
            fii.rejectPublicInvocations: false
            successHandler.defaultTargetUrl: '/admin'
            securityConfigType: 'Annotation'
            controllerAnnotations.staticRules: 
                - pattern: '/'
                  access: ['permitAll']
                - pattern: '/error'
                  access: ['permitAll']
                - pattern: '/index'
                  access: ['permitAll']
                - pattern: '/index.gsp'
                  access: ['permitAll']
                - pattern: '**/assets**/**'
                  access: ['permitAll']
                - pattern: '/assets/**'
                  access: ['permitAll']
                - pattern: '/**/js/**'
                  access: ['permitAll']
                - pattern: '/error'
                  access: ['permitAll']
                - pattern: '/**/css/**'
                  access: ['permitAll']
                - pattern: '/**/images/**'
                  access: ['permitAll']
                - pattern: '/**/fonts/**'
                  access: ['permitAll']
                - pattern: '/**/favicon.ico'
                  access: ['permitAll']
                - pattern: '/**/resources**/**'
                  access: ['permitAll']
                - pattern: '/login'
                  access: ['permitAll']
                - pattern: '/login.*'
                  access: ['permitAll']
                - pattern: '/login/*'
                  access: ['permitAll']
                - pattern: '/logout'
                  access: ['permitAll']
                - pattern: '/logout.*'
                  access: ['permitAll']
                - pattern: '/logout/*'
                  access: ['permitAll']

Problem:

Grails never picks up the YML static rules. Asking for authentication for all the resources. Is there problem with YML definition or its a bug?

adibak20 adibak20 · Accepted Answer · 2016-04-25T15:13:53

You can create file application.groovy in /conf directory and this file can contain rules eg:

grails {
    plugin {
        springsecurity {
            .
            .
            .
            interceptUrlMap = [
                    [pattern: '/',                                          access: ['permitAll']],
                    [pattern: '/error',                                     access: ['permitAll']]
                    .
                    .
                    .
            ]
        }
    }
}

Spring security 3.0.3 - YML security config not working if defined inside plugin or sub plugin

Problem Statement

1 Answers