-
Notifications
You must be signed in to change notification settings - Fork 224
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to wire in custom WebSecurityConfigurer in grails 5 #706
Comments
It won't get picked up unless you have @CompileStatic
@ComponentScan
class Application {
static void main(String[] args) {
Grails.run(Application, args)
}
} https://guides.grails.org/grails-configuration-properties/guide/index.html |
In Grace, this is no longer needed, when the |
@rainboyan in some cases developers might not want @CompileStatic
@Import(SecurityConfig)
class Application {
static void main(String[] args) {
Grails.run(Application, args)
}
} |
@codeconsole @SpringBootApplication(exclude = { DataSourceAutoConfiguration.class })
public class MyApplication {
} |
@rainboyan if you used |
@rainboyan using Grace 2023.0.0-M6 I created a sample app and still needed to add |
@codeconsole ---
spring:
security:
oauth2:
client:
registration:
github:
clientId: github-client-id
clientSecret: github-client-secret https://docs.spring.io/spring-boot/reference/web/spring-security.html#web.security.oauth2 |
@rainboyan I have my registrations in |
Issue description
I decided to post here, as I am not getting anything from the Stackoverflow post.
As part of moving our environments to Kubernetes, we are using Ambassador as the ingress service.
The app itself (the API side) is using Grails spring-security plugin. Having these two together, the preflight requests are not passing as the implementation will deny these requests. (see: https://www.getambassador.io/docs/edge-stack/latest/topics/using/cors/#authservice-and-cross-origin-resource-sharing).
I was digging for a solution for quite some time now, and the one that stands out in many places is to create a custom WebSecurityConfigurer (also, as suggested by Ambassador).
We I created the following:
However, this config is not getting picked up. Is there anything additional that I have to do to register it? My expectation was that the annotations are taking care of that.
Also tried
@EnableGlobalMethodSecurity
instead, the same result.Thanks for the advice.
I could also create an interceptor, but Grails interceptors cannot intercept the endpoints provided by the Spring Security core/rest plugins since the priority of their interceptors are higher than that of Grails interceptors
The text was updated successfully, but these errors were encountered: