Expected Behavior
grails-spring-security is using pessimistic approach by default as it says in section 4.1. Pessimistic Lockdown. Which is true I have tested it.
Actual Behaviour
But grails-spring-security Doc section 1.1.3, presumes Public approach by default. Methods in Controller should be lockdown by @Secured(['ROLE_USER'])
Steps To Reproduce
See section 1.1.3 and 4.1 of Spring Security Core Plugin - Reference Documentation
Environment Information
java=21.0.8-zulu
gradle=8.14.3
groovy=4.0.28
grails=7.0.0-RC2
Example Application
No response
Version
7
Expected Behavior
grails-spring-security is using pessimistic approach by default as it says in section
4.1. Pessimistic Lockdown. Which is true I have tested it.Actual Behaviour
But grails-spring-security Doc section 1.1.3, presumes Public approach by default. Methods in Controller should be lockdown by
@Secured(['ROLE_USER'])Steps To Reproduce
See section 1.1.3 and 4.1 of Spring Security Core Plugin - Reference Documentation
Environment Information
java=21.0.8-zulu
gradle=8.14.3
groovy=4.0.28
grails=7.0.0-RC2
Example Application
No response
Version
7