It sounds like shiro could handle this out of the box. I spent some time with each security plugin and (at the moment) shiro is probably the best for what you've described. Did you look at the SecurityManager that shiro offers?
-Brandon
On Mar 3, 2010 2:36 AM, "A_Grails_User" <[hidden email]> wrote:
Hi there,
I need advice on modeling domain classes. I'm planning an application
separated in frontend and backend. Customers will use a frontend while an
admin uses the backend. The backend will be the most important part of the
app. I also need separate ways for the login process. Customers should only
login by their email/password combination and the backend user will have to
use his username/password combination. Right now I have two classes:
Customer and BackendUser. Now, Roles and Permissions come into play.
1. What's your best advice on modeling this requirement?
2. Which security plugin works best for this purpose? SpringSecurity, Shiro,
Nimble, StarkSecurity?
3. Would you recommend to let a Customer and BackendUser class extend a
(Shiro)User class?
The most flexible approach is preferable. Later I will also need to secure a
WebService.
I played around with the Shiro plugin a little but I think there will be no
'out of the box' solution, will there be?
Thanks
--
View this message in context: http://n4.nabble.com/Best-practice-security-User-Roles-Permission-with-different-login-requirements-tp1575993p1575993.html
Sent from the Grails - user mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
Locked
