0

in Greach 2.0, Burt Beckwith talked about Pessimistic Lockdown.

I'm trying to setup Pessimistic Lockdown in my grails application but it doesn't work.

I've written in my Config.groovy:

grails.plugins.springsecurity.rejectIfNoRule = true

and my controller is:

class LibreController {
   def index = {
      render 'Forbidden access because there isn\'t rule'
   }
}

and typing in my navigator "http: // local /PruebaSeguridad /libre" I can read the message "Forbidden access because there isn't rule" without any authentication.

I'm not sure if I understood how Pessimistic Lockdown works or i'm doing anything wrong.

lucke84
  • 4,516
  • 3
  • 37
  • 58
user2022371
  • 1
  • of course i've read the documentation in http://grails-plugins.github.com/grails-spring-security-core/docs/manual/guide/5%20Configuring%20Request%20Mappings%20to%20Secure%20URLs.html and I've googled it, but ... – user2022371 Jan 29 '13 at 16:35
  • Works for me. It shouldn't be necessary, but did you already run the `s2-quickstart` script? Also - what version of Grails are you using? – Burt Beckwith Jan 29 '13 at 17:32
  • Hi Burt, yes I've run s2-quickstart and I'm using Grails 2.1.1 and plugin spring security core 1.2.7.3. Also, I'm using plugin kickstart-with-bootstrap 0.8.9, but I supose this doesn't mind – user2022371 Jan 30 '13 at 09:38
  • should I configurate allowedMethods in controller or is it not need? – user2022371 Jan 30 '13 at 09:42
  • You should try it without the kickstart-with-bootstrap plugin to see if that is affecting things. `allowedMethods` isn't related to this - it determines which request type (GET/POST/etc) is allowed for each method. – Burt Beckwith Jan 30 '13 at 14:57

1 Answers1

0

Solved! Initially I installed the kickstart-with-bootstrap plugin after spring-security-core and (I suppose) it broke something. I reinstalled kickstart-with-bootstrap after installing spring-security-core plugin and it works perfectly.

thank you very much

lucke84
  • 4,516
  • 3
  • 37
  • 58
user2022371
  • 1