From f1d6bed5d908600e5a31a29b7bee3eaf2d9977b1 Mon Sep 17 00:00:00 2001 From: James Fredley Date: Thu, 26 Feb 2026 13:19:52 -0500 Subject: [PATCH 1/6] docs: add configuration metadata reference Add Spring configuration metadata for plugin properties and generate a configuration reference page in the docs build to surface these settings alongside the existing property tables. Assisted-by: OpenCode Assisted-by: Claude Code --- plugin-core/docs/build.gradle | 75 ++- .../src/docs/configurationProperties.adoc | 407 +++++++++++ plugin-core/docs/src/docs/index.adoc | 2 + .../spring-configuration-metadata.json | 634 ++++++++++++++++++ 4 files changed, 1117 insertions(+), 1 deletion(-) create mode 100644 plugin-core/docs/src/docs/configurationProperties.adoc create mode 100644 plugin-core/plugin/src/main/resources/META-INF/spring-configuration-metadata.json diff --git a/plugin-core/docs/build.gradle b/plugin-core/docs/build.gradle index a2af3fef4..ba5f45700 100644 --- a/plugin-core/docs/build.gradle +++ b/plugin-core/docs/build.gradle @@ -21,6 +21,8 @@ plugins { id 'groovy' // For groovydoc task } +import groovy.json.JsonSlurper + ext { apiDocsProjects = [ 'core-plugin': [ @@ -60,4 +62,75 @@ apply { dependencies { implementation platform("org.apache.grails:grails-bom:${grailsVersion}") implementation 'org.apache.groovy:groovy' -} \ No newline at end of file +} + +def configurationMetadataFile = rootProject.layout.projectDirectory.file( + 'plugin-core/plugin/src/main/resources/META-INF/spring-configuration-metadata.json' +) +def configurationPropertiesFile = layout.projectDirectory.file('src/docs/configurationProperties.adoc') + +tasks.register('generateConfigurationProperties') { + inputs.file(configurationMetadataFile) + outputs.file(configurationPropertiesFile) + doLast { + def metadata = new JsonSlurper().parse(configurationMetadataFile.asFile) + def groupsByName = (metadata.groups ?: []).collectEntries { group -> + [(group.name): group] + } + def propertiesByGroup = (metadata.properties ?: []).groupBy { property -> + property.group ?: 'grails.plugin.springsecurity.miscellaneous' + } + def orderedGroupNames = [ + 'grails.plugin.springsecurity.general', + 'grails.plugin.springsecurity.domain-classes', + 'grails.plugin.springsecurity.authentication', + 'grails.plugin.springsecurity.login-logout', + 'grails.plugin.springsecurity.password-encoding', + 'grails.plugin.springsecurity.session', + 'grails.plugin.springsecurity.url-mapping', + 'grails.plugin.springsecurity.miscellaneous' + ] + + configurationPropertiesFile.asFile.text = '' + configurationPropertiesFile.asFile << """= Configuration Properties + +This page is generated from `spring-configuration-metadata.json`. For IDE auto-completion of these properties, ensure the plugin JAR is on your classpath. +""" + + orderedGroupNames.each { groupName -> + def group = groupsByName[groupName] + def properties = propertiesByGroup[groupName] ?: [] + if (!properties) { + return + } + + def heading = group?.description ?: groupName + configurationPropertiesFile.asFile << """ + +== ${heading} + +[cols=\"3,5,2\", options=\"header\"] +|=== +|Property |Description |Default +""" + + properties.sort { it.name }.each { property -> + def defaultValue = property.containsKey('defaultValue') ? property.defaultValue : '' + def defaultText = defaultValue == null ? 'null' : defaultValue.toString() + configurationPropertiesFile.asFile << """ +|`${property.name}` +|${property.description} +|${defaultText} +""" + } + + configurationPropertiesFile.asFile << """ +|=== +""" + } + } +} + +tasks.named('asciidoctor') { + dependsOn tasks.named('generateConfigurationProperties') +} diff --git a/plugin-core/docs/src/docs/configurationProperties.adoc b/plugin-core/docs/src/docs/configurationProperties.adoc new file mode 100644 index 000000000..bce3fee4e --- /dev/null +++ b/plugin-core/docs/src/docs/configurationProperties.adoc @@ -0,0 +1,407 @@ += Configuration Properties + +This page is generated from `spring-configuration-metadata.json`. For IDE auto-completion of these properties, ensure the plugin JAR is on your classpath. + + +== General configuration properties. + +[cols="3,5,2", options="header"] +|=== +|Property |Description |Default + +|`grails.plugin.springsecurity.active` +|Whether the plugin is enabled. +|true + +|`grails.plugin.springsecurity.excludeSpringSecurityAutoConfiguration` +|Whether to automatically exclude Spring Boot security auto-configuration classes that conflict with the plugin. +|true + +|`grails.plugin.springsecurity.printStatusMessages` +|Whether to print status messages such as "Configuring Spring Security Core ...". +|true + +|`grails.plugin.springsecurity.rejectIfNoRule` +|Strict mode where a request mapping is required for all resources. +|true + +|=== + + +== Domain class configuration properties. + +[cols="3,5,2", options="header"] +|=== +|Property |Description |Default + +|`grails.plugin.springsecurity.authority.className` +|Role class name. +|_none_ + +|`grails.plugin.springsecurity.authority.nameField` +|Role class role name property. +|authority + +|`grails.plugin.springsecurity.requestMap.className` +|Requestmap class name. +|_none_ + +|`grails.plugin.springsecurity.requestMap.configAttributeField` +|Requestmap class role and token property. +|configAttribute + +|`grails.plugin.springsecurity.requestMap.urlField` +|Requestmap class URL pattern property. +|url + +|`grails.plugin.springsecurity.userLookup.accountExpiredPropertyName` +|User class account expired property. +|accountExpired + +|`grails.plugin.springsecurity.userLookup.accountLockedPropertyName` +|User class account locked property. +|accountLocked + +|`grails.plugin.springsecurity.userLookup.authoritiesPropertyName` +|User class role collection property. +|authorities + +|`grails.plugin.springsecurity.userLookup.authorityJoinClassName` +|User and role many-to-many join class name. +|_none_ + +|`grails.plugin.springsecurity.userLookup.enabledPropertyName` +|User class enabled property. +|enabled + +|`grails.plugin.springsecurity.userLookup.passwordExpiredPropertyName` +|User class password expired property. +|passwordExpired + +|`grails.plugin.springsecurity.userLookup.passwordPropertyName` +|User class password property. +|password + +|`grails.plugin.springsecurity.userLookup.userDomainClassName` +|User class name. +|_none_ + +|`grails.plugin.springsecurity.userLookup.usernameIgnoreCase` +|Ignore case when searching for usernamePropertyName. +|false + +|`grails.plugin.springsecurity.userLookup.usernamePropertyName` +|User class username property. +|username + +|=== + + +== Authentication and authorization configuration properties. + +[cols="3,5,2", options="header"] +|=== +|Property |Description |Default + +|`grails.plugin.springsecurity.anon.key` +|anonymousProcessingFilter key. +|foo + +|`grails.plugin.springsecurity.apf.continueChainBeforeSuccessfulAuthentication` +|Whether to continue calling subsequent filters in the filter chain. +|false + +|`grails.plugin.springsecurity.atr.anonymousClass` +|Anonymous token class. +|grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken + +|`grails.plugin.springsecurity.dao.hideUserNotFoundExceptions` +|If true, throws BadCredentialsException for both bad username and bad password. +|true + +|`grails.plugin.springsecurity.fii.alwaysReauthenticate` +|If true, re-authenticates when there is a Authentication in the SecurityContext. +|false + +|`grails.plugin.springsecurity.fii.observeOncePerRequest` +|If false allow checks to happen multiple times. +|true + +|`grails.plugin.springsecurity.fii.publishAuthorizationSuccess` +|Whether to publish an AuthorizedEvent after successful access check. +|false + +|`grails.plugin.springsecurity.fii.rejectPublicInvocations` +|Disallow URL access when there is no request mapping. +|true + +|`grails.plugin.springsecurity.fii.validateConfigAttributes` +|Whether to check that all ConfigAttribute instances are valid at startup. +|true + +|`grails.plugin.springsecurity.providerManager.eraseCredentialsAfterAuthentication` +|Whether to remove the password from the Authentication and its child objects after successful authentication. +|true + +|`grails.plugin.springsecurity.providerNames` +|Bean names of authentication providers. +|[daoAuthenticationProvider, anonymousAuthenticationProvider, rememberMeAuthenticationProvider] + +|`grails.plugin.springsecurity.roleHierarchy` +|Hierarchical role definition. +|_none_ + +|`grails.plugin.springsecurity.voterNames` +|Bean names of voters. +|[authenticatedVoter, roleVoter, closureVoter] + +|=== + + +== Login and logout configuration properties. + +[cols="3,5,2", options="header"] +|=== +|Property |Description |Default + +|`grails.plugin.springsecurity.adh.ajaxErrorPage` +|Location of the 403 error page for Ajax requests. +|/login/ajaxDenied + +|`grails.plugin.springsecurity.adh.errorPage` +|Location of the 403 error page (or set to null to send a 403 error and not render a page). +|/login/denied + +|`grails.plugin.springsecurity.adh.useForward` +|If true a forward will be used to render the error page, otherwise a redirect is used. +|true + +|`grails.plugin.springsecurity.apf.filterProcessesUrl` +|Login form post URL, intercepted by Spring Security filter. +|/login/authenticate + +|`grails.plugin.springsecurity.apf.passwordParameter` +|Login form password parameter. +|password + +|`grails.plugin.springsecurity.apf.postOnly` +|Whether to allow only POST login requests. +|true + +|`grails.plugin.springsecurity.apf.usernameParameter` +|Login form username parameter. +|username + +|`grails.plugin.springsecurity.auth.ajaxLoginFormUrl` +|URL of Ajax login page. +|/login/authAjax + +|`grails.plugin.springsecurity.auth.forceHttps` +|If true, redirects login page requests to HTTPS. +|false + +|`grails.plugin.springsecurity.auth.loginFormUrl` +|URL of login page. +|/login/auth + +|`grails.plugin.springsecurity.auth.useForward` +|Whether to render the login page (true) or redirect (false). +|false + +|`grails.plugin.springsecurity.failureHandler.ajaxAuthFailUrl` +|Redirect URL for failed Ajax logins. +|/login/authfail?ajax=true + +|`grails.plugin.springsecurity.failureHandler.defaultFailureUrl` +|Redirect URL for failed logins. +|/login/authfail?login_error=1 + +|`grails.plugin.springsecurity.failureHandler.exceptionMappings` +|Map of AuthenticationException subclasses to redirect URLs after authentication failure. +|_none_ + +|`grails.plugin.springsecurity.failureHandler.useForward` +|Whether to render the error page (true) or redirect (false). +|false + +|`grails.plugin.springsecurity.logout.afterLogoutUrl` +|URL for redirect after logout. +|/ + +|`grails.plugin.springsecurity.logout.alwaysUseDefaultTargetUrl` +|Whether to always use afterLogoutUrl as the post-logout URL. +|false + +|`grails.plugin.springsecurity.logout.clearAuthentication` +|If true removes the Authentication from the SecurityContext to prevent issues with concurrent requests. +|true + +|`grails.plugin.springsecurity.logout.filterProcessesUrl` +|Logout URL, intercepted by Spring Security filter. +|/logoff + +|`grails.plugin.springsecurity.logout.handlerNames` +|Logout handler bean names. +|[rememberMeServices, securityContextLogoutHandler] + +|`grails.plugin.springsecurity.logout.postOnly` +|If true only POST requests will be allowed to logout. +|true + +|`grails.plugin.springsecurity.logout.redirectToReferer` +|Whether to use the Referer header value as the post-logout URL. +|false + +|`grails.plugin.springsecurity.logout.targetUrlParameter` +|The querystring parameter name for the post-logout URL. +|_none_ + +|`grails.plugin.springsecurity.successHandler.ajaxSuccessUrl` +|URL for redirect after successful Ajax login. +|/login/ajaxSuccess + +|`grails.plugin.springsecurity.successHandler.alwaysUseDefault` +|Whether to always redirect to successHandler.defaultTargetUrl after successful authentication. +|false + +|`grails.plugin.springsecurity.successHandler.defaultTargetUrl` +|Default post-login URL if there is no saved request that triggered the login. +|/ + +|`grails.plugin.springsecurity.successHandler.targetUrlParameter` +|Name of optional login form parameter that specifies destination after successful login. +|spring-security-redirect + +|`grails.plugin.springsecurity.successHandler.useReferer` +|Whether to use the HTTP Referer header to determine post-login destination. +|false + +|=== + + +== Password encoding configuration properties. + +[cols="3,5,2", options="header"] +|=== +|Property |Description |Default + +|`grails.plugin.springsecurity.dao.reflectionSaltSourceProperty` +|Which property to use for the reflection-based salt source. +|_none_ + +|=== + + +== Session and security context configuration properties. + +[cols="3,5,2", options="header"] +|=== +|Property |Description |Default + +|`grails.plugin.springsecurity.apf.allowSessionCreation` +|Whether to allow authentication to create an HTTP session. +|true + +|`grails.plugin.springsecurity.apf.storeLastUsername` +|Whether to store the login username in the HTTP session. +|false + +|`grails.plugin.springsecurity.failureHandler.allowSessionCreation` +|Whether to enable session creation to store the authentication failure exception. +|true + +|`grails.plugin.springsecurity.logout.invalidateHttpSession` +|Whether to invalidate the HTTP session when logging out. +|true + +|`grails.plugin.springsecurity.requestCache.createSession` +|Whether caching SavedRequest can trigger the creation of a session. +|true + +|`grails.plugin.springsecurity.sch.strategyName` +|The strategy to use for storing the SecurityContext. +|SecurityContextHolder.MODE_THREADLOCAL + +|`grails.plugin.springsecurity.scpf.forceEagerSessionCreation` +|Whether to eagerly create a session in the securityContextRepository bean. +|false + +|`grails.plugin.springsecurity.scr.allowSessionCreation` +|Whether to allow creating a session in the securityContextRepository bean. +|true + +|`grails.plugin.springsecurity.scr.disableUrlRewriting` +|Whether to disable URL rewriting (and the jsessionid attribute). +|true + +|`grails.plugin.springsecurity.scr.springSecurityContextKey` +|The HTTP session key to store the SecurityContext under. +|HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY + +|`grails.plugin.springsecurity.useHttpSessionEventPublisher` +|If true, an HttpSessionEventPublisher will be configured. +|false + +|=== + + +== URL mapping configuration properties. + +[cols="3,5,2", options="header"] +|=== +|Property |Description |Default + +|`grails.plugin.springsecurity.controllerAnnotations.lowercase` +|Whether to do URL comparisons using lowercase. +|true + +|`grails.plugin.springsecurity.controllerAnnotations.staticRules` +|Extra rules that cannot be mapped using annotations. +|_none_ + +|`grails.plugin.springsecurity.interceptUrlMap` +|Request mapping definition when using InterceptUrlMap. +|_none_ + +|`grails.plugin.springsecurity.redirectStrategy.contextRelative` +|If true, the redirect URL will be the value after the request context path. +|false + +|`grails.plugin.springsecurity.securityConfigType` +|Type of request mapping to use, one of Annotation, Requestmap, or InterceptUrlMap. +|Annotation + +|=== + + +== Miscellaneous configuration properties. + +[cols="3,5,2", options="header"] +|=== +|Property |Description |Default + +|`grails.plugin.springsecurity.ajaxCheckClosure` +|An optional closure that can determine if a request is Ajax. +|_none_ + +|`grails.plugin.springsecurity.ajaxHeader` +|Header name sent by Ajax library, used to detect Ajax. +|X-Requested-With + +|`grails.plugin.springsecurity.cacheUsers` +|If true, logins are cached using an EhCache. +|false + +|`grails.plugin.springsecurity.debug.useFilter` +|Whether to use the DebugFilter to log request debug information to the console. +|false + +|`grails.plugin.springsecurity.registerLoggerListener` +|If true, registers a LoggerListener that logs interceptor-related application events. +|false + +|`grails.plugin.springsecurity.useSecurityEventListener` +|If true, configure SecurityEventListener. +|false + +|=== diff --git a/plugin-core/docs/src/docs/index.adoc b/plugin-core/docs/src/docs/index.adoc index 2643cf65b..9fb76225c 100644 --- a/plugin-core/docs/src/docs/index.adoc +++ b/plugin-core/docs/src/docs/index.adoc @@ -67,6 +67,8 @@ include::voters.adoc[] include::miscProperties.adoc[] +include::configurationProperties.adoc[] + include::tutorials.adoc[] include::examples.adoc[] diff --git a/plugin-core/plugin/src/main/resources/META-INF/spring-configuration-metadata.json b/plugin-core/plugin/src/main/resources/META-INF/spring-configuration-metadata.json new file mode 100644 index 000000000..a4f678887 --- /dev/null +++ b/plugin-core/plugin/src/main/resources/META-INF/spring-configuration-metadata.json @@ -0,0 +1,634 @@ +{ + "groups": [ + { + "name": "grails.plugin.springsecurity", + "description": "Apache License 2.0 applies to this metadata. JSON files cannot include comment headers." + }, + { + "name": "grails.plugin.springsecurity.general", + "description": "General configuration properties." + }, + { + "name": "grails.plugin.springsecurity.domain-classes", + "description": "Domain class configuration properties." + }, + { + "name": "grails.plugin.springsecurity.authentication", + "description": "Authentication and authorization configuration properties." + }, + { + "name": "grails.plugin.springsecurity.login-logout", + "description": "Login and logout configuration properties." + }, + { + "name": "grails.plugin.springsecurity.password-encoding", + "description": "Password encoding configuration properties." + }, + { + "name": "grails.plugin.springsecurity.session", + "description": "Session and security context configuration properties." + }, + { + "name": "grails.plugin.springsecurity.url-mapping", + "description": "URL mapping configuration properties." + }, + { + "name": "grails.plugin.springsecurity.miscellaneous", + "description": "Miscellaneous configuration properties." + } + ], + "properties": [ + { + "name": "grails.plugin.springsecurity.active", + "type": "java.lang.Boolean", + "description": "Whether the plugin is enabled.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.general" + }, + { + "name": "grails.plugin.springsecurity.printStatusMessages", + "type": "java.lang.Boolean", + "description": "Whether to print status messages such as \"Configuring Spring Security Core ...\".", + "defaultValue": true, + "group": "grails.plugin.springsecurity.general" + }, + { + "name": "grails.plugin.springsecurity.rejectIfNoRule", + "type": "java.lang.Boolean", + "description": "Strict mode where a request mapping is required for all resources.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.general" + }, + { + "name": "grails.plugin.springsecurity.excludeSpringSecurityAutoConfiguration", + "type": "java.lang.Boolean", + "description": "Whether to automatically exclude Spring Boot security auto-configuration classes that conflict with the plugin.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.general" + }, + { + "name": "grails.plugin.springsecurity.userLookup.userDomainClassName", + "type": "java.lang.String", + "description": "User class name.", + "defaultValue": "_none_", + "group": "grails.plugin.springsecurity.domain-classes" + }, + { + "name": "grails.plugin.springsecurity.userLookup.usernamePropertyName", + "type": "java.lang.String", + "description": "User class username property.", + "defaultValue": "username", + "group": "grails.plugin.springsecurity.domain-classes" + }, + { + "name": "grails.plugin.springsecurity.userLookup.usernameIgnoreCase", + "type": "java.lang.Boolean", + "description": "Ignore case when searching for usernamePropertyName.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.domain-classes" + }, + { + "name": "grails.plugin.springsecurity.userLookup.passwordPropertyName", + "type": "java.lang.String", + "description": "User class password property.", + "defaultValue": "password", + "group": "grails.plugin.springsecurity.domain-classes" + }, + { + "name": "grails.plugin.springsecurity.userLookup.authoritiesPropertyName", + "type": "java.lang.String", + "description": "User class role collection property.", + "defaultValue": "authorities", + "group": "grails.plugin.springsecurity.domain-classes" + }, + { + "name": "grails.plugin.springsecurity.userLookup.enabledPropertyName", + "type": "java.lang.String", + "description": "User class enabled property.", + "defaultValue": "enabled", + "group": "grails.plugin.springsecurity.domain-classes" + }, + { + "name": "grails.plugin.springsecurity.userLookup.accountExpiredPropertyName", + "type": "java.lang.String", + "description": "User class account expired property.", + "defaultValue": "accountExpired", + "group": "grails.plugin.springsecurity.domain-classes" + }, + { + "name": "grails.plugin.springsecurity.userLookup.accountLockedPropertyName", + "type": "java.lang.String", + "description": "User class account locked property.", + "defaultValue": "accountLocked", + "group": "grails.plugin.springsecurity.domain-classes" + }, + { + "name": "grails.plugin.springsecurity.userLookup.passwordExpiredPropertyName", + "type": "java.lang.String", + "description": "User class password expired property.", + "defaultValue": "passwordExpired", + "group": "grails.plugin.springsecurity.domain-classes" + }, + { + "name": "grails.plugin.springsecurity.userLookup.authorityJoinClassName", + "type": "java.lang.String", + "description": "User and role many-to-many join class name.", + "defaultValue": "_none_", + "group": "grails.plugin.springsecurity.domain-classes" + }, + { + "name": "grails.plugin.springsecurity.authority.className", + "type": "java.lang.String", + "description": "Role class name.", + "defaultValue": "_none_", + "group": "grails.plugin.springsecurity.domain-classes" + }, + { + "name": "grails.plugin.springsecurity.authority.nameField", + "type": "java.lang.String", + "description": "Role class role name property.", + "defaultValue": "authority", + "group": "grails.plugin.springsecurity.domain-classes" + }, + { + "name": "grails.plugin.springsecurity.requestMap.className", + "type": "java.lang.String", + "description": "Requestmap class name.", + "defaultValue": "_none_", + "group": "grails.plugin.springsecurity.domain-classes" + }, + { + "name": "grails.plugin.springsecurity.requestMap.urlField", + "type": "java.lang.String", + "description": "Requestmap class URL pattern property.", + "defaultValue": "url", + "group": "grails.plugin.springsecurity.domain-classes" + }, + { + "name": "grails.plugin.springsecurity.requestMap.configAttributeField", + "type": "java.lang.String", + "description": "Requestmap class role and token property.", + "defaultValue": "configAttribute", + "group": "grails.plugin.springsecurity.domain-classes" + }, + { + "name": "grails.plugin.springsecurity.apf.filterProcessesUrl", + "type": "java.lang.String", + "description": "Login form post URL, intercepted by Spring Security filter.", + "defaultValue": "/login/authenticate", + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.apf.usernameParameter", + "type": "java.lang.String", + "description": "Login form username parameter.", + "defaultValue": "username", + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.apf.passwordParameter", + "type": "java.lang.String", + "description": "Login form password parameter.", + "defaultValue": "password", + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.apf.allowSessionCreation", + "type": "java.lang.Boolean", + "description": "Whether to allow authentication to create an HTTP session.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.session" + }, + { + "name": "grails.plugin.springsecurity.apf.postOnly", + "type": "java.lang.Boolean", + "description": "Whether to allow only POST login requests.