Grails Spring Security Core 3.2.0.M1 - secure annotations not working -
i have upgraded grails , spring security latest (3.3.0.rc1 , 3.2.0.m1 respectively) following of migration paths annotations no longer work. control follows through not authorised callback (grails.plugin.springsecurity.adh.errorpage). have own list of enum backed permissions use populate list of authorities being correctly loaded user object no longer work in annotations using hasrole expression follows;
@secured(["hasanyrole('perm_view_reports'"])
other expressions working fine such following
@secured("authentication.name == 'sys_admin'") @secured("hasrole('perm_view_reports')")
i don't suppose has had similar experience latest spring security release grails. remember above has worked until upgraded don't see in migration path suggests there might problem system. thanking suggestions in advance.
this came down "role_" prefix being mandatory again in new spring security 3.2.0.m1 release. can seen above, had being using "perm_" prefix indicate i'm using permission based instead of role based paradigm.
i'm hoping add migration guide plugin it's major omission afaic. hope become configuration option plugin in future release.
edit:
it turns out spring security have introduced new methods hasauthority()
, hasanyauthority()
not use default role prefix , can used in place of hasrole()
, hasanyrole()
.
i have forked , updated spring security docs 3.2 , sent pull request.
Comments
Post a Comment