Discuss security module

Application security can be extremely confusing and frustrating, especially for Java EE developers. Yet, it's an absolute requirement for nearly every application. An integration with a strong security framework is desperately needed. DeltaSpike could offer a module that makes security very approachable and integrate well with CDI and other Java EE technologies.

Apache Shiro [1] appears to be an ideal candidate. The goals for the project seem to align perfectly with this need, as Les explains in this article [2]. Apache Shiro has many things going for it that make it a good match for DeltaSpike:

• a top level Apache project
• actively developed
• mature (nearly a decade)
• pluggable & extensible (the key for CDI integration)
• works in web, ejb and java se environments
• supports all aspects of security (authentication, authorization, permissions, certificates, ciphers)
• easy to use

• subjective bonus: has a cool name and logo

It seems like Shiro could really use some CDI integration to make it even simpler. (Several integrations have already been explored [3]). We can start with some producers and then build on the declarative functionality that has previously been explored in Seam.

[1] http://shiro.apache.org/index.html
[2] http://www.infoq.com/articles/apache-shiro
[3] http://shiro.apache.org/integration.html