You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@deltaspike.apache.org by Romain Manni-Bucau <rm...@gmail.com> on 2012/07/09 08:59:58 UTC
security: why creating thg from scratch?
Hi,
maybe i missed some discussion but here is the question: why not using an
existing framework? i particularly think of Shiro which is really fine and
simply needs
- a CDI integration (pretty easy and obvious to do)
- a JPA implementation
- Romain
Re: security: why creating thg from scratch?
Posted by Boleslaw Dawidowicz <bo...@gmail.com>.
IIRC when it was initially discussed everyone agreed some integration with Shiro should be provided. Also it was not addressing all use cases that were initially submitted (like IDM model).
I personally think that having consistent user friendly security API will be good for adoption. Additionally with APIs that were already discussed it is possible to plug Shiro as an identity/security provider and such integration is desired.
Bolek
On Jul 9, 2012, at 8:59 AM, Romain Manni-Bucau wrote:
> Hi,
>
> maybe i missed some discussion but here is the question: why not using an
> existing framework? i particularly think of Shiro which is really fine and
> simply needs
>
> - a CDI integration (pretty easy and obvious to do)
> - a JPA implementation
>
>
> - Romain
Re: security: why creating thg from scratch?
Posted by Romain Manni-Bucau <rm...@gmail.com>.
not totally agree, security framework we are talking about are API so we
add an API on an API...IMHO DS should be about CDI integration and default
"enterprise" impl (JPA)
i understand quite easily it is easy to want to start from scratch since we
do what we want but it sounds confusing and not consistent from an Apache
point of view for me, the point would better be to contribute the projects
to enhance them with missing functionnalities i think
- Romain
2012/7/12 Mehdi Heidarzadeh <he...@gmail.com>
> >Rather than marry into one security framework (Shiro), Deltaspike should
> >enable all security frameworks to provide integration. That includes a DS
> >integration from Shiro.
> +1
>
> >Agree. If DS can provide a layer to support different existing security
> >frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules (LDAP,
> >JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI, that
> should
> >be fine
> +1
>
> With a good provided security integration api in DS, anyone interested in
> any of those security frameworks will be able to use DS and that sounds
> very nice and elegant.
> --
> Mehdi Heidarzadeh Ardalani
> Independent JEE Consultant, Architect and Developer.
> http://www.TheBigJavaBlog.com
>
Re: security: why creating thg from scratch?
Posted by Glh <gs...@gmail.com>.
Hi Shane,
Thank you, it helps me a lot :)
Regards.
Glh
--
View this message in context: http://apache-deltaspike-incubator-discussions.2316169.n4.nabble.com/security-why-creating-thg-from-scratch-tp4653216p4654386.html
Sent from the Apache DeltaSpike Incubator Discussions mailing list archive at Nabble.com.
Re: security: why creating thg from scratch?
Posted by Shane Bryzak <sb...@redhat.com>.
Hi Glh,
The security features that we've implemented in DeltaSpike are intended
to provide a basic typesafe mechanism for method and class
authorization, while leaving the implementation side of things up to the
developer and 3rd party security frameworks. I'm not sure if other
security projects have planned support for DeltaSpike, but at JBoss
we've been very busy working on PicketLink 3.0, which is built on top of
the DeltaSpike security SPI to provide a full featured security
framework. PicketLink 3.0 is the spiritual successor to Seam Security,
and provides all of the same features (plus a whole lot more). We're
very close to a beta release, and hopefully will have a final release
available over the next few months. It should also be quite easy to
integrate other frameworks such as Apache Shiro with the DeltaSpike
security annotations, someone would just need to put in a little time
and effort to make it work.
Shane
On 15/01/13 20:50, Glh wrote:
> Dear all,
>
> I start a JEE6 project (CDI/JPA/JSF) in a few months and security is a
> problem. The 3 main frameworks handling security are (sorry if i miss one):
>
> *- Spring Security:* not a good idea for a CDI-oriented architecture.
> *- Apache Shiro:* very interesting but doesn't support multi-stage
> authentication and need to be "POCed" because rather "exotic" (different
> identity model, not based on JAAS). I lack of time to perform such a POC.
> *- Seam Security:* has no future, lack of documentation.
>
> So if we consider that delta-spike security is the future but not available
> and not mature enough before a (too) long time; what should we do?
>
> I'm under the impression that you pick the best of several security
> frameworks and add some features of your own so how can we choose a security
> framework that will not imply a costly refactoring when delta spike will be
> available?
> I found some answers along this forum (and related-jiras such as "Discuss
> Security Module"; yet we need a clear path:
>
> 1) please, what will exactly be the deltaspike security module?
> 2) which existing security framework is the closest to the target?
> 3) which one will imply the least refactoring?
>
> If the answer is accurate/clear, it would be useful to highlight it: I think
> a lot of architects are in the same trouble than me.
>
> I'm not yet very confortable with Apache process so please forgive me if I
> ask questions that have already been answered somewhere.
>
> Regards.
> Glh
>
> P.S: I don't have the security requirements yet, I just know that
> multi-authentication could be required.
>
>
>
> --
> View this message in context: http://apache-deltaspike-incubator-discussions.2316169.n4.nabble.com/security-why-creating-thg-from-scratch-tp4653216p4654382.html
> Sent from the Apache DeltaSpike Incubator Discussions mailing list archive at Nabble.com.
Re: security: why creating thg from scratch?
Posted by Glh <gs...@gmail.com>.
