How to protect dbconsole with a filter?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

How to protect dbconsole with a filter?

Marcel Overdijk
I'm trying to protect the dbconsole with a filter.

securityFilter(controller: "*", action: "*") {
    before = {
        println "securityFilter!"
    }
}
allFilter(uri: "/**") {
    before = {
        println "allFilter!"
    }
}

The above filter are firing for all my controllers / paths except for the dbconsole.

My dbconsole is running on /admin/dbconsole via config option grails.dbconsole.urlRoot = "/admin/dbconsole"

But it does not seem to be able to be protected with a filter...

Any thoughts?
Reply | Threaded
Open this post in threaded view
|

Re: How to protect dbconsole with a filter?

burtbeckwith
Grails filters are wrappers for Spring HandlerInterceptors and only work with controller actions. The dbconsole is served by a servlet, so you'll need a servlet filter. Your best bet is Spring Security or Shiro.

Burt

Marcel Overdijk wrote
I'm trying to protect the dbconsole with a filter.

securityFilter(controller: "*", action: "*") {
    before = {
        println "securityFilter!"
    }
}
allFilter(uri: "/**") {
    before = {
        println "allFilter!"
    }
}

The above filter are firing for all my controllers / paths except for the dbconsole.

My dbconsole is running on /admin/dbconsole via config option grails.dbconsole.urlRoot = "/admin/dbconsole"

But it does not seem to be able to be protected with a filter...

Any thoughts?
Reply | Threaded
Open this post in threaded view
|

Re: How to protect dbconsole with a filter?

Marcel Overdijk
Thanks Burt,
That makes sense.
I only needed really basic auth (single user) and that's why I was *avoiding* Spring Security plugin, and using simple Grails filter. But as you suggested the Spring Security plugin might be best path after all.