How to configure grails and shiro to mark cookies secure?

Posted by j4y on Stack Overflow See other posts from Stack Overflow or by j4y
Published on 2013-10-25T21:39:45Z Indexed on 2013/10/25 21:53 UTC
Read the original article Hit count: 271

Filed under:

security

|

grails

|

session-cookies

|

shiro

I'm using Grails 2.2.4 with the Shiro plugin (v1.1.4) and would like to mark the cookies as secure so the session information won't be sent over http.

This is the attribute I want to set:

securityManager.sessionManager.sessionIdCookie.secure = true

The shiro source says to use the Grails bean property override mechanism, which is grails-app/conf/spring/resources.groovy How can I override just the one setting?

        // If the legacy 'security.shiro.filter.config' option is set,
        // use our custom INI-based filter...
        if (application.config.security.shiro.filter.config) {
            log.warn "security.shiro.filter.config option is deprecated. Use Grails' bean property override mechanism instead."

            'filter-class'('org.apache.shiro.grails.LegacyShiroFilter')
            'init-param' {
                'param-name'('securityManagerBeanName')
                'param-value'('shiroSecurityManager')
            }

© Stack Overflow or respective owner

Related posts about security

sudo apt-get update errors

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security… >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Devx - Search for 'Devx'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Internet.com - Search for 'Internet.com'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
StackOverFlowError while creating Mac object on AS400/Java

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I am a newbie to AS400-Java programming. I am trying to create my first program to test the implementation of Message Authentication Code (MAC). I am trying to use the HMACSHA1 hash function. My (Java 1.4) program runs fine on a dev box (V5R4).But fails terribly on the QA box (V5R3). My… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More

Related posts about grails

Grails, app-engine, jpa - beginner having trouble with grails generate-all

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm trying to learn about grails with Google App Engine and JPA by following a few tutorials: http://www.morkeleb.com/2009/08/12/grails-and-google-appengine-beginners-guide/ http://inhouse32.appspot.com/index.html http://grails.org/plugin/app-engine I've got grails 1.3.0 RC 2, and App Engine SDK… >>> More
Grails Warnings/Errors during run-app

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently seeing the warnings below when trying to run my Google App Engine/Grails test app in Eclipse. Warning, target causing name overwriting of name startLogging Warning: C:\Users\Some Person.grails\1.2.0\projects\test-grails\plugins\app-engine-0.8.8\grails-app\conf\spring not found. Warning:… >>> More
Grails, app-engine, jpa - TargetInvocationException

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm trying to learn about grails with Google App Engine and JPA by following a few tutorials: http://www.morkeleb.com/2009/08/12/grails-and-google-appengine-beginners-guide/ http://inhouse32.appspot.com/index.html http://grails.org/plugin/app-engine I've got grails 1.3.0 RC 2, and App Engine SDK… >>> More
Inject log object in Grails class outside of grails-app

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a class in src/groovy in my grails project. How do i make a log field that gets injected with the correct logger for that class ? Is there a commons logging or just log4j in grails ? >>> More
grails run-war connects to mysql but grails run-war doesn't

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I have a unexpected problem. I had create a war with grails war. Then I had deployed in Tomcat. For my surprise the crud works fine but I don't know what persistence is using. So I did this test: Compare grails prod run-app with grails prod run-war. The first works fine, and does conect with… >>> More