Annyce Davis

ones and zeros

  • Home
  • Public Speaking
  • About Me
  • Courses
  • Life

Spring Security vs. Apache Shiro

March 21, 2010 by Annyce Davis 5 Comments

This is a high level comparison of Spring Security and Apache Shiro, two Security frameworks that have plugins available in Grails.

Spring Security (a.k.a. ACEGI)

  • has users with roles
  • to restrict users on a more fine grained level, use interceptors in your controller
  • LDAP support
  • integration with CAS single-sign-on
  • has a new ACL option for the Grails Plugin
  • somewhat ‘heavy-handed’

Example (Using Grails Interceptor):
def beforeInterceptor = [action:checkViewableSites, except: “list”]

def checkViewableSites = {
if(!user.viewableSites.contains(Site.get(params.id) )) {
response.sendError 403
return false
}
}

Apache Shiro (a.k.a. JSecurity)

  • has support for permissions out of the box
  • LDAP support with Shiro plugin
  • easy to customize
  • Grails Nimble plugin that allows permissions on three levels: users, groups, and roles
  • Nimble plugin has an easy to use UI component for adding/modifying users and permissions
  • Nimble plugin has support for authentication through Facebook and OpenID out of the box

Example (Using Shiro Permissions):

  • profile:edit:1 – this means a person can edit only the Profile object with id 1
  • profile:*:* – this means that a person can do anything to any Profile object

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Filed Under: Grails Tagged With: Spring Security

Follow Me

What engineering leaders need to know from this year’s Google I/O

I didn't intentionally aim to create a rhyming title, but there you have it. Each year, I look forward to Google I/O like a kid going back to school. This year … [Read More...]

Talk: The Real MVP

You have an idea for a new app. You've secured buy-in from the business. What's next? The MVP. But what does it take to ship a new app these days? What are the … [Read More...]

Categories

  • Android (55)
  • Career (2)
  • Communication (4)
  • Flutter (1)
  • Git (4)
  • Gradle (4)
  • Grails (23)
  • Java (8)
  • JavaScript (6)
  • Kotlin (17)
  • Life (4)
  • Public Speaking (23)
  • RxJava (1)
  • Software Development (7)
  • Twitter (3)
  • Uncategorized (11)
  • Video Course (5)

Copyright © 2023 · Beautiful Pro Theme on Genesis Framework · WordPress · Log in