Daniel J. Lauk wrote:
That worked and then ... I went off the deep end, trying to build Shiro from
source and not use the plugin ... I'm obviously not ready for that yet.
So, I'm back to using the plugin and things are working great.
There is a lot more to the plugin than just the Shiro code. I recommend
that you don't try to stop using the plugin. I can't think of a good
reason to do that. You can compile the Shiro code and put the jars into
the plugin if you need a recent Shiro bug fix, but don't abandon the plugin.
With passwords encrypted ... one question ... What about using SSL with
Grails?
SSL is none of Grails' business. Set up your web app container to do
SSL. For Grails nothing changes.
That's not quite my understanding of the topic. It is a common Grails
strategy is to use a filter to redirect requests to and from http to
https as required. (The filter needs to examine each request and
determine if the protocol is correct, and redirect if it is not. The
Grails reverse URL mapping mechanism cannot be configured to make some
links https while making other links http -- it just uses the protocol
of the current request when creating links.) Discussion of this topic
should be moved to the Grails list rather than continued here. Example
code for this type of filter was posted to the list a long time ago (and
has been working well in my app for a very long time).
