21 Miscellaneous Properties - Reference Documentation
Authors: Burt Beckwith, Beverley Talbott
Version: 2.0.0
21 Miscellaneous Properties
| Property | Default Value | Meaning |
|---|---|---|
| active | true | Whether the plugin is enabled. |
| printStatusMessages | true | Whether to print status messages such as "Configuring Spring Security Core ..." |
| rejectIfNoRule | true | 'strict' mode where a request mapping is required for all resources; if true make sure to allow IS_AUTHENTICATED_ ANONYMOUSLY for '/', '/js/**', '/css/**', '/images/**', '/login/**', '/logout/**', and so on. |
| anon. key | 'foo' | anonymousProcessingFilter key. |
| atr. anonymousClass | grails.plugin.springsecurity. authentication. GrailsAnonymous AuthenticationToken | Anonymous token class. |
| useHttpSession EventPublisher | false | If true, an HttpSession EventPublisher will be configured. |
| cacheUsers | false | If true, logins are cached using an EhCache. See Account Locking and Forcing Password Change, under User Cache. |
| useSecurity EventListener | false | If true, configure SecurityEventListener. See Events. |
| dao. reflectionSalt SourceProperty | none | Which property to use for the reflection-based salt source. See Salted Passwords |
| dao. hideUserNot FoundExceptions | true | if true, throws a new BadCredentialsException if a username is not found or the password is incorrect, but if false re-throws the UsernameNot FoundException thrown by UserDetailsService (considered less secure than throwing BadCredentialsException for both exceptions) |
| requestCache. createSession | true | Whether caching SavedRequest can trigger the creation of a session. |
| roleHierarchy | none | Hierarchical role definition. See Hierarchical Role Definition. |
| voterNames | ['authenticatedVoter', 'roleVoter', 'closureVoter'] | Bean names of voters. See Voters. |
| providerNames | ['daoAuthenticationProvider', 'anonymousAuthenticationProvider', 'rememberMeAuthenticationProvider'] | Bean names of authentication providers. See Authentication Providers. |
| securityConfigType | 'Annotation' | Type of request mapping to use, one of "Annotation", "Requestmap", or "InterceptUrlMap" (or the corresponding enum value from SecurityConfigType). See Configuring Request Mappings to Secure URLs. |
| controllerAnnotations. lowercase | true | Whether to do URL comparisons using lowercase. |
| controllerAnnotations. staticRules | none | Extra rules that cannot be mapped using annotations. |
| interceptUrlMap | none | Request mapping definition when using "InterceptUrlMap". See Simple Map in Config.groovy. |
| registerLoggerListener | false | If true, registers a LoggerListener that logs interceptor-related application events. |
| scr. allowSessionCreation | true | Whether to allow creating a session in the securityContextRepository bean |
| scr. disableUrlRewriting | true | Whether to disable URL rewriting (and the jsessionid attribute) |
| scr. springSecurity ContextKey | HttpSessionSecurity ContextRepository. SPRING_SECURITY_ CONTEXT_KEY | The HTTP session key to store the SecurityContext under |
| scpf. forceEager SessionCreation | false | Whether to eagerly create a session in the securityContextRepository bean |
| sch. strategyName | SecurityContextHolder. MODE_THREADLOCAL | The strategy to use for storing the SecurityContext - can be one of MODE_THREADLOCAL, MODE_INHERITABLETHREADLOCAL, or MODE_GLOBAL, or the name of a class implementing SecurityContextHolderStrategy |
| debug. useFilter | false | Whether to use the DebugFilter to log request debug information to the console |
| providerManager. eraseCredentials AfterAuthentication | true | Whether to remove the password from the Authentication and its child objects after successful authentication |