Does Grails Filter `actionExclude` work with method-based routing?

Question

I have a method-based route like:

name base: "/" {
  controller="api"
  action=[GET: "welcome", POST: "post"]
}

And I'd like to apply a filter to handle authorization, e.g.

class RequestFilters {
    def filters = {
        authorizeRequest(controller: 'api', actionExclude: 'welcome') {
            before = {
                log.debug("Applying authorization filter.")
            }           
        }
    }
}

But when I apply this in practice, the filter runs on all requests (even GET requests, which should use the welcome method and thus should not trigger this filter.)

When I inspect the code running the in the filter, I see that params.action is set to the Map from my routing file, rather than to "welcome". Not sure if this is related to the issue.

My current workaround (which feels very wrong) is to add the following to my filter's body:

if(params.action[request.method] == 'welcome'){
    return true
}

The short question is: does Grails support this combination of method-based routing + action-name-based filtering? If so, how? If not, what are some reasonable alternatives for restructuring this logic?

Thanks!

Answer 1

You need to use the filter as below:

class RequestFilters {
    def filters = {
        authorizeRequest(controller:'api', action:'*', actionExclude:'welcome'){
            before = {
                log.debug("Applying authorization filter.")
                return true
            }           
        }
    }
}

Apply the filter to all actions of the controller but "welcome". :)

If there is no other welcome action in the other controllers then, you would not need the controller specified in the filter as well.

authorizeRequest(action:'*', actionExclude:'welcome'){...}