Details
-
Sub-task
-
Status: Closed
-
Major
-
Resolution: Fixed
-
0.1-incubating
-
None
Description
Application security can be extremely confusing and frustrating, especially for Java EE developers. Yet, it's an absolute requirement for nearly every application. An integration with a strong security framework is desperately needed. DeltaSpike could offer a module that makes security very approachable and integrate well with CDI and other Java EE technologies.
Apache Shiro [1] appears to be an ideal candidate. The goals for the project seem to align perfectly with this need, as Les explains in this article [2]. Apache Shiro has many things going for it that make it a good match for DeltaSpike:
- a top level Apache project
- actively developed
- mature (nearly a decade)
- pluggable & extensible (the key for CDI integration)
- works in web, ejb and java se environments
- supports all aspects of security (authentication, authorization, permissions, certificates, ciphers)
- easy to use
- subjective bonus: has a cool name and logo
It seems like Shiro could really use some CDI integration to make it even simpler. (Several integrations have already been explored [3]). We can start with some producers and then build on the declarative functionality that has previously been explored in Seam.
[1] http://shiro.apache.org/index.html
[2] http://www.infoq.com/articles/apache-shiro
[3] http://shiro.apache.org/integration.html