How to configure grails and shiro to mark cookies secure?
Posted
by
j4y
on Stack Overflow
See other posts from Stack Overflow
or by j4y
Published on 2013-10-25T21:39:45Z
Indexed on
2013/10/25
21:53 UTC
Read the original article
Hit count: 274
I'm using Grails 2.2.4 with the Shiro plugin (v1.1.4) and would like to mark the cookies as secure so the session information won't be sent over http.
This is the attribute I want to set:
securityManager.sessionManager.sessionIdCookie.secure = true
The shiro source says to use the Grails bean property override mechanism, which is grails-app/conf/spring/resources.groovy
How can I override just the one setting?
// If the legacy 'security.shiro.filter.config' option is set,
// use our custom INI-based filter...
if (application.config.security.shiro.filter.config) {
log.warn "security.shiro.filter.config option is deprecated. Use Grails' bean property override mechanism instead."
'filter-class'('org.apache.shiro.grails.LegacyShiroFilter')
'init-param' {
'param-name'('securityManagerBeanName')
'param-value'('shiroSecurityManager')
}
© Stack Overflow or respective owner