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.apf.continueChainBeforeSuccessfulAuthentication", + "type": "java.lang.Boolean", + "description": "Whether to continue calling subsequent filters in the filter chain.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.authentication" + }, + { + "name": "grails.plugin.springsecurity.apf.storeLastUsername", + "type": "java.lang.Boolean", + "description": "Whether to store the login username in the HTTP session.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.session" + }, + { + "name": "grails.plugin.springsecurity.failureHandler.defaultFailureUrl", + "type": "java.lang.String", + "description": "Redirect URL for failed logins.", + "defaultValue": "/login/authfail?login_error=1", + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.failureHandler.ajaxAuthFailUrl", + "type": "java.lang.String", + "description": "Redirect URL for failed Ajax logins.", + "defaultValue": "/login/authfail?ajax=true", + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.failureHandler.exceptionMappings", + "type": "java.util.Map", + "description": "Map of AuthenticationException subclasses to redirect URLs after authentication failure.", + "defaultValue": "_none_", + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.failureHandler.useForward", + "type": "java.lang.Boolean", + "description": "Whether to render the error page (true) or redirect (false).", + "defaultValue": false, + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.failureHandler.allowSessionCreation", + "type": "java.lang.Boolean", + "description": "Whether to enable session creation to store the authentication failure exception.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.session" + }, + { + "name": "grails.plugin.springsecurity.successHandler.defaultTargetUrl", + "type": "java.lang.String", + "description": "Default post-login URL if there is no saved request that triggered the login.", + "defaultValue": "/", + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.successHandler.alwaysUseDefault", + "type": "java.lang.Boolean", + "description": "Whether to always redirect to successHandler.defaultTargetUrl after successful authentication.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.successHandler.targetUrlParameter", + "type": "java.lang.String", + "description": "Name of optional login form parameter that specifies destination after successful login.", + "defaultValue": "spring-security-redirect", + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.successHandler.useReferer", + "type": "java.lang.Boolean", + "description": "Whether to use the HTTP Referer header to determine post-login destination.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.successHandler.ajaxSuccessUrl", + "type": "java.lang.String", + "description": "URL for redirect after successful Ajax login.", + "defaultValue": "/login/ajaxSuccess", + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.auth.loginFormUrl", + "type": "java.lang.String", + "description": "URL of login page.", + "defaultValue": "/login/auth", + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.auth.forceHttps", + "type": "java.lang.Boolean", + "description": "If true, redirects login page requests to HTTPS.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.auth.ajaxLoginFormUrl", + "type": "java.lang.String", + "description": "URL of Ajax login page.", + "defaultValue": "/login/authAjax", + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.auth.useForward", + "type": "java.lang.Boolean", + "description": "Whether to render the login page (true) or redirect (false).", + "defaultValue": false, + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.logout.afterLogoutUrl", + "type": "java.lang.String", + "description": "URL for redirect after logout.", + "defaultValue": "/", + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.logout.filterProcessesUrl", + "type": "java.lang.String", + "description": "Logout URL, intercepted by Spring Security filter.", + "defaultValue": "/logoff", + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.logout.handlerNames", + "type": "java.util.List", + "description": "Logout handler bean names.", + "defaultValue": [ + "rememberMeServices", + "securityContextLogoutHandler" + ], + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.logout.clearAuthentication", + "type": "java.lang.Boolean", + "description": "If true removes the Authentication from the SecurityContext to prevent issues with concurrent requests.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.logout.invalidateHttpSession", + "type": "java.lang.Boolean", + "description": "Whether to invalidate the HTTP session when logging out.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.session" + }, + { + "name": "grails.plugin.springsecurity.logout.targetUrlParameter", + "type": "java.lang.String", + "description": "The querystring parameter name for the post-logout URL.", + "defaultValue": "_none_", + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.logout.alwaysUseDefaultTargetUrl", + "type": "java.lang.Boolean", + "description": "Whether to always use afterLogoutUrl as the post-logout URL.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.logout.redirectToReferer", + "type": "java.lang.Boolean", + "description": "Whether to use the Referer header value as the post-logout URL.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.logout.postOnly", + "type": "java.lang.Boolean", + "description": "If true only POST requests will be allowed to logout.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.adh.errorPage", + "type": "java.lang.String", + "description": "Location of the 403 error page (or set to null to send a 403 error and not render a page).", + "defaultValue": "/login/denied", + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.adh.ajaxErrorPage", + "type": "java.lang.String", + "description": "Location of the 403 error page for Ajax requests.", + "defaultValue": "/login/ajaxDenied", + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.adh.useForward", + "type": "java.lang.Boolean", + "description": "If true a forward will be used to render the error page, otherwise a redirect is used.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.login-logout" + }, + { + "name": "grails.plugin.springsecurity.ajaxHeader", + "type": "java.lang.String", + "description": "Header name sent by Ajax library, used to detect Ajax.", + "defaultValue": "X-Requested-With", + "group": "grails.plugin.springsecurity.miscellaneous" + }, + { + "name": "grails.plugin.springsecurity.ajaxCheckClosure", + "type": "groovy.lang.Closure", + "description": "An optional closure that can determine if a request is Ajax.", + "defaultValue": "_none_", + "group": "grails.plugin.springsecurity.miscellaneous" + }, + { + "name": "grails.plugin.springsecurity.redirectStrategy.contextRelative", + "type": "java.lang.Boolean", + "description": "If true, the redirect URL will be the value after the request context path.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.url-mapping" + }, + { + "name": "grails.plugin.springsecurity.fii.alwaysReauthenticate", + "type": "java.lang.Boolean", + "description": "If true, re-authenticates when there is a Authentication in the SecurityContext.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.authentication" + }, + { + "name": "grails.plugin.springsecurity.fii.rejectPublicInvocations", + "type": "java.lang.Boolean", + "description": "Disallow URL access when there is no request mapping.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.authentication" + }, + { + "name": "grails.plugin.springsecurity.fii.validateConfigAttributes", + "type": "java.lang.Boolean", + "description": "Whether to check that all ConfigAttribute instances are valid at startup.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.authentication" + }, + { + "name": "grails.plugin.springsecurity.fii.publishAuthorizationSuccess", + "type": "java.lang.Boolean", + "description": "Whether to publish an AuthorizedEvent after successful access check.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.authentication" + }, + { + "name": "grails.plugin.springsecurity.fii.observeOncePerRequest", + "type": "java.lang.Boolean", + "description": "If false allow checks to happen multiple times.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.authentication" + }, + { + "name": "grails.plugin.springsecurity.anon.key", + "type": "java.lang.String", + "description": "anonymousProcessingFilter key.", + "defaultValue": "foo", + "group": "grails.plugin.springsecurity.authentication" + }, + { + "name": "grails.plugin.springsecurity.atr.anonymousClass", + "type": "java.lang.String", + "description": "Anonymous token class.", + "defaultValue": "grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken", + "group": "grails.plugin.springsecurity.authentication" + }, + { + "name": "grails.plugin.springsecurity.useHttpSessionEventPublisher", + "type": "java.lang.Boolean", + "description": "If true, an HttpSessionEventPublisher will be configured.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.session" + }, + { + "name": "grails.plugin.springsecurity.cacheUsers", + "type": "java.lang.Boolean", + "description": "If true, logins are cached using an EhCache.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.miscellaneous" + }, + { + "name": "grails.plugin.springsecurity.useSecurityEventListener", + "type": "java.lang.Boolean", + "description": "If true, configure SecurityEventListener.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.miscellaneous" + }, + { + "name": "grails.plugin.springsecurity.dao.reflectionSaltSourceProperty", + "type": "java.lang.String", + "description": "Which property to use for the reflection-based salt source.", + "defaultValue": "_none_", + "group": "grails.plugin.springsecurity.password-encoding" + }, + { + "name": "grails.plugin.springsecurity.dao.hideUserNotFoundExceptions", + "type": "java.lang.Boolean", + "description": "If true, throws BadCredentialsException for both bad username and bad password.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.authentication" + }, + { + "name": "grails.plugin.springsecurity.requestCache.createSession", + "type": "java.lang.Boolean", + "description": "Whether caching SavedRequest can trigger the creation of a session.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.session" + }, + { + "name": "grails.plugin.springsecurity.roleHierarchy", + "type": "java.lang.String", + "description": "Hierarchical role definition.", + "defaultValue": "_none_", + "group": "grails.plugin.springsecurity.authentication" + }, + { + "name": "grails.plugin.springsecurity.voterNames", + "type": "java.util.List", + "description": "Bean names of voters.", + "defaultValue": [ + "authenticatedVoter", + "roleVoter", + "closureVoter" + ], + "group": "grails.plugin.springsecurity.authentication" + }, + { + "name": "grails.plugin.springsecurity.providerNames", + "type": "java.util.List", + "description": "Bean names of authentication providers.", + "defaultValue": [ + "daoAuthenticationProvider", + "anonymousAuthenticationProvider", + "rememberMeAuthenticationProvider" + ], + "group": "grails.plugin.springsecurity.authentication" + }, + { + "name": "grails.plugin.springsecurity.securityConfigType", + "type": "java.lang.String", + "description": "Type of request mapping to use, one of Annotation, Requestmap, or InterceptUrlMap.", + "defaultValue": "Annotation", + "group": "grails.plugin.springsecurity.url-mapping" + }, + { + "name": "grails.plugin.springsecurity.controllerAnnotations.lowercase", + "type": "java.lang.Boolean", + "description": "Whether to do URL comparisons using lowercase.