Don't post issues here please.
The Grails 3 (Grails 3 & 4, Shiro 1.5+) plugin has been re-written and now lives at . The code here should be considered archived and not for current use (it contains some vulnerabilities and is not maintained)
You can find the plugin on the plugin portal at
Documentation is a work in progress.
To install this plugin you need to add this to your build.gradle
compile 'org.grails.plugins:grails-shiro:3.3.0'
To override default configuration of the shiro plugin you can simply add corresponding configuration keys to your application.groovy
or application.yaml
grails {
plugin {
shirosecurity {
session.mode = [null, 'native'] //default null
filter {
loginUrl = [url for your login page] //default "/auth/login"
unauthorizedUrl = [url for your unauthorized page] //default "/auth/unauthorized"
successUrl = [url for your success page] //default null
basicAppName = [name to show in basic http auth] //not configured by default, it triggers basic auth
filterChainDefinitions = optional, see []
authc.required = [boolean] //Get the config option that determines whether authentication is required for access control or not. By default, it is required.
redirect.uri = [url for redirect when page needs authentication] //default "/auth/login?targetUri={urlRequested}"
To help you get started, plugin provides convenient way to generate required classes. You can use them with your grails
command or grails wrapper grailsw
grails shiro-quick-start [--prefix]
- creates basic domain classes, database realm to authenticate your users against database and security interceptor and auth controller. Default prefix is shiro3.Shiro
grails create-wildcard-realm [--prefix]
- creates a new database realm from a template that only works with wildcard permissions. Other types of permission are not supported.
grails create-security-interceptor [--prefix]
- creates a new security interceptor from a template.
grails create-ldap-realm [--prefix]
- creates a new ldap realm from a template.
grails create-db-realm [--prefix]
- creates a new database realm from a template that only works with database permissions. Other types of permission are not supported.
grails create-auth-controller [--prefix]
- creates a new authentication controller from a template.