How to configure grails and shiro to mark cookies secure?

Posted by j4y on Stack Overflow See other posts from Stack Overflow or by j4y
Published on 2013-10-25T21:39:45Z Indexed on 2013/10/25 21:53 UTC
Read the original article Hit count: 274

Filed under:
|
|
|

I'm using Grails 2.2.4 with the Shiro plugin (v1.1.4) and would like to mark the cookies as secure so the session information won't be sent over http.

This is the attribute I want to set:

securityManager.sessionManager.sessionIdCookie.secure = true

The shiro source says to use the Grails bean property override mechanism, which is grails-app/conf/spring/resources.groovy How can I override just the one setting?

        // If the legacy 'security.shiro.filter.config' option is set,
        // use our custom INI-based filter...
        if (application.config.security.shiro.filter.config) {
            log.warn "security.shiro.filter.config option is deprecated. Use Grails' bean property override mechanism instead."

            'filter-class'('org.apache.shiro.grails.LegacyShiroFilter')
            'init-param' {
                'param-name'('securityManagerBeanName')
                'param-value'('shiroSecurityManager')
            }

© Stack Overflow or respective owner

Related posts about security

Related posts about grails