search

grails / grails-core

The Grails Web Application Framework
http://grails.org
Apache License 2.0
2.79k stars 949 forks source link

Grails 7: add the spring-security plugins' versions to grails-bom #13832

Open jamesfredley opened 1 week ago

jamesfredley commented 1 week ago

Issue description

https://repo.grails.org/ui/repos/tree/PomView/libs-snapshots-local/org/grails/grails-bom/7.0.0-SNAPSHOT/grails-bom-7.0.0-20241112.082000-137.pom

codeconsole commented 1 week ago

sure, spring security is already part of the Spring bom, so it would make sense to have the Grails plugin versions

jamesfredley commented 1 week ago

Here is the list: org.grails.plugins:spring-security-cas:6.0.0-SNAPSHOT org.grails.plugins:spring-security-core:7.0.0-SNAPSHOT org.grails.plugins:spring-security-rest:6.0.0-SNAPSHOT org.grails.plugins:spring-security-rest-gorm:6.0.0-SNAPSHOT org.grails.plugins:spring-security-rest-grailscache:6.0.0-SNAPSHOT org.grails.plugins:spring-security-rest-memcached:6.0.0-SNAPSHOT org.grails.plugins:spring-security-rest-redis:6.0.0-SNAPSHOT org.grails.plugins:spring-security-rest-testapp-profile:6.0.0-SNAPSHOT org.grails.plugins:spring-security-ui:5.0.0-SNAPSHOT

org.grails.plugins:grails-redis:5.0.0-SNAPSHOT - used by spring-security-rest-redis

this one is waiting on 2 PRs and the initial snapshot has not been published. org.grails.plugins:spring-security-acl:5.0.0-SNAPSHOT https://github.com/grails/grails-spring-security-acl/pull/44
https://github.com/grails/grails-spring-security-acl/issues/45

bkoehm commented 1 week ago

I have no objection but I do want to point out that spring-security-cas is probably not widely used. UC Berkeley may be one of the few institutions still using this plugin (although I don't know for sure). I'm not sure how well this plugin is going to be maintained over the long term and I don't know if maintenance of the plugin factors into your decision about whether to include it in the BOM or not. I suppose the easy answer is it can later be removed from the BOM if the plugin is not keeping pace with Grails development.

I also opened https://github.com/grails-plugins/grails-spring-security-ldap/pull/27 back on September 23rd for grails-spring-security-ldap but it hasn't been looked at by anyone. We are also using this plugin, but again, I speculate that UC Berkeley is about the only ones still using this.