Dear all,
I start a JEE6 project (CDI/JPA/JSF) in a few months and security is a
problem. The 3 main frameworks handling security are (sorry if i miss one):
*- Spring Security:* not a good idea for a CDI-oriented architecture.
*- Apache Shiro:* very interesting but doesn't support multi-stage
authentication and need to be "POCed" because rather "exotic" (different
identity model, not based on JAAS). I lack of time to perform such a POC.
*- Seam Security:* has no future, lack of documentation.
So if we consider that delta-spike security is the future but not available
and not mature enough before a (too) long time; what should we do?
I'm under the impression that you pick the best of several security
frameworks and add some features of your own so how can we choose a security
framework that will not imply a costly refactoring when delta spike will be
available?
I found some answers along this forum (and related-jiras such as "Discuss
Security Module"; yet we need a clear path:
1) please, what will exactly be the deltaspike security module?
2) which existing security framework is the closest to the target?
3) which one will imply the least refactoring?
If the answer is accurate/clear, it would be useful to highlight it: I think
a lot of architects are in the same trouble than me.
I'm not yet very confortable with Apache process so please forgive me if I
ask questions that have already been answered somewhere.
Regards.
Glh
P.S: I don't have the security requirements yet, I just know that
multi-authentication could be required.
--
View this message in context: http://apache-deltaspike-incubator-discussions.2316169.n4.nabble.com/security-why-creating-thg-from-scratch-tp4653216p4654382.html
Sent from the Apache DeltaSpike Incubator Discussions mailing list archive at Nabble.com.
Re: security: why creating thg from scratch?
Posted by Mark Struberg <st...@yahoo.de>.
I'm actually questioning myself why we have the 'modules' folder at all.
Do we like to have anything else apart from it?
If not, then we move the modules in parallel to core ...
LieGrue,
strub
----- Original Message -----
> From: Anil Saldhana <an...@gmail.com>
> To: "deltaspike-dev@incubator.apache.org" <de...@incubator.apache.org>
> Cc:
> Sent: Thursday, July 26, 2012 5:01 PM
> Subject: Re: security: why creating thg from scratch?
>
> If Deltaspike desires to provide integration with shiro, make it as an
> independent sub module of security. Similar to the independence of the IDM
> component. Security is too large to reside as a single module.
>
> On Jul 25, 2012, at 4:45 PM, Romain Manni-Bucau <rm...@gmail.com>
> wrote:
>
>> +1
>>
>> - Romain
>>
>>
>> 2012/7/25 Gerhard Petracek <ge...@gmail.com>
>>
>>> hi @ all,
>>>
>>> if there are objections, we have to finish the discussion before we
>>> continue with it or we start a vote about it.
>>>
>>> regards,
>>> gerhard
>>>
>>>
>>>
>>> 2012/7/12 Jean-Louis MONTEIRO <je...@gmail.com>
>>>
>>>> Yes, fully agree.
>>>> I don't see any good reason to create a new framework.
>>>>
>>>> Shiro, which is also in Apache is really great.
>>>> They seem really interested in integrating CDI and they plan to do
> so.
>>>>
>>>> There is some interesting posts.
>>>>
>>>>
>>>
> http://shiro-developer.582600.n2.nabble.com/CDI-and-WSS4J-integration-tp7577503.html
>>>>
>>>>
>>>
> http://shiro-developer.582600.n2.nabble.com/Security-in-DeltaSpike-tp7577514.html
>>>>
>>>> Jean-Louis
>>>>
>>>>
>>>> 2012/7/12 Mehdi Heidarzadeh <he...@gmail.com>
>>>>
>>>>>> Rather than marry into one security framework (Shiro),
> Deltaspike
>>>> should
>>>>>> enable all security frameworks to provide integration. That
> includes a
>>>> DS
>>>>>> integration from Shiro.
>>>>> +1
>>>>>
>>>>>> Agree. If DS can provide a layer to support different
> existing
>>> security
>>>>>> frameworks (Shiro, Spring Security, ...) with perhaps JAAS
> modules
>>>> (LDAP,
>>>>>> JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of
> CDI, that
>>>>> should
>>>>>> be fine
>>>>> +1
>>>>>
>>>>> With a good provided security integration api in DS, anyone
> interested
>>> in
>>>>> any of those security frameworks will be able to use DS and
> that sounds
>>>>> very nice and elegant.
>>>>> --
>>>>> Mehdi Heidarzadeh Ardalani
>>>>> Independent JEE Consultant, Architect and Developer.
>>>>> http://www.TheBigJavaBlog.com
>>>>>
>>>>
>>>
>
Re: security: why creating thg from scratch?
Posted by Jason Porter <li...@gmail.com>.
We want to start a vote JUST on reusing an existing security API (sounds
like Shiro) for building a new API for IDM?
Just trying to understand exactly what people are asking the vote to be
about.
On Thu, Jul 26, 2012 at 10:32 AM, Gerhard Petracek <
gerhard.petracek@gmail.com> wrote:
> +1 for a vote about the IDM part, but imo we need a clear majority to
> continue or drop with it.
> if we don't have a clear majority, we should discuss it again in detail
> (independent of the result).
>
> regards,
> gerhard
>
>
>
> 2012/7/26 Romain Manni-Bucau <rm...@gmail.com>
>
> > so it really seems a vote is needed no?