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.url-mapping" + }, + { + "name": "grails.plugin.springsecurity.controllerAnnotations.staticRules", + "type": "java.util.List", + "description": "Extra rules that cannot be mapped using annotations.", + "defaultValue": "_none_", + "group": "grails.plugin.springsecurity.url-mapping" + }, + { + "name": "grails.plugin.springsecurity.interceptUrlMap", + "type": "java.util.List", + "description": "Request mapping definition when using InterceptUrlMap.", + "defaultValue": "_none_", + "group": "grails.plugin.springsecurity.url-mapping" + }, + { + "name": "grails.plugin.springsecurity.registerLoggerListener", + "type": "java.lang.Boolean", + "description": "If true, registers a LoggerListener that logs interceptor-related application events.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.miscellaneous" + }, + { + "name": "grails.plugin.springsecurity.scr.allowSessionCreation", + "type": "java.lang.Boolean", + "description": "Whether to allow creating a session in the securityContextRepository bean.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.session" + }, + { + "name": "grails.plugin.springsecurity.scr.disableUrlRewriting", + "type": "java.lang.Boolean", + "description": "Whether to disable URL rewriting (and the jsessionid attribute).", + "defaultValue": true, + "group": "grails.plugin.springsecurity.session" + }, + { + "name": "grails.plugin.springsecurity.scr.springSecurityContextKey", + "type": "java.lang.String", + "description": "The HTTP session key to store the SecurityContext under.", + "defaultValue": "HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY", + "group": "grails.plugin.springsecurity.session" + }, + { + "name": "grails.plugin.springsecurity.scpf.forceEagerSessionCreation", + "type": "java.lang.Boolean", + "description": "Whether to eagerly create a session in the securityContextRepository bean.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.session" + }, + { + "name": "grails.plugin.springsecurity.sch.strategyName", + "type": "java.lang.String", + "description": "The strategy to use for storing the SecurityContext.", + "defaultValue": "SecurityContextHolder.MODE_THREADLOCAL", + "group": "grails.plugin.springsecurity.session" + }, + { + "name": "grails.plugin.springsecurity.debug.useFilter", + "type": "java.lang.Boolean", + "description": "Whether to use the DebugFilter to log request debug information to the console.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.miscellaneous" + }, + { + "name": "grails.plugin.springsecurity.providerManager.eraseCredentialsAfterAuthentication", + "type": "java.lang.Boolean", + "description": "Whether to remove the password from the Authentication and its child objects after successful authentication.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.authentication" + } + ] +} From 27113f28534126863ef2ae478960c560cec46655 Mon Sep 17 00:00:00 2001 From: James Fredley Date: Thu, 26 Feb 2026 15:21:19 -0500 Subject: [PATCH 2/6] fix: exclude spring-configuration-metadata.json from RAT audit JSON files cannot contain comment-style Apache license headers. The metadata file follows the Spring Boot standard format. Assisted-by: Claude Code --- gradle/rat-root-config.gradle | 1 + 1 file changed, 1 insertion(+) diff --git a/gradle/rat-root-config.gradle b/gradle/rat-root-config.gradle index cf8776958..0cc291e31 100644 --- a/gradle/rat-root-config.gradle +++ b/gradle/rat-root-config.gradle @@ -52,6 +52,7 @@ tasks.named('rat') { 'plugin-ui/plugin/grails-app/assets/stylesheets/jquery.jdMenu.css', // See license file, MIT licensed 'plugin-ui/plugin/grails-app/assets/stylesheets/jquery.jdMenu.slate.css', // See license file, MIT licensed 'plugin-ui/plugin/src/main/templates/**', // template files that people are expected to use in the end application + '**/spring-configuration-metadata.json', // JSON files cannot contain license headers ] // never cache license audits outputs.upToDateWhen { false } From 00536a1f619649e4796da58ae17f034a07a55a0a Mon Sep 17 00:00:00 2001 From: James Fredley Date: Thu, 26 Feb 2026 15:33:08 -0500 Subject: [PATCH 3/6] Add Apache license header to generated configurationProperties.adoc RAT audit was flagging the generated AsciiDoc file for missing license header. Added standard Apache 2.0 license header using AsciiDoc comment block syntax. Assisted-by: Claude Code --- .../docs/src/docs/configurationProperties.adoc | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/plugin-core/docs/src/docs/configurationProperties.adoc b/plugin-core/docs/src/docs/configurationProperties.adoc index bce3fee4e..12140e7df 100644 --- a/plugin-core/docs/src/docs/configurationProperties.adoc +++ b/plugin-core/docs/src/docs/configurationProperties.adoc @@ -1,3 +1,19 @@ +//// + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +//// = Configuration Properties This page is generated from `spring-configuration-metadata.json`. For IDE auto-completion of these properties, ensure the plugin JAR is on your classpath. From 0ee54a4b2af01883461ae380400ff766fb27d82f Mon Sep 17 00:00:00 2001 From: James Fredley Date: Thu, 26 Feb 2026 16:34:38 -0500 Subject: [PATCH 4/6] Address Copilot review: fix defaults, grammar, heading levels, and empty string handling - Replace '_none_' sentinel with actual defaults (null, [], or empty string) - Fix exceptionMappings type from Map to List to match plugin code - Fix grammar: 'a Authentication' to 'an Authentication', add missing comma - Change generated doc heading from = to == with === sub-sections for proper inclusion hierarchy in index.adoc - Add license header emission in generator - Handle empty string and empty list defaults distinctly from null in doc output Assisted-by: Claude Code --- plugin-core/docs/build.gradle | 35 +++- .../src/docs/configurationProperties.adoc | 190 +++++++++--------- .../spring-configuration-metadata.json | 28 +-- 3 files changed, 141 insertions(+), 112 deletions(-) diff --git a/plugin-core/docs/build.gradle b/plugin-core/docs/build.gradle index ba5f45700..c95fb71b2 100644 --- a/plugin-core/docs/build.gradle +++ b/plugin-core/docs/build.gradle @@ -92,10 +92,28 @@ tasks.register('generateConfigurationProperties') { ] configurationPropertiesFile.asFile.text = '' - configurationPropertiesFile.asFile << """= Configuration Properties + configurationPropertiesFile.asFile << '''//// + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +//// + +[[configuration-properties]] +== Configuration Properties This page is generated from `spring-configuration-metadata.json`. For IDE auto-completion of these properties, ensure the plugin JAR is on your classpath. -""" +''' orderedGroupNames.each { groupName -> def group = groupsByName[groupName] @@ -107,7 +125,7 @@ This page is generated from `spring-configuration-metadata.json`. For IDE auto-c def heading = group?.description ?: groupName configurationPropertiesFile.asFile << """ -== ${heading} +=== ${heading} [cols=\"3,5,2\", options=\"header\"] |=== @@ -116,7 +134,16 @@ This page is generated from `spring-configuration-metadata.json`. For IDE auto-c properties.sort { it.name }.each { property -> def defaultValue = property.containsKey('defaultValue') ? property.defaultValue : '' - def defaultText = defaultValue == null ? 'null' : defaultValue.toString() + def defaultText + if (defaultValue == null) { + defaultText = '-' + } else if (defaultValue instanceof CharSequence && defaultValue.toString().isEmpty()) { + defaultText = '`""`' + } else if (defaultValue instanceof List && ((List) defaultValue).isEmpty()) { + defaultText = '`[]`' + } else { + defaultText = "`${defaultValue}`" + } configurationPropertiesFile.asFile << """ |`${property.name}` |${property.description} diff --git a/plugin-core/docs/src/docs/configurationProperties.adoc b/plugin-core/docs/src/docs/configurationProperties.adoc index 12140e7df..d76d55e16 100644 --- a/plugin-core/docs/src/docs/configurationProperties.adoc +++ b/plugin-core/docs/src/docs/configurationProperties.adoc @@ -14,12 +14,14 @@ See the License for the specific language governing permissions and limitations under the License. //// -= Configuration Properties + +[[configuration-properties]] +== Configuration Properties This page is generated from `spring-configuration-metadata.json`. For IDE auto-completion of these properties, ensure the plugin JAR is on your classpath. -== General configuration properties. +=== General configuration properties. [cols="3,5,2", options="header"] |=== @@ -27,24 +29,24 @@ This page is generated from `spring-configuration-metadata.json`. For IDE auto-c |`grails.plugin.springsecurity.active` |Whether the plugin is enabled. -|true +|`true` |`grails.plugin.springsecurity.excludeSpringSecurityAutoConfiguration` |Whether to automatically exclude Spring Boot security auto-configuration classes that conflict with the plugin. -|true +|`true` |`grails.plugin.springsecurity.printStatusMessages` |Whether to print status messages such as "Configuring Spring Security Core ...". -|true +|`true` |`grails.plugin.springsecurity.rejectIfNoRule` |Strict mode where a request mapping is required for all resources. -|true +|`true` |=== -== Domain class configuration properties. +=== Domain class configuration properties. [cols="3,5,2", options="header"] |=== @@ -52,68 +54,68 @@ This page is generated from `spring-configuration-metadata.json`. For IDE auto-c |`grails.plugin.springsecurity.authority.className` |Role class name. -|_none_ +|- |`grails.plugin.springsecurity.authority.nameField` |Role class role name property. -|authority +|`authority` |`grails.plugin.springsecurity.requestMap.className` |Requestmap class name. -|_none_ +|- |`grails.plugin.springsecurity.requestMap.configAttributeField` |Requestmap class role and token property. -|configAttribute +|`configAttribute` |`grails.plugin.springsecurity.requestMap.urlField` |Requestmap class URL pattern property. -|url +|`url` |`grails.plugin.springsecurity.userLookup.accountExpiredPropertyName` |User class account expired property. -|accountExpired +|`accountExpired` |`grails.plugin.springsecurity.userLookup.accountLockedPropertyName` |User class account locked property. -|accountLocked +|`accountLocked` |`grails.plugin.springsecurity.userLookup.authoritiesPropertyName` |User class role collection property. -|authorities +|`authorities` |`grails.plugin.springsecurity.userLookup.authorityJoinClassName` |User and role many-to-many join class name. -|_none_ +|- |`grails.plugin.springsecurity.userLookup.enabledPropertyName` |User class enabled property. -|enabled +|`enabled` |`grails.plugin.springsecurity.userLookup.passwordExpiredPropertyName` |User class password expired property. -|passwordExpired +|`passwordExpired` |`grails.plugin.springsecurity.userLookup.passwordPropertyName` |User class password property. -|password +|`password` |`grails.plugin.springsecurity.userLookup.userDomainClassName` |User class name. -|_none_ +|- |`grails.plugin.springsecurity.userLookup.usernameIgnoreCase` |Ignore case when searching for usernamePropertyName. -|false +|`false` |`grails.plugin.springsecurity.userLookup.usernamePropertyName` |User class username property. -|username +|`username` |=== -== Authentication and authorization configuration properties. +=== Authentication and authorization configuration properties. [cols="3,5,2", options="header"] |=== @@ -121,60 +123,60 @@ This page is generated from `spring-configuration-metadata.json`. For IDE auto-c |`grails.plugin.springsecurity.anon.key` |anonymousProcessingFilter key. -|foo +|`foo` |`grails.plugin.springsecurity.apf.continueChainBeforeSuccessfulAuthentication` |Whether to continue calling subsequent filters in the filter chain. -|false +|`false` |`grails.plugin.springsecurity.atr.anonymousClass` |Anonymous token class. -|grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken +|`grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken` |`grails.plugin.springsecurity.dao.hideUserNotFoundExceptions` |If true, throws BadCredentialsException for both bad username and bad password. -|true +|`true` |`grails.plugin.springsecurity.fii.alwaysReauthenticate` -|If true, re-authenticates when there is a Authentication in the SecurityContext. -|false +|If