JSecurity

In a moment of madness I suggested to some work colleagues that they could check out the 0.1 version of the squash ladder app. Naturally it took them no time at all to crash my app server (with a divide by zero error). I'd been meaning to add some security to it and this forced my hand. There seem to be a few options to securing your grails app:

• authentication plugin


• jsecurity


• spring security


• and simply building your own

I pondered this on Twitter and Tomas Lin responded giving me an order of simplest to most complex (this is the order of the list above, removing the final option of course). I decided to go with JSecurity although it was possibly a bit of overkill for my pretty basic app.

Installing the plugin was totally simple, grails install-plugin jsecurity. I decided against the quick-start option as I was following the example in TDGTG. I also used this Glen Smith's article as I'd incorporated basic login into my existing classes. The whole thing was completed in a couple of days (ok so I'm pretty slow when I do stuff. Most moderately experienced people would knock this over in hours).

The big lesson out of this was testing. As much as believe the whole test driven development philosophy I haven't followed it this time. I really need to spend more time testing but Grails is just so easy to produce stuff that I get carried away. Anyway I've unleashed the colleagues so we'll see what they come up with.

My next step is to add some more Google charts action to show off the stats.