security: why creating thg from scratch?

classic Classic list List threaded Threaded
24 messages Options
12
Reply | Threaded
Open this post in threaded view
|

security: why creating thg from scratch?

Romain Manni-Bucau
Hi,

maybe i missed some discussion but here is the question: why not using an
existing framework? i particularly think of Shiro which is really fine and
simply needs

   - a CDI integration (pretty easy and obvious to do)
   - a JPA implementation


- Romain
Reply | Threaded
Open this post in threaded view
|

Re: security: why creating thg from scratch?

Shane Bryzak-2
We're hardly starting from scratch, much of the DeltaSpike security
design is an "improved" re-visiting of Seam Security, which has been
actively developed and improved for a number of years.  I've also taken
a look at Shiro and while it has many cool features, it also seems to be
missing some critical features like Identity and Permission Management.  
Its identity model also doesn't satisfy some of the use cases we've
identified (such as its simplified named roles). This is not to say that
we can't provide interfaces for developers who wish to use Shiro, but I
think we're moving in the right direction by building a security module
purpose-built for developing Java EE/CDI applications.

On 09/07/12 16:59, Romain Manni-Bucau wrote:

> Hi,
>
> maybe i missed some discussion but here is the question: why not using an
> existing framework? i particularly think of Shiro which is really fine and
> simply needs
>
>     - a CDI integration (pretty easy and obvious to do)
>     - a JPA implementation
>
>
> - Romain
>


Reply | Threaded
Open this post in threaded view
|

Re: security: why creating thg from scratch?

Gerhard Petracek
Administrator
In reply to this post by Romain Manni-Bucau
@ romain:

it was part of [1]

regards,
gerhard

[1] http://s.apache.org/P00



2012/7/9 Romain Manni-Bucau <[hidden email]>

> Hi,
>
> maybe i missed some discussion but here is the question: why not using an
> existing framework? i particularly think of Shiro which is really fine and
> simply needs
>
>    - a CDI integration (pretty easy and obvious to do)
>    - a JPA implementation
>
>
> - Romain
>
Reply | Threaded
Open this post in threaded view
|

Re: security: why creating thg from scratch?

Boleslaw Dawidowicz
In reply to this post by Romain Manni-Bucau
IIRC when it was initially discussed everyone agreed some integration with Shiro should be provided. Also it was not addressing all use cases that were initially submitted (like IDM model).

I personally think that having consistent user friendly security API will be good for adoption. Additionally with APIs that were already discussed it is possible to plug Shiro as an identity/security provider and such integration is desired.

Bolek

On Jul 9, 2012, at 8:59 AM, Romain Manni-Bucau wrote:

> Hi,
>
> maybe i missed some discussion but here is the question: why not using an
> existing framework? i particularly think of Shiro which is really fine and
> simply needs
>
>   - a CDI integration (pretty easy and obvious to do)
>   - a JPA implementation
>
>
> - Romain

Reply | Threaded
Open this post in threaded view
|

Re: security: why creating thg from scratch?

Romain Manni-Bucau
In reply to this post by Gerhard Petracek
well, why i asked was to get started with shiro is < 5mn, to get started
with current security module is a bit longer and not always relevant.

Side note: with the existing API (last release) plugging shiro was not so
obvious and integrating shiro with CDI was really more efficient and
simpler than using DS.

- Romain


2012/7/9 Gerhard Petracek <[hidden email]>

> @ romain:
>
> it was part of [1]
>
> regards,
> gerhard
>
> [1] http://s.apache.org/P00
>
>
>
> 2012/7/9 Romain Manni-Bucau <[hidden email]>
>
> > Hi,
> >
> > maybe i missed some discussion but here is the question: why not using an
> > existing framework? i particularly think of Shiro which is really fine
> and
> > simply needs
> >
> >    - a CDI integration (pretty easy and obvious to do)
> >    - a JPA implementation
> >
> >
> > - Romain
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: security: why creating thg from scratch?

Boleslaw Dawidowicz
I think there will be few more frameworks to integrate with. JSR 351 is another example of something that should be consumed.

Bolek

On Jul 9, 2012, at 9:29 AM, Romain Manni-Bucau wrote:

> well, why i asked was to get started with shiro is < 5mn, to get started
> with current security module is a bit longer and not always relevant.
>
> Side note: with the existing API (last release) plugging shiro was not so
> obvious and integrating shiro with CDI was really more efficient and
> simpler than using DS.
>
> - Romain
>
>
> 2012/7/9 Gerhard Petracek <[hidden email]>
>
>> @ romain:
>>
>> it was part of [1]
>>
>> regards,
>> gerhard
>>
>> [1] http://s.apache.org/P00
>>
>>
>>
>> 2012/7/9 Romain Manni-Bucau <[hidden email]>
>>
>>> Hi,
>>>
>>> maybe i missed some discussion but here is the question: why not using an
>>> existing framework? i particularly think of Shiro which is really fine
>> and
>>> simply needs
>>>
>>>   - a CDI integration (pretty easy and obvious to do)
>>>   - a JPA implementation
>>>
>>>
>>> - Romain
>>>
>>

Reply | Threaded
Open this post in threaded view
|

Re: security: why creating thg from scratch?

