Application security can be extremely confusing and frustrating, especially for Java EE developers. Yet, it's an absolute requirement for nearly every application. An integration with a strong security framework is desperately needed. DeltaSpike could offer a module that makes security very approachable and integrate well with CDI and other Java EE technologies.
Apache Shiro  appears to be an ideal candidate. The goals for the project seem to align perfectly with this need, as Les explains in this article . Apache Shiro has many things going for it that make it a good match for DeltaSpike:
- a top level Apache project
- actively developed
- mature (nearly a decade)
- pluggable & extensible (the key for CDI integration)
- works in web, ejb and java se environments
- supports all aspects of security (authentication, authorization, permissions, certificates, ciphers)
- easy to use
- subjective bonus: has a cool name and logo
It seems like Shiro could really use some CDI integration to make it even simpler. (Several integrations have already been explored ). We can start with some producers and then build on the declarative functionality that has previously been explored in Seam.