> >
> > - Romain
> >
> >
> > 2012/7/26 Jason Porter <li...@gmail.com>
> >
> > > I had suggested that awhile ago, but I don't think there was consensus.
> > Or
> > > maybe I just thought about it :) been awhile.
> > >
> > > Sent from my iPhone
> > >
> > > On Jul 26, 2012, at 9:22, Romain Manni-Bucau <rm...@gmail.com>
> > > wrote:
> > >
> > > > hmm, not sure it answers the question. Shiro is an (fine IMO) API, DS
> > > could
> > > > use it as base instead of creating a new one in the Apache ecosystem.
> > > >
> > > > - Romain
> > > >
> > > >
> > > > 2012/7/26 Anil Saldhana <an...@gmail.com>
> > > >
> > > >> If Deltaspike desires to provide integration with shiro, make it as
> an
> > > >> independent sub module of security. Similar to the independence of
> the
> > > IDM
> > > >> component. Security is too large to reside as a single module.
> > > >>
> > > >> On Jul 25, 2012, at 4:45 PM, Romain Manni-Bucau <
> > rmannibucau@gmail.com>
> > > >> wrote:
> > > >>
> > > >>> +1
> > > >>>
> > > >>> - Romain
> > > >>>
> > > >>>
> > > >>> 2012/7/25 Gerhard Petracek <ge...@gmail.com>
> > > >>>
> > > >>>> hi @ all,
> > > >>>>
> > > >>>> if there are objections, we have to finish the discussion before
> we
> > > >>>> continue with it or we start a vote about it.
> > > >>>>
> > > >>>> regards,
> > > >>>> gerhard
> > > >>>>
> > > >>>>
> > > >>>>
> > > >>>> 2012/7/12 Jean-Louis MONTEIRO <je...@gmail.com>
> > > >>>>
> > > >>>>> Yes, fully agree.
> > > >>>>> I don't see any good reason to create a new framework.
> > > >>>>>
> > > >>>>> Shiro, which is also in Apache is really great.
> > > >>>>> They seem really interested in integrating CDI and they plan to
> do
> > > so.
> > > >>>>>
> > > >>>>> There is some interesting posts.
> > > >>>>>
> > > >>>>>
> > > >>>>
> > > >>
> > >
> >
> http://shiro-developer.582600.n2.nabble.com/CDI-and-WSS4J-integration-tp7577503.html
> > > >>>>>
> > > >>>>>
> > > >>>>
> > > >>
> > >
> >
> http://shiro-developer.582600.n2.nabble.com/Security-in-DeltaSpike-tp7577514.html
> > > >>>>>
> > > >>>>> Jean-Louis
> > > >>>>>
> > > >>>>>
> > > >>>>> 2012/7/12 Mehdi Heidarzadeh <he...@gmail.com>
> > > >>>>>
> > > >>>>>>> Rather than marry into one security framework (Shiro),
> > Deltaspike
> > > >>>>> should
> > > >>>>>>> enable all security frameworks to provide integration. That
> > > includes
> > > >> a
> > > >>>>> DS
> > > >>>>>>> integration from Shiro.
> > > >>>>>> +1
> > > >>>>>>
> > > >>>>>>> Agree. If DS can provide a layer to support different existing
> > > >>>> security
> > > >>>>>>> frameworks (Shiro, Spring Security, ...) with perhaps JAAS
> > modules
> > > >>>>> (LDAP,
> > > >>>>>>> JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI,
> > > that
> > > >>>>>> should
> > > >>>>>>> be fine
> > > >>>>>> +1
> > > >>>>>>
> > > >>>>>> With a good provided security integration api in DS, anyone
> > > interested
> > > >>>> in
> > > >>>>>> any of those security frameworks will be able to use DS and that
> > > >> sounds
> > > >>>>>> very nice and elegant.
> > > >>>>>> --
> > > >>>>>> Mehdi Heidarzadeh Ardalani
> > > >>>>>> Independent JEE Consultant, Architect and Developer.
> > > >>>>>> http://www.TheBigJavaBlog.com
> > > >>>>>>
> > > >>>>>
> > > >>>>
> > > >>
> > >
> >
>
--
Jason Porter
http://lightguard-jp.blogspot.com
http://twitter.com/lightguardjp
Software Engineer
Open Source Advocate
Author of Seam Catch - Next Generation Java Exception Handling
PGP key id: 926CCFF5
PGP key available at: keyserver.net, pgp.mit.edu
Re: security: why creating thg from scratch?
Posted by Gerhard Petracek <ge...@gmail.com>.
+1 for a vote about the IDM part, but imo we need a clear majority to
continue or drop with it.
if we don't have a clear majority, we should discuss it again in detail
(independent of the result).
regards,
gerhard
2012/7/26 Romain Manni-Bucau <rm...@gmail.com>
> so it really seems a vote is needed no?
>
> - Romain
>
>
> 2012/7/26 Jason Porter <li...@gmail.com>
>
> > I had suggested that awhile ago, but I don't think there was consensus.
> Or
> > maybe I just thought about it :) been awhile.
> >
> > Sent from my iPhone
> >
> > On Jul 26, 2012, at 9:22, Romain Manni-Bucau <rm...@gmail.com>
> > wrote:
> >
> > > hmm, not sure it answers the question. Shiro is an (fine IMO) API, DS
> > could
> > > use it as base instead of creating a new one in the Apache ecosystem.
