You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Or we could also integrate spring security for API access only (we don't want to break what we're doing elsewhere) with the idea that we'll migrate the non-API actions after the Grails 3 migration.
And just to be more secure to start, we can make the API readonly unless a user has an explicit role or supported activity added to their account. That would prevent write access to APIs of instances that have not taken precautions related to their default admin user account.
The text was updated successfully, but these errors were encountered:
Implement a basic REST API for transactions. Since transactions are the backbone of the system, this needs to be super-secure so we should consider implementing our own authorization mechanism that mimics Spring Security using AOP
https://manbuildswebsite.com/2010/03/15/simple-aspects-using-annotations-in-grails/
Or we could also integrate spring security for API access only (we don't want to break what we're doing elsewhere) with the idea that we'll migrate the non-API actions after the Grails 3 migration.
And just to be more secure to start, we can make the API readonly unless a user has an explicit role or supported activity added to their account. That would prevent write access to APIs of instances that have not taken precautions related to their default admin user account.
The text was updated successfully, but these errors were encountered: