I have been trying to integrate spring-security in one of my grails applications. As mentioned in the tutorial for spring security, I installed the plugin using the following code
BuildConfig.groovy: I added the following code
repositories {
mavenRepo 'http://repo.spring.io/milestone'
}
plugins {
compile ':spring-security-core:2.0-RC2'
}
Later I cleaned the code and compiled it to ensure that the dependencies are downloaded. I have also checked the .grails folder to ensure that the dependencies are downloaded.
Next I created the User and Role classes. (Note: I have named the classes as Person and Authority respectively).
After this I created the SecureController and have not added any security access annotations, but still I cannot access the secure controller. The control directly redirects to login controller
Question 1: Is it that after using spring security plugin every page needs authentication. Is there a way to access a page without logging in
Next I added the @Secured annotation to the SecureController. The @Secured annotation does not get detected at all though it is present in the plugins folder for the project. Initially I thought I missed something so I created the project again from start implementing the same steps. However this time the plugin gets detected
Question 2: Why does spring-security plugin behave so inconsistently
I tried to access the SecureController without logging in, I get the following error.
EL1008E:(pos 0): Field or property 'ADMIN_ROLE' cannot be found on object of type 'org.springframework.security.web.access.expression.WebSecurityExpressionRoot'
I also get the same error after logging in and trying to access the controller.
Question 3: Is it that I have missed any dependencies that need to be specified.
In the login page the form leads to some action 'j_security_check'. I did not notice this action in any of the controllers.
Question 4: Do I need to create a new action for the with this name
Kindly help me sorting out this isssue. Thanks a lot in advance for the help.
After install your plugin, you need to run s2-quickstart to get basic config.
If you want to rename default classes, you need to specify to Spring Security it in Config.groovy file:
The below line, is for reject all request if not exists rule for this resources.
As you can see in documentation. You have 4 differents forms to protect your resources.
I agree with Burth, one question per question please.