Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
James Kleeh
@alvarosanchez Docs added for the events
Luis Muniz

Hi just in case someone else hits this roadblock. I was getting this error when starting up the application (grails-2.5.1) hosting spring-security-rest (1.4.0):

| Error 2014-07-22 17:47:55,824 [localhost-startStop-1] ERROR plugins.DefaultGrailsPluginManager  - Error configuring dynamic methods for plugin [springSecurityCore:2.0-RC4]: null
Message: null
    Line | Method
->>  327 | compileStaticRules        in grails.plugin.springsecurity.web.access.intercept.AnnotationFilterInvocationDefinition

When I switch to using spring-security-core-2.0-RC3 (instead of 2.0-RC4), the error does not occur. And when I switched back to RC4, the error disappeared. Some kind of caching issue, but i ran clean-all about a googol times with no results

Fairuz Wan Ismail
I'm planning to have a separate rest client (pure frontend running Angularjs app) and a restful API (using spring cloud, spring security and the gang). I have doubt right now on what grant type should I use.
I want to use password grant type since both apps are mine but someone said we shouldn't use it in the browser. Does someone know why?
Álvaro Sánchez-Mariscal
You can use the password grant if you want to. Another option would be the implicit grant
Thought Object
Does this plugin work with Grails 3?
Ejaz Ahmed
No. This plugin does not work with grails3 right now
how Check CSRf headers is available
default spring security relies on spring tag for csrf token that can be generated in jsp only. But we have one page html.
so neither spring tags nor meta tag works
so went with CSRF custom headers that im adding in my custom filters
how and where to add that filter and how to verify it as no csrf attack
Burp report sends jusername and jpassword and gets 302 response
cant rely on cookie
as burp changes the cookie too
Fairuz Wan Ismail
@alvarosanchez Thanks! I end up using just password grant
Adetunji Adegbite
hi all, I am testing the login spring security rest api for my app using post man and curl but getting a 401 response with the following details. Any clue on what could be causing this.
access-control-allow-credentials →true access-control-allow-origin →chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop content-length →0 date →Wed, 18 Apr 2018 20:38:43 GMT vary →Origin
with error 401 status
i am testing via postman.
here is my application.groovy

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.teejay.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.teejay.UserAuthority'
grails.plugin.springsecurity.authority.className = 'com.teejay.Authority'
grails.plugin.springsecurity.securityConfigType = "InterceptUrlMap"
grails.plugin.springsecurity.interceptUrlMap = [
    [pattern: '/',               access: ['permitAll']],
    [pattern: '/error',          access: ['permitAll']],
    [pattern: '/index',          access: ['permitAll']],
    [pattern: '/index.gsp',      access: ['permitAll']],
    [pattern: '/shutdown',       access: ['permitAll']],
    [pattern: '/assets/**',      access: ['permitAll']],
    [pattern: '/**/js/**',       access: ['permitAll']],
    [pattern: '/**/css/**',      access: ['permitAll']],
    [pattern: '/**/images/**',   access: ['permitAll']],
    [pattern: '/**/favicon.ico', access: ['permitAll']],
    [pattern: '/dbconsole/**', access: ['permitAll']],
    [pattern: '/api/login',          access: ['permitAll']],
    [pattern: '/mtoken',          access: ['ROLE_USER']],
    [pattern: '/api/logout',        access: ['isFullyAuthenticated()']],
    [pattern: '/api/jtoken',    access: ['isFullyAuthenticated()']],
    [pattern: '/**',             access: ['isFullyAuthenticated()']]

grails.plugin.springsecurity.filterChain.chainMap = [
    [pattern: '/api/**', filters:'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'],
  [pattern: '/**', filters:'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter']


grails.plugin.springsecurity.rest.logout.endpointUrl = '/api/logout'
grails.plugin.springsecurity.rest.token.validation.useBearerToken = false
grails.plugin.springsecurity.rest.token.validation.headerName = 'X-Auth-Token'
grails.plugin.springsecurity.rest.token.storage.memcached.hosts = 'localhost:11211'
grails.plugin.springsecurity.rest.token.storage.memcached.username = ''
grails.plugin.springsecurity.rest.token.storage.memcached.password = ''
grails.plugin.springsecurity.rest.token.storage.memcached.expiration = 86400
grails.plugin.springsecurity.password.algorithm = 'SHA-256'
grails.plugin.springsecurity.password.hash.iterations = 1

//token rendering

grails.plugin.springsecurity.rest.login.useJsonCredentials = true
grails.plugin.springsecurity.rest.login.failureStatusCode = 401
grails.plugin.springsecurity.rest.login.usernamePropertyName = 'username'
grails.plugin.springsecurity.rest.login.useRequestParamsCredentials = false
Adetunji Adegbite
Hi all, please I still need help using spring-security-rest with grails 3.3.0 anyone with a working example will be highly appreciated.
jmiguel rodriguez
Hi @twonjee2002 . You'd better ask in the slack grails channel: grails.slack.com
Sufyan Shoaib
HI All, I have question if anyone can help. Is it possible to define custom Authentication Controller that can login and logout a user and do some other stuff after login or logout?
Also, is it possible to define some error message when authentication failed? like username not found
Ejaz Ahmed
@sufyanshoaib use grails slack channel instead for such questions.
can i haveone sample please
i'm still new to this
Hi all, I am using security-rest-2.0.0.RC1
I am trying to intercept login action with grails interceptor
But I am unable to intercept /api/login call for some reason. Can anyone point me in the right direction?
public AuthenticationInterceptor() { match(uri: '/**') }
Sorry for the formatting. I'm new here. But this is what my interceptor looks like

I have a groovy project and wanted to run code analysis.

When i searched for it, most of the web-site suggested to go for sonnar qube plugin for analysis

The latest sonarqube version throws error.

I would like to know the compatible version of SonarQube, Plugin for IDE with links to download.

Please advise.

Hi all