> > >
> > > - Romain
> > >
> > >
> > > 2012/7/26 Anil Saldhana <an...@gmail.com>
> > >
> > >> If Deltaspike desires to provide integration with shiro, make it as an
> > >> independent sub module of security. Similar to the independence of the
> > IDM
> > >> component. Security is too large to reside as a single module.
> > >>
> > >> On Jul 25, 2012, at 4:45 PM, Romain Manni-Bucau <
> rmannibucau@gmail.com>
> > >> wrote:
> > >>
> > >>> +1
> > >>>
> > >>> - Romain
> > >>>
> > >>>
> > >>> 2012/7/25 Gerhard Petracek <ge...@gmail.com>
> > >>>
> > >>>> hi @ all,
> > >>>>
> > >>>> if there are objections, we have to finish the discussion before we
> > >>>> continue with it or we start a vote about it.
> > >>>>
> > >>>> regards,
> > >>>> gerhard
> > >>>>
> > >>>>
> > >>>>
> > >>>> 2012/7/12 Jean-Louis MONTEIRO <je...@gmail.com>
> > >>>>
> > >>>>> Yes, fully agree.
> > >>>>> I don't see any good reason to create a new framework.
> > >>>>>
> > >>>>> Shiro, which is also in Apache is really great.
> > >>>>> They seem really interested in integrating CDI and they plan to do
> > so.
> > >>>>>
> > >>>>> There is some interesting posts.
> > >>>>>
> > >>>>>
> > >>>>
> > >>
> >
> http://shiro-developer.582600.n2.nabble.com/CDI-and-WSS4J-integration-tp7577503.html
> > >>>>>
> > >>>>>
> > >>>>
> > >>
> >
> http://shiro-developer.582600.n2.nabble.com/Security-in-DeltaSpike-tp7577514.html
> > >>>>>
> > >>>>> Jean-Louis
> > >>>>>
> > >>>>>
> > >>>>> 2012/7/12 Mehdi Heidarzadeh <he...@gmail.com>
> > >>>>>
> > >>>>>>> Rather than marry into one security framework (Shiro),
> Deltaspike
> > >>>>> should
> > >>>>>>> enable all security frameworks to provide integration. That
> > includes
> > >> a
> > >>>>> DS
> > >>>>>>> integration from Shiro.
> > >>>>>> +1
> > >>>>>>
> > >>>>>>> Agree. If DS can provide a layer to support different existing
> > >>>> security
> > >>>>>>> frameworks (Shiro, Spring Security, ...) with perhaps JAAS
> modules
> > >>>>> (LDAP,
> > >>>>>>> JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI,
> > that
> > >>>>>> should
> > >>>>>>> be fine
> > >>>>>> +1
> > >>>>>>
> > >>>>>> With a good provided security integration api in DS, anyone
> > interested
> > >>>> in
> > >>>>>> any of those security frameworks will be able to use DS and that
> > >> sounds
> > >>>>>> very nice and elegant.
> > >>>>>> --
> > >>>>>> Mehdi Heidarzadeh Ardalani
> > >>>>>> Independent JEE Consultant, Architect and Developer.
> > >>>>>> http://www.TheBigJavaBlog.com
> > >>>>>>
> > >>>>>
> > >>>>
> > >>
> >
>
Re: security: why creating thg from scratch?
Posted by Romain Manni-Bucau <rm...@gmail.com>.
so it really seems a vote is needed no?
- Romain
2012/7/26 Jason Porter <li...@gmail.com>
> I had suggested that awhile ago, but I don't think there was consensus. Or
> maybe I just thought about it :) been awhile.
>
> Sent from my iPhone
>
> On Jul 26, 2012, at 9:22, Romain Manni-Bucau <rm...@gmail.com>
> wrote:
>
> > hmm, not sure it answers the question. Shiro is an (fine IMO) API, DS
> could
> > use it as base instead of creating a new one in the Apache ecosystem.
> >
> > - Romain
> >
> >
> > 2012/7/26 Anil Saldhana <an...@gmail.com>
> >
> >> If Deltaspike desires to provide integration with shiro, make it as an
> >> independent sub module of security. Similar to the independence of the
> IDM
> >> component. Security is too large to reside as a single module.
> >>
> >> On Jul 25, 2012, at 4:45 PM, Romain Manni-Bucau <rm...@gmail.com>
> >> wrote:
> >>
> >>> +1
> >>>
> >>> - Romain
> >>>
> >>>
> >>> 2012/7/25 Gerhard Petracek <ge...@gmail.com>
> >>>
> >>>> hi @ all,
> >>>>
> >>>> if there are objections, we have to finish the discussion before we
> >>>> continue with it or we start a vote about it.
> >>>>
> >>>> regards,
> >>>> gerhard
> >>>>
> >>>>
> >>>>
> >>>> 2012/7/12 Jean-Louis MONTEIRO <je...@gmail.com>
> >>>>
> >>>>> Yes, fully agree.
> >>>>> I don't see any good reason to create a new framework.
> >>>>>
> >>>>> Shiro, which is also in Apache is really great.
> >>>>> They seem really interested in integrating CDI and they plan to do
> so.
> >>>>>
> >>>>> There is some interesting posts.
