The Grails Force SSL Plugin provides an annotation for controllers to force ssl url endpoints. For example, you may want to restrict a shopping cart page or login page to SSL.
By default, the SSL plugin is enabled for all environments, with the exception of Development. This can be overridden by adjusting your Config.groovy
grails.plugin.forceSSL.enabled = falsegrails:
plugin:
forceSSL:
enabled: trueIt is also possible to override the https port for the redirect if you want to via:
grails.plugin.forceSSL.sslPort = 6443 //optionalSimply import the SSL annotation and apply at the controller level or at the annotation level.
import com.bertramlabs.plugins.SSLRequired
@SSLRequired //Will encrypt entire controller
class SessionController {
@SSLRequired //Or here for action level
def signin() {
//Signin Code Here
}
}Another option is to use a configuration mapping to identify which controllers you wish to be restricted to SSL:
grails {
plugin {
forceSSL {
enabled = true
dashboard {
index = true
}
home = true
}
}
}