Haha, this is a funny comparison Tamás ;) At least we've settled on the Shiro name though!
akellakarthik, the decision to use Shiro or Acegi will naturally be one based on your personal preference and your own mental model of how security should work. Both frameworks do similar things, but most of the Shiro core developers thought that Acegi's terminology and architecture was just too confusing. So we decided to make something that was easier for us to understand. So far, the most common user feedback we've received has been the same - that Shiro makes more sense to people and the API feels more natural and is easier to use/understand. There are a few key things I think makes Shiro stand out (I am biased of course, so take this however you see fit): - Shiro was built from the ground up to support very complex authentication requirements as well as very intricate access control lists. We support instance-level access control via our Permission constructs, a term that most people seem to understand well. - Shiro, while still integrating very well with Spring, does not require Spring. It can be used in any application environment. - In addition to authentication (log in) and authorization (access control), Shiro also provides enterprise Session management in any environment (not just a servlet or EJB container), as well as simplified cryptography constructs. Cryptographic hashing (md5, sha1, etc) and ciphers are just much easier to use in Shiro than the JDK's default mechanisms. - Most importantly, we've tried very very hard to make the framework's API easy to understand and use. Here are some of the features: http://cwiki.apache.org/confluence/display/SHIRO/Features Again, much of your decision will be based on your requirements and your own mental model of what makes sense to you. Try them both and see what you like best. If you do choose Shiro, odds are that you'll be pretty happy. And we do have a good user community that is continually growing larger, so you're not far away from good support if you need it. Cheers, Les 2010/1/6 Tamás Cservenák <[email protected]>: > In short: the guy(s) who wrote spring acegi (originally Acegi Security) > consumed a lot of mushrooms of some sort ;) > Those mushrooms are okay to have fun with, but not while coding :D > In contrary to Acegi, Shiro guys only suffer from identity problems > (JSecurity, Ki, Shiro, ProjectX). They do know when to put down the pencil > (and have some fun with mushrooms, or beer, or wherever their poison is). > Shiro is much cleaner, easier to understand and lighter. +1 for it. > ~t~ > > On Wed, Jan 6, 2010 at 11:55 AM, akellakarthik <[email protected]> > wrote: >> >> can any body give me the comparision of shiro with springs acegi >> framework. >> i have to make a decision. :) >> -- >> View this message in context: >> http://n2.nabble.com/Comparision-of-shiro-with-springs-acegi-framework-tp4260096p4260096.html >> Sent from the Shiro User mailing list archive at Nabble.com. > >
