What makes nimble a better choice than shiro?
I'm trying to decide between nimble and shiro for a new grails project right now and I'm curious what makes nimble the better choice.
As you probably know, Nimble is a layer on top of Shiro, so you get Shiro for the underlying security / authorization framework, and Nimble takes the shiro backend and puts a front end on it. It also defines a few configuration options that you can set - something you would have had to do yourself otherwise.
I really appreciate that Nimble offers a very nice user interface that lets me manage the underlying shiro permissions and objects. It's very well designed as a plugin, with a good extensibility model for User and Profile classes. Adding security to my app became an almost trivial thing with Nimble - just a few hooks for permissions in a few places, but the rest is written for me.
The UI is pretty sophisticated - would have taken probably a few weeks (or more) at least to do something similar, and it's unlikely I would have had the time to do it quite as nicely.
I am not using some of the other authentication options (facebook, openId, etc), but it's nice to know that if I need to, I can just enable those.
My use case is a SaaS application.
I'm currently working with Nimble and this is what I've found so far:
Unless you are planning on using alot of the SSO / Social connectors (Facebook etc.) then it might be easier to just roll your own using shiro. Nimble kind of forces you into their schema. Of course, if you are not too worried about serious deep-level permissions issues then I say go for it.
One thing I wish someone had told me: Nimble uses a "most permissive" scheme. If a user is a member of a group that has access to a resource (i.e. controller/action combo) then you cannot remove that permission from the user itself. This can lead to some issues if you are wanting tight control over your app.
Another annoying thing about Nimble is that documentation is few and far between.
Best of luck!
Update - 8/9/13:
Note: A new version of nimble is released which works with latest Grails 2.x and latest version of shiro, The UI has been updated to use Twitter bootstrap. Its almost like Brand new nimble.
Demo is here http://nimble.ap01.aws.af.cm/
Related
I have installed jclouds and I am trying to learn how it works internally.
I read all the documentation on the site and on the github but still I have lot of questions about the architecture and implementation of the jClouds.
Do you know where I can find documentation about the deep technical implementation of the framework? I am also looking information on how to add a new provider( for blobstore service)
Currently I am looking into the code but it s not always straightforward what the code does.
The best thing to do is send an email to our dev list. You can subscribe by emailing jclouds-dev-subscribe#apache.org. You can also find us on IRC at #jclouds on freenode.
Adding a new provider is quite an important change for jclouds. The first thing you'll want to do is review How To Contribute. We need to make sure it will work properly and we'll be able to properly test it so don't be discouraged by the reviews.
Having said this, a number of general considerations to take into account when starting a new provider:
New providers are added in labs first, until they are stable.
To follow the jclouds style, use a 3 space indent and a 120 character line length.
We use Guava as our core library. Try to use its utilities before adding new dependencies. In general, do not add dependencies before consulting our dev# list.
We require both live and mock tests. "mock" tests verify that the api generates the expected request according to the method annotations, and that the response is properly parsed. We use MockWebServer to do that, and you can take a look at the MockTests classes in the openstack-swift api to see an example of how these tests work.
Often the best thing to do is to copy the entire directory structure of one of the existing apis or providers and delete everything that you don't need but keep some of the files around in each directory to server as an example of how to do things. You can rename those classes and start your work from there.
Which api or provider should you choose to use as an example for your work? It depends! Please email us on our dev# list to describe the work your doing and we will recommend one. The earlier you get engaged with the jclouds community, the easier the whole process will be.
Good luck!
I am wondering if there is a standard pre-built web application for Rails which has all the basic functionalities like user login, user profiles, profile image uploader, comments, search, maybe payments and a set of other usual web application features all bundled and ready to use and extend.
I like how Twitter bootstrap comes with a set of pre-built interface functionalities and styles, which you can start using and modify later. I am looking for something similar that can allow me to quickly set up a working application and go from there.
Does such a framework exist?
There are numerous examples out there.
However, there are two things you should really do:
Read the license to make sure you can use it they way you are thinking of using it.
Ensure you understand the design decisions and choices the original authors made. You will end up in a world of maintenance pain if you just copy cargo-cult style without understanding the tradeoffs others have made with their design decisions.
Any one of the links listed has enough to get you started. They may not have all of the features you listed but together they probably have all of your bases covered. You will have to put in some effort to get all those features working together though.
The RailsApps project is great because they all have tutorials that walk through the basic setup. They are also all built using the Rails Composer tool, which lets you pick and choose certain options for your app.
This question aims to understand RoR and frameworks in general. It looks like RoR never had any standard user authentication system. Was it just historical reason (just happened naturally as it did)... or could it be intentional? Because RoR is a website building tool, more often than not, user authentication is a crucial part of a website.
To put it into perspective, another question is, do other popular frameworks, Django, Symfony, CakePHP, have user authentication built in?
There is no reasonably generic way to do user authentication. Most frameworks leave it up to you to choose the plugin that most closely matches what you're trying to accomplish.
For example, consider these two situations:
a blog which has a single administrator with password-protected admin-facing tools
a site like YouTube which allows users to sign up and administer their own content
Both of these sites would require vastly different authentication systems; which of these systems should Rails cater to out-of-the-box?
