I'm looking for a secure user login/session management component for a public web app. Spring Security seems to have potential, are there any other high quality alternatives? Conceptually this is easy and we currently have code that works fine, but I'd rather be using code that has been publicly reviewed for security flaws. Needs: ...
I have a fairly sophisticated security mechanism that I implemented using Apache Shiro (formerly JSecurity). In order to know the exact visibility rules for an object, I need to run some code (i.e. lookup user's roles, permissions, groups, etc). I'd like to run queries that tell me objects that the current user is authorized to see. ...
For further background, see http://grails.markmail.org/message/62w2xpbgneapmhpd I'm trying to mock out the Shiro SecurityUtils.getSubject() method in my BootStrap.groovy. I decided on this approach because the Subject builder in the latest Shiro version isn't available in the current version of the Nimble plugin (which I'm using). I d...
Using Shiro we have a great security framework embedded in our enterprise application running on GF. You define users, roles, permissions and we can control at any fine-grain level if a user can access the application, a certain page or even click a specific button. Is there a recipe or pattern, that allows on top of that, to restrict a...
I have a grails 1.2 app and I want to use declarative security in order to restrict accesses based on roles. I decided to try shiro, installed the plugin, but when I try to authenticate, the message "Invalid username and/or password" shows up in the header. I check the db entry and the user is there with the sha'ed password. No messages ...
What makes nimble a better choice than shiro? I'm trying to decide between nimble and shiro for a new grails project right now and I'm curious what makes nimble the better choice. ...
I'm using grails to build an application that functions primarily as a service framework. My question is: Can services be secured in the same fashion as controllers? uri-based example: class SecurityFilters { def filters = { all(uri: "/**") { before = { // Ignore direct views (e.g. the default main index page). ...
Might be just me, but I have a hard time understanding how to secure just some of the pages in a Grails application with the Shiro Plugin. I use this in my security filter: class SecurityFilters { def filters = { all(uri: "/**") { before = { // Ignore direct views (e.g. the default main index page). if (!con...
Hi, i'm developing a Grails based web-application and i need to choose one of these two frameworks for authentication. In your opinion, what criterions favor the choice for Acegi and what criterions favor the choice for Apache Shiro? ...
Hi, i'm using the Apache Shiro as the framework for athetication of my application. I was following the reference at http://www.grails.org/plugin/shiro and my application throws the exception: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. This is a...
I'm bit vague about how to start using the shiro plugin, after reading few documents. I decided against Nimble, as it comes with few tables and UI plugins. I setup shiro plugin with wildcard realm, with my own tables. I may use permission based (rather tan role based) access control as it scales well. Now, the steps for it. assign th...
Hello, I am using Shiro plugin for my grails application security, My application already has a user .Using the shiro plugin, we get a shiro user, now how do i integrate the shiro user with the normal user of my application,show i go ahead and use relationships or is it that the user class ahould be only a shiro user class now ?? ...
The Sha1Hash function is used to convert the passwords into hex format in order to store them. How we can pass a username and password as strings in the Bootstrap.groovy and create our users easily. IF i want to use a GSP to create a user,how do i go about using the Sha1hash function. This functin when given sha1hash(params.password)retu...
I am building a community website in grails (using Apache Shiro for security and authentication system) and I would like to implement the feature "who is online?". This url http://cksource.com/forums/viewonline.php (see snapshot below if you do not have acess to this Url) gives an example of what I would like to achieve. How can I do ...
Hi folks, I decided to use Shiro to secure my webapplication. I use a tomcat app server, maven, hibernate and jsf. Now I tried to configure Shiro but got some problems. Here are my files: ---POM.xml--- <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifact...
Hello folks, I configured Shiro as follows: [main] [users] ... [roles] ... [urls] /welcome.xhtml = anon /overview.xhtml = authc As you can imagine 'welcome.xhtml' contains my login-form. If I am not logged into the application and I try to access overview.xhtml I...
Hi, Im working on a legacy grails application. I have a couple of tables like this User ( id, name,enterprise_id) Enterprise (id, name) Asset (id,description, enterprise_id) I want to validate that when a certain user wants to access an asset, it has the right enterprise_id (i.e That the user belongs to the same enterprise as the a...
I use shiro plugin for grails and allow user to add permission at runtime. My controller has many actions such as index,list,edit,create,save,update,search,delete .... Suppose that controller name is "foo" The permission string for simple foo controller is foo:* means everybody which has this permission can access all actions of foo con...
Hello All.. I have been working on the project where application is using grails 1.2.2.... Now I want to add the Shiro Security with the current project (using Netbeans), and I am very much new to the grails arena. So, I wanted to know that how can add shiro plugin to my current project (in netbeans) ? May be I also need to upgrade my...
Hi All.. I have been working Quartz framework in my grails project with lib called quartz-all-1.7.3. Now I need to install the shiro plugin to my project. So, whenever I am installing shiro plugin to my project its getting installed successfully.. But again whenever I am running my project again it's giving compilation error as follow...