grails-spring-security-core icon indicating copy to clipboard operation
grails-spring-security-core copied to clipboard

Published 20 hours ago verified publisher icon grails

CAS configuration once loaded overrides the other application configuration

Open EshaanKumar opened this issue 7 years ago • 1 comments

The code in SpringSecurityCasGrailsPlugin - loads "DefaultCasSecurityConfig"

`SpringSecurityUtils.loadSecondaryConfig 'DefaultCasSecurityConfig'
		// have to get again after overlaying DefaultCasSecurityConfig
		conf = SpringSecurityUtils.securityConfig

		if (!conf.cas.active) {
			return
		}`

And in "DefaultCasSecurityConfig" there are default CAS configuration which are now loaded whenever the Plugin is included irrespective the active flag is true of false.

In similar line there is SAML plugin SpringSecuritySamlGrailsPlugin. The above mentioned code is commented.

Code in the CAS plugin need to be commented too. This will ensure that default CAS configuration wouldn't be loaded by default whenever this plugin is included.

EshaanKumar avatar Oct 19 '18 10:10 EshaanKumar