> >>>>>
> >>>>>
> >>>>
> >>
> http://shiro-developer.582600.n2.nabble.com/CDI-and-WSS4J-integration-tp7577503.html
> >>>>>
> >>>>>
> >>>>
> >>
> http://shiro-developer.582600.n2.nabble.com/Security-in-DeltaSpike-tp7577514.html
> >>>>>
> >>>>> Jean-Louis
> >>>>>
> >>>>>
> >>>>> 2012/7/12 Mehdi Heidarzadeh <he...@gmail.com>
> >>>>>
> >>>>>>> Rather than marry into one security framework (Shiro), Deltaspike
> >>>>> should
> >>>>>>> enable all security frameworks to provide integration. That
> includes
> >> a
> >>>>> DS
> >>>>>>> integration from Shiro.
> >>>>>> +1
> >>>>>>
> >>>>>>> Agree. If DS can provide a layer to support different existing
> >>>> security
> >>>>>>> frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules
> >>>>> (LDAP,
> >>>>>>> JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI,
> that
> >>>>>> should
> >>>>>>> be fine
> >>>>>> +1
> >>>>>>
> >>>>>> With a good provided security integration api in DS, anyone
> interested
> >>>> in
> >>>>>> any of those security frameworks will be able to use DS and that
> >> sounds
> >>>>>> very nice and elegant.
> >>>>>> --
> >>>>>> Mehdi Heidarzadeh Ardalani
> >>>>>> Independent JEE Consultant, Architect and Developer.
> >>>>>> http://www.TheBigJavaBlog.com
> >>>>>>
> >>>>>
> >>>>
> >>
>
Re: security: why creating thg from scratch?
Posted by Jason Porter <li...@gmail.com>.
I had suggested that awhile ago, but I don't think there was consensus. Or maybe I just thought about it :) been awhile.
Sent from my iPhone
On Jul 26, 2012, at 9:22, Romain Manni-Bucau <rm...@gmail.com> wrote:
> hmm, not sure it answers the question. Shiro is an (fine IMO) API, DS could
> use it as base instead of creating a new one in the Apache ecosystem.
>
> - Romain
>
>
> 2012/7/26 Anil Saldhana <an...@gmail.com>
>
>> If Deltaspike desires to provide integration with shiro, make it as an
>> independent sub module of security. Similar to the independence of the IDM
>> component. Security is too large to reside as a single module.
>>
>> On Jul 25, 2012, at 4:45 PM, Romain Manni-Bucau <rm...@gmail.com>
>> wrote:
>>
>>> +1
>>>
>>> - Romain
>>>
>>>
>>> 2012/7/25 Gerhard Petracek <ge...@gmail.com>
>>>
>>>> hi @ all,
>>>>
>>>> if there are objections, we have to finish the discussion before we
>>>> continue with it or we start a vote about it.
>>>>
>>>> regards,
>>>> gerhard
>>>>
>>>>
>>>>
>>>> 2012/7/12 Jean-Louis MONTEIRO <je...@gmail.com>
>>>>
>>>>> Yes, fully agree.
>>>>> I don't see any good reason to create a new framework.
>>>>>
>>>>> Shiro, which is also in Apache is really great.
>>>>> They seem really interested in integrating CDI and they plan to do so.
>>>>>
>>>>> There is some interesting posts.
>>>>>
>>>>>
>>>>
>> http://shiro-developer.582600.n2.nabble.com/CDI-and-WSS4J-integration-tp7577503.html
>>>>>
>>>>>
>>>>
>> http://shiro-developer.582600.n2.nabble.com/Security-in-DeltaSpike-tp7577514.html
>>>>>
>>>>> Jean-Louis
>>>>>
>>>>>
>>>>> 2012/7/12 Mehdi Heidarzadeh <he...@gmail.com>
>>>>>
>>>>>>> Rather than marry into one security framework (Shiro), Deltaspike
>>>>> should
>>>>>>> enable all security frameworks to provide integration. That includes
>> a
>>>>> DS
>>>>>>> integration from Shiro.
>>>>>> +1
>>>>>>
>>>>>>> Agree. If DS can provide a layer to support different existing
>>>> security
>>>>>>> frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules
>>>>> (LDAP,
>>>>>>> JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI, that
>>>>>> should
>>>>>>> be fine
>>>>>> +1
>>>>>>
>>>>>> With a good provided security integration api in DS, anyone interested
>>>> in
>>>>>> any of those security frameworks will be able to use DS and that
>> sounds
>>>>>> very nice and elegant.
>>>>>> --
>>>>>> Mehdi Heidarzadeh Ardalani
>>>>>> Independent JEE Consultant, Architect and Developer.
>>>>>> http://www.TheBigJavaBlog.com
>>>>>>
>>>>>
>>>>
>>
Re: security: why creating thg from scratch?
Posted by Romain Manni-Bucau <rm...@gmail.com>.
hmm, not sure it answers the question. Shiro is an (fine IMO) API, DS could
use it as base instead of creating a new one in the Apache ecosystem.
- Romain
2012/7/26 Anil Saldhana <an...@gmail.com>
> If Deltaspike desires to provide integration with shiro, make it as an
> independent sub module of security. Similar to the independence of the IDM
> component. Security is too large to reside as a single module.
>
> On Jul 25, 2012, at 4:45 PM, Romain Manni-Bucau <rm...@gmail.com>
> wrote:
>
> > +1
> >
> > - Romain
> >
> >
> > 2012/7/25 Gerhard Petracek <ge...@gmail.com>
> >
> >> hi @ all,
> >>
> >> if there are objections, we have to finish the discussion before we
> >> continue with it or we start a vote about it.
> >>
> >> regards,
> >> gerhard
> >>
> >>
> >>
> >> 2012/7/12 Jean-Louis MONTEIRO <je...@gmail.com>
> >>
> >>> Yes, fully agree.
