We have a Grails app using Spring Security and are using the method-level annotations for access control.
We're just started using the PDF plugin to render pages that have both text and images retrieved from a call to a secure method. The resulting PDF doesn't show the images because the access is being rejected by the controller (presumably since the calling entity- the server- doesn't have session cookies).
To try to get around this problem, we've tried URL rewriting for those image retrieval call... basically just appended JSESSIONID to the URL. This has not worked- Spring Security is still rejecting the access.
Does Spring Security allow for URL rewriting (I'm guessing it must)? Is there a config that needs to be set to enable accepting URL rewriting (I couldn't find anything in the docs)?
Thanks, Dan