Security in Grails-app: Acegi or Shiro
https://stackoverflow.com/questions/2240122
-
19-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
i'm developing a Grails based web-application and i need to choose one of these two frameworks for authentication. In your opinion, what criterions favor the choice for Acegi and what criterions favor the choice for Apache Shiro?
Solution
I have tried both, and in my oppinion Acegi is more finegrained and much better documented. It offers lots of features: URL, Annotation or Database requestmaps for securing application, you get optional SSO, Facebook authentication etc. I think Shiro is nice for smaller project, but the Shiro documentation is still lacking lots of stuff, that you have to figure out yourself. So my feeling is, that it depends on your project. If I should choose based on my current experience, I'll go for Acegi.
OTHER TIPS
I would also like to point out that Springsource officially supports the "Spring Security Plugin", so with everything else being equal, the "Spring Security Plugin" is the better choice to me.
I think the biggest reason to choose one over the other is based on your mental model and which makes the most sense to you. Both frameworks are well established and have been around for years. Both are professionally supported if that matters to you. Both have great engineers and a vibrant community. I'd say just try both and see what 'feels' better to you.
I posted on this here before - hopefully this helps a bit:
I had been a big Spring Security plugin user. It is easy to install and get running. It also offers generic registration creation in addition to the base user, requestmaps and roles generation. However, recently I was trying to implement the Facebook Open Graph plugin and allow users multiple ways of registering and I found it difficult to do with (could have been because of the lack of experience) ... I found an article on facebook intergration except it required the use of Shiro. So, this forced me to try it out... I have to say, although documentation is lacking a bit... Shiro is pretty powerful. What I especially liked is the built in permissions logic! Extremely powerful.
Anyways, Im torn, because I can appreciate the simplicity and the existence of documentation for Spring Security, but for my requirements... Shiro won.
(by the way, I posted more than one question on the topic of Spring Security + Facebook Connect or Facebook Graph plugin. Not one got answered... as a matter of fact, was recommended to try using Shiro or the Nimble plugin. Nimble is based off Shiro and has support for just about everything you need in addition to all user, role, permissions, group maintenance coded from the start. Nimble was too much for my needs, so I stuck with Shiro)
