Table of contents
  1. Grails
    1. Security Roles
      1. Properties
      2. controller above methods
      3. controller body
      4. views/gsp
      5. Check user security roles




Grails

Security Roles

Properties

 application.groovy=[pattern: '/adminDashboard/**', access: ['ROLE_ADMIN']]    

controller above methods

@Secured(['ROLE_USER', 'ROLE_ADMIN'])     
@Secured("hasRole('ROLE_PERMISSION_ACCESS_ASSESSMENTS')")     
@Secured("(hasRole('ROLE_ORDER_SHOW') or hasRole('ROLE_RESULT_SHOW') ) and hasRole('ROLE_PERMISSION_ACCESS_ASSESSMENTS')")     
@Secured("hasAnyRole('ROLE_ORDER_SHOW', 'ROLE_RESULT_SHOW') and hasRole('ROLE_PERMISSION_ACCESS_ASSESSMENTS')")    
    @Secured(value = ['permitAll'], httpMethod = 'POST')    
    @Secured(value = ['IS_AUTHENTICATED_ANONYMOUSLY'], httpMethod = 'POST')    

controller body

SpringSecurityUtils.ifAllGranted('ROLE_ADMIN')

SpringSecurityUtils.ifNotGranted()

SpringSecurityUtils.ifAnyGranted()     

views/gsp


<sec:ifLoggedIn>
    <sec:ifNotLoggedIn>     

Check user security roles

def user = springSecurityService?.authentication?.details

//Check security context     
def authentication = SecurityContextHolder.getContext().getAuthentication()

//Checking variables in security notation in controller     
@Secured(closure = {
    def status = ctx.templateService.getTemplate(request.getParameter('id')).status.name()
    (hasRole("ROLE_ADMIN_TP") && status != 'UNPUBLISH' || 'DRAFT')
})