Home/ Questions/Q 6968115
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T16:24:35+00:00

I’m trying to use the latest spring security plugin for grails, but I’ve hit

  • 0

I’m trying to use the latest spring security plugin for grails, but I’ve hit a little bump.

I have a controller with this method:

@Secured(['ROLE_USER'])
def query = {
}

When I hit http://localhost:8080/myApp/myController/query, I get prompted for authorization as appropriate. However, I need to do content type negotiation via the filename extension. Using

grails.mime.file.extensions=true

I can use the same UrlMappings and get to my controller method via .../myApp/myController/query.js?params=blah. However, I am not prompted for authentication, and either the request goes through automatically or fails, depending on how I’ve set grails.plugins.springsecurity.rejectIfNoRule

How can I use file type negotiation with the spring security plugin?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Turn off grails.mime.file.extensions and add this filter:

    class FileExtensionContentNegotiationFilters {
    final static String DEFAULT_FORMAT = "js"
    def filters = {
        all(controller: '*', action: '*') {
            before = {
                addFormatToRequestByFileExtension(request)
            }
            after = {
            }
            afterView = {
            }
        }
    }

    protected addFormatToRequestByFileExtension(def request) {
        String suffix = getSuffixFromPath(request.forwardURI)
        String extension = FilenameUtils.getExtension(suffix)

        if (extension.isEmpty()) {
            request[GrailsApplicationAttributes.CONTENT_FORMAT] = DEFAULT_FORMAT
        }
        else {
            request[GrailsApplicationAttributes.CONTENT_FORMAT] = extension
        }
    }

    protected String getSuffixFromPath(String pathWithoutParams) {
        int lastSlash = pathWithoutParams.lastIndexOf("/")

        if (lastSlash < 0) {
            return ""
        }

        return pathWithoutParams.substring(lastSlash + 1)
    }
}
    • 0