I have an application where I am using spring security along with grails melody. I am planning to run grails melody in production environment, but don't want visitors to have access to it. How should I achieve that ? I tried creating a filter in grails (just showing the sample of what I am trying, not the actual code)-
def filters = {
allURIs(uri:'/**') {
before = {
//...
if(request.forwardURI.indexOf("admin") != -1 ||
request.forwardURI.indexOf("monitoring") != -1) {
response.sendError 404
return false
}
}
}
}
But this doesnt work as the request for "monitoring" doesnt hit this filter. I dont even want the user to know that such a URL exists, so I want to check in the filter that if "monitoring" is the URL, I show the 404 error page. Thats also the reason why I dont want to protect this URL with spring security as it will show "access denied" page.
Basically I want the URL to exist but they should be invisible to users. I want the access to be open to only certain IP addresses for these special URLs.
On another note, Is it possible to write a grails filter that "acts" before the spring security filter is hit ? I want to be able to do some filtering before I forward requests to spring security. Writing a grails filter like above doesnt help. Spring security filter gets hit first if I access a protected resource and this filter doesn't get called.
Thanks