in plugin-core/plugin/src/main/groovy/grails/plugin/springsecurity/web/access/GrailsWebInvocationPrivilegeEvaluator.groovy [70:103]
boolean isAllowed(String contextPath, String uri, String method, Authentication authentication) {
assert uri, 'uri parameter is required'
if (contextPath == null) {
contextPath = '/ctxpath'
}
FilterInvocation fi = createFilterInvocation(contextPath, uri, method)
log.trace "isAllowed: contextPath '{}' uri '{}' method '{}' Authentication {} FilterInvocation {}",
contextPath, uri, method, authentication, fi
Collection<ConfigAttribute> attrs = interceptor.obtainSecurityMetadataSource().getAttributes(fi)
if (attrs == null) {
log.trace 'No ConfigAttributes found'
return !interceptor.rejectPublicInvocations
}
if (!authentication) {
log.trace 'Not authenticated'
return false
}
try {
interceptor.accessDecisionManager.decide authentication, fi, attrs
log.trace "{} allowed for {}", fi, authentication
true
}
catch (AccessDeniedException unauthorized) {
if (log.debugEnabled) {
log.debug "$fi denied for $authentication", GrailsUtil.deepSanitize(unauthorized)
}
false
}
}