Hi Bradley,
Annotations are enabled in Spring environments using Spring-specific
XML declarations in applicationContext.xml.
There is a Spring sample application in JSecurity that shows how this
is enabled - you might want to play with it a bit.
Here is the relevant config:
<!-- Enable JSecurity Annotations for Spring-configured beans. Only run after
the lifecycleBeanProcessor has run: -->
<bean
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor"/>
<bean
class="org.jsecurity.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
Peter, does the Grails plugin not enable this automatically?
Cheers,
Les
On Thu, Nov 13, 2008 at 8:22 AM, Bradley Beddoes
<[EMAIL PROTECTED]> wrote:
> Hi Gang,
> I tried this message over on grails-users a few days back but no one seems
> to have any ideas, hoping I might get a hit here with some grails jsecurity
> plugin users.
>
> I am attempting to test RoleRequired annotation on a *very* basic controller
> defined as such:
>
> import org.jsecurity.grails.annotation.RoleRequired
>
> class EntityController {
>
> @RoleRequired('nosuchrole')
> def list = {
> [entities : EntityDescriptor.list() ]
> }
> }
>
> As you'd imagine I expect execution of the controller to not be allowed as
> no user has the role 'nosuchrole'. I can confirm that my setup in
> SecurityFilter.groovy does require the user to authenticate and that the
> closure is executed. Not seeing any immediate logging output.
>
> Any ideas as to what I am doing wrong would be appreciated, probably
> something minor I have overlooked.
>
> regards,
> Bradley
