哪个安全框架用于Grails应用程序? [英] Which Security Framework to use for Grails application?
问题描述
我花了几个星期的时间试图找出我应该给这个问题我发布了。由于我找不到Shiro-Grails集成的完整文档,因此我正在寻找其他一些框架(如Spring)来保护我们的轻量级基于Web的Grails应用程序。
这个应用程序有几个月的历史了,它不是一个巨大的应用程序。不超过20个持久性课程。不过,我相信它会很快成长起来。但是,安全性还没有实现,我想确保我会找到最好的安全框架(对我来说最好的可能包括:免费源代码,有文档记录,易于与Grails集成,可扩展,最后但并非最不安全的安全)。
有什么建议?
Steve是对的 - 介于SpringSecurity和Shiro之间。
我正在使用Shiro - 文档不如它可能好,但* -Permissions非常好。
您通过指定controller:action
元组授予权限。您可以使用列表和通配符:
pre $ *:list,show// everything everything only-only
book:*// book class
中允许的所有内容*:*//管理员
因此,您在一个文件中拥有作为白名单(基于controller:action)的所有权限。
到目前为止,SpringSecurity的注意事项是你经常以URL为基础的权限 - 这是恕我直言,错过一个简单的方法来保护控制器或行动。请参阅在Grails 2 rc3中确保操作,例如: - )
PS:如果有人知道这种* -Permission是如何在SpringSecurity中完成的,请发表评论!
I spent a couple of weeks trying to figure out what solution I should bring to this question I posted. Since I couldn't find a full documentation for Shiro-Grails integration, I am looking for some other framework (like Spring) to secure our lightweight web based Grails application.
The application is couple of months old and it is not a huge application. Not more 20 persistent classes. However, I believe it will grow up soon. But, security is not implemented yet and I want to make sure that I will find the best security framework (for me the best might include: free source, well documented, easy to integrate with Grails, extensible, and last but not least more secured).
Any suggestions?
Steve is right - it is between SpringSecurity and Shiro.
I am using Shiro - the documentation isn't as good as it could be, but the *-Permissions are great.
You grant permission by specifying "controller:action"
tuples. And you can use lists and wildcards:
"*:list,show" //everything read-only
"book:*" //everything allowed on the book class
"*:*" //admin
As a result, you have all permissions as whitelist (based on controller:action) in one file.
What I've seens so far for SpringSecurity is that you often base the permissions on URLs - that's IMHO an easy way to miss to secure a controller or action. see Securing actions in Grails 2 rc3 for example :-)
PS: if anybody knows how this kind of *-Permission is done in SpringSecurity, please post a comment!
这篇关于哪个安全框架用于Grails应用程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!