Reputation: 7613
Which Security Framework to use for Grails application?
I spent a couple of weeks trying to figure out what solution I should bring to this question I posted. Since I couldn't find a full documentation for Shiro-Grails integration, I am looking for some other framework (like Spring) to secure our lightweight web based Grails application.
The application is couple of months old and it is not a huge application. Not more 20 persistent classes. However, I believe it will grow up soon. But, security is not implemented yet and I want to make sure that I will find the best security framework (for me the best might include: free source, well documented, easy to integrate with Grails, extensible, and last but not least more secured).
Any suggestions?
Upvotes: 3
Views: 1767
Answers (3)
Reputation: 11052
Steve is right - it is between SpringSecurity and Shiro.
I am using Shiro - the documentation isn't as good as it could be, but the *-Permissions are great.
You grant permission by specifying "controller:action" tuples. And you can use lists and wildcards:
"*:list,show" //everything read-only
"book:*" //everything allowed on the book class
"*:*" //admin
As a result, you have all permissions as whitelist (based on controller:action) in one file.
What I've seens so far for SpringSecurity is that you often base the permissions on URLs - that's IMHO an easy way to miss to secure a controller or action. see Securing actions in Grails 2 rc3 for example :-)
PS: if anybody knows how this kind of *-Permission is done in SpringSecurity, please post a comment!
Upvotes: 8
Reputation: 1467
Pretty much it is between SpringSecurity and Shiro.
Spring Security seems to be becoming the standard for Grails as doelleri said, it should provide anything you could ever wish for and is well documented and designed. Shiro I found to be functionally on a par for the basic security tasks but I feel the docs let it down in comparison. There is a plugin (now not being maintained) called Nimble that uses Shiro as a basis, Nimble is powerful and provides a lot of functions such as user management GUI out-of-the-box.
I just started with Spring Security for a new project and am now finding it very powerful and simple to use, and am glad I made the change. But in the end it is up to your project/organisational needs.
Upvotes: 3
Related Questions
- Grails 3 - Security without plugins
- Spring security grails plugin
- Good auth plugin recommendation for grails 2.5.1?
- Preferred package of grails spring security plugin classes
- Grails Security Plugin
- User management plugin/framework for Grails?
- Security Plugin from Grails?
- Spring Security UI, recommendation on other complementary Forms / UI plugins
- What are my options for securing Spring Security UI?
- Suitable Security Plugins for Grails