Error using spring-security plugin in grails

Question

I have been trying to integrate spring-security in one of my grails applications. As mentioned in the tutorial for spring security, I installed the plugin using the following code

BuildConfig.groovy: I added the following code

repositories {
mavenRepo 'http://repo.spring.io/milestone'
}

plugins {
compile ':spring-security-core:2.0-RC2'
}

Later I cleaned the code and compiled it to ensure that the dependencies are downloaded. I have also checked the .grails folder to ensure that the dependencies are downloaded.

Next I created the User and Role classes. (Note: I have named the classes as Person and Authority respectively).

After this I created the SecureController and have not added any security access annotations, but still I cannot access the secure controller. The control directly redirects to login controller

Question 1: Is it that after using spring security plugin every page needs authentication. Is there a way to access a page without logging in

Next I added the @Secured annotation to the SecureController. The @Secured annotation does not get detected at all though it is present in the plugins folder for the project. Initially I thought I missed something so I created the project again from start implementing the same steps. However this time the plugin gets detected

Question 2: Why does spring-security plugin behave so inconsistently

I tried to access the SecureController without logging in, I get the following error.

EL1008E:(pos 0): Field or property 'ADMIN_ROLE' cannot be found on object of type 'org.springframework.security.web.access.expression.WebSecurityExpressionRoot'

I also get the same error after logging in and trying to access the controller.

Question 3: Is it that I have missed any dependencies that need to be specified.

In the login page the form leads to some action 'j_security_check'. I did not notice this action in any of the controllers.

Question 4: Do I need to create a new action for the with this name

Kindly help me sorting out this isssue. Thanks a lot in advance for the help.

Answer 1

After install your plugin, you need to run s2-quickstart to get basic config.

If you want to rename default classes, you need to specify to Spring Security it in Config.groovy file:

grails.plugins.springsecurity.userLookup.userDomainClassName = 'sys.Usuario'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'sys.UsuarioRol'
grails.plugins.springsecurity.authority.className = 'sys.Rol'
// This last two lines if you're using Requestmap Instances method for protect your resources
grails.plugins.springsecurity.requestMap.className = 'sys.Requestmap'
grails.plugins.springsecurity.securityConfigType = 'Requestmap'

The below line, is for reject all request if not exists rule for this resources.

grails.plugins.springsecurity.rejectIfNoRule = true

As you can see in documentation . You have 4 differents forms to protect your resources.

1. Secured Annotations
2. Simple Map in Config.groovy
3. Requestmap Instances Stored in the Databases
4. Using Expressions to Create Descriptive, Fine-Grained Rules

I agree with Burth, one question per question please.