grails-spring-security-core icon indicating copy to clipboard operation
grails-spring-security-core copied to clipboard

Published 20 hours ago verified publisher icon grails

CAS configuration once loaded overrides the other application configuration

Open EshaanKumar opened this issue 7 years ago • 1 comments

The code in SpringSecurityCasGrailsPlugin - loads "DefaultCasSecurityConfig"

`SpringSecurityUtils.loadSecondaryConfig 'DefaultCasSecurityConfig'
		// have to get again after overlaying DefaultCasSecurityConfig
		conf = SpringSecurityUtils.securityConfig

		if (!conf.cas.active) {
			return
		}`

And in "DefaultCasSecurityConfig" there are default CAS configuration which are now loaded whenever the Plugin is included irrespective the active flag is true of false.

In similar line there is SAML plugin SpringSecuritySamlGrailsPlugin. The above mentioned code is commented.

Code in the CAS plugin need to be commented too. This will ensure that default CAS configuration wouldn't be loaded by default whenever this plugin is included.

EshaanKumar avatar Oct 19 '18 10:10 EshaanKumar

Load secondary config method user merge config. Here it is description about it: /** * Merge two configs together. The order is important if secondary is not null then * start with that and merge the main config on top of that. This lets the secondary * config act as default values but let user-supplied values in the main config override them. * * @param currentConfig the main config, starting from Config.groovy * @param secondary new default values * @return the merged configs */

SleepingForester avatar Nov 20 '19 17:11 SleepingForester