Copilot commented on code in PR #1206:
URL:
https://github.com/apache/grails-spring-security/pull/1206#discussion_r2817811891
##########
plugin-core/docs/src/docs/requestMappings/securedAnnotations.adoc:
##########
@@ -145,19 +145,70 @@ class Thing {
==== controllerAnnotations.staticRules
-You can also define "`static`" mappings that cannot be expressed in the
controllers, such as '/pass:[**]' or for JavaScript, CSS, or image URLs. Use
the `controllerAnnotations.staticRules` property, for example:
+You can also define "`static`" mappings that cannot be expressed in the
controllers, such as '/pass:[**]' or for JavaScript, CSS, or image URLs. Use
the `controllerAnnotations.staticRules` property.
+
+In `application.groovy`:
[source,groovy]
+.Listing {counter:listing}. Static rules in `application.groovy`
----
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
- ...
[pattern: '/js/admin/**', access: ['ROLE_ADMIN']],
[pattern: '/someplugin/**', access: ['ROLE_ADMIN']]
]
----
+Or equivalently in `application.yml`:
+
+[source,yaml]
+.Listing {counter:listing}. Static rules in `application.yml` (flow mapping)
+----
+grails:
+ plugin:
+ springsecurity:
+ controllerAnnotations:
+ staticRules:
+ - { pattern: '/js/admin/**', access: ['ROLE_ADMIN'] }
+ - { pattern: '/someplugin/**', access: ['ROLE_ADMIN'] }
+----
+
+Block mapping syntax also works:
+
+[source,yaml]
+.Listing {counter:listing}. Static rules in `application.yml` (block mapping)
+----
+grails:
+ plugin:
+ springsecurity:
+ controllerAnnotations:
+ staticRules:
+ - pattern: '/js/admin/**'
+ access:
+ - ROLE_ADMIN
+ - pattern: '/someplugin/**'
+ access:
+ - ROLE_ADMIN
+----
+
This example maps all URLs associated with `SomePluginController`, which has
URLs of the form `/somePlugin/...`, to `ROLE_ADMIN`; annotations are not an
option here because you would not edit plugin code for a change like this.
+[IMPORTANT]
+====
+The `staticRules` value must be a *List* of Maps. A common YAML mistake is
omitting the `-` list indicator, which produces a single Map instead:
+
+[source,yaml]
+.Listing {counter:listing}. Incorrect - single Map instead of List of Maps
+----
+# WRONG - this is a Map, not a List of Maps
+staticRules:
+ pattern: '/**'
+ access:
+ - permitAll
Review Comment:
The incorrect YAML example is shown at the root (`staticRules:`), but in a
real `application.yml` this key needs to be under
`grails.plugin.springsecurity.controllerAnnotations`. As written, readers may
copy/paste the example and end up with a different (also invalid) configuration
issue than the intended Map-vs-List pitfall. Consider including the full config
path (or explicitly stating that the snippet is intentionally truncated to just
the `staticRules` portion).
```suggestion
grails:
plugin:
springsecurity:
controllerAnnotations:
staticRules:
pattern: '/**'
access:
- permitAll
```
##########
plugin-core/docs/src/docs/requestMappings/securedAnnotations.adoc:
##########
@@ -145,19 +145,70 @@ class Thing {
==== controllerAnnotations.staticRules
-You can also define "`static`" mappings that cannot be expressed in the
controllers, such as '/pass:[**]' or for JavaScript, CSS, or image URLs. Use
the `controllerAnnotations.staticRules` property, for example:
+You can also define "`static`" mappings that cannot be expressed in the
controllers, such as '/pass:[**]' or for JavaScript, CSS, or image URLs. Use
the `controllerAnnotations.staticRules` property.
+
+In `application.groovy`:
[source,groovy]
+.Listing {counter:listing}. Static rules in `application.groovy`
----
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
- ...
[pattern: '/js/admin/**', access: ['ROLE_ADMIN']],
[pattern: '/someplugin/**', access: ['ROLE_ADMIN']]
]
----
+Or equivalently in `application.yml`:
+
+[source,yaml]
+.Listing {counter:listing}. Static rules in `application.yml` (flow mapping)
+----
+grails:
+ plugin:
+ springsecurity:
+ controllerAnnotations:
+ staticRules:
+ - { pattern: '/js/admin/**', access: ['ROLE_ADMIN'] }
+ - { pattern: '/someplugin/**', access: ['ROLE_ADMIN'] }
+----
+
+Block mapping syntax also works:
+
+[source,yaml]
+.Listing {counter:listing}. Static rules in `application.yml` (block mapping)
+----
+grails:
+ plugin:
+ springsecurity:
+ controllerAnnotations:
+ staticRules:
+ - pattern: '/js/admin/**'
+ access:
+ - ROLE_ADMIN
+ - pattern: '/someplugin/**'
+ access:
+ - ROLE_ADMIN
+----
+
This example maps all URLs associated with `SomePluginController`, which has
URLs of the form `/somePlugin/...`, to `ROLE_ADMIN`; annotations are not an
option here because you would not edit plugin code for a change like this.
Review Comment:
The text says `SomePluginController` URLs are of the form `/somePlugin/...`,
but all examples in this section use the lowercase pattern `/someplugin/**`.
These should match to avoid confusing readers about case sensitivity in URL
patterns.
```suggestion
This example maps all URLs associated with `SomePluginController`, which has
URLs of the form `/someplugin/...`, to `ROLE_ADMIN`; annotations are not an
option here because you would not edit plugin code for a change like this.
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
