<< 2History
(Quick Reference)
4Configuration >>

3 Usage - Reference Documentation

Authors: Aaron J. Zirbes

Version: 0.9.9

3 Usage

This plugin exposes a rather large security hole in your application. It is HIGHLY recommended that you restrict access to your application to localhost when you are using this plugin, and that you only use this plugin in development mode. This can be done with the ipRestrictions configuration parameter.

When this plugin is enabled, it automatically authenticates anyone using the application as a fake user with fake user roles as defined in Config.groovy.

The recommended configuration settings are what follows: 

development {
	…
	grails.plugins.springsecurity.mock.active = true
	grails.plugins.springsecurity.mock.fullName = "Your name here"
	grails.plugins.springsecurity.mock.email = "Your email address here"
	grails.plugins.springsecurity.mock.username =  "your.username"
	grails.plugins.springsecurity.mock.roles = [ 'ROLE_USER', 'ROLE_ADMIN', 'ROLE_WHATEVERELSE' ]
	grails.plugins.springsecurity.ipRestrictions = [ '/**': ['127.0.0.0/8', '::1/128'] ]
	…
}

where "Your name here" is the name of the user, "Your email address here" is the email address of the user, "your.username" is the username of the user, and "roles" is a list of roles you wish to be assigned to the user that will be automatically logged into your grails application.

Remember

This is a dangerous plugin. You should only enable this plugin for development use. The example above shows the configuration as being wrapped inside of the "development" closure in the Groovy.config file.

In your staging and production environments, make sure to set 

grails.plugins.springsecurity.mock.active = false
If you have the Spring Security LDAP plugin installed as well, but don't want to load roles from LDAP, make sure to set the following to disable LDAP role lookup. 
grails.plugins.springsecurity.ldap.active = false

<< 2History
4Configuration >>
Quick Reference (hide)