Anil Saldhana
Rather than marry into one security framework (Shiro),  Deltaspike should
enable all security frameworks to provide integration. That includes a DS
integration from Shiro.

I think this is what the replies on this thread seem to imply. :)

On Mon, Jul 9, 2012 at 2:35 AM, Boleslaw Dawidowicz <
[hidden email]> wrote:

> I think there will be few more frameworks to integrate with. JSR 351 is
> another example of something that should be consumed.
>
> Bolek
>
> On Jul 9, 2012, at 9:29 AM, Romain Manni-Bucau wrote:
>
> > well, why i asked was to get started with shiro is < 5mn, to get started
> > with current security module is a bit longer and not always relevant.
> >
> > Side note: with the existing API (last release) plugging shiro was not so
> > obvious and integrating shiro with CDI was really more efficient and
> > simpler than using DS.
> >
> > - Romain
> >
> >
> > 2012/7/9 Gerhard Petracek <[hidden email]>
> >
> >> @ romain:
> >>
> >> it was part of [1]
> >>
> >> regards,
> >> gerhard
> >>
> >> [1] http://s.apache.org/P00
> >>
> >>
> >>
> >> 2012/7/9 Romain Manni-Bucau <[hidden email]>
> >>
> >>> Hi,
> >>>
> >>> maybe i missed some discussion but here is the question: why not using
> an
> >>> existing framework? i particularly think of Shiro which is really fine
> >> and
> >>> simply needs
> >>>
> >>>   - a CDI integration (pretty easy and obvious to do)
> >>>   - a JPA implementation
> >>>
> >>>
> >>> - Romain
> >>>
> >>
>
>
Reply | Threaded
Open this post in threaded view
|

Re: security: why creating thg from scratch?

Charles Moulliard
Agree. If DS can provide a layer to support different existing security frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules (LDAP, JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI, that should be fine
Apache Committer / Sr. Pr. Consultant at FuseSource.com
Email: [hidden email]
Twitter : @cmoulliard, @fusenews
Blog : http://cmoulliard.blogspot.com
Reply | Threaded
Open this post in threaded view
|

Re: security: why creating thg from scratch?

Romain Manni-Bucau
The point was shiro and sprin sec are mainly API so why redefining another
one?

- Romain
Le 10 juil. 2012 08:25, "Charles Moulliard" <[hidden email]> a écrit :

> Agree. If DS can provide a layer to support different existing security
> frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules (LDAP,
> JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI, that should
> be fine
>
> -----
> Apache Committer / Sr. Pr. Consultant at FuseSource.com
> Email: [hidden email]
> Twitter : @cmoulliard, @fusenews
> Blog : http://cmoulliard.blogspot.com
> --
> View this message in context:
> http://apache-deltaspike-incubator-discussions.2316169.n4.nabble.com/security-why-creating-thg-from-scratch-tp4653216p4653264.html
> Sent from the Apache DeltaSpike Incubator Discussions mailing list archive
> at Nabble.com.
>
Reply | Threaded
Open this post in threaded view
|

Re: security: why creating thg from scratch?

Mehdi Heidarzadeh
>Rather than marry into one security framework (Shiro),  Deltaspike should
>enable all security frameworks to provide integration. That includes a DS
>integration from Shiro.
+1

>Agree. If DS can provide a layer to support different existing security
>frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules (LDAP,
>JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI, that should
>be fine
+1

With a good provided security integration api in DS, anyone interested in
any of those security frameworks will be able to use DS and that sounds
very nice and elegant.
--
Mehdi Heidarzadeh Ardalani
Independent JEE Consultant, Architect and Developer.
http://www.TheBigJavaBlog.com
Reply | Threaded
Open this post in threaded view
|

Re: security: why creating thg from scratch?

