What makes nimble a better choice than shiro?
I'm trying to decide between nimble and shiro for a new grails project right now and I'm curious what makes nimble the better choice.
What makes nimble a better choice than shiro?
I'm trying to decide between nimble and shiro for a new grails project right now and I'm curious what makes nimble the better choice.
As you probably know, Nimble is a layer on top of Shiro, so you get Shiro for the underlying security / authorization framework, and Nimble takes the shiro backend and puts a front end on it. It also defines a few configuration options that you can set - something you would have had to do yourself otherwise.
I really appreciate that Nimble offers a very nice user interface that lets me manage the underlying shiro permissions and objects. It's very well designed as a plugin, with a good extensibility model for User and Profile classes. Adding security to my app became an almost trivial thing with Nimble - just a few hooks for permissions in a few places, but the rest is written for me.
The UI is pretty sophisticated - would have taken probably a few weeks (or more) at least to do something similar, and it's unlikely I would have had the time to do it quite as nicely.
I am not using some of the other authentication options (facebook, openId, etc), but it's nice to know that if I need to, I can just enable those.
My use case is a SaaS application.
I'm currently working with Nimble and this is what I've found so far:
Unless you are planning on using alot of the SSO / Social connectors (Facebook etc.) then it might be easier to just roll your own using shiro. Nimble kind of forces you into their schema. Of course, if you are not too worried about serious deep-level permissions issues then I say go for it.
One thing I wish someone had told me: Nimble uses a "most permissive" scheme. If a user is a member of a group that has access to a resource (i.e. controller/action combo) then you cannot remove that permission from the user itself. This can lead to some issues if you are wanting tight control over your app.
Another annoying thing about Nimble is that documentation is few and far between.
Best of luck!