true, re-authenticates when there is an Authentication in the SecurityContext. +|`false` |`grails.plugin.springsecurity.fii.observeOncePerRequest` -|If false allow checks to happen multiple times. -|true +|If false, allow checks to happen multiple times. +|`true` |`grails.plugin.springsecurity.fii.publishAuthorizationSuccess` |Whether to publish an AuthorizedEvent after successful access check. -|false +|`false` |`grails.plugin.springsecurity.fii.rejectPublicInvocations` |Disallow URL access when there is no request mapping. -|true +|`true` |`grails.plugin.springsecurity.fii.validateConfigAttributes` |Whether to check that all ConfigAttribute instances are valid at startup. -|true +|`true` |`grails.plugin.springsecurity.providerManager.eraseCredentialsAfterAuthentication` |Whether to remove the password from the Authentication and its child objects after successful authentication. -|true +|`true` |`grails.plugin.springsecurity.providerNames` |Bean names of authentication providers. -|[daoAuthenticationProvider, anonymousAuthenticationProvider, rememberMeAuthenticationProvider] +|`[daoAuthenticationProvider, anonymousAuthenticationProvider, rememberMeAuthenticationProvider]` |`grails.plugin.springsecurity.roleHierarchy` |Hierarchical role definition. -|_none_ +|`""` |`grails.plugin.springsecurity.voterNames` |Bean names of voters. -|[authenticatedVoter, roleVoter, closureVoter] +|`[authenticatedVoter, roleVoter, closureVoter]` |=== -== Login and logout configuration properties. +=== Login and logout configuration properties. [cols="3,5,2", options="header"] |=== @@ -182,120 +184,120 @@ This page is generated from `spring-configuration-metadata.json`. For IDE auto-c |`grails.plugin.springsecurity.adh.ajaxErrorPage` |Location of the 403 error page for Ajax requests. -|/login/ajaxDenied +|`/login/ajaxDenied` |`grails.plugin.springsecurity.adh.errorPage` |Location of the 403 error page (or set to null to send a 403 error and not render a page). -|/login/denied +|`/login/denied` |`grails.plugin.springsecurity.adh.useForward` |If true a forward will be used to render the error page, otherwise a redirect is used. -|true +|`true` |`grails.plugin.springsecurity.apf.filterProcessesUrl` |Login form post URL, intercepted by Spring Security filter. -|/login/authenticate +|`/login/authenticate` |`grails.plugin.springsecurity.apf.passwordParameter` |Login form password parameter. -|password +|`password` |`grails.plugin.springsecurity.apf.postOnly` |Whether to allow only POST login requests. -|true +|`true` |`grails.plugin.springsecurity.apf.usernameParameter` |Login form username parameter. -|username +|`username` |`grails.plugin.springsecurity.auth.ajaxLoginFormUrl` |URL of Ajax login page. -|/login/authAjax +|`/login/authAjax` |`grails.plugin.springsecurity.auth.forceHttps` |If true, redirects login page requests to HTTPS. -|false +|`false` |`grails.plugin.springsecurity.auth.loginFormUrl` |URL of login page. -|/login/auth +|`/login/auth` |`grails.plugin.springsecurity.auth.useForward` |Whether to render the login page (true) or redirect (false). -|false +|`false` |`grails.plugin.springsecurity.failureHandler.ajaxAuthFailUrl` |Redirect URL for failed Ajax logins. -|/login/authfail?ajax=true +|`/login/authfail?ajax=true` |`grails.plugin.springsecurity.failureHandler.defaultFailureUrl` |Redirect URL for failed logins. -|/login/authfail?login_error=1 +|`/login/authfail?login_error=1` |`grails.plugin.springsecurity.failureHandler.exceptionMappings` |Map of AuthenticationException subclasses to redirect URLs after authentication failure. -|_none_ +|`[]` |`grails.plugin.springsecurity.failureHandler.useForward` |Whether to render the error page (true) or redirect (false). -|false +|`false` |`grails.plugin.springsecurity.logout.afterLogoutUrl` |URL for redirect after logout. -|/ +|`/` |`grails.plugin.springsecurity.logout.alwaysUseDefaultTargetUrl` |Whether to always use afterLogoutUrl as the post-logout URL. -|false +|`false` |`grails.plugin.springsecurity.logout.clearAuthentication` |If true removes the Authentication from the SecurityContext to prevent issues with concurrent requests. -|true +|`true` |`grails.plugin.springsecurity.logout.filterProcessesUrl` |Logout URL, intercepted by Spring Security filter. -|/logoff +|`/logoff` |`grails.plugin.springsecurity.logout.handlerNames` |Logout handler bean names. -|[rememberMeServices, securityContextLogoutHandler] +|`[rememberMeServices, securityContextLogoutHandler]` |`grails.plugin.springsecurity.logout.postOnly` |If true only POST requests will be allowed to logout. -|true +|`true` |`grails.plugin.springsecurity.logout.redirectToReferer` |Whether to use the Referer header value as the post-logout URL. -|false +|`false` |`grails.plugin.springsecurity.logout.targetUrlParameter` |The querystring parameter name for the post-logout URL. -|_none_ +|- |`grails.plugin.springsecurity.successHandler.ajaxSuccessUrl` |URL for redirect after successful Ajax login. -|/login/ajaxSuccess +|`/login/ajaxSuccess` |`grails.plugin.springsecurity.successHandler.alwaysUseDefault` |Whether to always redirect to successHandler.defaultTargetUrl after successful authentication. -|false +|`false` |`grails.plugin.springsecurity.successHandler.defaultTargetUrl` |Default post-login URL if there is no saved request that triggered the login. -|/ +|`/` |`grails.plugin.springsecurity.successHandler.targetUrlParameter` |Name of optional login form parameter that specifies destination after successful login. -|spring-security-redirect +|`spring-security-redirect` |`grails.plugin.springsecurity.successHandler.useReferer` |Whether to use the HTTP Referer header to determine post-login destination. -|false +|`false` |=== -== Password encoding configuration properties. +=== Password encoding configuration properties. [cols="3,5,2", options="header"] |=== @@ -303,12 +305,12 @@ This page is generated from `spring-configuration-metadata.json`. For IDE auto-c |`grails.plugin.springsecurity.dao.reflectionSaltSourceProperty` |Which property to use for the reflection-based salt source. -|_none_ +|- |=== -== Session and security context configuration properties. +=== Session and security context configuration properties. [cols="3,5,2", options="header"] |=== @@ -316,52 +318,52 @@ This page is generated from `spring-configuration-metadata.json`. For IDE auto-c |`grails.plugin.springsecurity.apf.allowSessionCreation` |Whether to allow authentication to create an HTTP session. -|true +|`true` |`grails.plugin.springsecurity.apf.storeLastUsername` |Whether to store the login username in the HTTP session. -|false +|`false` |`grails.plugin.springsecurity.failureHandler.allowSessionCreation` |Whether to enable session creation to store the authentication failure exception. -|true +|`true` |`grails.plugin.springsecurity.logout.invalidateHttpSession` |Whether to invalidate the HTTP session when logging out. -|true +|`true` |`grails.plugin.springsecurity.requestCache.createSession` |Whether caching SavedRequest can trigger the creation of a session. -|true +|`true` |`grails.plugin.springsecurity.sch.strategyName` |The strategy to use for storing the SecurityContext. -|SecurityContextHolder.MODE_THREADLOCAL +|`SecurityContextHolder.MODE_THREADLOCAL` |`grails.plugin.springsecurity.scpf.forceEagerSessionCreation` |Whether to eagerly create a session in the securityContextRepository bean. -|false +|`false` |`grails.plugin.springsecurity.scr.allowSessionCreation` |Whether to allow creating a session in the securityContextRepository bean. -|true +|`true` |`grails.plugin.springsecurity.scr.disableUrlRewriting` |Whether to disable URL rewriting (and the jsessionid attribute). -|true +|`true` |`grails.plugin.springsecurity.scr.springSecurityContextKey` |The HTTP session key to store the SecurityContext under. -|HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY +|`HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY` |`grails.plugin.springsecurity.useHttpSessionEventPublisher` |If true, an HttpSessionEventPublisher will be configured. -|false +|`false` |=== -== URL mapping configuration properties. +=== URL mapping configuration properties. [cols="3,5,2", options="header"] |=== @@ -369,28 +371,28 @@ This page is generated from `spring-configuration-metadata.json`. For IDE auto-c |`grails.plugin.springsecurity.controllerAnnotations.lowercase` |Whether to do URL comparisons using lowercase. -|true +|`true` |`grails.plugin.springsecurity.controllerAnnotations.staticRules` |Extra rules that cannot be mapped using annotations. -|_none_ +|`[]` |`grails.plugin.springsecurity.interceptUrlMap` |Request mapping definition when using InterceptUrlMap. -|_none_ +|`[]` |`grails.plugin.springsecurity.redirectStrategy.contextRelative` |If true, the redirect URL will be the value after the request context path. -|false +|`false` |`grails.plugin.springsecurity.securityConfigType` |Type of request mapping to use, one of Annotation, Requestmap, or InterceptUrlMap. -|Annotation +|`Annotation` |=== -== Miscellaneous configuration properties. +=== Miscellaneous configuration properties. [cols="3,5,2", options="header"] |=== @@ -398,26 +400,26 @@ This page is generated from `spring-configuration-metadata.json`. For IDE auto-c |`grails.plugin.springsecurity.ajaxCheckClosure` |An optional closure that can determine if a request is Ajax. -|_none_ +|- |`grails.plugin.springsecurity.ajaxHeader` |Header name sent by Ajax library, used to detect Ajax. -|X-Requested-With +|`X-Requested-With` |`grails.plugin.springsecurity.cacheUsers` |If true, logins are cached using an EhCache. -|false +|`false` |`grails.plugin.springsecurity.debug.useFilter` |Whether to use the DebugFilter to log request debug information to the console. -|false +|`false` |`grails.plugin.springsecurity.registerLoggerListener` |If true, registers a LoggerListener that logs interceptor-related application events. -|false +|`false` |`grails.plugin.springsecurity.useSecurityEventListener` |If true, configure SecurityEventListener. -|false +|`false` |=== diff --git a/plugin-core/plugin/src/main/resources/META-INF/spring-configuration-metadata.json b/plugin-core/plugin/src/main/resources/META-INF/spring-configuration-metadata.json index a4f678887..e517ee942 100644 --- a/plugin-core/plugin/src/main/resources/META-INF/spring-configuration-metadata.json +++ b/plugin-core/plugin/src/main/resources/META-INF/spring-configuration-metadata.json @@ -70,7 +70,7 @@ "name": "grails.plugin.springsecurity.userLookup.userDomainClassName", "type": "java.lang.String", "description": "User class name.", - "defaultValue": "_none_", + "defaultValue": null, "group": "grails.plugin.springsecurity.domain-classes" }, { @@ -133,14 +133,14 @@ "name": "grails.plugin.springsecurity.userLookup.authorityJoinClassName", "type": "java.lang.String", "description": "User and role many-to-many join class name.", - "defaultValue": "_none_", + "defaultValue": null, "group": "grails.plugin.springsecurity.domain-classes" }, { "name": "grails.plugin.springsecurity.authority.className", "type": "java.lang.String", "description": "Role class name.", - "defaultValue": "_none_", + "defaultValue": null, "group": "grails.plugin.springsecurity.domain-classes" }, { @@ -154,7 +154,7 @@ "name": "grails.plugin.springsecurity.requestMap.className", "type": "java.lang.String", "description": "Requestmap class name.", - "defaultValue": "_none_", + "defaultValue": null, "group": "grails.plugin.springsecurity.domain-classes" }, { @@ -236,9 +236,9 @@ }, { "name": "grails.plugin.springsecurity.failureHandler.exceptionMappings", - "type": "java.util.Map", + "type": "java.util.List", "description": "Map of AuthenticationException subclasses to redirect URLs after authentication failure.", - "defaultValue": "_none_", + "defaultValue": [], "group": "grails.plugin.springsecurity.login-logout" }, { @@ -360,7 +360,7 @@ "name": "grails.plugin.springsecurity.logout.targetUrlParameter", "type": "java.lang.String", "description": "The