Romain Manni-Bucau
not totally agree, security framework we are talking about are API so we
add an API on an API...IMHO DS should be about CDI integration and default
"enterprise" impl (JPA)

i understand quite easily it is easy to want to start from scratch since we
do what we want but it sounds confusing and not consistent from an Apache
point of view for me, the point would better be to contribute the projects
to enhance them with missing functionnalities i think

- Romain


2012/7/12 Mehdi Heidarzadeh <[hidden email]>

> >Rather than marry into one security framework (Shiro),  Deltaspike should
> >enable all security frameworks to provide integration. That includes a DS
> >integration from Shiro.
> +1
>
> >Agree. If DS can provide a layer to support different existing security
> >frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules (LDAP,
> >JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI, that
> should
> >be fine
> +1
>
> With a good provided security integration api in DS, anyone interested in
> any of those security frameworks will be able to use DS and that sounds
> very nice and elegant.
> --
> Mehdi Heidarzadeh Ardalani
> Independent JEE Consultant, Architect and Developer.
> http://www.TheBigJavaBlog.com
>
Reply | Threaded
Open this post in threaded view
|

Re: security: why creating thg from scratch?

Jean-Louis MONTEIRO
In reply to this post by Mehdi Heidarzadeh
Yes, fully agree.
I don't see any good reason to create a new framework.

Shiro, which is also in Apache is really great.
They seem really interested in integrating CDI and they plan to do so.

There is some interesting posts.
http://shiro-developer.582600.n2.nabble.com/CDI-and-WSS4J-integration-tp7577503.html
http://shiro-developer.582600.n2.nabble.com/Security-in-DeltaSpike-tp7577514.html

Jean-Louis


2012/7/12 Mehdi Heidarzadeh <[hidden email]>

> >Rather than marry into one security framework (Shiro),  Deltaspike should
> >enable all security frameworks to provide integration. That includes a DS
> >integration from Shiro.
> +1
>
> >Agree. If DS can provide a layer to support different existing security
> >frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules (LDAP,
> >JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI, that
> should
> >be fine
> +1
>
> With a good provided security integration api in DS, anyone interested in
> any of those security frameworks will be able to use DS and that sounds
> very nice and elegant.
> --
> Mehdi Heidarzadeh Ardalani
> Independent JEE Consultant, Architect and Developer.
> http://www.TheBigJavaBlog.com
>
Reply | Threaded
Open this post in threaded view
|

Re: security: why creating thg from scratch?

Gerhard Petracek
Administrator
hi @ all,

if there are objections, we have to finish the discussion before we
continue with it or we start a vote about it.

regards,
gerhard



2012/7/12 Jean-Louis MONTEIRO <[hidden email]>

> Yes, fully agree.
> I don't see any good reason to create a new framework.
>
> Shiro, which is also in Apache is really great.
> They seem really interested in integrating CDI and they plan to do so.
>
> There is some interesting posts.
>
> http://shiro-developer.582600.n2.nabble.com/CDI-and-WSS4J-integration-tp7577503.html
>
> http://shiro-developer.582600.n2.nabble.com/Security-in-DeltaSpike-tp7577514.html
>
> Jean-Louis
>
>
> 2012/7/12 Mehdi Heidarzadeh <[hidden email]>
>
> > >Rather than marry into one security framework (Shiro),  Deltaspike
> should
> > >enable all security frameworks to provide integration. That includes a
> DS
> > >integration from Shiro.
> > +1
> >
> > >Agree. If DS can provide a layer to support different existing security
> > >frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules
> (LDAP,
> > >JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI, that
> > should
> > >be fine
> > +1
> >
> > With a good provided security integration api in DS, anyone interested in
> > any of those security frameworks will be able to use DS and that sounds
> > very nice and elegant.
> > --
> > Mehdi Heidarzadeh Ardalani
> > Independent JEE Consultant, Architect and Developer.
> > http://www.TheBigJavaBlog.com
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: security: why creating thg from scratch?

Romain Manni-Bucau
+1

- Romain


2012/7/25 Gerhard Petracek <[hidden email]>

> hi @ all,
>
> if there are objections, we have to finish the discussion before we
> continue with it or we start a vote about it.
>
> regards,
> gerhard
>
>
>
> 2012/7/12 Jean-Louis MONTEIRO <[hidden email]>
>
> > Yes, fully agree.
> > I don't see any good reason to create a new framework.
> >
> > Shiro, which is also in Apache is really great.
> > They seem really interested in integrating CDI and they plan to do so.
> >
> > There is some interesting posts.
> >
> >
> http://shiro-developer.582600.n2.nabble.com/CDI-and-WSS4J-integration-tp7577503.html
> >
> >
> http://shiro-developer.582600.n2.nabble.com/Security-in-DeltaSpike-tp7577514.html
> >
> > Jean-Louis
> >
> >
> > 2012/7/12 Mehdi Heidarzadeh <[hidden email]>
> >
> > > >Rather than marry into one security framework (Shiro),  Deltaspike
> > should
> > > >enable all security frameworks to provide integration. That includes a
> > DS
> > > >integration from Shiro.
> > > +1
> > >
> > > >Agree. If DS can provide a layer to support different existing
> security
> > > >frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules
> > (LDAP,
> > > >JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI, that
> > > should
> > > >be fine
> > > +1
> > >
> > > With a good provided security integration api in DS, anyone interested
> in
> > > any of those security frameworks will be able to use DS and that sounds
> > > very nice and elegant.
> > > --
> > > Mehdi Heidarzadeh Ardalani
> > > Independent JEE Consultant, Architect and Developer.
> > > http://www.TheBigJavaBlog.com
> > >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: security: why creating thg from scratch?