> >>> I don't see any good reason to create a new framework.
> >>>
> >>> Shiro, which is also in Apache is really great.
> >>> They seem really interested in integrating CDI and they plan to do so.
> >>>
> >>> There is some interesting posts.
> >>>
> >>>
> >>
> http://shiro-developer.582600.n2.nabble.com/CDI-and-WSS4J-integration-tp7577503.html
> >>>
> >>>
> >>
> http://shiro-developer.582600.n2.nabble.com/Security-in-DeltaSpike-tp7577514.html
> >>>
> >>> Jean-Louis
> >>>
> >>>
> >>> 2012/7/12 Mehdi Heidarzadeh <he...@gmail.com>
> >>>
> >>>>> Rather than marry into one security framework (Shiro), Deltaspike
> >>> should
> >>>>> enable all security frameworks to provide integration. That includes
> a
> >>> DS
> >>>>> integration from Shiro.
> >>>> +1
> >>>>
> >>>>> Agree. If DS can provide a layer to support different existing
> >> security
> >>>>> frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules
> >>> (LDAP,
> >>>>> JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI, that
> >>>> should
> >>>>> be fine
> >>>> +1
> >>>>
> >>>> With a good provided security integration api in DS, anyone interested
> >> in
> >>>> any of those security frameworks will be able to use DS and that
> sounds
> >>>> very nice and elegant.
> >>>> --
> >>>> Mehdi Heidarzadeh Ardalani
> >>>> Independent JEE Consultant, Architect and Developer.
> >>>> http://www.TheBigJavaBlog.com
> >>>>
> >>>
> >>
>
Re: security: why creating thg from scratch?
Posted by Anil Saldhana <an...@gmail.com>.
If Deltaspike desires to provide integration with shiro, make it as an independent sub module of security. Similar to the independence of the IDM component. Security is too large to reside as a single module.
On Jul 25, 2012, at 4:45 PM, Romain Manni-Bucau <rm...@gmail.com> wrote:
> +1
>
> - Romain
>
>
> 2012/7/25 Gerhard Petracek <ge...@gmail.com>
>
>> hi @ all,
>>
>> if there are objections, we have to finish the discussion before we
>> continue with it or we start a vote about it.
>>
>> regards,
>> gerhard
>>
>>
>>
>> 2012/7/12 Jean-Louis MONTEIRO <je...@gmail.com>
>>
>>> Yes, fully agree.
>>> I don't see any good reason to create a new framework.
>>>
>>> Shiro, which is also in Apache is really great.
>>> They seem really interested in integrating CDI and they plan to do so.
>>>
>>> There is some interesting posts.
>>>
>>>
>> http://shiro-developer.582600.n2.nabble.com/CDI-and-WSS4J-integration-tp7577503.html
>>>
>>>
>> http://shiro-developer.582600.n2.nabble.com/Security-in-DeltaSpike-tp7577514.html
>>>
>>> Jean-Louis
>>>
>>>
>>> 2012/7/12 Mehdi Heidarzadeh <he...@gmail.com>
>>>
>>>>> Rather than marry into one security framework (Shiro), Deltaspike
>>> should
>>>>> enable all security frameworks to provide integration. That includes a
>>> DS
>>>>> integration from Shiro.
>>>> +1
>>>>
>>>>> Agree. If DS can provide a layer to support different existing
>> security
>>>>> frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules
>>> (LDAP,
>>>>> JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI, that
>>>> should
>>>>> be fine
>>>> +1
>>>>
>>>> With a good provided security integration api in DS, anyone interested
>> in
>>>> any of those security frameworks will be able to use DS and that sounds
>>>> very nice and elegant.
>>>> --
>>>> Mehdi Heidarzadeh Ardalani
>>>> Independent JEE Consultant, Architect and Developer.
>>>> http://www.TheBigJavaBlog.com
>>>>
>>>
>>
Re: security: why creating thg from scratch?
Posted by Romain Manni-Bucau <rm...@gmail.com>.
+1
- Romain
2012/7/25 Gerhard Petracek <ge...@gmail.com>
> hi @ all,
>
> if there are objections, we have to finish the discussion before we
> continue with it or we start a vote about it.
>
> regards,
> gerhard
>
>
>
> 2012/7/12 Jean-Louis MONTEIRO <je...@gmail.com>
>
> > Yes, fully agree.
> > I don't see any good reason to create a new framework.
> >
> > Shiro, which is also in Apache is really great.
> > They seem really interested in integrating CDI and they plan to do so.
> >
> > There is some interesting posts.
> >
> >
> http://shiro-developer.582600.n2.nabble.com/CDI-and-WSS4J-integration-tp7577503.html
> >
> >
> http://shiro-developer.582600.n2.nabble.com/Security-in-DeltaSpike-tp7577514.html
> >
> > Jean-Louis
> >
> >
> > 2012/7/12 Mehdi Heidarzadeh <he...@gmail.com>
> >
> > > >Rather than marry into one security framework (Shiro), Deltaspike
> > should
> > > >enable all security frameworks to provide integration. That includes a
> > DS
> > > >integration from Shiro.
> > > +1
> > >
> > > >Agree. If DS can provide a layer to support different existing
> security
> > > >frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules
> > (LDAP,
> > > >JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI, that
> > > should
> > > >be fine
> > > +1
> > >
> > > With a good provided security integration api in DS, anyone interested
> in
> > > any of those security frameworks will be able to use DS and that sounds
> > > very nice and elegant.
