Separating and securing Grails controllers

Ever wanted to have several Grails controllers automatically secured – just by name?

I had to make a subset of my Grails 1.2.2 application controllers only available to a certain group of people. A few controllers made actions on the application possible which only Administrators were allowed to do.

Acegi what?

So, I think everybody recognizes the ever so popular Acegi way (using Spring Security) of securing things with a single in SecurityConfig.groovy:

security {
	active = true

	useRequestMapDomainClass = false
	requestMapString = """


This way a login-screen will appear when a user tries to open the HelloController on /hello since ROLE_USER is required. Well, not really high-tech yet – a basic example you could find in the Acegi plugin’s documentation as well.

More…more controllers!

Let’s introduce several other controllers next to the Notice I myself made up the package name – just a habit to seperate Domain classes, Controllers and Services into, and

Continue reading “Separating and securing Grails controllers”