Details
-
Type:
New Feature
-
Status:
Open
-
Priority:
Critical
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: 1.2
-
Component/s: None
-
Labels:None
-
Request Controller:Albers, Stephan
-
External Supervisor:Antonicheva, July
-
Executing Programmer:Antonicheva, July
-
Schema modification:Yes
Description
(needs to be merged with GFW-48)
I would like to use the Spring Security Plugin (http://www.grails.org/plugin/acegi), because many people are jumping on it and use it as the foundation for their applications, so it could be a good foundation for Weceem and GrailsFlow. We need to evalute if and how we can use the plugin for GrailsFlow and other applications.
Alternatives:
- Shiro Plugin (http://www.grails.org/plugin/shiro)
- Basic Security Plugin (http://www.grails.org/plugin/gsec)
- Authentication Plugin (http://www.grails.org/plugin/authentication)
We need a bit of time to get used to it and play with it. It uses Acegi like we do, however it currently does have a very poor permission support, so maybe we could extend it in this direction.
Using a UserManager or DefaultUser is something I would prefer, however I don't know how it should look like exactly.
We could then use/introduce a "common" user class that we require in our app and that has he necessary fields and accessors (eg. for roles). We would still use "String" for the userid (created/changedby) and for Roles (ROLE_admin). We would write some wrapper within that class for our own user management (PROV, Josso etc.) to integrate with GrailsFlow/Weceem in the same way.