Make RestApiDoc work with Spring Security

[hoangdt84]

Hi,

Due to my configuration: set permission on each method of controllers using @Secured, I cannot use http://.../restApiDoc/?doc_url=http://.../restApiDoc/api# to generate/view document.

Please help

[loic911]

Hi,

You mean that your config with spring security force you to add a @Secured on each controller method? What's the result with when you call the url (http code, message,...)?

Meanwhile:

The first part of the URL (http://.../restApiDoc/) simply need to redirect to restApiDoc/index.gsp views. So you can write your own controller action redirecting to this view.

The param part of the URL (doc_url=http://.../restApiDoc/api#) could easily be replaced with a your own service. The service simply render the restapidoc.json file created with the command. Here is the plugin code: RestApiController: def api() { File docFile = new File(grailsApplication.mergedConfig.grails.plugins.restapidoc.outputFile) render(docFile.text) } You can write you own method in a controller and change the doc_url parameter.

[giboow]

Just add these lines to your Config.groovy file : grails.plugin.springsecurity.controllerAnnotations.staticRules = [ '/': ['permitAll'], '/index': ['permitAll'], '/index.gsp': ['permitAll'], '/assets/': ['permitAll'], '//js/': ['permitAll'], '//css/': ['permitAll'], '//images/': ['permitAll'], '//favicon.ico': ['permitAll'], '/restApiDoc/**': ['permitAll'], ]

It works for me :)

[hoangdt84]

@loic911 Sorry for not replying sooner. @giboow thanks, but I cannot use it.

For @Secured, yes, I use it on each controller method. We have 8 roles in our system. And we keep adding/updating new services every week or even day. So we cannot use static rules or try to define a good naming convention to build URL mapping.

I'll try @loic911 's suggestion and let you know when it's done. Thanks for your help :)