You shouldn't need to do anything in resources.groovy, just add

grails.plugins.springsecurity.useBasicAuth = true

to Config.groovy as described in section 9.1 of the docs: http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/

Burt
---------------------------------------------------------------------
To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email

But I do not want the whole application to use Basic Authentication but just the rest api urls, e.g. /<app>/rest/**
while the rest of the application uses form based authentication.

----- Original Message -----
From: "Burt Beckwith" <***@burtbeckwith.com>
To: ***@grails.codehaus.org
Sent: Friday, July 9, 2010 6:07:55 PM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna
Subject: Re: [grails-user] Spring Security Core Plugin - Basic auth for rest url

You shouldn't need to do anything in resources.groovy, just add

grails.plugins.springsecurity.useBasicAuth = true

to Config.groovy as described in section 9.1 of the docs: http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/

Burt
---------------------------------------------------------------------
To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email

Tried this configuration already: basic authentication filter created by your plugin setting useBasicAuth to true. While the api urls work as expected the other urls as well pop up the basic authentication box. May be the filter chain for /** is wrong!?

grails.plugins.springsecurity.useBasicAuth = true
grails.plugins.springsecurity.basic.realmName = "API"

grails.plugins.springsecurity.filterChain.chainMap = [
'/api/**': 'securityContextPersistenceFilter,logoutFilter,basicAuthenticationFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor',
'/**':'securityContextPersistenceFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeAuthenticationFilter,anonymousAuthenticationFilter,exceptionTranslationFilter,filterInvocationInterceptor'
]

----- Original Message -----
From: "Burt Beckwith" <***@burtbeckwith.com>
To: ***@grails.codehaus.org
Sent: Friday, July 9, 2010 6:26:26 PM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna
Subject: Re: [grails-user] Spring Security Core Plugin - Basic auth for rest url

Right - so keep the grails.plugins.springsecurity.filterChain.chainMap in Config.groovy, that's what it's for.

Burt
---------------------------------------------------------------------
To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email

Checked your source. You are right there is only one 'authenticationEntryPoint' defined that is either form based, basic, digest or x509. So an application can have only one of these. Not really a bug but I created a Jira anyway:

http://jira.codehaus.org/browse/GRAILSPLUGINS-2277

Thanks a lot for your quick hints,
Ingo

----- Original Message -----
From: "Burt Beckwith" <***@burtbeckwith.com>
To: ***@grails.codehaus.org
Sent: Friday, July 9, 2010 9:54:21 PM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna
Subject: Re: [grails-user] Spring Security Core Plugin - Basic auth for rest url

I think this is a bug with the AuthenticationEntryPoint but I won't have time to look at it until the weekend. Please create an issue at http://jira.codehaus.org/browse/GRAILSPLUGINS under Grails-Spring-Security-Core so it gets tracked.

Burt
---------------------------------------------------------------------
To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email