querystring parameter name for the post-logout URL.", - "defaultValue": "_none_", + "defaultValue": null, "group": "grails.plugin.springsecurity.login-logout" }, { @@ -416,7 +416,7 @@ "name": "grails.plugin.springsecurity.ajaxCheckClosure", "type": "groovy.lang.Closure", "description": "An optional closure that can determine if a request is Ajax.", - "defaultValue": "_none_", + "defaultValue": null, "group": "grails.plugin.springsecurity.miscellaneous" }, { @@ -429,7 +429,7 @@ { "name": "grails.plugin.springsecurity.fii.alwaysReauthenticate", "type": "java.lang.Boolean", - "description": "If true, re-authenticates when there is a Authentication in the SecurityContext.", + "description": "If true, re-authenticates when there is an Authentication in the SecurityContext.", "defaultValue": false, "group": "grails.plugin.springsecurity.authentication" }, @@ -457,7 +457,7 @@ { "name": "grails.plugin.springsecurity.fii.observeOncePerRequest", "type": "java.lang.Boolean", - "description": "If false allow checks to happen multiple times.", + "description": "If false, allow checks to happen multiple times.", "defaultValue": true, "group": "grails.plugin.springsecurity.authentication" }, @@ -500,7 +500,7 @@ "name": "grails.plugin.springsecurity.dao.reflectionSaltSourceProperty", "type": "java.lang.String", "description": "Which property to use for the reflection-based salt source.", - "defaultValue": "_none_", + "defaultValue": null, "group": "grails.plugin.springsecurity.password-encoding" }, { @@ -521,7 +521,7 @@ "name": "grails.plugin.springsecurity.roleHierarchy", "type": "java.lang.String", "description": "Hierarchical role definition.", - "defaultValue": "_none_", + "defaultValue": "", "group": "grails.plugin.springsecurity.authentication" }, { @@ -564,14 +564,14 @@ "name": "grails.plugin.springsecurity.controllerAnnotations.staticRules", "type": "java.util.List", "description": "Extra rules that cannot be mapped using annotations.", - "defaultValue": "_none_", + "defaultValue": [], "group": "grails.plugin.springsecurity.url-mapping" }, { "name": "grails.plugin.springsecurity.interceptUrlMap", "type": "java.util.List", "description": "Request mapping definition when using InterceptUrlMap.", - "defaultValue": "_none_", + "defaultValue": [], "group": "grails.plugin.springsecurity.url-mapping" }, { From be43a9d6f7cf4579f4204b40a55d3abf45edd754 Mon Sep 17 00:00:00 2001 From: James Fredley Date: Thu, 26 Feb 2026 17:17:59 -0500 Subject: [PATCH 5/6] Remove generated configurationProperties.adoc from source control The file is regenerated by generateConfigurationProperties task every build. Committing it creates unnecessary diff noise. Assisted-by: Claude Code --- .gitignore | 3 +- .../src/docs/configurationProperties.adoc | 425 ------------------ 2 files changed, 2 insertions(+), 426 deletions(-) delete mode 100644 plugin-core/docs/src/docs/configurationProperties.adoc diff --git a/.gitignore b/.gitignore index 37b092747..f24e11b7e 100644 --- a/.gitignore +++ b/.gitignore @@ -14,4 +14,5 @@ out atlassian-ide-plugin.xml plugin-ui/plugin/src/main/templates/views/* !etc/bin -etc/bin/results \ No newline at end of file +etc/bin/results +plugin-core/docs/src/docs/configurationProperties.adoc \ No newline at end of file diff --git a/plugin-core/docs/src/docs/configurationProperties.adoc b/plugin-core/docs/src/docs/configurationProperties.adoc deleted file mode 100644 index d76d55e16..000000000 --- a/plugin-core/docs/src/docs/configurationProperties.adoc +++ /dev/null @@ -1,425 +0,0 @@ -//// - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - https://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -//// - -[[configuration-properties]] -== Configuration Properties - -This page is generated from `spring-configuration-metadata.json`. For IDE auto-completion of these properties, ensure the plugin JAR is on your classpath. - - -=== General configuration properties. - -[cols="3,5,2", options="header"] -|=== -|Property |Description |Default - -|`grails.plugin.springsecurity.active` -|Whether the plugin is enabled. -|`true` - -|`grails.plugin.springsecurity.excludeSpringSecurityAutoConfiguration` -|Whether to automatically exclude Spring Boot security auto-configuration classes that conflict with the plugin. -|`true` - -|`grails.plugin.springsecurity.printStatusMessages` -|Whether to print status messages such as "Configuring Spring Security Core ...". -|`true` - -|`grails.plugin.springsecurity.rejectIfNoRule` -|Strict mode where a request mapping is required for all resources. -|`true` - -|=== - - -=== Domain class configuration properties. - -[cols="3,5,2", options="header"] -|=== -|Property |Description |Default - -|`grails.plugin.springsecurity.authority.className` -|Role class name. -|- - -|`grails.plugin.springsecurity.authority.nameField` -|Role class role name property. -|`authority` - -|`grails.plugin.springsecurity.requestMap.className` -|Requestmap class name. -|- - -|`grails.plugin.springsecurity.requestMap.configAttributeField` -|Requestmap class role and token property. -|`configAttribute` - -|`grails.plugin.springsecurity.requestMap.urlField` -|Requestmap class URL pattern property. -|`url` - -|`grails.plugin.springsecurity.userLookup.accountExpiredPropertyName` -|User class account expired property. -|`accountExpired` - -|`grails.plugin.springsecurity.userLookup.accountLockedPropertyName` -|User class account locked property. -|`accountLocked` - -|`grails.plugin.springsecurity.userLookup.authoritiesPropertyName` -|User class role collection property. -|`authorities` - -|`grails.plugin.springsecurity.userLookup.authorityJoinClassName` -|User and role many-to-many join class name. -|- - -|`grails.plugin.springsecurity.userLookup.enabledPropertyName` -|User class enabled property. -|`enabled` - -|`grails.plugin.springsecurity.userLookup.passwordExpiredPropertyName` -|User class password expired property. -|`passwordExpired` - -|`grails.plugin.springsecurity.userLookup.passwordPropertyName` -|User class password property. -|`password` - -|`grails.plugin.springsecurity.userLookup.userDomainClassName` -|User class name. -|- - -|`grails.plugin.springsecurity.userLookup.usernameIgnoreCase` -|Ignore case when searching for usernamePropertyName. -|`false` - -|`grails.plugin.springsecurity.userLookup.usernamePropertyName` -|User class username property. -|`username` - -|=== - - -=== Authentication and authorization configuration properties. - -[cols="3,5,2", options="header"] -|=== -|Property |Description |Default - -|`grails.plugin.springsecurity.anon.key` -|anonymousProcessingFilter key. -|`foo` - -|`grails.plugin.springsecurity.apf.continueChainBeforeSuccessfulAuthentication` -|Whether to continue calling subsequent filters in the filter chain. -|`false` - -|`grails.plugin.springsecurity.atr.anonymousClass` -|Anonymous token class. -|`grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken` - -|`grails.plugin.springsecurity.dao.hideUserNotFoundExceptions` -|If true, throws BadCredentialsException for both bad username and bad password. -|`true` - -|`grails.plugin.springsecurity.fii.alwaysReauthenticate` -|If true, re-authenticates when there is an Authentication in the SecurityContext. -|`false` - -|`grails.plugin.springsecurity.fii.observeOncePerRequest` -|If false, allow checks to happen multiple times. -|`true` - -|`grails.plugin.springsecurity.fii.publishAuthorizationSuccess` -|Whether to publish an AuthorizedEvent after successful access check. -|`false` - -|`grails.plugin.springsecurity.fii.rejectPublicInvocations` -|Disallow URL access when there is no request mapping. -|`true` - -|`grails.plugin.springsecurity.fii.validateConfigAttributes` -|Whether to check that all ConfigAttribute instances are valid at startup. -|`true` - -|`grails.plugin.springsecurity.providerManager.eraseCredentialsAfterAuthentication` -|Whether to remove the password from the Authentication and its child objects after successful authentication. -|`true` - -|`grails.plugin.springsecurity.providerNames` -|Bean names of authentication providers. -|`[daoAuthenticationProvider, anonymousAuthenticationProvider, rememberMeAuthenticationProvider]` - -|`grails.plugin.springsecurity.roleHierarchy` -|Hierarchical role definition. -|`""` - -|`grails.plugin.springsecurity.voterNames` -|Bean names of voters. -|`[authenticatedVoter, roleVoter, closureVoter]` - -|=== - - -=== Login and logout configuration properties. - -[cols="3,5,2", options="header"] -|=== -|Property |Description |Default - -|`grails.plugin.springsecurity.adh.ajaxErrorPage` -|Location of the 403 error page for Ajax requests. -|`/login/ajaxDenied` - -|`grails.plugin.springsecurity.adh.errorPage` -|Location of the 403 error page (or set to null to send a 403 error and not render a page). -|`/login/denied` - -|`grails.plugin.springsecurity.adh.useForward` -|If true a forward will be used to render the error page, otherwise a redirect is used. -|`true` - -|`grails.plugin.springsecurity.apf.filterProcessesUrl` -|Login form post URL, intercepted by Spring Security filter. -|`/login/authenticate` - -|`grails.plugin.springsecurity.apf.passwordParameter` -|Login form password parameter. -|`password` - -|`grails.plugin.springsecurity.apf.postOnly` -|Whether to allow only POST login requests. -|`true` - -|`grails.plugin.springsecurity.apf.usernameParameter` -|Login form username parameter. -|`username` - -|`grails.plugin.springsecurity.auth.ajaxLoginFormUrl` -|URL of Ajax login page. -|`/login/authAjax` - -|`grails.plugin.springsecurity.auth.forceHttps` -|If true, redirects login page requests to HTTPS. -|`false` - -|`grails.plugin.springsecurity.auth.loginFormUrl` -|URL of login page. -|`/login/auth` - -|`grails.plugin.springsecurity.auth.useForward` -|Whether to render the login page (true) or redirect (false). -|`false` - -|`grails.plugin.springsecurity.failureHandler.ajaxAuthFailUrl` -|Redirect URL for failed Ajax logins. -|`/login/authfail?ajax=true` - -|`grails.plugin.springsecurity.failureHandler.defaultFailureUrl` -|Redirect URL for failed logins. -|`/login/authfail?login_error=1` - -|`grails.plugin.springsecurity.failureHandler.exceptionMappings` -|Map of AuthenticationException subclasses to redirect URLs after authentication failure. -|`[]` - -|`grails.plugin.springsecurity.failureHandler.useForward` -|Whether to render the error page (true) or redirect (false). -|`false` - -|`grails.plugin.springsecurity.logout.afterLogoutUrl` -|URL for redirect after logout. -|`/` - -|`grails.plugin.springsecurity.logout.alwaysUseDefaultTargetUrl` -|Whether to always use afterLogoutUrl as the post-logout URL. -|`false` - -|`grails.plugin.springsecurity.logout.clearAuthentication` -|If true removes the Authentication from the SecurityContext to prevent issues with concurrent requests. -|`true` - -|`grails.plugin.springsecurity.logout.filterProcessesUrl` -|Logout URL, intercepted by Spring Security filter. -|`/logoff` - -|`grails.plugin.springsecurity.logout.handlerNames` -|Logout handler bean names. -|`[rememberMeServices, securityContextLogoutHandler]` - -|`grails.plugin.springsecurity.logout.postOnly` -|If true only POST requests will be allowed to logout. -|`true` - -|`grails.plugin.springsecurity.logout.redirectToReferer` -|Whether to use the Referer header value as the post-logout URL. -|`false` - -|`grails.plugin.springsecurity.logout.targetUrlParameter` -|The querystring parameter name for the post-logout URL. -|- - -|`grails.plugin.springsecurity.successHandler.ajaxSuccessUrl` -|URL for redirect after successful Ajax login. -|`/login/ajaxSuccess` - -|`grails.plugin.springsecurity.successHandler.alwaysUseDefault` -|Whether to always redirect to successHandler.defaultTargetUrl after successful authentication. -|`false` - -|`grails.plugin.springsecurity.successHandler.defaultTargetUrl` -|Default post-login URL if there is no saved request that triggered the