Hello,
I have some small application, with jsecurity installed. I would like to block access to some pages (e.g. admin panel) to users without administrator role. I have configured SecurityFilters.groovy to work nicely for all controller calls (so indeed, controller does redirect unauthenticated users to auth/login and non-admin users to 'you have no permission'). However, I see that when user tries to access gsp directly, e.g.
http://server/app/index.gsp or
http://server/app/some/path/admin_panel.gsp, absolutely no security filters are applied. How am I supposed to configure them? I added something like this:
gspUris(uri: '/**/*.gsp') {
before = {
false
}
}
but whatever i put into uri (I tried *.gsp /*.gsp or even /** - and many more) or into before body (e.g. call to my method), it never gets called. What I am doing wrong, how it is supposed to work?
Ps. I'm using 1.2-M3 with tomcat plugin, on windows if that changes anything.
