Using grails spring security to secure URLs with http method

Question

I'm using spring security 1.2.7.3, and I want to secure URLs with http method, in other words I want something like this in my config.groovy:

grails.plugins.springsecurity.interceptUrlMap = [
    '/api/person/**':  ['ROLE_ADMIN'], //IF HTTP "POST"
    '/api/person/**':  ['IS_AUTHENTICATED_ANONYMOUSLY'], //IF HTTP "GET"
}

Is it possible? I know that there are of course other ways to achieve this but I prefer to solve the problem in this way.

p.s. this question has already been asked here before.

score 1 · Accepted Answer · answered Oct 21 '14 at 18:21

I tested out the following and it seemed to work quite well:

grails.plugin.springsecurity.securityConfigType = SecurityConfigType.InterceptUrlMap
grails.plugin.springsecurity.interceptUrlMap = [
    '/myFirst/**': ["request.getMethod().equals('GET') || hasRole('ROLE_ADMIN')"],
    '/mySecond/**': ["permitAll"]
]

I based the usage of request.getMethod() on the documentation found at the link below and took a little liberty in using an || expression.

http://grails-plugins.github.io/grails-spring-security-core/guide/requestMappings.html

In your example you supplied two entries for 'api/person/**', but that unfortunately won't work because each entry would have the same key for the interceptUrlMap. Combine what you want for options with || and &&.

It's plugin v2 but I checked the Grails docs all the way back to v1.2 and it indicates this is supported — th3morg, Oct 24 '14 at 10:58

Using grails spring security to secure URLs with http method

1 Answers1