login. -|`/` - -|`grails.plugin.springsecurity.successHandler.targetUrlParameter` -|Name of optional login form parameter that specifies destination after successful login. -|`spring-security-redirect` - -|`grails.plugin.springsecurity.successHandler.useReferer` -|Whether to use the HTTP Referer header to determine post-login destination. -|`false` - -|=== - - -=== Password encoding configuration properties. - -[cols="3,5,2", options="header"] -|=== -|Property |Description |Default - -|`grails.plugin.springsecurity.dao.reflectionSaltSourceProperty` -|Which property to use for the reflection-based salt source. -|- - -|=== - - -=== Session and security context configuration properties. - -[cols="3,5,2", options="header"] -|=== -|Property |Description |Default - -|`grails.plugin.springsecurity.apf.allowSessionCreation` -|Whether to allow authentication to create an HTTP session. -|`true` - -|`grails.plugin.springsecurity.apf.storeLastUsername` -|Whether to store the login username in the HTTP session. -|`false` - -|`grails.plugin.springsecurity.failureHandler.allowSessionCreation` -|Whether to enable session creation to store the authentication failure exception. -|`true` - -|`grails.plugin.springsecurity.logout.invalidateHttpSession` -|Whether to invalidate the HTTP session when logging out. -|`true` - -|`grails.plugin.springsecurity.requestCache.createSession` -|Whether caching SavedRequest can trigger the creation of a session. -|`true` - -|`grails.plugin.springsecurity.sch.strategyName` -|The strategy to use for storing the SecurityContext. -|`SecurityContextHolder.MODE_THREADLOCAL` - -|`grails.plugin.springsecurity.scpf.forceEagerSessionCreation` -|Whether to eagerly create a session in the securityContextRepository bean. -|`false` - -|`grails.plugin.springsecurity.scr.allowSessionCreation` -|Whether to allow creating a session in the securityContextRepository bean. -|`true` - -|`grails.plugin.springsecurity.scr.disableUrlRewriting` -|Whether to disable URL rewriting (and the jsessionid attribute). -|`true` - -|`grails.plugin.springsecurity.scr.springSecurityContextKey` -|The HTTP session key to store the SecurityContext under. -|`HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY` - -|`grails.plugin.springsecurity.useHttpSessionEventPublisher` -|If true, an HttpSessionEventPublisher will be configured. -|`false` - -|=== - - -=== URL mapping configuration properties. - -[cols="3,5,2", options="header"] -|=== -|Property |Description |Default - -|`grails.plugin.springsecurity.controllerAnnotations.lowercase` -|Whether to do URL comparisons using lowercase. -|`true` - -|`grails.plugin.springsecurity.controllerAnnotations.staticRules` -|Extra rules that cannot be mapped using annotations. -|`[]` - -|`grails.plugin.springsecurity.interceptUrlMap` -|Request mapping definition when using InterceptUrlMap. -|`[]` - -|`grails.plugin.springsecurity.redirectStrategy.contextRelative` -|If true, the redirect URL will be the value after the request context path. -|`false` - -|`grails.plugin.springsecurity.securityConfigType` -|Type of request mapping to use, one of Annotation, Requestmap, or InterceptUrlMap. -|`Annotation` - -|=== - - -=== Miscellaneous configuration properties. - -[cols="3,5,2", options="header"] -|=== -|Property |Description |Default - -|`grails.plugin.springsecurity.ajaxCheckClosure` -|An optional closure that can determine if a request is Ajax. -|- - -|`grails.plugin.springsecurity.ajaxHeader` -|Header name sent by Ajax library, used to detect Ajax. -|`X-Requested-With` - -|`grails.plugin.springsecurity.cacheUsers` -|If true, logins are cached using an EhCache. -|`false` - -|`grails.plugin.springsecurity.debug.useFilter` -|Whether to use the DebugFilter to log request debug information to the console. -|`false` - -|`grails.plugin.springsecurity.registerLoggerListener` -|If true, registers a LoggerListener that logs interceptor-related application events. -|`false` - -|`grails.plugin.springsecurity.useSecurityEventListener` -|If true, configure SecurityEventListener. -|`false` - -|=== From 5fab3c6fd06208b6fa753beb2af031a78cb33986 Mon Sep 17 00:00:00 2001 From: James Fredley Date: Thu, 26 Feb 2026 17:38:27 -0500 Subject: [PATCH 6/6] Add 62 missing config properties and 5 new groups to metadata Complete spring-configuration-metadata.json to cover all 145 properties defined in DefaultSecurityConfig.groovy. Add groups for remember-me, basic-digest-auth, switch-user, port-channel, and x509. Update orderedGroupNames in docs build.gradle to render all new sections. Assisted-by: Claude Code --- plugin-core/docs/build.gradle | 5 + .../spring-configuration-metadata.json | 454 ++++++++++++++++++ 2 files changed, 459 insertions(+) diff --git a/plugin-core/docs/build.gradle b/plugin-core/docs/build.gradle index c95fb71b2..23f519161 100644 --- a/plugin-core/docs/build.gradle +++ b/plugin-core/docs/build.gradle @@ -86,8 +86,13 @@ tasks.register('generateConfigurationProperties') { 'grails.plugin.springsecurity.authentication', 'grails.plugin.springsecurity.login-logout', 'grails.plugin.springsecurity.password-encoding', + 'grails.plugin.springsecurity.remember-me', 'grails.plugin.springsecurity.session', 'grails.plugin.springsecurity.url-mapping', + 'grails.plugin.springsecurity.basic-digest-auth', + 'grails.plugin.springsecurity.switch-user', + 'grails.plugin.springsecurity.port-channel', + 'grails.plugin.springsecurity.x509', 'grails.plugin.springsecurity.miscellaneous' ] diff --git a/plugin-core/plugin/src/main/resources/META-INF/spring-configuration-metadata.json b/plugin-core/plugin/src/main/resources/META-INF/spring-configuration-metadata.json index e517ee942..96bc181c8 100644 --- a/plugin-core/plugin/src/main/resources/META-INF/spring-configuration-metadata.json +++ b/plugin-core/plugin/src/main/resources/META-INF/spring-configuration-metadata.json @@ -32,6 +32,26 @@ "name": "grails.plugin.springsecurity.url-mapping", "description": "URL mapping configuration properties." }, + { + "name": "grails.plugin.springsecurity.remember-me", + "description": "Remember-me cookie configuration properties." + }, + { + "name": "grails.plugin.springsecurity.basic-digest-auth", + "description": "Basic and digest HTTP authentication properties." + }, + { + "name": "grails.plugin.springsecurity.switch-user", + "description": "Switch user (impersonation) configuration properties." + }, + { + "name": "grails.plugin.springsecurity.port-channel", + "description": "Port mapping and secure channel configuration properties." + }, + { + "name": "grails.plugin.springsecurity.x509", + "description": "X.509 client certificate authentication properties." + }, { "name": "grails.plugin.springsecurity.miscellaneous", "description": "Miscellaneous configuration properties." @@ -66,6 +86,48 @@ "defaultValue": true, "group": "grails.plugin.springsecurity.general" }, + { + "name": "grails.plugin.springsecurity.useBasicAuth", + "type": "java.lang.Boolean", + "description": "Whether to enable HTTP Basic authentication.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.general" + }, + { + "name": "grails.plugin.springsecurity.useDigestAuth", + "type": "java.lang.Boolean", + "description": "Whether to enable HTTP Digest authentication.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.general" + }, + { + "name": "grails.plugin.springsecurity.useSwitchUserFilter", + "type": "java.lang.Boolean", + "description": "Whether to enable the switch user filter.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.general" + }, + { + "name": "grails.plugin.springsecurity.useX509", + "type": "java.lang.Boolean", + "description": "Whether to enable X.509 authentication.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.general" + }, + { + "name": "grails.plugin.springsecurity.useExternalClasses", + "type": "java.lang.Boolean", + "description": "If true, use external domain classes.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.general" + }, + { + "name": "grails.plugin.springsecurity.useRoleGroups", + "type": "java.lang.Boolean", + "description": "If true, enable role groups.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.general" + }, { "name": "grails.plugin.springsecurity.userLookup.userDomainClassName", "type": "java.lang.String", @@ -150,6 +212,13 @@ "defaultValue": "authority", "group": "grails.plugin.springsecurity.domain-classes" }, + { + "name": "grails.plugin.springsecurity.authority.groupAuthorityNameField", + "type": "java.lang.String", + "description": "Role class authority group name property.", + "defaultValue": null, + "group": "grails.plugin.springsecurity.domain-classes" + }, { "name": "grails.plugin.springsecurity.requestMap.className", "type": "java.lang.String", @@ -171,6 +240,13 @@ "defaultValue": "configAttribute", "group": "grails.plugin.springsecurity.domain-classes" }, + { + "name": "grails.plugin.springsecurity.requestMap.httpMethodField", + "type": "java.lang.String", + "description": "Requestmap class HTTP method property.", + "defaultValue": "httpMethod", + "group": "grails.plugin.springsecurity.domain-classes" + }, { "name": "grails.plugin.springsecurity.apf.filterProcessesUrl", "type": "java.lang.String", @@ -405,6 +481,293 @@ "defaultValue": true, "group": "grails.plugin.springsecurity.login-logout" }, + { + "name": "grails.plugin.springsecurity.rememberMe.cookieName", + "type": "java.lang.String", + "description": "Remember-me cookie name.", + "defaultValue": "grails_remember_me", + "group": "grails.plugin.springsecurity.remember-me" + }, + { + "name": "grails.plugin.springsecurity.rememberMe.cookieDomain", + "type": "java.lang.String", + "description": "Remember-me cookie domain.", + "defaultValue": null, + "group": "grails.plugin.springsecurity.remember-me" + }, + { + "name": "grails.plugin.springsecurity.rememberMe.alwaysRemember", + "type": "java.lang.Boolean", + "description": "Whether to always remember users.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.remember-me" + }, + { + "name": "grails.plugin.springsecurity.rememberMe.tokenValiditySeconds", + "type": "java.lang.Integer", + "description": "Remember-me token validity in seconds.", + "defaultValue": 1209600, + "group": "grails.plugin.springsecurity.remember-me" + }, + { + "name": "grails.plugin.springsecurity.rememberMe.parameter", + "type": "java.lang.String", + "description": "Remember-me parameter name.", + "defaultValue": "remember-me", + "group": "grails.plugin.springsecurity.remember-me" + }, + { + "name": "grails.plugin.springsecurity.rememberMe.key", + "type": "java.lang.String", + "description": "Key used to identify remember-me tokens.", + "defaultValue": "grailsRocks", + "group": "grails.plugin.springsecurity.remember-me" + }, + { + "name": "grails.plugin.springsecurity.rememberMe.persistent", + "type": "java.lang.Boolean", + "description": "Whether to use persistent remember-me tokens.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.remember-me" + }, + { + "name": "grails.plugin.springsecurity.rememberMe.persistentToken.domainClassName", + "type": "java.lang.String", + "description": "Persistent token domain class name.", + "defaultValue": null, + "group": "grails.plugin.springsecurity.remember-me" + }, + { + "name": "grails.plugin.springsecurity.rememberMe.persistentToken.seriesLength", + "type": "java.lang.Integer", + "description": "Persistent token series length.", + "defaultValue": 16, + "group": "grails.plugin.springsecurity.remember-me" + }, + { + "name": "grails.plugin.springsecurity.rememberMe.persistentToken.tokenLength", + "type": "java.lang.Integer", + "description": "Persistent token token length.", + "defaultValue": 16, + "group": "grails.plugin.springsecurity.remember-me" + }, + { + "name": "grails.plugin.springsecurity.rememberMe.useSecureCookie", + "type": "java.lang.Boolean", + "description": "Whether to use a secure remember-me cookie.", + "defaultValue": null, + "group": "grails.plugin.springsecurity.remember-me" + }, + { + "name": "grails.plugin.springsecurity.rememberMe.createSessionOnSuccess", + "type": "java.lang.Boolean", + "description": "Whether to create a session after remember-me login.