Home/ Questions/Q 6739887
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T11:32:27+00:00

I am creating my first Grails app and am using the spring-security-core and spring-security-ui.

  • 0

I am creating my first Grails app and am using the spring-security-core and spring-security-ui. I have locked down controllers that I have created in my application but there is a gaping hole left in the fact that any unauthenticated user can hit the spring-security-ui controllers. What is the proper way to limit access to those controllers to specific roles?

I am considering running s2ui-override on each of those controllers and then implementing secured annotations at the class level. Is this a sound approach?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I generally use annotations for application controllers and static rules in Config.groovy for the controllers provided by plugins like spring-security and spring-security-ui:

    grails.plugins.springsecurity.controllerAnnotations.staticRules = [
    '/aclClass/**': ['ROLE_ADMIN'],
    '/aclSid/**': ['ROLE_ADMIN'],
    '/aclObjectIdentity/**': ['ROLE_ADMIN'],
    '/aclEntry/**': ['ROLE_ADMIN'],
    '/persistentLogin/**': ['ROLE_ADMIN'],
    '/requestmap/**': ['ROLE_ADMIN'],
    '/securityInfo/**': ['ROLE_ADMIN'],
    '/registrationCode/**': ['ROLE_ADMIN'],
    '/role/**': ['ROLE_ADMIN'],
    '/user/**': ['ROLE_ADMIN'],
    '/console/**': ['ROLE_ADMIN'],

    '/register/**': ['IS_AUTHENTICATED_ANONYMOUSLY']
]
    • 0