I have an application in which I use spring security along with the grails melody. I plan to launch Grails in a production environment, but I donβt want visitors to have access to it. How do I achieve this? I tried creating a filter in grails (just showing a sample of what I'm trying, not the actual code) -
def filters = { allURIs(uri:'/**') { before = { //... if(request.forwardURI.indexOf("admin") != -1 || request.forwardURI.indexOf("monitoring") != -1) { response.sendError 404 return false } } } }
But this does not work, since the request for "monitoring" does not fall into this filter. I donβt even want the user to know that such a URL exists, so I want to check the filter, if "monitoring" is a URL, I display a 404 error page. This is also the reason why I do not want to protect this URL using spring security as it will show the access access page.
Basically, I want URLs to exist, but they should be invisible to users. I want to allow access only to specific IP addresses for these special URLs.
In another note: Is it possible to write a grails filter that "acts" before hitting the spring security filter? I want to be able to do some filtering before I forward requests to spring security. Writing a grails filter as above does not help. spring security filter comes first if I access a protected resource and this filter is not called.
thanks
source share