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.remember-me" + }, + { + "name": "grails.plugin.springsecurity.basic.realmName", + "type": "java.lang.String", + "description": "Realm name for HTTP Basic authentication.", + "defaultValue": "Grails Realm", + "group": "grails.plugin.springsecurity.basic-digest-auth" + }, + { + "name": "grails.plugin.springsecurity.basic.credentialsCharset", + "type": "java.lang.String", + "description": "Credentials charset for HTTP Basic authentication.", + "defaultValue": "UTF-8", + "group": "grails.plugin.springsecurity.basic-digest-auth" + }, + { + "name": "grails.plugin.springsecurity.digest.realmName", + "type": "java.lang.String", + "description": "Realm name for HTTP Digest authentication.", + "defaultValue": "Grails Realm", + "group": "grails.plugin.springsecurity.basic-digest-auth" + }, + { + "name": "grails.plugin.springsecurity.digest.key", + "type": "java.lang.String", + "description": "Key for HTTP Digest authentication.", + "defaultValue": "changeme", + "group": "grails.plugin.springsecurity.basic-digest-auth" + }, + { + "name": "grails.plugin.springsecurity.digest.nonceValiditySeconds", + "type": "java.lang.Integer", + "description": "Digest nonce validity in seconds.", + "defaultValue": 300, + "group": "grails.plugin.springsecurity.basic-digest-auth" + }, + { + "name": "grails.plugin.springsecurity.digest.passwordAlreadyEncoded", + "type": "java.lang.Boolean", + "description": "Whether digest passwords are already encoded.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.basic-digest-auth" + }, + { + "name": "grails.plugin.springsecurity.digest.createAuthenticatedToken", + "type": "java.lang.Boolean", + "description": "Whether to create authenticated tokens for digest auth.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.basic-digest-auth" + }, + { + "name": "grails.plugin.springsecurity.digest.useCleartextPasswords", + "type": "java.lang.Boolean", + "description": "Whether to use cleartext passwords for digest auth.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.basic-digest-auth" + }, + { + "name": "grails.plugin.springsecurity.switchUser.switchUserUrl", + "type": "java.lang.String", + "description": "URL used to switch users.", + "defaultValue": "/login/impersonate", + "group": "grails.plugin.springsecurity.switch-user" + }, + { + "name": "grails.plugin.springsecurity.switchUser.exitUserUrl", + "type": "java.lang.String", + "description": "URL used to exit switched user.", + "defaultValue": "/logout/impersonate", + "group": "grails.plugin.springsecurity.switch-user" + }, + { + "name": "grails.plugin.springsecurity.switchUser.targetUrl", + "type": "java.lang.String", + "description": "Target URL after switching user.", + "defaultValue": null, + "group": "grails.plugin.springsecurity.switch-user" + }, + { + "name": "grails.plugin.springsecurity.switchUser.switchFailureUrl", + "type": "java.lang.String", + "description": "Failure URL for switch user.", + "defaultValue": null, + "group": "grails.plugin.springsecurity.switch-user" + }, + { + "name": "grails.plugin.springsecurity.switchUser.usernameParameter", + "type": "java.lang.String", + "description": "Username parameter for switch user.", + "defaultValue": "username", + "group": "grails.plugin.springsecurity.switch-user" + }, + { + "name": "grails.plugin.springsecurity.portMapper.httpPort", + "type": "java.lang.Integer", + "description": "HTTP port for port mapping.", + "defaultValue": 8080, + "group": "grails.plugin.springsecurity.port-channel" + }, + { + "name": "grails.plugin.springsecurity.portMapper.httpsPort", + "type": "java.lang.Integer", + "description": "HTTPS port for port mapping.", + "defaultValue": 8443, + "group": "grails.plugin.springsecurity.port-channel" + }, + { + "name": "grails.plugin.springsecurity.secureChannel.definition", + "type": "java.util.List", + "description": "Secure channel definition rules.", + "defaultValue": [], + "group": "grails.plugin.springsecurity.port-channel" + }, + { + "name": "grails.plugin.springsecurity.secureChannel.useHeaderCheckChannelSecurity", + "type": "java.lang.Boolean", + "description": "Whether to use header based channel security.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.port-channel" + }, + { + "name": "grails.plugin.springsecurity.secureChannel.secureHeaderName", + "type": "java.lang.String", + "description": "Header name indicating secure channel.", + "defaultValue": "X-Forwarded-Proto", + "group": "grails.plugin.springsecurity.port-channel" + }, + { + "name": "grails.plugin.springsecurity.secureChannel.secureHeaderValue", + "type": "java.lang.String", + "description": "Header value indicating secure channel.", + "defaultValue": "http", + "group": "grails.plugin.springsecurity.port-channel" + }, + { + "name": "grails.plugin.springsecurity.secureChannel.secureConfigAttributeKeyword", + "type": "java.lang.String", + "description": "Config attribute keyword for secure channel.", + "defaultValue": "REQUIRES_SECURE_CHANNEL", + "group": "grails.plugin.springsecurity.port-channel" + }, + { + "name": "grails.plugin.springsecurity.secureChannel.insecureHeaderName", + "type": "java.lang.String", + "description": "Header name indicating insecure channel.", + "defaultValue": "X-Forwarded-Proto", + "group": "grails.plugin.springsecurity.port-channel" + }, + { + "name": "grails.plugin.springsecurity.secureChannel.insecureHeaderValue", + "type": "java.lang.String", + "description": "Header value indicating insecure channel.", + "defaultValue": "https", + "group": "grails.plugin.springsecurity.port-channel" + }, + { + "name": "grails.plugin.springsecurity.secureChannel.insecureConfigAttributeKeyword", + "type": "java.lang.String", + "description": "Config attribute keyword for insecure channel.", + "defaultValue": "REQUIRES_INSECURE_CHANNEL", + "group": "grails.plugin.springsecurity.port-channel" + }, + { + "name": "grails.plugin.springsecurity.x509.continueFilterChainOnUnsuccessfulAuthentication", + "type": "java.lang.Boolean", + "description": "Whether to continue filter chain when X.509 authentication fails.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.x509" + }, + { + "name": "grails.plugin.springsecurity.x509.subjectDnRegex", + "type": "java.lang.String", + "description": "Regex for extracting username from subject DN.", + "defaultValue": "CN=(.*?)(?:,|$)", + "group": "grails.plugin.springsecurity.x509" + }, + { + "name": "grails.plugin.springsecurity.x509.subjectDnClosure", + "type": "groovy.lang.Closure", + "description": "Closure to extract principal from subject DN.", + "defaultValue": null, + "group": "grails.plugin.springsecurity.x509" + }, + { + "name": "grails.plugin.springsecurity.x509.checkForPrincipalChanges", + "type": "java.lang.Boolean", + "description": "Whether to check for principal changes.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.x509" + }, + { + "name": "grails.plugin.springsecurity.x509.invalidateSessionOnPrincipalChange", + "type": "java.lang.Boolean", + "description": "Whether to invalidate the session when the principal changes.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.x509" + }, + { + "name": "grails.plugin.springsecurity.x509.throwExceptionWhenTokenRejected", + "type": "java.lang.Boolean", + "description": "Whether to throw an exception when the token is rejected.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.x509" + }, { "name": "grails.plugin.springsecurity.ajaxHeader", "type": "java.lang.String", @@ -419,6 +782,34 @@ "defaultValue": null, "group": "grails.plugin.springsecurity.miscellaneous" }, + { + "name": "grails.plugin.springsecurity.ipRestrictions", + "type": "java.util.List", + "description": "List of IP addresses allowed by the IP restriction filter.", + "defaultValue": [], + "group": "grails.plugin.springsecurity.miscellaneous" + }, + { + "name": "grails.plugin.springsecurity.beanTypeResolverClass", + "type": "java.lang.String", + "description": "Bean type resolver class name.", + "defaultValue": "grails.plugin.springsecurity.BeanTypeResolver", + "group": "grails.plugin.springsecurity.miscellaneous" + }, + { + "name": "grails.plugin.springsecurity.gsp.layoutAuth", + "type": "java.lang.String", + "description": "Layout name for auth views.", + "defaultValue": "main", + "group": "grails.plugin.springsecurity.miscellaneous" + }, + { + "name": "grails.plugin.springsecurity.gsp.layoutDenied", + "type": "java.lang.String", + "description": "Layout name for denied views.", + "defaultValue": "main", + "group": "grails.plugin.springsecurity.miscellaneous" + }, { "name": "grails.plugin.springsecurity.redirectStrategy.contextRelative", "type": "java.lang.Boolean", @@ -475,6 +866,13 @@ "defaultValue": "grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken", "group": "grails.plugin.springsecurity.authentication" }, + { + "name": "grails.plugin.springsecurity.atr.rememberMeClass", + "type": "java.lang.String", + "description": "Remember-me token class.", + "defaultValue": "org.springframework.security.authentication.RememberMeAuthenticationToken", + "group": "grails.plugin.springsecurity.authentication" + }, { "name": "grails.plugin.springsecurity.useHttpSessionEventPublisher", "type": "java.lang.Boolean", @@ -503,6 +901,34 @@ "defaultValue": null, "group": "grails.plugin.springsecurity.password-encoding" }, + { + "name": "grails.plugin.springsecurity.password.algorithm", + "type": "java.lang.String", + "description": "Password encoding algorithm.", + "defaultValue": "bcrypt", + "group": "grails.plugin.springsecurity.password-encoding" + }, + { + "name": "grails.plugin.springsecurity.password.encodeHashAsBase64", + "type": "java.lang.Boolean", + "description": "Whether to Base64 encode password hashes.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.password-encoding" + }, + { + "name": "grails.plugin.springsecurity.password.bcrypt.logrounds", + "type": "java.lang.Integer", + "description": "BCrypt log rounds.", + "defaultValue": 10, + "group": "grails.plugin.springsecurity.password-encoding" + }, + { + "name": "grails.plugin.springsecurity.password.hash.iterations", + "type": "java.lang.Integer", + "description": "Hashing iterations.", + "defaultValue": 10000, + "group": "grails.plugin.springsecurity.password-encoding" + }, { "name": "grails.plugin.springsecurity.dao.hideUserNotFoundExceptions", "type": "java.lang.Boolean", @@ -517,6 +943,27 @@ "defaultValue": true, "group": "grails.plugin.springsecurity.session" }, + { + "name": "grails.plugin.springsecurity.useSessionFixationPrevention", + "type": "java.lang.Boolean", + "description": "Whether to use session fixation prevention.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.session" + }, + { + "name": "grails.plugin.springsecurity.sessionFixationPrevention.migrate", + "type": "java.lang.Boolean", + "description": "Whether to migrate the session on authentication.", + "defaultValue": true, + "group": "grails.plugin.springsecurity.session" + }, + { + "name": "grails.plugin.springsecurity.sessionFixationPrevention.alwaysCreateSession", + "type": "java.lang.Boolean", + "description": "Whether to always create a session for session fixation prevention.", + "defaultValue": false, + "group": "grails.plugin.springsecurity.session" + }, { "name": "grails.plugin.springsecurity.roleHierarchy", "type": "java.lang.String", @@ -546,6 +993,13 @@ ], "group": "grails.plugin.springsecurity.authentication" }, + { + "name": "grails.plugin.springsecurity.afterInvocationManagerProviderNames", + "type": "java.util.List", + "description": "AfterInvocationManager provider bean names.", + "defaultValue": [], + "group": "grails.plugin.springsecurity.authentication" + }, { "name": "grails.plugin.springsecurity.securityConfigType", "type": "java.lang.String",