3

I'd like to add custom SpEL methods in Grails applciation, like it's done for plain Spring-Security application in this question, by overriding EvaluationContext. Will this work?

How do I plug global-method-security into security config? I can configure security, but what to add there? Something like 

grails.plugins.springsecurity = {
    'global-method-security' {
        'expression-handler' {
            ref("myMethodSecurityExpressionHandler")
        }
    }
}

? But what code will interpret it?

Looking into SpringSecurityCoreGrailsPlugin.groovy also gives me no insights.

Community
  • 1
  • 1
Victor Sergienko
  • 13,115
  • 3
  • 57
  • 91

1 Answers1

2

This is only available if you also have the spring-security-acl plugin installed. It configures the expressionHandler bean:

expressionHandler(DefaultMethodSecurityExpressionHandler) {
   parameterNameDiscoverer = ref('parameterNameDiscoverer')
   permissionEvaluator = ref('permissionEvaluator')
   roleHierarchy = ref('roleHierarchy')
   trustResolver = ref('authenticationTrustResolver')
}

So if you have your own subclass of DefaultMethodSecurityExpressionHandler you can replace the bean in resources.groovy like this:

import com.mycompany.myapp.MyMethodSecurityExpressionHandler

beans = {
   expressionHandler(MyMethodSecurityExpressionHandler) {
      parameterNameDiscoverer = ref('parameterNameDiscoverer')
      permissionEvaluator = ref('permissionEvaluator')
      roleHierarchy = ref('roleHierarchy')
      trustResolver = ref('authenticationTrustResolver')
   }
}
Burt Beckwith
  • 75,342
  • 5
  • 143
  • 156
  • Thank you very much. The ACL plugin does it, but my `expressionHandler` neveer gets invoked. App's `resources.groovy` is executed before plugin's `configureExpressionBeans()/doWithSpring()` - so probably my `expressionHandler` is overridden by ACL's. Looking into a way to fix it. – Victor Sergienko Oct 17 '12 at 15:04
  • Didn't manage to make it pick up my `expressionHandler` - apparently ACL's is instantiated. What can I do? – Victor Sergienko Oct 22 '12 at 07:56
  • @VictorSergienko: Any success? I am in the same situation. – Umair Saleem Nov 20 '13 at 07:15
  • Sadly not, it never worked for me due to that `expressionHandler` problem. – Victor Sergienko Nov 20 '13 at 10:25