Grails Shiro plugin

Table of Contents

• Versions
  • Numbering
  • Maintenance
  • Documentation and Source
• Installation
• Getting started
• Version change log
  • version 5.0.0
  • version 4.5.8
  • version 4.4
  • version 3.3 & 4.3
  • version 4.2
  • version 4.1
  • version 3.1
  • version 3.0
• Building from source
• Publishing
• Kudos

Versions

• 5.0.0 This is the Grails Shiro plugin for Grails version 5+ and Shiro 2.0.1.

• Older released versions 3.4 and 4.4.

• Version 4.5.9 supports Grails 4 with shiro 1.13.0 not released on maven, you can download the branch and use the ./gradlew publishToMavenLocal to install it manually

This project was derived from the Grails 2.x version (https://github.com/pledbrook/grails-shiro).

We pretty much re-wrote the plugin for Grails 3 & 4 and to simplify the use, improve the documentation and make it easier to maintain. There are lots of changes please check out the Guide in the docs directory.

Numbering

In general the version number is following the Grails major version it supports, then release. e.g.

5.0.0 = Grails 5 plugin release 0
3.4 = Grails 3 plugin release 4
4.5.9 = Grails 4 plugin release 5.9

Maintenance

We are working on a Grails 6 plugin.

The Grails 5 plugin will be maintained to match shiro releases where possible and bugs fixed. We will add some extra AD LDAP support too.

Documentation and Source

In general the documentation applies to all versions of the plugin. Source code including specific documentation for older Grails versions can be found in the Branches.

Installation

To install, add this to your build.gradle dependencies for Grails 5:

implementation "org.nerderg.plugins:grails-shiro:5.0.0"

//include the shiro dependency, required in Gradle 5+
['ehcache', 'core', 'spring', 'web'].each { pkg ->
        implementation("org.apache.shiro:shiro-$pkg:2.0.1") {
            exclude module: 'ejb'
            exclude module: 'jsf-api'
            exclude module: 'servlet-api'
            exclude module: 'jsp-api'
            exclude module: 'jstl'
            exclude module: 'jms'
            exclude module: 'connector-api'
            exclude module: 'ehcache-core'
            exclude module: 'slf4j-api'
            exclude module: 'commons-logging'
        }
    }

and this for Grails 4:

compile "org.grails.plugins:grails-shiro:4.4"

and this for Grails 3:

compile "org.grails.plugins:grails-shiro:3.4"

Getting started

If you’re implementing your security from scratch, then you can install grails-shiro as above and typing

grails shiro-quick-start

See: grails shiro-quick-start.

This will create a ShiroWildcardDbRealm in your grails-app/realms directory and make a ShiroUser and ShiroRole domain class. It will also create an AuthController to let you log in. Check out Wildcard DB Realm for how you might populate a couple of users using Boostrap.groovy.

Now, to Control access to a Controller add an Interceptor for that controller using

grails create-shiro-controller-interceptor MyController

See: create-shiro-controller-interceptor which will add access control by convention.

Version change log

version 5.0.0

• upgrade to Grails 5.3.6

• Upgrade to Shiro 2.0.1

• upgrade Gradle

Warning

you now need to include apache shiro in your build.gradle due to the newer versions of Gradle not pulling in transitive deps. Quick Fix below.

build.gradle

dependencies {
 ...
// add this to dependencies to get shiro depenedencies
    ['ehcache', 'core', 'spring', 'web'].each { pkg ->
        implementation("org.apache.shiro:shiro-$pkg:$shiroVersion") {
            exclude module: 'ejb'
            exclude module: 'jsf-api'
            exclude module: 'servlet-api'
            exclude module: 'jsp-api'
            exclude module: 'jstl'
            exclude module: 'jms'
            exclude module: 'connector-api'
            exclude module: 'ehcache-core'
            exclude module: 'slf4j-api'
            exclude module: 'commons-logging'
        }
    }
}

version 4.5.8

• Upgrade to shiro version 1.13.0

version 4.4

• Upgrade shiro to version 1.7.1 fixing CVE-2020-17523

version 3.3 & 4.3

• Fixed Annotation redirect missing context path - #16

• Upgrade to shiro 1.5.3

Warning

This introduces a small breaking change. Annotations now use the login and unauthorized settings not URL Mappings to set where they redirect to.

version 4.2

• upgrade to shiro 1.4.2

version 4.1

• ported to Grails version 4.0.0 (thanks Peter Legen/animator013 for you help!)

version 3.1

• Added ability to set the remember me cipherKey or the length of the randomly generated key

• Fix for onNotAuthenticated and onUnauthorized not working correctly (Can’t be invoked on metaclass)

version 3.0

• re-write from old Grails 2 plugin see updates in the Guide

Building from source

To build the plugin yourself and install it from this repo:

1. clone or fork this repo to your machine

2. run gradle publishToMavenLocal and that will build, test, install it to your local maven repo (~/.m2)

3. profit!

Publishing

Refer to https://grails.org/blog/2021-04-07-publish-grails-plugin-to-maven-central.html

If you have the signing and repository credentials, you can run:

./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository

But you should publish to staging and check everything first.

Kudos

• Peter Ledbrook looking after original grails shiro plugin

• yellowsnow

• apandichi

• animator013 - Peter Legen

• Chris Bitmead - Grails 5 and AD changes

• and others for work on the previous version of the plugin.

Thank you to everyone who provides feedback!