I'm looking to add some security to my small service written on Grails: restriction by IP, force HTTPS and maybe something more later.
So I've added spring-security-core dependency
compile 'org.grails.plugins:spring-security-core:2.0-RC4'
to my build.gradle and something like this
grails.plugin.springsecurity.secureChannel.definition = ['/**': 'REQUIRES_SECURE_CHANNEL']
grails.plugin.springsecurity.ipRestrictions = ['/**': ['127.0.0.1', '%MY-OFFICE-IP-HERE%']]
to my Config.groovy.
Service is quite simple, it only has two controllers that return some data in JSON format. But spring-security-core plugin by default adds user authentication: login page, logout interceptor, access denied handler and so on. I don't need such functionality at this time and want to disable it. How can I do it?
只需将此添加到Config.groovy for development环境中:
grails.plugin.springsecurity.active = false
so what you are saying is you just want IP restriction but not roles, securing your controllers/methods or any actual security for your application because it's in the DMZ???
Then you don't want Spring-security, just implement something like this... How do you get Client IP Address in a Grails controller?
detect IP in filter and reject if it doesn't match acceptable IP's in config
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.