I’m trying to use the spring-security-core database request map config and it doesn’t seem to be working for me (not working meaning not applying any restrictions).
here is my Config.groovy:
grails.plugins.springsecurity.userLookup.userDomainClassName = 'com.xxx.Person'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'com.xxx.PersonRole'
grails.plugins.springsecurity.authority.className = 'com.xxx.Role'
grails.plugins.springsecurity.requestMap.className = 'com.xxx.Requestmap'
grails.plugins.springsecurity.securityConfigType = grails.plugins.springsecurity.SecurityConfigType.Requestmap
Here are a few request maps in the DB:
requestmap/** | ROLE_ADMIN
user/** | ROLE_ADMIN
registrationCode/**| ROLE_ADMIN
securityInfo/** | ROLE_ADMIN
role/** | ROLE_ADMIN
However, i can login into a user without the 'ROLE_ADMIN' role and freely access the above urls.
may bad… I needed to prefix the request map url with a ‘/’ so (
'/user/**'not'user/**')