Is it just me or?...

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Is it just me or?...

buffonomics
...Is it better to just use Grails session to manage security than trying to use things like Shiro.

I find Shiro to be abysmally undocumented and unintuitive. The amount of time I have spent with it in trying to create a full user system  is time I would have spent already done with it if I just used sessions.

What's your view?
Reply | Threaded
Open this post in threaded view
|

Re: Is it just me or?...

burtbeckwith
I'm a bit biased since I work on the Spring Security plugins, but I think it's irresponsible to roll your own security implementation. Shiro and Spring Security are solid, battle-hardened, full-featured security frameworks with significant functionality. And there are other options, some free and some commercial but which don't have solid integration with Grails.

If you find yourself working harder than you think you should to get around perceived issues with a framework, you may be using the wrong one, and you may not have spent enough time understanding how to use it. You haven't shown any specifics, so it's hard to know what doesn't work for you.

Rolling your own is easier, but only at first. Once you start doing real work you'll find yourself reinventing wheels all over the place, and it's unlikely that you'll do that in an optimal way. Good luck with that, especially when you start getting some traffic and hackers start poking around.

In general, it's best to use something that works and can be tweaked, and concentrate on solving the real issues in your application.

Burt

buffonomics wrote
...Is it better to just use Grails session to manage security than trying to use things like Shiro.

I find Shiro to be abysmally undocumented and unintuitive. The amount of time I have spent with it in trying to create a full user system  is time I would have spent already done with it if I just used sessions.

What's your view?
Reply | Threaded
Open this post in threaded view
|

Re: Is it just me or?...

aruizca
This post was updated on .
@burtbeckwith

+100. By the way, this week I made a pull request for the Apache Shiro plugin. Could you have a look please?

Thanks.
Angel.
Reply | Threaded
Open this post in threaded view
|

Re: Is it just me or?...

burtbeckwith
Peter Ledbrook is the author of the Shiro plugin.

Burt

aruizca wrote
@burtbeckwith

+100. By the way, this week I made a pull request for the Apache Shiro plugin. Could you have a look please?

Thanks.
Angel.
Reply | Threaded
Open this post in threaded view
|

Re: Is it just me or?...

aruizca
In reply to this post by buffonomics
@buffonomics

I think it is just you mate :-) Sorry but Shiro rocks.

Cheers,
Angel.
Reply | Threaded
Open this post in threaded view
|

Re: Is it just me or?...

aruizca
In reply to this post by burtbeckwith
Thanks Peter!!
Reply | Threaded
Open this post in threaded view
|

Re: Is it just me or?...

aruizca
In reply to this post by buffonomics
@ buffonomics

These three links should be enough for you to get up to speed in Shiro in no time:

- Application Security With Apache Shiro
- Apache Shiro Integration for Grails
- Apache Shiro Documentation

Cheers,
Angel
Reply | Threaded
Open this post in threaded view
|

Re: Is it just me or?...

Adam Sandor
There are all kinds of subtleties in handling user sessions, authentication and authorization correctly. If you try to do it yourself you'll find that it's much more work then you anticipated, and you'll be exposing yourself to security risks due to implementation bugs.
Also Shiro is pretty easy to use especially through the Shiro plugin, so you should definitely give it a bit more time to learn.

Adam

On May 5, 2013, at 2:30 AM, aruizca <[hidden email]> wrote:

> @ buffonomics
>
> These three links should be enough for you to get up to speed in Shiro in no
> time:
>
> -  Application Security With Apache Shiro
> <http://www.infoq.com/articles/apache-shiro>  
> -  Apache Shiro Integration for Grails <http://grails.org/plugin/shiro>  
> -  Apache Shiro Documentation <http://shiro.apache.org/documentation.html>  
>
> Cheers,
> Angel
>
>
>
>
> --
> View this message in context: http://grails.1312388.n4.nabble.com/Is-it-just-me-or-tp4644338p4644346.html
> Sent from the Grails - user mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|

Re: Is it just me or?...

Sebastian Gozin
In reply to this post by buffonomics
Write a bunch of learning tests and you'll understand how it works.

Shiro is actually pretty well made even though it has some oddly designed classes here and there.
I much prefer it to the horror that is spring-security at least.


On 05 May 2013, at 01:48, buffonomics <[hidden email]> wrote:

> ...Is it better to just use Grails session to manage security than trying to
> use things like Shiro.
>
> I find Shiro to be abysmally undocumented and unintuitive. The amount of
> time I have spent with it in trying to create a full user system  is time I
> would have spent already done with it if I just used sessions.
>
> What's your view?
>
>
>
> --
> View this message in context: http://grails.1312388.n4.nabble.com/Is-it-just-me-or-tp4644338.html
> Sent from the Grails - user mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email