I have a Grails application (2.0.4) using the Spring Security Plugin (version 1.2.7.3) and a secure annotation approach (by default here ).
Now I have these URLs in UrlMapping.groovy with a resource key or a pair of controller / action, for example:
"/$controller/$action?/$id?" { constraints { // apply constraints here } } // other rules, all working properly "/api/item/$id?"(resource: 'itemRest') '/api/item/batch-delete'(controller: 'itemRest', action: 'batchDelete')
RESTful mapping works fine with ItemRestController: each method (show, update, save, delete) correctly maps to the corresponding HTTP method. And an extra method (batchDelete) also works.
I got the API URL by doing the following:
grails.plugins.springsecurity.controllerAnnotations.staticRules = [ // ... '/something/**': ['IS_AUTHENTICATED_FULLY'] '/api/**': ['IS_AUTHENTICATED_FULLY'] ]
Now I am redirected to the login page if I call:
http://host/context/something/bla_bla
But if I do not call (with the appropriate payload, when necessary):
http://host/context/api/item/batchDelete http://host/context/api/item/1 http://host/context/api/item
My suspect is that static rules do not work properly when matching the rest of the controller with the resource key.
Also note that in the UrlMapping.groovy file, the URL for something is missing.
Any ideas?
source share