tags:

views:

528

answers:

3
+2  Q: 

Security in Grails-app: Acegi or Shiro

Hi, i'm developing a Grails based web-application and i need to choose one of these two frameworks for authentication. In your opinion, what criterions favor the choice for Acegi and what criterions favor the choice for Apache Shiro?

+2  A: 

I have tried both, and in my oppinion Acegi is more finegrained and much better documented. It offers lots of features: URL, Annotation or Database requestmaps for securing application, you get optional SSO, Facebook authentication etc. I think Shiro is nice for smaller project, but the Shiro documentation is still lacking lots of stuff, that you have to figure out yourself. So my feeling is, that it depends on your project. If I should choose based on my current experience, I'll go for Acegi.

sbglasius  2010-02-11 09:15:14
+2  A: 

I would also like to point out that Springsource officially supports the "Spring Security Plugin", so with everything else being equal, the "Spring Security Plugin" is the better choice to me.

Karsten Silz  2010-02-11 13:17:09
One of the Spring Security Plugin authors just got hired by SpringSource: http://n4.nabble.com/Welcome-Burt-Beckwith-to-the-Grails-team-td1558461.html#a1558461 Even more reason in my mind to go with that plugin.
Karsten Silz  2010-02-17 15:23:52
A: 

I had been a big Spring Security plugin user. It is easy to install and get running. It also offers generic registration creation in addition to the base user, requestmaps and roles generation. However, recently I was trying to implement the Facebook Open Graph plugin and allow users multiple ways of registering and I found it difficult to do with (could have been because of the lack of experience) ... I found an article on facebook intergration except it required the use of Shiro. So, this forced me to try it out... I have to say, although documentation is lacking a bit... Shiro is pretty powerful. What I especially liked is the built in permissions logic! Extremely powerful.

Anyways, Im torn, because I can appreciate the simplicity and the existence of documentation for Spring Security, but for my requirements... Shiro won.

(by the way, I posted more than one question on the topic of Spring Security + Facebook Connect or Facebook Graph plugin. Not one got answered... as a matter of fact, was recommended to try using Shiro or the Nimble plugin. Nimble is based off Shiro and has support for just about everything you need in addition to all user, role, permissions, group maintenance coded from the start. Nimble was too much for my needs, so I stuck with Shiro)

croteau  2010-08-16 15:28:08

related questions

How do I write Firefox add-on that automatically enters proxy passwords?
Login Integration in PHP
Strange Rails Authentication Issue
Concurrent logins in a web farm
Is there a browser equivalent to IE's ClearAuthenticationCache?
How can I authenticate using client credentials in WCF just once?
Why can't I connect to my CAS server with Perl's AuthCAS?
Best Solution For Authentication in Ruby on Rails
Authenticate on an ASP.Net Forms Authorization website from a console app
How do I use NTLM authentication with Active Directory
What have you used Windows CardSpace for, if anything
Forms Authentication across Applications
Retreiving the PC Name of a Client? (Windows Auth)
How would you implement FORM based authentication without a backing database?
What's the best way to authenticate over WCF?
Only accepting certain ajax requests from authenticated users
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
What to use for login ID?
ASP.NET authentication: user name Vs User ID
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Checklist for IIS 6/ASP.NET Windows Authentication?
The Definitive Guide To Website Authentication