Spring security loads the roles of user from user role table based on all roles assigned to user and that role is application specific. But In my project i require to assign roles to user based on instance . So when the instance is changed roles should be changed .In grails we can overide the […]
In most of our applications we are using spring security core plugin for the authentication process. We define some roles in that . Have your ever thought about assigning precedence to the roles. Like, You are having 3 roles defined in your application. i.e. ROLE_SUPER_ADMIN, ROLE_ADMIN ,ROLE_ATTENDEE. While using these roles i.e [java] @Secured([‘ROLE_ATTENDEE’]) def […]
Many of Grails plugin like searchable and console can prove to be really dangerous if access to their URLs is not blocked. After adding searchable plugin to my project, I realized that access to its controllers was not defined and was open for all. Now this was a major security concern. There are many ways […]
We had a requirement in a recent project to expose some of the functionality we had via a JSON API. The functionality needed to be secure, as was the initial web interface which exposed the functionality. We were using Spring Security for the security aspect of our application. The spring security plugin, together with a […]
If you are using Grails Spring Security in your application, one killer functionality that we can easily provide is a simple user switcher Add this to your admin layout: [html] <sec:ifAllGranted roles=’ROLE_ADMIN’> <form action=’/j_spring_security_switch_user’ method=’POST’> Switch: <g:select from="${users}" optionKey="username" optionValue="displayInfo" name=’j_username’/>&nbsp;<input type=’submit’ value=’Switch’/> </form> </sec:ifAllGranted> <sec:ifSwitched> <a href=’${request.contextPath}/j_spring_security_exit_user’> Resume as <sec:switchedUserOriginalUsername/> </a> </sec:ifSwitched> [/html] In […]
