Production-Grade Acegi Security for Grails
Note: See an update/upgrade to this post (moving to SpringSecurity) here.
The standard Acegi plugin for Grails provides a basic implementation of the Acegi security framework for the Grails web stack. It does a nice job of setting up a basic filter chain that can be rather cumbersome to establish from scratch. It comes hard-wired with a simple DAO-based authentication provider, and includes the pieces needed to create a rudimentary security scheme for your Grails application.
But the standard plugin is not very flexible, and does not provide alternate means of authentication (such as LDAP). It is also cumbersome to configure, and it is difficult to manage authorization mappings. I also didn’t like the “optimistic” authorization scheme (anything not locked down is publicly available). This article demonstrates a security plugin implementation for Grails that meets a higher level of security requirements.