Security Plugin from Grails? - security

I try find some simple security plugin from Grails.
And first of all, i want ask you: what plugin you can recommend?
I not need super powerful plugin. Its must be simply and for small application.
Thanks.

I recommend Spring Security. It is easy to configure, and very flexible. It can handle everything from simple login, to annotated access controls on methods, to various complicated login schemes.
It does have a fairly complicated API, but there is plenty of documentation, and you can be sure others are using it.
If you just want simple login, it is really easy to set up.
More info here.
Per #robbbert suggestion, here is an alternative -- the Shiro plugin. I cannot speak to its reliability/community/expandibility.

We use Apache Shiro which is very simple to use and set up. It works by convention and supports both authentication and authorization.

Related

How to test load a web application?

I am working on a web app which uses JSF. I would like to know that What are best practices and available tools for performing a load test on it.
Application is hosted on glassfish server 3.1.2.2
Depends somewhat on the site you want to test. At work we have a complex RIA, and to test it we have to reproduce user interaction. We use jMeter for this.
It's kind of messy to set up (look at the guides they have) but once this is done it's very flexible and allows you to configure and tweak many things. I particularly like its "proxy" feature where you can proxy your app through jMeter and it records everything so you can play it back later on. Note that for JSF you have to do some tricks with the ViewStateId, so google a "jmeter JSF" guide for how to set this up.
In a previous project I have used RadView WebLOAD to test a JSF site, it enable recording the user scenario and handles correlating the dynamic values.

Implement JACC provider

I need to support authentication and authorization from different systems.
Im using Jboss AS 7. Regarding authorization I have very detailed permission rules for the current system. As I realized I have to write my own PolicyConfiguration in order to do that.
Where can I find an example for a custom JACC provider implementation?
Although it's too late ,but for reference.
I highly recommend: http://arjan-tijms.blogspot.com/2014/03/implementing-container-authorization-in.html
But note, I haven't tried it yet (will do soon)

Symfony 2 : Custom user provider

Since this article http://symfony.com/doc/2.0/cookbook/security/custom_provider.html has not been written yet, has anyone an idea of how to do that ? (In my case it would be using LDAP authentication).
Thanks for your answers
To help you get started you can check out my blog post which outlines how to create a very basic user provider system:
http://clintberry.com/2011/custom-user-providers-symfony2/
EDIT: This post only covers the custom User Provider. To use LDAP authentication you will need to create your own Authentication Provider as well or use a third party library. http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html
This first thing I would suggest you is to do a search for a LDAP bundle on the great website KnpBundles (results here). I saw two results. If you are willing to use an external bundle, you could just use of the two given in the results.
If you prefer to create your own bundle for this task, what I would suggest is to inspire you from these two bundles. Another useful suggestion is to check the FOSFacebookBundle. It is in no mean related to LDAP but, they implements their own provider, so all the glue is there to implement your own.
Just a small notice, if you are developing against Symfony2 master branch, it is good to know that security factory registration has changed a bit. So, be carefull when looking at other bundles to be sure what version they are targeting.
Hope this helps.
Regards,
Matt

How to get preview-image of a web-site?

I know that there are even some web-resources exist which allow you to get a preview of a web-site 'as it looks in a certain browser'.
I only need view from any browser as an image. Is it possible to get that image without people involvement? Can I get it without system programming, just by means of pure java/python/asp.net?
UPD: http://browsershots.org/ is an example of described web-resources.
The tools I know of that does this - really "just" launches a browser (programatically of course) and takes a screenshot of the contents of the browser and saves this in an image.
I think no matter what you do, you will have to find a way of doing something like this. If you by system programming are refering to OS API calls, then I think you will be out of luck. You might be able to get a third party library that can do this for you, but then that library will simply be making those system calls instead.
I see now others have posted links to places that might prove themself useful to you as well. Without having looked at the links, that would probably be the easiest and best way to go.
Good luck
I believe what you're looking for is browsershots
There are some websites that let you do this.
Try BrowserShots
PageGlimpse is a service
providing developers with programatic
access to thumbnails of any web page.
It has API based on REST protocol and some documentation.
You have a lot of things doing this for you. Take a look at stw for instance.
If you're using .NET, it is possible to do this using the DrawToBitmap method of the WebBrowser control (example here). However, as you'll see by the last comment on that example page, it doesn't work with Flash, and it's a bit 'temperamental' with sites that use complex Javascript for rendering.
I think your best bet is to do as others have said and use a third party thumbnail provider. I haven't used it, but http://www.thumbshots.com/ looks good.

User management plugin/framework for Grails?

Is there a user-management plugin for grails?
Nearly every website requires things like:
Users Login/Authentication
Registration (w/ email verification)
Forgotten email reminders User
User Profiles
Are there any Grails plugins/frameworks/whatever that provide things like this as a base to build upon?
I know how to build these things, so I'm not looking for that type of answer. It just seems silly for every person out there to re-implement this type of basic functionality.
A similar example in Java would be AppFuse, but that is far more involved than what I'm looking for here.
Anyone looking at this question today in 2010 would do well to look at the Nimble plugin: http://www.grails.org/plugin/nimble
There are a couple I know of,
http://www.grails.org/AcegiSecurity+Plugin
based on the popular Acegi Security (now called Spring Security), possibly a little heavyweight for what you want.
and secondly
http://www.grails.org/Authentication+Plugin
which is a far lighter weight implementation.
Others can be found at http://www.grails.org/Plugins, under 'Security Plugins'
Here are a few new additions: Spring Security UI and Grum. Both have recent (2012) activity unlike Stark and Nimble which seem to have stopped development (last updates were from 2 years ago).
If you're interested in a Spring-security based solution you could look at Stark:
http://www.grails.org/Stark+Security+Plugin

Resources