(Quick Reference)

2Differences Between the Spring Security and Acegi Plugins >>

1 Introduction to the Spring Security Plugin - Reference Documentation

Authors: Burt Beckwith, Beverley Talbott

Version: 1.2.7.3

1.1Configuration Settings Now in Config.groovy

1 Introduction to the Spring Security Plugin

The Spring Security plugin simplifies the integration of Spring Security (formerly Acegi Security) into Grails applications. The plugin provides sensible defaults with many configuration options for customization. Nearly everything is configurable or replaceable in the plugin and in Spring Security itself, which makes extensive use of interfaces.

This guide documents configuration defaults and describes how to configure and extend the Spring Security plugin for Grails applications.

Release History and Acknowledgment

April 6, 2012

1.2.7.3 release
JIRA Issues

February 2, 2012

1.2.7.2 release
JIRA Issues

January 18, 2012

1.2.7.1 release
JIRA Issues

December 30, 2011

1.2.7 release
JIRA Issues

December 2, 2011

1.2.6 release
JIRA Issues

December 1, 2011

1.2.5 release

October 18, 2011

1.2.4 release

October 15, 2011

1.2.3 release

October 15, 2011

1.2.2 release
JIRA Issues

August 17, 2011

1.2.1 release
JIRA Issues

July 31, 2011

1.2 release
JIRA Issues

May 23, 2011

1.1.3 release
JIRA Issues

February 26, 2011

1.1.2 release

February 26, 2011

1.1.1 release
JIRA Issues

August 8, 2010

1.1 release
JIRA Issues

August 1, 2010

1.0.1 release

July 27, 2010

1.0 release
JIRA Issues

July 16, 2010

0.4.2 release
JIRA Issues

June 29, 2010

0.4.1 release
JIRA Issues

June 21, 2010

0.4 release
JIRA Issues

May 12, 2010

0.3.1 release
JIRA Issues

May 12, 2010

0.3 release
JIRA Issues

May 2, 2010

0.2 release

April 27, 2010

initial 0.1 release

This plugin is based on work done for the Acegi plugin by Tsuyoshi Yamamoto.

1.1 Configuration Settings Now in Config.groovy

Unlike the Acegi plugin, which used its own configuration file, SecurityConfig.groovy, the Spring Security plugin maintains its configuration in the standard Config.groovy file. Default values are in the plugin's grails-app/conf/DefaultSecurityConfig.groovy file, and you add application-specific values to the grails-app/conf/Config.groovy file. The two configurations will be merged, with application values overriding the defaults.

This structure enables environment-specific configuration such as, for example, fewer structure-restrictive security rules during development than in production. Like any environment-specific configuration parameters, you wrap them in an environments block.

The plugin's configuration values all start with grails.plugins.springsecurity to distinguish them from similarly named options in Grails and from other plugins. You must specify all property overrides with the grails.plugins.springsecurity suffix. For example, you specify the attribute password.algorithm as:
grails.plugins.springsecurity.password.algorithm='SHA-512'
in Config.groovy

1.2 Getting Started

If you will be migrating from the Acegi to the Spring Security plugin, see Migrating from the Acegi Plugin.

Once you install the plugin, you simply run the initialization script, s2-quickstart, and make any required configuration changes in Config.groovy. The plugin registers filters in web.xml, and also configures the Spring beans in the application context that implement various pieces of functionality. Ivy determines which jar files to use.

To get started using the Spring Security plugin with your Grails application, see Tutorials.

You do not need to know much about Spring Security to use the plugin, but it can be helpful to understand the underlying implementation. See the Spring Security documentation.