in plugin-core/plugin/src/main/groovy/grails/plugin/springsecurity/SpringSecurityCoreGrailsPlugin.groovy [625:723]
void doWithApplicationContext() {
ReflectionUtils.application = grailsApplication
def conf = SpringSecurityUtils.securityConfig
if (!conf || !conf.active) {
return
}
log.trace 'doWithApplicationContext'
if (SpringSecurityUtils.securityConfigType == 'Annotation') {
initializeFromAnnotations conf
}
/**
* Specify the field of the role hierarchy bean
* if the role hierarchy is backed by a domain object use this instead of roleHierarchy config param
* @author fpape
*/
String roleHierarchy
if (conf.roleHierarchyEntryClassName) {
log.trace 'Loading persistent role hierarchy'
Class roleHierarchyEntryClass = Class.forName(conf.roleHierarchyEntryClassName)
roleHierarchyEntryClass.withTransaction {
roleHierarchy = roleHierarchyEntryClass.list()*.entry.join('\n')
}
}
else {
roleHierarchy = conf.roleHierarchy
}
applicationContext.roleHierarchy.hierarchy = roleHierarchy
def strategyName = conf.sch.strategyName
if (strategyName instanceof CharSequence) {
SCH.strategyName = strategyName.toString()
}
log.trace 'Using SecurityContextHolder strategy {}', SCH.strategyName
// build filters here to give dependent plugins a chance to register some
SortedMap<Integer, String> filterNames = ReflectionUtils.findFilterChainNames(conf)
def securityFilterChains = applicationContext.securityFilterChains
// if sitemesh 3 is installed, the filter should be applied a second time
// as part of the security filter chain so that pages are decorated using the security context
if (applicationContext.containsBean('sitemesh')) {
filterNames[SecurityFilterPosition.EXCEPTION_TRANSLATION_FILTER.order - 4] = 'sitemesh'
}
SpringSecurityUtils.buildFilterChains filterNames, conf.filterChain.chainMap ?: [], securityFilterChains, applicationContext
log.trace 'Filter chain: {}', securityFilterChains
// build voters list here to give dependent plugins a chance to register some
def voterNames = conf.voterNames ?: SpringSecurityUtils.voterNames
def decisionVoters = applicationContext.accessDecisionManager.decisionVoters
decisionVoters.clear()
decisionVoters.addAll createBeanList(voterNames)
log.trace 'AccessDecisionVoters: {}', decisionVoters
// build providers list here to give dependent plugins a chance to register some
def providerNames = []
if (conf.providerNames) {
providerNames.addAll conf.providerNames
}
else {
providerNames.addAll SpringSecurityUtils.providerNames
if (conf.useX509) {
providerNames << 'x509AuthenticationProvider'
}
}
applicationContext.authenticationManager.providers = createBeanList(providerNames)
log.trace 'AuthenticationProviders: {}', applicationContext.authenticationManager.providers
// build handlers list here to give dependent plugins a chance to register some
def logoutHandlerNames = (conf.logout.handlerNames ?: SpringSecurityUtils.logoutHandlerNames) +
(conf.logout.additionalHandlerNames ?: [])
applicationContext.logoutHandlers.clear()
applicationContext.logoutHandlers.addAll createBeanList(logoutHandlerNames)
log.trace 'LogoutHandlers: {}', applicationContext.logoutHandlers
// build after-invocation provider names here to give dependent plugins a chance to register some
def afterInvocationManagerProviderNames = conf.afterInvocationManagerProviderNames ?: SpringSecurityUtils.afterInvocationManagerProviderNames
if (afterInvocationManagerProviderNames) {
applicationContext.afterInvocationManager.providers = createBeanList(afterInvocationManagerProviderNames)
log.trace 'AfterInvocationProviders: {}', applicationContext.afterInvocationManager.providers
}
if (conf.debug.useFilter) {
applicationContext.removeAlias 'springSecurityFilterChain'
applicationContext.registerAlias 'securityDebugFilter', 'springSecurityFilterChain'
}
if (conf.useDigestAuth) {
def passwordEncoder = applicationContext.passwordEncoder
// TODO if (passwordEncoder instanceof DigestAuthPasswordEncoder) {
// passwordEncoder.resetInitializing()
// }
}
}