> > > --
> > > Mehdi Heidarzadeh Ardalani
> > > Independent JEE Consultant, Architect and Developer.
> > > http://www.TheBigJavaBlog.com
> > >
> >
>
Re: security: why creating thg from scratch?
Posted by Gerhard Petracek <ge...@gmail.com>.
hi @ all,
if there are objections, we have to finish the discussion before we
continue with it or we start a vote about it.
regards,
gerhard
2012/7/12 Jean-Louis MONTEIRO <je...@gmail.com>
> Yes, fully agree.
> I don't see any good reason to create a new framework.
>
> Shiro, which is also in Apache is really great.
> They seem really interested in integrating CDI and they plan to do so.
>
> There is some interesting posts.
>
> http://shiro-developer.582600.n2.nabble.com/CDI-and-WSS4J-integration-tp7577503.html
>
> http://shiro-developer.582600.n2.nabble.com/Security-in-DeltaSpike-tp7577514.html
>
> Jean-Louis
>
>
> 2012/7/12 Mehdi Heidarzadeh <he...@gmail.com>
>
> > >Rather than marry into one security framework (Shiro), Deltaspike
> should
> > >enable all security frameworks to provide integration. That includes a
> DS
> > >integration from Shiro.
> > +1
> >
> > >Agree. If DS can provide a layer to support different existing security
> > >frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules
> (LDAP,
> > >JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI, that
> > should
> > >be fine
> > +1
> >
> > With a good provided security integration api in DS, anyone interested in
> > any of those security frameworks will be able to use DS and that sounds
> > very nice and elegant.
> > --
> > Mehdi Heidarzadeh Ardalani
> > Independent JEE Consultant, Architect and Developer.
> > http://www.TheBigJavaBlog.com
> >
>
Re: security: why creating thg from scratch?
Posted by Jean-Louis MONTEIRO <je...@gmail.com>.
Yes, fully agree.
I don't see any good reason to create a new framework.
Shiro, which is also in Apache is really great.
They seem really interested in integrating CDI and they plan to do so.
There is some interesting posts.
http://shiro-developer.582600.n2.nabble.com/CDI-and-WSS4J-integration-tp7577503.html
http://shiro-developer.582600.n2.nabble.com/Security-in-DeltaSpike-tp7577514.html
Jean-Louis
2012/7/12 Mehdi Heidarzadeh <he...@gmail.com>
> >Rather than marry into one security framework (Shiro), Deltaspike should
> >enable all security frameworks to provide integration. That includes a DS
> >integration from Shiro.
> +1
>
> >Agree. If DS can provide a layer to support different existing security
> >frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules (LDAP,
> >JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI, that
> should
> >be fine
> +1
>
> With a good provided security integration api in DS, anyone interested in
> any of those security frameworks will be able to use DS and that sounds
> very nice and elegant.
> --
> Mehdi Heidarzadeh Ardalani
> Independent JEE Consultant, Architect and Developer.
> http://www.TheBigJavaBlog.com
>
Re: security: why creating thg from scratch?
Posted by Mehdi Heidarzadeh <he...@gmail.com>.
>Rather than marry into one security framework (Shiro), Deltaspike should
>enable all security frameworks to provide integration. That includes a DS
>integration from Shiro.
+1
>Agree. If DS can provide a layer to support different existing security
>frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules (LDAP,
>JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI, that should
>be fine
+1
With a good provided security integration api in DS, anyone interested in
any of those security frameworks will be able to use DS and that sounds
very nice and elegant.
--
Mehdi Heidarzadeh Ardalani
Independent JEE Consultant, Architect and Developer.
http://www.TheBigJavaBlog.com
Re: security: why creating thg from scratch?
Posted by Romain Manni-Bucau <rm...@gmail.com>.
The point was shiro and sprin sec are mainly API so why redefining another
one?
- Romain
Le 10 juil. 2012 08:25, "Charles Moulliard" <cm...@gmail.com> a écrit :
> Agree. If DS can provide a layer to support different existing security
> frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules (LDAP,
> JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI, that should
> be fine
>
> -----
> Apache Committer / Sr. Pr. Consultant at FuseSource.com
> Email: [hidden email]
> Twitter : @cmoulliard, @fusenews
> Blog : http://cmoulliard.blogspot.com
> --
> View this message in context:
> http://apache-deltaspike-incubator-discussions.2316169.n4.nabble.com/security-why-creating-thg-from-scratch-tp4653216p4653264.html
> Sent from the Apache DeltaSpike Incubator Discussions mailing list archive
> at Nabble.com.
>
Re: security: why creating thg from scratch?
Posted by Charles Moulliard <cm...@gmail.com>.
Agree. If DS can provide a layer to support different existing security
frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules (LDAP,
JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI, that should
be fine
-----
Apache Committer / Sr. Pr. Consultant at FuseSource.com
Email: [hidden email]
Twitter : @cmoulliard, @fusenews
Blog : http://cmoulliard.blogspot.com
--
View this message in context: http://apache-deltaspike-incubator-discussions.2316169.n4.nabble.com/security-why-creating-thg-from-scratch-tp4653216p4653264.html
Sent from the Apache DeltaSpike Incubator Discussions mailing list archive at Nabble.com.
Re: security: why creating thg from scratch?
