tags:

views:

30

answers:

2
Q: 

Grails Secure Login Design Questions along with Library & DB Choice

Hello,

Am planning on building user administration module using Grails and the Spring Security Core plug-in for Grails.

Also, am considering using MongoDB for the database system.

Question(s):

(1) What trade offs and benefits will my app gain by choosing MongoDB over MySQL or HSQLDB?

(2) Is it super easy to way to implement (meaning 3rd party Grails APIs or plug-ins and/or Spring APIs?) an app that does the following:

  • New User Registration
  • Captchas
  • Confirmation E-mail
  • Forgot Password Reset Mechanism
  • Roles
  • SSL

(3) Can anyone point to a tutorial that touches on how to do some of these things using Grails?

(4) Will it be necessary to use a standard RDBMS over a NoSQL system for my app's user administration module?

Thank you for taking the time to read this.

A: 
  1. Not a NoSql expert but NoSql Storage are more efficent in diriect reads (the get method of grails domain classes) and are slower on complex join queries or has no support for agragation (max, min, avrg)
  2. Grails Security UI plugin has it all
  3. http://burtbeckwith.github.com/grails-spring-security-ui/docs/manual/index.html
  4. Grails MongoDB plugin implements the GORM functionality for MongoDB so everything should be OK (not tested directly )
Sammyrulez  2010-10-12 07:13:27
Thanks you guys rock!
socal_javaguy  2010-10-13 06:38:01
Burt rocks.. he has done amazing job
Sammyrulez  2010-10-14 07:07:37
A: 

The Spring Security UI plugin handles New User Registration, Confirmation E-mail, and Forgot Password Reset. The Spring Security Core plugin handles roles of course, and has support for specifying which URLs require SSL (see the docs on channel support, section "17 Channel Security").

You can customize the signup workflow to include a captcha - I'd recommend using the reCAPTCHA plugin: http://grails.org/plugin/recaptcha

There's also a MongoDB plugin: http://www.grails.org/plugin/gorm-mongodb

All of the persistence used by the Core and UI plugins is overrideable, but uses GORM by default and assumes you're using an RDBMS. But it's simple to plug in your own if you use MongoDB or some other mechanism - for example see the docs on creating a custom UserDetailsService (section "11 Custom UserDetailsService" at http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/)

Burt Beckwith  2010-10-12 11:13:16

related questions

Why is access denied when installing SSL cert on IIS 5?
What does a PHP developer need to know about https / secure socket layer connections?
Am I turning away customers by disabling SSL 2.0 and PCT 1.0 in IIS5?
Coding Dojo with IE and SSL
Enforce SSL in code in an ashx handler
How to connect to PostgreSQL from .NET using TLS with both client and server authentication?
HELP SSL GURUs!!! ... Problems with SSL Connection
What's a clean/simple way to ensure the security of a page?
How to specify accepted certificates for Client Authentication in .NET SslStream
SharePoint stream file for preview
Problem with Oracle Application Server SSL Certificates
Is there a limit with the number of SSL connections?
Testing HTTPS files with MAMP
Cheapest SSL certificates
Limiting traffic to SSL version of page only
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Is there a way to make Firefox ignore invalid ssl-certificates?
How do I create a self signed SSL certificate to use while testing a web app.
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
HTTPS in IIS 5.1
How do you redirect HTTPS to HTTP?
Debugging: IE6 + SSL + AJAX + post form = 404 error
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Options for Google Maps over SSL