Details

    • Type: Sub-task Sub-task
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.1-incubating
    • Fix Version/s: 0.3-incubating
    • Component/s: Security-Module
    • Labels:
      None

      Description

      Application security can be extremely confusing and frustrating, especially for Java EE developers. Yet, it's an absolute requirement for nearly every application. An integration with a strong security framework is desperately needed. DeltaSpike could offer a module that makes security very approachable and integrate well with CDI and other Java EE technologies.

      Apache Shiro [1] appears to be an ideal candidate. The goals for the project seem to align perfectly with this need, as Les explains in this article [2]. Apache Shiro has many things going for it that make it a good match for DeltaSpike:

      • a top level Apache project
      • actively developed
      • mature (nearly a decade)
      • pluggable & extensible (the key for CDI integration)
      • works in web, ejb and java se environments
      • supports all aspects of security (authentication, authorization, permissions, certificates, ciphers)
      • easy to use
      • subjective bonus: has a cool name and logo

      It seems like Shiro could really use some CDI integration to make it even simpler. (Several integrations have already been explored [3]). We can start with some producers and then build on the declarative functionality that has previously been explored in Seam.

      [1] http://shiro.apache.org/index.html
      [2] http://www.infoq.com/articles/apache-shiro
      [3] http://shiro.apache.org/integration.html

        Activity

        Dan Allen created issue -
        Gerhard Petracek made changes -
        Field Original Value New Value
        Issue Type New Feature [ 2 ] Task [ 3 ]
        Gerhard Petracek made changes -
        Parent DELTASPIKE-76 [ 12542316 ]
        Issue Type Task [ 3 ] Sub-task [ 7 ]
        Gerhard Petracek made changes -
        Assignee Gerhard Petracek [ gpetracek ] Shane Bryzak [ sbryzak ]
        Gerhard Petracek made changes -
        Fix Version/s 0.2-incubating [ 12319477 ]
        Affects Version/s 0.1-incubating [ 12319286 ]
        Component/s Security-Module [ 12317203 ]
        Gerhard Petracek made changes -
        Assignee Shane Bryzak [ sbryzak ] Gerhard Petracek [ gpetracek ]
        Gerhard Petracek made changes -
        Status Open [ 1 ] In Progress [ 3 ]
        Gerhard Petracek made changes -
        Assignee Gerhard Petracek [ gpetracek ] Shane Bryzak [ sbryzak ]
        Hide
        Bruno Oliveira added a comment -

        Hi Shane, this topic is really interesting and complex. I'm currently working on
        how to secure REST endpoints.

        Do you think that shiro can handle it with AuthorizationFilter? (Thinking about simple operations to REST resources like login/logout)

        Show
        Bruno Oliveira added a comment - Hi Shane, this topic is really interesting and complex. I'm currently working on how to secure REST endpoints. Do you think that shiro can handle it with AuthorizationFilter? (Thinking about simple operations to REST resources like login/logout)
        Show
        Gerhard Petracek added a comment - i think it fits to part 3 of https://cwiki.apache.org/confluence/display/DeltaSpike/Security+Module+Drafts
        Gerhard Petracek made changes -
        Fix Version/s 0.3-incubating [ 12319478 ]
        Fix Version/s 0.2-incubating [ 12319477 ]
        Hide
        Gerhard Petracek added a comment - - edited

        we agreed on keeping the authorization api and remove the rest for now - later on we might add a very simple authentication module (api, jsf component/s,...). we will create new jira tickets for such a module as soon as we start with it. (details are available at http://s.apache.org/w1 )

        Show
        Gerhard Petracek added a comment - - edited we agreed on keeping the authorization api and remove the rest for now - later on we might add a very simple authentication module (api, jsf component/s,...). we will create new jira tickets for such a module as soon as we start with it. (details are available at http://s.apache.org/w1 )
        Gerhard Petracek made changes -
        Status In Progress [ 3 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Mark Struberg made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Shane Bryzak
            Reporter:
            Dan Allen
          • Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development