Add YAML examples for staticRules and interceptUrlMap

[jamesfredley]

Summary

The controllerAnnotations.staticRules and interceptUrlMap documentation only shows application.groovy syntax. Grails 7 uses application.yml by default, and no YAML examples exist anywhere in the docs. This causes confusion when translating the Groovy list-of-maps syntax to YAML - a common mistake is omitting the - list indicator, which produces a Map instead of a List<Map> and triggers the error: "Static rules defined as a Map are not supported; must be specified as a List of Maps."

Changes

securedAnnotations.adoc - controllerAnnotations.staticRules section

• Added YAML flow mapping example alongside existing Groovy example
• Added YAML block mapping example showing expanded syntax
• Added [IMPORTANT] admonition documenting the Map-vs-List-of-Maps pitfall with incorrect YAML example

configGroovyMap.adoc - interceptUrlMap section

• Added YAML example for securityConfigType configuration
• Added YAML example for interceptUrlMap definition alongside existing Groovy example
• Added YAML example for custom mappings

Why This Matters

The code in AnnotationFilterInvocationDefinition.compileStaticRules() accepts any List<Map<String, Object>> regardless of YAML syntax - both flow mapping ({ }) and block mapping work correctly. The issue is purely a documentation gap: users don't know how to write the YAML equivalent of the Groovy syntax, and YAML indentation mistakes are easy to make without examples to follow.

Version

7.0.x

[Copilot]

Pull request overview

Adds application.yml (YAML) configuration examples to Spring Security request-mapping documentation so Grails 7 users can translate existing application.groovy examples correctly and avoid common YAML structure pitfalls.

Changes:

• Added YAML flow + block mapping examples for controllerAnnotations.staticRules, plus an IMPORTANT note about Map vs List-of-Maps mistakes.
• Added YAML examples for securityConfigType: InterceptUrlMap and interceptUrlMap definitions (including custom mappings).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
plugin-core/docs/src/docs/requestMappings/securedAnnotations.adoc	Adds YAML examples for controllerAnnotations.staticRules and documents the common YAML list indicator pitfall.
plugin-core/docs/src/docs/requestMappings/configGroovyMap.adoc	Adds YAML equivalents for securityConfigType and interceptUrlMap configuration examples.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The incorrect YAML example is shown at the root (staticRules:), but in a real application.yml this key needs to be under grails.plugin.springsecurity.controllerAnnotations. As written, readers may copy/paste the example and end up with a different (also invalid) configuration issue than the intended Map-vs-List pitfall. Consider including the full config path (or explicitly stating that the snippet is intentionally truncated to just the staticRules portion).

Suggested change

	staticRules:
	pattern: '/**'
	access:
	- permitAll
	grails:
	plugin:
	springsecurity:
	controllerAnnotations:
	staticRules:
	pattern: '/**'
	access:
	- permitAll

[Copilot]

The text says SomePluginController URLs are of the form /somePlugin/..., but all examples in this section use the lowercase pattern /someplugin/**. These should match to avoid confusing readers about case sensitivity in URL patterns.

Suggested change

	This example maps all URLs associated with `SomePluginController`, which has URLs of the form `/somePlugin/...`, to `ROLE_ADMIN`; annotations are not an option here because you would not edit plugin code for a change like this.
	This example maps all URLs associated with `SomePluginController`, which has URLs of the form `/someplugin/...`, to `ROLE_ADMIN`; annotations are not an option here because you would not edit plugin code for a change like this.