Table of contents
Grails
Security Roles
Properties
application.groovy=[pattern: '/adminDashboard/**', access: ['ROLE_ADMIN']]
controller above methods
@Secured(['ROLE_USER', 'ROLE_ADMIN'])
@Secured("hasRole('ROLE_PERMISSION_ACCESS_ASSESSMENTS')")
@Secured("(hasRole('ROLE_ORDER_SHOW') or hasRole('ROLE_RESULT_SHOW') ) and hasRole('ROLE_PERMISSION_ACCESS_ASSESSMENTS')")
@Secured("hasAnyRole('ROLE_ORDER_SHOW', 'ROLE_RESULT_SHOW') and hasRole('ROLE_PERMISSION_ACCESS_ASSESSMENTS')")
@Secured(value = ['permitAll'], httpMethod = 'POST')
@Secured(value = ['IS_AUTHENTICATED_ANONYMOUSLY'], httpMethod = 'POST')
controller body
SpringSecurityUtils.ifAllGranted('ROLE_ADMIN')
SpringSecurityUtils.ifNotGranted()
SpringSecurityUtils.ifAnyGranted()
views/gsp
<sec:ifLoggedIn>
<sec:ifNotLoggedIn>
Check user security roles
def user = springSecurityService?.authentication?.details
//Check security context
def authentication = SecurityContextHolder.getContext().getAuthentication()
//Checking variables in security notation in controller
@Secured(closure = {
def status = ctx.templateService.getTemplate(request.getParameter('id')).status.name()
(hasRole("ROLE_ADMIN_TP") && status != 'UNPUBLISH' || 'DRAFT')
})