org.nerderg.plugins:grails-shiro

Secure your Grails application quickly and easily using the Apache Shiro security framework.


License
Apache-2.0

Documentation

Grails Shiro plugin

Build Status

Versions

  • Latest released versions 3.4, 4.4

  • Latest working version 3.4, 4.4 (in this repo)

This is the Grails Shiro plugin for grails version 4.0.x and Shiro 1.5.3. This was derived from the Grails 2.x version (https://github.com/pledbrook/grails-shiro).

We pretty much re-wrote the plugin for Grails 3 and to simplify the use, improve the documentation and make it easier to maintain. There are lots of changes please check out the Guide in the docs directory.

Numbering

In general the version number is following the Grails major version it supports, then release. e.g.

3.4 = Grails 3 plugin release 4
4.4 = Grails 4 plugin release 4

Maintenance

Although we have now published the Grails 4 version of this plugin we will continue to maintain the Grails 3 version backporting features till July 2020 where possible.

Documentation and Source

In general the documentation applies to both Grails 3 and 4 versions of the plugin. Source code including specific documentation for the Grails 3 version can be found in the Grails-3 Branch.

Installation

To install, add this to your build.gradle dependencies for Grails 4:

compile "org.grails.plugins:grails-shiro:4.4"

and this for Grails 3:

compile "org.grails.plugins:grails-shiro:3.4"

Getting started

If you’re implementing your security from scratch, then you can simply install grails-shiro by adding

compile "org.grails.plugins:grails-shiro:4.4"

to your build.gradle dependencies and typing shiro quick start, 'grails shiro-quick-start'.

This will create a ShiroWildcardDbRealm in your grails-app/realms directory and make a ShiroUser and ShiroRole domain class. It will also create an AuthController to let you log in. Check out Wildcard DB Realm for how you might populate a couple of users using Boostrap.groovy.

Now to Control access to a Controller add an Interceptor for that controller using grails create-shiro-controller-interceptor MyController which will add access control by convention.

Version change log

version 4.4

  • Upgrade shiro to version 1.7.1 fixing CVE-2020-17523

version 3.3 & 4.3

  • Fixed Annotation redirect missing context path - #16

  • Upgrade to shiro 1.5.3

Warning
This introduces a small breaking change. Annotations now use the login and unauthorized settings not URL Mappings to set where they redirect to.

version 4.2

  • upgrade to shiro 1.4.2

version 4.1

  • ported to Grails version 4.0.0 (thanks Peter Legen/animator013 for you help!)

version 3.1

  • Added ability to set the remember me cipherKey or the length of the randomly generated key

  • Fix for onNotAuthenticated and onUnauthorized not working correctly (Can’t be invoked on metaclass)

version 3.0

  • re-write from old Grails 2 plugin see updates in the Guide

Building from source

To build the plugin yourself and install it from this repo:

  1. clone or fork this repo to your machine

  2. run gradle install and that will build, test, install it to your local maven repo (~/.m2)

  3. profit!

Publishing

If you have the credentials to publish the plugin just run the gradle bintrayUpload task.

Kudos

Thank you to everyone who provides feedback!