Home/ Questions/Q 8444489
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T09:24:26+00:00

Using simple filters for login & security in my grails application. now i need

  • 0

Using simple filters for login & security in my grails application.
now i need to connect to db – test1 using different login credential depending on logged in user role. if Admin logged in get write permission so different login & if user role logs in then read only.
How to implement it with filters??

DataSource.groovy

 environments {
 development {

/*IF LOGIN 'ADMIN' - SHOULD CONNECT USING THIS
 dataSource {
           username = 'admin'
           password = 'Guard1an'
           url = "jdbc:jtds:sqlserver://test1:1433;
           MVCC=TRUE"
           dbCreate = 'update'
       }
/*IF LOGIN 'USER' - SHOULD CONNECT USING THIS*/

 dataSource {           
              dbCreate = "update" // one of 'create', 'create-drop','update'
              username = 'user'
              password = 'tesoyear'
              url = "jdbc:jtds:sqlserver://test1:1433;
        }
dataSource_wldb1 {
            username = 'gdx'
            password = 'pinoil'
            url = "jdbc:jtds:sqlserver://wldb:1433/IVR_GUARDIAN"
            dbCreate = 'update'
    }
}

SecuirityFilter.groovy

   class SecurityFilters {
   def filters = {
   loginCheck(controller: 'load', action: '*') {
       before = {
          if (!session.user && !actionName.equals('login')) {
              flash.message = "User is not Logged in.Please login "
              redirect(controller:'user', action: 'index')
              return false
           }
       }
    }

  }
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you want to secure controllers, it should be enough (and better) to use @Secured annotation. This allows you to secure whole controller or single method by specifing required user role(s). Check http://blog.springsource.org/2010/08/11/simplified-spring-security-with-grails/ for more details. Below there is also an example.

    If you are going to need more sophisticated security, check spring-security-acl plugin, which allow to grant permissions for specific database objects.

    package org.example

import grails.plugins.springsecurity.Secured

class PostController {

    @Secured(['ROLE_USER'])
    def followAjax = { ... }

    @Secured(['ROLE_USER', 'IS_AUTHENTICATED_FULLY'])
    def addPostAjax = { ... }

    def global = { ... }

    @Secured(['ROLE_USER'])
    def timeline = { ... }

    @Secured(['IS_AUTHENTICATED_REMEMBERED'])
    def personal = { ... }
}
    • 0