Annyce Davis

Helping you write beautiful code

  • Home
  • Public Speaking
  • About Me
  • Courses
  • Life

Spring Security vs. Apache Shiro

March 21, 2010 by Annyce Davis 5 Comments

This is a high level comparison of Spring Security and Apache Shiro, two Security frameworks that have plugins available in Grails.

Spring Security (a.k.a. ACEGI)

  • has users with roles
  • to restrict users on a more fine grained level, use interceptors in your controller
  • LDAP support
  • integration with CAS single-sign-on
  • has a new ACL option for the Grails Plugin
  • somewhat ‘heavy-handed’

Example (Using Grails Interceptor):
def beforeInterceptor = [action:checkViewableSites, except: “list”]

def checkViewableSites = {
if(!user.viewableSites.contains(Site.get(params.id) )) {
response.sendError 403
return false
}
}

Apache Shiro (a.k.a. JSecurity)

  • has support for permissions out of the box
  • LDAP support with Shiro plugin
  • easy to customize
  • Grails Nimble plugin that allows permissions on three levels: users, groups, and roles
  • Nimble plugin has an easy to use UI component for adding/modifying users and permissions
  • Nimble plugin has support for authentication through Facebook and OpenID out of the box

Example (Using Shiro Permissions):

  • profile:edit:1 – this means a person can edit only the Profile object with id 1
  • profile:*:* – this means that a person can do anything to any Profile object

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Filed Under: Grails Tagged With: Spring Security

Newsletter

Start a new tech group on Meetup

Follow Me

Dev Machine Setup – Mobile Development

A new machine. Now what? Time to set it all up. Inevitably I end up going back and forth from my old machine or worse yet, my memory, to figure out what needs … [Read More...]

Dagger Multibinding in Dynamic Feature Modules

We're adding the use of dynamic feature modules to our app. This will help us to improve build speeds, conditionally include features and decouple our code. As … [Read More...]

Categories

  • Android (49)
  • Career (2)
  • Communication (4)
  • Flutter (1)
  • Git (4)
  • Gradle (4)
  • Grails (23)
  • Java (8)
  • JavaScript (6)
  • Kotlin (11)
  • Life (4)
  • Public Speaking (22)
  • RxJava (1)
  • Software Development (3)
  • Twitter (3)
  • Uncategorized (11)
  • Video Course (4)

Copyright © 2021 · Beautiful Pro Theme on Genesis Framework · WordPress · Log in