Hi,
i'm using Spring security UI plugin for Grails , is there a way to prevent the logged in user to see other users data for instance the user may write in the URL
/show/3
to make my self clear , the logged in user's ID in the DB is 2 ,but when that user goes to this http://localhost/users/show/3 , he can see this user's details and vice versa same for edit and delete actions.
So how i can prevent this breach
Thanks
--
You received this message because you are subscribed to a topic in the Google Groups "Grails Dev Discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/grails-dev-discuss/v21Xpvo6QFQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to grails-dev-disc...@googlegroups.com.
To post to this group, send email to grails-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/grails-dev-discuss/a2b98156-fe0c-4734-8f67-94ef924bb27d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
The ACL plugin adds Domain Object Security support to a Grails application that uses Spring Security. It depends on the Spring Security Core plugin. The core plugin and other extension plugins support restricting access to URLs via rules that include checking a user's authentication status, roles, etc. and the ACL plugin extends this by adding support for restricting access to individual domain class instances. The access can be very fine-grained and can define which actions can be taken on an object - these typically include Read, Create, Write, Delete, and Administer but you're free to define whatever actions you like.
--
You received this message because you are subscribed to the Google Groups "Grails Dev Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to grails-dev-disc...@googlegroups.com.
To post to this group, send email to grails-de...@googlegroups.com.