> Enabling the legacy filter as described makes everything play as you would > expect and I now get denied access to that controller/action.
Good to hear! > From the discussion above it seems that the annotation approach has been > deprecated in favor of filters (which I am also using). If this is the > preferred way forward then no worries, if it still has some use I may be > able to find some time at some point to try and port it over to the current > plugin codebase by default - thoughts?. To be honest I had forgotten about the annotations - the "beforeInterceptor" approach was the main target of deprecation. I think this is a perfectly valid approach, so it would be nice if they worked by default. One thing I can't remember is why I wrote custom annotations rather than using the core JSecurity ones. Ah, I remember now (having quickly looked at the code): the JSecurity annotations only apply to methods, but I needed them to apply to fields too, because that is what Grails controller actions are. I don't know what the other guys think, but it may be worth modifying the JSecurity annotations so that they can be applied to fields. However, that may require code changes in other parts of the code to ignore annotations on fields. Cheers, Peter