Posted by Anil Saldhana <an...@gmail.com>.
Rather than marry into one security framework (Shiro), Deltaspike should
enable all security frameworks to provide integration. That includes a DS
integration from Shiro.
I think this is what the replies on this thread seem to imply. :)
On Mon, Jul 9, 2012 at 2:35 AM, Boleslaw Dawidowicz <
boleslaw.dawidowicz@gmail.com> wrote:
> I think there will be few more frameworks to integrate with. JSR 351 is
> another example of something that should be consumed.
>
> Bolek
>
> On Jul 9, 2012, at 9:29 AM, Romain Manni-Bucau wrote:
>
> > well, why i asked was to get started with shiro is < 5mn, to get started
> > with current security module is a bit longer and not always relevant.
> >
> > Side note: with the existing API (last release) plugging shiro was not so
> > obvious and integrating shiro with CDI was really more efficient and
> > simpler than using DS.
> >
> > - Romain
> >
> >
> > 2012/7/9 Gerhard Petracek <ge...@gmail.com>
> >
> >> @ romain:
> >>
> >> it was part of [1]
> >>
> >> regards,
> >> gerhard
> >>
> >> [1] http://s.apache.org/P00
> >>
> >>
> >>
> >> 2012/7/9 Romain Manni-Bucau <rm...@gmail.com>
> >>
> >>> Hi,
> >>>
> >>> maybe i missed some discussion but here is the question: why not using
> an
> >>> existing framework? i particularly think of Shiro which is really fine
> >> and
> >>> simply needs
> >>>
> >>> - a CDI integration (pretty easy and obvious to do)
> >>> - a JPA implementation
> >>>
> >>>
> >>> - Romain
> >>>
> >>
>
>
Re: security: why creating thg from scratch?
Posted by Boleslaw Dawidowicz <bo...@gmail.com>.
I think there will be few more frameworks to integrate with. JSR 351 is another example of something that should be consumed.
Bolek
On Jul 9, 2012, at 9:29 AM, Romain Manni-Bucau wrote:
> well, why i asked was to get started with shiro is < 5mn, to get started
> with current security module is a bit longer and not always relevant.
>
> Side note: with the existing API (last release) plugging shiro was not so
> obvious and integrating shiro with CDI was really more efficient and
> simpler than using DS.
>
> - Romain
>
>
> 2012/7/9 Gerhard Petracek <ge...@gmail.com>
>
>> @ romain:
>>
>> it was part of [1]
>>
>> regards,
>> gerhard
>>
>> [1] http://s.apache.org/P00
>>
>>
>>
>> 2012/7/9 Romain Manni-Bucau <rm...@gmail.com>
>>
>>> Hi,
>>>
>>> maybe i missed some discussion but here is the question: why not using an
>>> existing framework? i particularly think of Shiro which is really fine
>> and
>>> simply needs
>>>
>>> - a CDI integration (pretty easy and obvious to do)
>>> - a JPA implementation
>>>
>>>
>>> - Romain
>>>
>>
Re: security: why creating thg from scratch?
Posted by Romain Manni-Bucau <rm...@gmail.com>.
well, why i asked was to get started with shiro is < 5mn, to get started
with current security module is a bit longer and not always relevant.
Side note: with the existing API (last release) plugging shiro was not so
obvious and integrating shiro with CDI was really more efficient and
simpler than using DS.
- Romain
2012/7/9 Gerhard Petracek <ge...@gmail.com>
> @ romain:
>
> it was part of [1]
>
> regards,
> gerhard
>
> [1] http://s.apache.org/P00
>
>
>
> 2012/7/9 Romain Manni-Bucau <rm...@gmail.com>
>
> > Hi,
> >
> > maybe i missed some discussion but here is the question: why not using an
> > existing framework? i particularly think of Shiro which is really fine
> and
> > simply needs
> >
> > - a CDI integration (pretty easy and obvious to do)
> > - a JPA implementation
> >
> >
> > - Romain
> >
>
Re: security: why creating thg from scratch?
Posted by Gerhard Petracek <ge...@gmail.com>.
@ romain:
it was part of [1]
regards,
gerhard
[1] http://s.apache.org/P00
2012/7/9 Romain Manni-Bucau <rm...@gmail.com>
> Hi,
>
> maybe i missed some discussion but here is the question: why not using an
> existing framework? i particularly think of Shiro which is really fine and
> simply needs
>
> - a CDI integration (pretty easy and obvious to do)
> - a JPA implementation
>
>
> - Romain
>
Re: security: why creating thg from scratch?
Posted by Shane Bryzak <sb...@redhat.com>.
We're hardly starting from scratch, much of the DeltaSpike security
design is an "improved" re-visiting of Seam Security, which has been
actively developed and improved for a number of years. I've also taken
a look at Shiro and while it has many cool features, it also seems to be
missing some critical features like Identity and Permission Management.
Its identity model also doesn't satisfy some of the use cases we've
identified (such as its simplified named roles). This is not to say that
we can't provide interfaces for developers who wish to use Shiro, but I
think we're moving in the right direction by building a security module
purpose-built for developing Java EE/CDI applications.
On 09/07/12 16:59, Romain Manni-Bucau wrote:
> Hi,
>
> maybe i missed some discussion but here is the question: why not using an
> existing framework? i particularly think of Shiro which is really fine and
> simply needs
>
> - a CDI integration (pretty easy and obvious to do)
> - a JPA implementation
>
>
> - Romain
>