The Rails core team wanted to ensure that Rails was open-ended enough to make anything you want. There is no one-size-fits-all authentication scheme, so the core team decided to leave it out. Rails is easily extendable via gems and plugins, so that is where they belong.
Some examples are Warden and the Rails Warden plugin, Devise, Authlogic, and Restful Authentication.
CakePHP has a built in Authentication component that is pretty straight forward and easy to implement.
Most of these frameworks you mentioned are toolkits, not complete products. You build these things yourself, or leverage plugins from the community. Django's admin plugin/module has authentication out of the box though. Drupal does too, as a matter of fact.
Authentication can be(and is in my opinion) a matter of taste and need. If Rails was including things like that, it would start to become a website and not a framework. The programmer has to be free to choose among various implementations. That is why gems are available.
I've been programming a little in Rails and CakePHP, and I can say that Rails doesn't need to provide a mechanism like this. The community is very very good, and there are many examples (already said, like Devise, Authlogic...) made by very good programmers. Of course, there are many tutorials online (and also, railscasts, which are simply awesome) to program a succesful set-up for your project. So, if we have all of this, why should we need something like cakePHP mechanism? It's OK, it works, but there's just a very good tutorial and that's all( and maybe enough..). So, in the end, if u have a nice community you shouldn't care about the core of the technology, there will be always someone else more experienced with your needs that will do it for you. And if you don't find it, do it by yourself and in the proccess you will find a lot of help! :)
I'm looking to build an application that handles authentication and authorization for a variety of smaller apps that may or may not be rails applications (e.g. some with sinatra, some with non-ruby frameworks, etc). These applications will be on separate domains.
Can I do this with Authlogic? I do not want to setup a rails application for each application, just use a central authenticator. I'm sure as I start reading and working the answer would become evident, but I'm trying to avoid a dead end (doing work and research, then finding out this can't be done.)
From what I've read this is a use case, and I'm looking for input from people who've done similar. This is at the idea stage so if i can offer more detail, let me know.
I think you are planning to build a cross domain, single sign-on service. Besides building your own, there are a quite a few project that do this out of the box.
rubycas is one of them : http://code.google.com/p/rubycas-server/
You could also look into open Id (http://openid.net), where the login functionality is done by a third party authentication server.
In case you want to roll your own:
It doesn't really matter which authentication plugin/system you will use. (I would choose devise/warden, but Authlogic will do just fine). Instead you need to focus on understanding the security problems and the http interaction between your service, the browser and the application for which authentication is used. I think it's doable, but you need to know what you are doing.
Today, the cool kids use warden, or the railsy thingy devise.
Im not sure but i think you cant use authlogic with a non-ruby-app.
I would probably go with Devise as well but you should look into some plugins for it like JanRain's Engage (used to be RPX Now). It allows you to use quite a few social login options (Facebook, Twitter, etc.) http://www.janrain.com/products/engage.
Ryan Bates from Railscasts.com just posted an episode on Devise using Engage this morning. http://railscasts.com/episodes/233-engage-with-devise
There are some more episodes about Devise on Railscasts too. http://railscasts.com/episodes?search=devise
If I were you I wouldn't reinvent the wheel. I'd use a third party service to authenticate and just get on with the project. Social connectors such as Engage will provide this functionality for you without all the time and expertise.
I've recently started working with RoR for some projects and I quite like the framework - however coming from an ASP.NET background I'm quite fond of the idea of being able to purchase & drop in reusable components/control such as those from telerik, without having to 'reinvent'.
I suppose it would be possible to maybe create my own using partials or plugins or similar, but I'm wondering if there is anything out there already, or perhaps alternatives which could be massaged into place, like javascript widgets etc?
I don't know of any commercial components or "controls", but there's thousands (probably, I haven't counted them) of plugins out there freely available, to do a great many things for you, some of which would probably count as "controls". Unfortunately, there's no one place to go and find them, and the quality is depressingly variable, but there are a number of plugin indexes like http://agilewebdevelopment.com/plugins/ that might help in finding what you want while weeding out the dross.
Ext JS is a great GUI toolkit. I can't say that it entirely fits in with the RoR way of doing things, but if you write your controllers to return JSON it isn't too bad.
One of the big differences between Ruby/Rails and the .Net world is the fact that most of the available plugins are open-source and integrate at the code level. There is an incredible array of plugins for Rails, and it is very straight forward to write your own. Due to the nature of Ruby you can hook into any just about any part of the language and framework, giving you impressive extensibility.
I am not sure how Web Controls work, but it sounds like they are a "black-box" that provides an end-to-end solution for both UI and data-level operations ... ?
Many of the Rails plugins do provide both UI and data aspects. An example would be "restful_authentication" which provides you with both some basic forms for login and user registration as well as an authentication module and a Active-Record model. Again, this operates at a code-level, so will actually push the relevant code into your codebase when you install and "generate" the authentication modules.
As for "widgets", there is no equivalent in Rails, per-se, but there are a number of JavaScript libraries that provide similar functionality. I use and recommend jQuery UI, myself.
Dojo has a widget library which might meet your needs.