I am using Shiro plugin for my grails application security, My application already has a user .Using the shiro plugin, we get a shiro user, now how do i integrate the shiro user with the normal user of my application,show i go ahead and use relationships or is it that the user class ahould be only a shiro user class now ??
The Grails Shiro Plugin auto-generates the ShiroUser class as a starting point that you can use directly, or, if you don't want to use it, an example that helps you configure your own data model to work similarly. It is totally ok to use your own classes instead.
And in my opinion, it is a good thing to use your own classes: there are less classes to maintain and you have Shiro work with your existing data model rather than forcing you to use new classes and/or interfaces. The Grails plugin creates these things as a convenience to reduce the time it takes for you to get up and running, but you don't need to use them if you don't want to.
Using the ShiroUser class (and even further, using the Nimble plugin, which is built on top of Shiro) is all about convenience - how much do you prefer to use something that already exists (with the caveat that it may not meet all of your needs) vs how quickly do you want to get up and running.
Cheers,
Les
Apache Shiro PMC Chair & Katasoft Inc. Founder:
Application Security Products & Professional Apache Shiro Support and Training:
http://www.katasoft.com
Check out the nimble plugin which does exactly this and more:
http://www.grails.org/plugin/nimble
Related
I'm an intermediate user in grails and I want to create a Content Management System and an end user application in grails. It mainly involves video uploading and downloading in cloud servers.
I seen the Most Important features for cms
Can any one suggest about architecture and how it can be easily implement in grails?
Thanks in advance.
I agree with #elias that a CMS needs tons of work.
As to your question, I suggest you use an existing one, just like #mostkiteau has mentioned, or go to http://grails.org/plugins/search?q=cms for more CMS plugins for Grails.
I am using spring security in grails and need authenticate (a) customer in my Customer class and I don't want use Role class or such a thing just want use authentication and annotation.
My customer just log in and with the log in must be authenticated.
Any body have done that ?
How I can write my own provider calss for authentication a customer?
I need some code to see how it's working
Thanks
The Spring Security Core plugin has to be the single best documented plugin available for Grails. Check out Peter's tutorials here. The two videos and code samples on that page should be more than enough to get you going.
If after watching Peter's videos you are still not satisfied take a look at the official Spring Security Core docs here. Section 5.4 covers what you want to know.
In short, if you want to use annotations in each controller and don't care about the user's role then the following code will make sure they are logged in. Placing this at the top of the controller you are worried about will make it so all actions in that controller require a user to be logged in.
import grails.plugins.springsecurity.Secured
#Secured(['IS_AUTHENTICATED_FULLY'])
One of the features which makes Grails wonderful is the plugin architecture. Over the years, it has fostered a large community of developers and users that are continuously enhancing the value which Grails provides. I hardly ever find myself working on a project which doesn't have a handful of 3rd party and/or custom plugins.
What are some of your "go to" plugins? (e.g. the plugins which you find yourself almost always adding to your projects) What makes those plugins soo useful?
I would say in my case:
Database migration to have more control of how the database is created/updated, etc.
Spring Security for authentication and authorization
JQuery and JQuery UI because JQuery rocks
Spring Cache to manage page caching
Joda-time to handle dates more easily
Codenarc to help keep coding standards and coding rules
There are other that I think are great but they depend more on your needs like:
Searchable
Rest
jms
Datasources
My list comprise of:
SpringSecurity for authentication & authorization
Quartz for doing scheduled jobs.
Mail plugin
Searchable is also noticable, though in most of the time I feel it doesn't take much to write the searching part myself.
Above non-default plugins saved me lots of time coding. For the rest, I think you could go and take a look at here.
bean-fields is great for making your forms DRYer and allowing you to define the layout of your forms in one place.
I like the spring-security-* family of plugins. Writing authentication and authorization code was always the least favourite part of creating websites for me.
Spring-security Plugin
jasper Plugin
Rich-ui Plugin
Searchable Plugin
Export Plugin
The spring security plugin for sure and the AuditLogging plugin.
Spring-security-core for authentication
remote-pagination for paginate with ajax on divs
jasper for reports
jquery and jquery-ui
Quartz for scheduling jobs
Searchable for searching capabilities
In addition, I recommend JQGrid plugin for table manipulation.It's easy to use and has many futures like sorting, paging,crud operations ,json support, etc.
We have grails application that is damn good. Grails application will be run under tomcat/jetty. I'm looking for a good (preferable java-based) CMS which could be deployed to same webserver and integrated with our application. Our app provides some data (xml/json) and we need that CMS display this data on some static pages (I'm thinking of java-script gadgets that just connects to our grails same-host-same-port-different-context app).
If someone know some other techniques how to easily embed data into CMS static pages - would be nice to hear.
You can use Weceem CMS
Depending on what features you need for your CMS, Weceem could fit to your requirements. It is a grails plugin itself (with advantages like being unobtrusive).
Be aware that currently it is not compatible with Nimble and Commentable plugins (will be in version 0.9).
I haven't had a chance to play with it, but Alfresco Plugin allows you to connect to Alfresco. I imagine it's more of a document management integration at this point, but Alfresco can handle WCM as well.
You ought to find the answer at http://www.cmsmatrix.org/
It's the first I would recommend to anyone looking for a CMS. Use the wizard, select the features you want, get details of matching CMS and make your comparison then choice.
What makes nimble a better choice than shiro?
I'm trying to decide between nimble and shiro for a new grails project right now and I'm curious what makes nimble the better choice.
As you probably know, Nimble is a layer on top of Shiro, so you get Shiro for the underlying security / authorization framework, and Nimble takes the shiro backend and puts a front end on it. It also defines a few configuration options that you can set - something you would have had to do yourself otherwise.
I really appreciate that Nimble offers a very nice user interface that lets me manage the underlying shiro permissions and objects. It's very well designed as a plugin, with a good extensibility model for User and Profile classes. Adding security to my app became an almost trivial thing with Nimble - just a few hooks for permissions in a few places, but the rest is written for me.
The UI is pretty sophisticated - would have taken probably a few weeks (or more) at least to do something similar, and it's unlikely I would have had the time to do it quite as nicely.
I am not using some of the other authentication options (facebook, openId, etc), but it's nice to know that if I need to, I can just enable those.
My use case is a SaaS application.
I'm currently working with Nimble and this is what I've found so far:
Unless you are planning on using alot of the SSO / Social connectors (Facebook etc.) then it might be easier to just roll your own using shiro. Nimble kind of forces you into their schema. Of course, if you are not too worried about serious deep-level permissions issues then I say go for it.
One thing I wish someone had told me: Nimble uses a "most permissive" scheme. If a user is a member of a group that has access to a resource (i.e. controller/action combo) then you cannot remove that permission from the user itself. This can lead to some issues if you are wanting tight control over your app.
Another annoying thing about Nimble is that documentation is few and far between.
Best of luck!
Update - 8/9/13:
Note: A new version of nimble is released which works with latest Grails 2.x and latest version of shiro, The UI has been updated to use Twitter bootstrap. Its almost like Brand new nimble.
Demo is here http://nimble.ap01.aws.af.cm/