shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: IniRealm and Password Hashing
Date Fri, 06 May 2011 18:52:20 GMT
On Fri, May 6, 2011 at 9:16 AM, Kalle Korhonen
<kalle.o.korhonen@gmail.com> wrote:
> Funny, Tapestry users recently unanimously voted for removing the
> shiro.ini support from the (shiro-based) tapestry-security integration
> library.

I believe that if you're using a more powerful configuration mechanism
or DI container like Tapestry, Spring or Guice, that you _should_ be
using those mechanisms to configure Shiro instead of a shiro.ini file.
 If not using them however, shiro.ini is easy to use and understand -
it is a good 'middle ground' if you don't want to worry about anything
else.

The one exception is the [urls] section - the string-based filter
chain definitions seem to still be desirable because it is more
succinct and easier to follow than anything else I've seen.  For
example, in the Grails plugin for Shiro, everything is
Spring-configured, but you can still specify the
'filterChainDefinitions' as a string property because it is so
convenient.  This may not apply however if you don't have
resource-based URLs (for example, in component-oriented frameworks
that may use the same url for all requests).

Cheers,

Les

Mime
View raw message