New grails project - grailskit starter kit
May 14, 2008
I’ve got a small Grails project I started some time ago which I’ll announce here in case anyone is interested in helping or just using it as a base. GrailsKit is intended to be a small starter kit for Grails projects that need web-based management of user accounts, self-registration, and basic page/controller authentication. None of it is terribly *finished* right now, but I’m open to some input on what people are looking for and what they expect.
I’ve tried Grails plugins for Acegi, JSecurity and Authentication, and all were some state of non-documentation and were somewhat overkill for my needs. I understand that there may be situations where people have needs to PAM authentication with fallback to Active Directory (for example) but the projects I work on simply need self-registration and role-based control over controllers.
I’m reluctant to release this on several counts, but figure ‘what the heck?’ at this point. :) I’ve actually over-engineered the user portion right now, and will likely strip it back down to an earlier simpler version next week. Other things on my short to-do list include some type of ‘captcha’, a ‘click this link’ email to finalize the user registration process, web-based management of the controller permissions, and a few small modules (like a News module already started) to show how to build basic applications.
I’ve also been reluctant to do this because I’m not a Java person by training. I’ve done a bit here and there, but I come primarily from the PHP and ’scripting’ world, so my view on how some of these things should be put together is going to be fundamentally different from how projects and code from mainstream Java-folks will be. I’m not sure if that’s necessarily a good thing or bad thing, or just a ‘thing’. Certainly I’ve got more to learn from Java folks, but perhaps my PHP/Perl experience coming through in this code will be an asset to people trying to come to grips with the dynamic aspects of Groovy.
My ‘inspiration’ if you will was/is PHPNuke. Not so much in style of code or anything like that, but those of us old enough to remember PHPNuke’s arrival on the web scene will remember the massive adoption rate it had, thanks to a simple approach. In many ways it was *too* simple, and certainly had many flaws, security and otherwise. But, it provided a complete package - web based user management, self registration, content management, and more, and served as a base platform for many people to extend, customize and add-on, enough so that it spawned several forks, and had hundreds of thousands of installations over the years. Java certainly hasn’t had any web-based app with anywhere near the same adoption rate or impact, and may never do so. But with the uptake of Grails, there may be an increase in the need for a base project like phpnuke which can serve as a framework for easy customizations and extensions. If Grailskit can be that, or help start that process in the Grails world, I’ll be ecstatic. If not, it’s still a good exercise for me.
In any event, try out the code, join the project site running over there, and send me any questions you have (or post here or there for now). I’m over in Australia for the next few days, so my response time may be slower than normal - please bear with me. Thanks.
Did you like this post? Buy me a hot chocolate!
Posted in 
May 15th, 2008 at 3:54 pm
Hi Michael,
Why not join the JSecurity Grails plugin effort? We’re working on automated user support & web-based user/role/permission management, automated registration, captcha, etc…
To counter your arguments:
GrailsKit is equally lacking in documentation, so that is not a valid argument for choosing it over Acegi or JSecurity Grails plugins.
JSecurity also works perfectly fine with very little configuration for simple single Realm access. PAM is only there if you need it, and doesn’t get in your way. So there is nothing more inherently complex about JSecurity if you don’t use PAM.
My concern is that I feel (naturally) that the Grails community is much better suited with a few well-designed and developed (and documented of course) plugins than a fragmented landscape, especially if there is 100% overlap of one framework on another. I guess your blog post to me sounds quite a bit like “not invented here” syndrome, when you could just easily have contributed to another project.
We welcome your input and would gladly accept you as a project member. We would actually want you to help steer the direction of where we would go, and would value your input.
Please consider it.
Cheers,
Les
May 15th, 2008 at 4:16 pm
I guess one could counter with why didn’t you join the acegi project? I don’t know the history, but there’s already some fragmentation in the landscape.
Exactly right that there’s no docs in my project either right now. One can simply run it and it ‘works’ except there’s no docs there explaining what the defaults are or how to change them or other useful bits. That’s a completely valid observation and one which I’ll be addressing in the coming weeks.
The goal of the project is to have an entire basic ’site’ (registration, profile editing, basic cms, etc.) that people can use to extend/modify/etc. As it stands, the security portion is something I’m building on my own as this is as much an experiment about porting ideas to Grails as anything else. What I’d wanted to happen, and what might happen, is to swap out my very basic security code and put in something like jsecurity or the ‘authentication’ plugin from marc palmer, but that’s something to tackle once there’s more infrastructure in place and I understand one of the other projects more.
To counter counter - no, I couldn’t have just as easily contributed to something else, because the other projects out there were not understandable to me when I tried them out. Perhaps I’m not enough of a Java person to grok them out of the box and I need much more detailed documentation(?) - could very well be.
I’m not sure there’s any need for a grailskit-type project at all - I may be bringing too many PHP preconceptions to my Grails experience. Certainly other factors in framework explosions in the PHP world include readily available cheap commodity hosting, and I’m not sure we’ll see that in the Grails/Java world any time soon. Most of the Grails projects I seem to read about seem to be extensions on to existing Java code bases, which again may knock off the need for pre-canned ’starter kit’ code. In any case, I’m going to put out some more code as I can, help anyone that wants to use this code, and see where that may lead.
Lastly bear in mind that this was started about three months ago, and I’ve not kept up to date with other projects on a daily basis. There may have been some substantive changes which would make things easier for someone like me, but I hadn’t seen that happen when I tried new releases.
Thanks for the response and input, and for the invitation to help on Jsecurity. If I see some aspect where I can make any sort of contribution, I’ll do so.
May 18th, 2008 at 11:32 pm
Wow - quite embarrassed by the amount of code missing in my repo when I posted this. Was moving from local dev to svn dev mindset, and a lot was missing. I’ve added more this evening, and fixed a few things, and it’s coming along now. Another thing I was noticing as a diff between grailskit and jsecurity plugin is that for grails, jsecurity is, well, a plugin. I’d initially started looking as grailskit as a plugin, but decided against that. This will be a standalone system which one can take and start to customize immediately. For people looking to add security measures to existing code, it won’t be a good choice - existing jsecurity, acegi and authentication plugins would make more sense. For those looking to start from scratch with a system where all the parts were written to work together which you can then start to modify as needed, grailskit hopefully will be a decent option.