> Thanks for the help ... I was feeling a bit NOOBish ... and you know that > ain't a good feeling.
It shouldn't. Everyone starts out some day. And I still have a lot to learn. > My first and best resource in using JSecurity/Shiro was ... > http://tramuntanal.wikidot.com/jsecurityplugin > > That worked and then ... I went off the deep end, trying to build Shiro from > source and not use the plugin ... I'm obviously not ready for that yet. > > So, I'm back to using the plugin and things are working great. It's good to hear that things are working now. > Yeah. I had renamed "SecurityFilters" ... Where is that name specified?? > ... anyway, renaming my configuration file back to "SecurityFilters" made > everything better. I don't know. But with this entire "Convention over Configuration" paradigm, renaming files can cause some trouble. That's the downside. But the upside is that you know what's in a file by its name and location. And: If you take a look at another person's project, it looks the same. I think these are huge benefits. [...snip...] > I noticed that you had a misspelling in your example below ... does that > work?? ... It seems to me that the Class is hard-coded somewhere and I > couldn't find out where.... Do you know? I wouldn't be amazed about a misspelling as I coded it directly inside the browser (web mail). It would actually be cool if Google added syntax highlighting to their GMail product... :-) Which class is hard coded? I am sorry, I do not know what you refer to. > I an going to have simple, but effective security for my web app and it's > easy and very secure. > > With passwords encrypted ... one question ... What about using SSL with > Grails? SSL is none of Grails' business. Set up your web app container to do SSL. For Grails nothing changes. > I'm using Tomcat 6.0 as my container ... Have you ever used the Resin Java > app container ... my company uses it and it's ... stable ... but kind of > weird. Tomcat works great with Apache httpd in front, which is easier to set up SSL-wise (IMHO). I have that setup here at work, where Apache does all the HTTP(S) and talks to Tomcat via AJP (mod_proxy_ajp is your friend). I heard about Resin. But I never used it or seen it in action. I merely noticed that an alternative with that name exists. [...snip...] > Any pointers on SSL, Daniel? See the paragraph above. > Another question ... you have ... > > case 'help': > case 'home': > > as part of your list of controllers that get a pass ... would you really > have separate controllers for "Help" or your "Home" page ... or would one > controller "Public", for instance, be sufficient for all "non-authorized" > content. That's a matter of taste, I guess. I do not have a "public" controller, that's what my "home" controller does, I guess. I meant "home" like in "home page" (i.e. the first thing you see of a web site) not like "[user] home directory". I included "help" merely as an example, so that if you wanted to add more non-restricted controllers, you'd easily see where to put them. In fact, in case of "help", I guess I wouldn't even use a controller and use Grails CoC mechanism which will (AFAIK) just render the gsp (or jsp) for the view (if your URL mappings do not change stuff completely). Cheers, DJ PS: Questions about grails might be better posted to the grails user mailing list. You might get better and faster responses.
