What are my options for securing Spring Security UI?

I'm using the default securityConfigType which is set to use annotations.

What are my options for securing Spring Security UI controllers themselves?

Do I need to use s2ui-override on all of the controllers to secure them via 开发者_如何学Pythonsubclassing?

Updating Spring Security UI plugin and add @Secured(['ROLE_ADMIN']) on controllers ?

Or is there some easier way?

Can I mix Spring security access control mechanisms (ex : mix annotations and static URL rules).

Use grails.plugins.springsecurity.controllerAnnotations.staticRules instead of editing or overriding controllers just to add security. Typically that's used for static resources like javascript, but it's good for controllers that you can't (or shouldn't) edit.

You could also switch to one of the other two mechanisms (database requestmaps or the static Map in Config.groovy) but I prefer annotations since they keep the security information alongside the affected code.