What makes nimble better than shiro?
Asked Answered
F

3

8

What makes nimble a better choice than shiro?

I'm trying to decide between nimble and shiro for a new grails project right now and I'm curious what makes nimble the better choice.

Filings answered 22/1, 2010 at 19:0 Comment(0)
A
4

I'm currently working with Nimble and this is what I've found so far:

Unless you are planning on using alot of the SSO / Social connectors (Facebook etc.) then it might be easier to just roll your own using shiro. Nimble kind of forces you into their schema. Of course, if you are not too worried about serious deep-level permissions issues then I say go for it.

One thing I wish someone had told me: Nimble uses a "most permissive" scheme. If a user is a member of a group that has access to a resource (i.e. controller/action combo) then you cannot remove that permission from the user itself. This can lead to some issues if you are wanting tight control over your app.

Another annoying thing about Nimble is that documentation is few and far between.

Best of luck!

Agreement answered 10/2, 2010 at 17:24 Comment(0)
B
8

As you probably know, Nimble is a layer on top of Shiro, so you get Shiro for the underlying security / authorization framework, and Nimble takes the shiro backend and puts a front end on it. It also defines a few configuration options that you can set - something you would have had to do yourself otherwise.

I really appreciate that Nimble offers a very nice user interface that lets me manage the underlying shiro permissions and objects. It's very well designed as a plugin, with a good extensibility model for User and Profile classes. Adding security to my app became an almost trivial thing with Nimble - just a few hooks for permissions in a few places, but the rest is written for me.

The UI is pretty sophisticated - would have taken probably a few weeks (or more) at least to do something similar, and it's unlikely I would have had the time to do it quite as nicely.

I am not using some of the other authentication options (facebook, openId, etc), but it's nice to know that if I need to, I can just enable those.

My use case is a SaaS application.

Balderas answered 22/1, 2010 at 20:46 Comment(0)
A
4

I'm currently working with Nimble and this is what I've found so far:

Unless you are planning on using alot of the SSO / Social connectors (Facebook etc.) then it might be easier to just roll your own using shiro. Nimble kind of forces you into their schema. Of course, if you are not too worried about serious deep-level permissions issues then I say go for it.

One thing I wish someone had told me: Nimble uses a "most permissive" scheme. If a user is a member of a group that has access to a resource (i.e. controller/action combo) then you cannot remove that permission from the user itself. This can lead to some issues if you are wanting tight control over your app.

Another annoying thing about Nimble is that documentation is few and far between.

Best of luck!

Agreement answered 10/2, 2010 at 17:24 Comment(0)
C
1

Update - 8/9/13: Note: A new version of nimble is released which works with latest Grails 2.x and latest version of shiro, The UI has been updated to use Twitter bootstrap. Its almost like Brand new nimble.

Demo is here http://nimble.ap01.aws.af.cm/

Counterword answered 21/4, 2012 at 17:6 Comment(2)
somebody recently has been starting to revive it, so i expect a new version compatible with Grails 2.0 (it's already up on github).Balderas
@JeanBarmash - And its me :) Github repo is here github.com/snimavat/nimble Any contribution is welcomeCounterword

© 2022 - 2024 — McMap. All rights reserved.