Grails: disable Spring Security Core on certain paths

Question

How do I set up Spring Security Core in a way that calls to a certain pattern (such as /api/**) are not filtered?

grails.plugins.springsecurity.filterChain.chain         


        

Answer 1

You can implement a simple non-authentication filter::

class NonAuthenticationFilter  extends GenericFilterBean {

    void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        chain.doFilter(request, response);
    }
}

Define it in resources.groovy:

beans = {
    nonAuthFilter(NonAuthenticationFilter)
}

And configure your url pattern:

grails.plugins.springsecurity.filterChain.chainMap = [
    '/api/**': 'nonAuthFilter',
    '/**': 'JOINED_FILTERS',
]
grails.plugins.springsecurity.interceptUrlMap = [
    '/api/**': ['IS_AUTHENTICATED_ANONYMOUSLY']
]