(Quick Reference)

1 Introduction to the Spring Security Plugin

The Spring Security plugin simplifies the integration of Spring Security into Grails applications. The plugin provides sensible defaults with many configuration options for customization. Nearly everything is configurable or replaceable in the plugin and in Spring Security itself, which makes extensive use of interfaces.

This guide documents configuration defaults and describes how to configure and extend the Spring Security plugin for Grails applications.

Release History and Acknowledgment

• December 7, 2015
• 2.0.0 release
• November 16, 2015
• 2.0-RC6 release
• June 4, 2015
• 2.0-RC5 release
• July 8, 2014
• 2.0-RC4 release
• May 19, 2014
• 2.0-RC3 release
• October 4, 2013
• 2.0-RC2 release
• JIRA Issues
• October 3, 2013
• 2.0-RC1 release
• April 6, 2012
• 1.2.7.3 release
• JIRA Issues
• February 2, 2012
• 1.2.7.2 release
• JIRA Issues
• January 18, 2012
• 1.2.7.1 release
• JIRA Issues
• December 30, 2011
• 1.2.7 release
• JIRA Issues
• December 2, 2011
• 1.2.6 release
• JIRA Issues
• December 1, 2011
• 1.2.5 release
• October 18, 2011
• 1.2.4 release
• October 15, 2011
• 1.2.3 release
• October 15, 2011
• 1.2.2 release
• JIRA Issues
• August 17, 2011
• 1.2.1 release
• JIRA Issues
• July 31, 2011
• 1.2 release
• JIRA Issues
• May 23, 2011
• 1.1.3 release
• JIRA Issues
• February 26, 2011
• 1.1.2 release
• February 26, 2011
• 1.1.1 release
• JIRA Issues
• August 8, 2010
• 1.1 release
• JIRA Issues
• August 1, 2010
• 1.0.1 release
• July 27, 2010
• 1.0 release
• JIRA Issues
• July 16, 2010
• 0.4.2 release
• JIRA Issues
• June 29, 2010
• 0.4.1 release
• JIRA Issues
• June 21, 2010
• 0.4 release
• JIRA Issues
• May 12, 2010
• 0.3.1 release
• JIRA Issues
• May 12, 2010
• 0.3 release
• JIRA Issues
• May 2, 2010
• 0.2 release
• April 27, 2010
• initial 0.1 release

This plugin is based on work done for the Acegi plugin by Tsuyoshi Yamamoto.

1.1 Configuration Settings Now in Config.groovy

The Spring Security plugin maintains its configuration in the standard Config.groovy file. Default values are in the plugin's grails-app/conf/DefaultSecurityConfig.groovy file, and you add application-specific values to the grails-app/conf/Config.groovy file. The two configurations will be merged, with application values overriding the defaults.

This structure enables environment-specific configuration such as, for example, fewer structure-restrictive security rules during development than in production. Like any environment-specific configuration parameters, you wrap them in an environments block.

The plugin's configuration values all start with grails.plugin.springsecurity to distinguish them from similarly named options in Grails and from other plugins. You must specify all property overrides with the grails.plugin.springsecurity suffix. For example, you specify the attribute password.algorithm as:

grails.plugin.springsecurity.password.algorithm='bcrypt'

in Config.groovy

1.2 Getting Started

Once you install the plugin, you simply run the initialization script, s2-quickstart, and make any required configuration changes in Config.groovy. The plugin registers filters in web.xml, and also configures the Spring beans in the application context that implement various pieces of functionality. Grails dependency management determines which jar files to use.

To get started using the Spring Security plugin with your Grails application, see Tutorials.

You do not need to know much about Spring Security to use the plugin, but it can be helpful to understand the underlying implementation. See the Spring Security documentation.