A sample application showing how to use expressions to guard access when access rules are simple and roles aren’t required.

In this example there isn’t even a Role or UserRole domain class, only the User class.

Items of note:

• test.User is the user domain class generated by the s2-quickstart script with a few modifications:

  • a final authorities = [] property so GormUserDetailsService works correctly, but doesn’t grant any roles since there aren’t any (for demo purposes here, since there is a custom UserDetailsService)

  • a UserType userType property

  • a String businessUnit property

  • a boolean developer property

• the Role and UserRole classes generated by the s2-quickstart script were deleted since they’re not used

• four users are created in BootStrap.groovy, all with password “password”:

  • admin1 has UserType admin, businessUnit: 'group1'

  • admin2 has UserType admin, businessUnit: 'group2'

  • salesdude has UserType sales, businessUnit: 'group1'

  • codemonkey has UserType other, businessUnit: 'it', developer true

• secured.SecureController has several annotated actions using expressions to guard access

• a custom UserDetailsService creates an extended UserDetails instance to cache nonstandard user properties for use in expressions

• debug/trace logging for the plugin and Spring Security is configured but commented out in logback.groovy

• the application is intentionally stripped-down:

  • there are no static resources

  • the GSPs are very minimal

  • all unused attributes were removed from the grails.plugin.springsecurity block in application.groovy