问题
One can use things annotations like:
@Secured(['ROLE_ADMIN'])
on an actions or on an entire class (seems to work fine), to apply the security control provided by spring security core. Is there a way to apply security to the hidden scaffolded actions, without applying the security constraint to the whole class? I want to use one security constraint for some actions, and a different one for the hidden scaffolded actions.
NOTE: if this isn't immediately do-able/answerable, please disregard, as I will generate the code and include it in that way. I searched and didn't see it, so I'm just wondering if someone knows how to do / if it exists.
回答1:
If you're using annotations you can secure non-annotated urls with the grails.plugins.springsecurity.controllerAnnotations.staticRules config property - see section "5.1 Defining Secured Annotations" in the docs
来源:https://stackoverflow.com/questions/8364750/grails-spring-security-core-adding-security-to-the-hidden-scaffolded-actions