Grails

How to restrict Url access based on roles in Grails?

Leave a comment

In Grails, you can restrict url access depending on role of user.

1. In Controller:

In controller, you can you can restrict access to methods (i.e. pages) by using @secured annotation as shown below:

import grails.plugin.springsecurity.annotation.Secured

@Secured(["ROLE_ADMIN"])
def index(Integer max) {
          …
}

In above example, only user having ROLE_ADMIN will be able to access index page.Likewise, you can give multiple roles also as shown below:

@Secured(["ROLE_ADMIN","ROLE_ORG_ADMIN"])

2. In View:

You can restrict access on view using SecurityTagLib as shown below:

<sec:ifAnyGranted roles=”ROLE_ADMIN,ROLE_ORG_ADMIN”>
<a href=”${createLink(controller:’leave’ ,action: ‘teamLeaveCalendar’)}”>Team Leave calender</a>
</sec:ifAnyGranted>

Like <sec:ifAnyGranted></sec:ifAnyGranted>, you can use  <sec:ifAllGranted></sec:ifAllGranted>, <sec:ifNotGranted></sec:ifNotGranted>

ProsperaSoft offers Grails development solutions. You can email at info@prosperasoft.com to get in touch with ProsperaSoft Grails experts and consultants.

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA Image

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>