views:

528

answers:

3

Hi, i'm developing a Grails based web-application and i need to choose one of these two frameworks for authentication. In your opinion, what criterions favor the choice for Acegi and what criterions favor the choice for Apache Shiro?

+2  A: 

I have tried both, and in my oppinion Acegi is more finegrained and much better documented. It offers lots of features: URL, Annotation or Database requestmaps for securing application, you get optional SSO, Facebook authentication etc. I think Shiro is nice for smaller project, but the Shiro documentation is still lacking lots of stuff, that you have to figure out yourself. So my feeling is, that it depends on your project. If I should choose based on my current experience, I'll go for Acegi.

sbglasius
+2  A: 

I would also like to point out that Springsource officially supports the "Spring Security Plugin", so with everything else being equal, the "Spring Security Plugin" is the better choice to me.

Karsten Silz
One of the Spring Security Plugin authors just got hired by SpringSource: http://n4.nabble.com/Welcome-Burt-Beckwith-to-the-Grails-team-td1558461.html#a1558461 Even more reason in my mind to go with that plugin.
Karsten Silz
A: 

I had been a big Spring Security plugin user. It is easy to install and get running. It also offers generic registration creation in addition to the base user, requestmaps and roles generation. However, recently I was trying to implement the Facebook Open Graph plugin and allow users multiple ways of registering and I found it difficult to do with (could have been because of the lack of experience) ... I found an article on facebook intergration except it required the use of Shiro. So, this forced me to try it out... I have to say, although documentation is lacking a bit... Shiro is pretty powerful. What I especially liked is the built in permissions logic! Extremely powerful.

Anyways, Im torn, because I can appreciate the simplicity and the existence of documentation for Spring Security, but for my requirements... Shiro won.

(by the way, I posted more than one question on the topic of Spring Security + Facebook Connect or Facebook Graph plugin. Not one got answered... as a matter of fact, was recommended to try using Shiro or the Nimble plugin. Nimble is based off Shiro and has support for just about everything you need in addition to all user, role, permissions, group maintenance coded from the start. Nimble was too much for my needs, so I stuck with Shiro)

croteau