Recently, I stumbled upon a scenario where I had to map the roles from legacy database to spring security’s InterceptUrlMap and they did not have the ROLE_ prefix to them. I faced the following error:
1 2 3 |
[php] Field or property 'ADMIN' cannot be found on object of type 'org.springframework.security.web.access.expression.WebSecurityExpressionRoot' [/php] |
for the following InterceptUrlMap:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
[php] com.jft.prashant.sec.role.admin = 'ADMIN' grails.plugin.springsecurity.interceptUrlMap = [ '/static/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/plugins/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/css/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/skin/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/logout/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/j_spring_security_check': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/user/index': ['IS_AUTHENTICATED_FULLY'], '/user/**': [com.jft.prashant.sec.role.admin] // more mapping ] [/php] |
Solution was to switch to the expression in the mapping like:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
[php] com.jft.prashant.sec.role.admin = 'ADMIN' com.jft.prashant.sec.role.user = 'USER' grails.plugin.springsecurity.interceptUrlMap = [ '/static/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/plugins/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/css/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/skin/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/logout/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/j_spring_security_check': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/user/index': ['IS_AUTHENTICATED_FULLY'], '/user/**': ["hasAnyRole('${com.jft.prashant.sec.role.admin}')"], '/role/index': ['IS_AUTHENTICATED_FULLY'], '/role/**': ["hasAnyRole('${com.jft.prashant.sec.role.admin}')"], '/userRole/**': ["hasAnyRole('${com.jft.prashant.sec.role.admin}')"], '/*': ['IS_AUTHENTICATED_FULLY'] ] [/php] |
Fork the sample code from here to see it in action. Hope, it saves you from trouble. 🙂
Great work, very helpful.
very helpful for me . keep it up 🙂