Anil Saldhana
If Deltaspike desires to provide integration with shiro, make it as an independent sub module of security. Similar to the independence of the IDM component. Security is too large to reside as a single module.

On Jul 25, 2012, at 4:45 PM, Romain Manni-Bucau <[hidden email]> wrote:

> +1
>
> - Romain
>
>
> 2012/7/25 Gerhard Petracek <[hidden email]>
>
>> hi @ all,
>>
>> if there are objections, we have to finish the discussion before we
>> continue with it or we start a vote about it.
>>
>> regards,
>> gerhard
>>
>>
>>
>> 2012/7/12 Jean-Louis MONTEIRO <[hidden email]>
>>
>>> Yes, fully agree.
>>> I don't see any good reason to create a new framework.
>>>
>>> Shiro, which is also in Apache is really great.
>>> They seem really interested in integrating CDI and they plan to do so.
>>>
>>> There is some interesting posts.
>>>
>>>
>> http://shiro-developer.582600.n2.nabble.com/CDI-and-WSS4J-integration-tp7577503.html
>>>
>>>
>> http://shiro-developer.582600.n2.nabble.com/Security-in-DeltaSpike-tp7577514.html
>>>
>>> Jean-Louis
>>>
>>>
>>> 2012/7/12 Mehdi Heidarzadeh <[hidden email]>
>>>
>>>>> Rather than marry into one security framework (Shiro),  Deltaspike
>>> should
>>>>> enable all security frameworks to provide integration. That includes a
>>> DS
>>>>> integration from Shiro.
>>>> +1
>>>>
>>>>> Agree. If DS can provide a layer to support different existing
>> security
>>>>> frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules
>>> (LDAP,
>>>>> JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI, that
>>>> should
>>>>> be fine
>>>> +1
>>>>
>>>> With a good provided security integration api in DS, anyone interested
>> in
>>>> any of those security frameworks will be able to use DS and that sounds
>>>> very nice and elegant.
>>>> --
>>>> Mehdi Heidarzadeh Ardalani
>>>> Independent JEE Consultant, Architect and Developer.
>>>> http://www.TheBigJavaBlog.com
>>>>
>>>
>>
Reply | Threaded
Open this post in threaded view
|

Re: security: why creating thg from scratch?

Mark Struberg
Administrator
I'm actually questioning myself why we have the 'modules' folder at all.
Do we like to have anything else apart from it?

If not, then we move the modules in parallel to core ...


LieGrue,
strub



----- Original Message -----

> From: Anil Saldhana <[hidden email]>
> To: "[hidden email]" <[hidden email]>
> Cc:
> Sent: Thursday, July 26, 2012 5:01 PM
> Subject: Re: security: why creating thg from scratch?
>
> If Deltaspike desires to provide integration with shiro, make it as an
> independent sub module of security. Similar to the independence of the IDM
> component. Security is too large to reside as a single module.
>
> On Jul 25, 2012, at 4:45 PM, Romain Manni-Bucau <[hidden email]>
> wrote:
>
>>  +1
>>
>>  - Romain
>>
>>
>>  2012/7/25 Gerhard Petracek <[hidden email]>
>>
>>>  hi @ all,
>>>
>>>  if there are objections, we have to finish the discussion before we
>>>  continue with it or we start a vote about it.
>>>
>>>  regards,
>>>  gerhard
>>>
>>>
>>>
>>>  2012/7/12 Jean-Louis MONTEIRO <[hidden email]>
>>>
>>>>  Yes, fully agree.
>>>>  I don't see any good reason to create a new framework.
>>>>
>>>>  Shiro, which is also in Apache is really great.
>>>>  They seem really interested in integrating CDI and they plan to do
> so.
>>>>
>>>>  There is some interesting posts.
>>>>
>>>>
>>>
> http://shiro-developer.582600.n2.nabble.com/CDI-and-WSS4J-integration-tp7577503.html
>>>>
>>>>
>>>
> http://shiro-developer.582600.n2.nabble.com/Security-in-DeltaSpike-tp7577514.html
>>>>
>>>>  Jean-Louis
>>>>
>>>>
>>>>  2012/7/12 Mehdi Heidarzadeh <[hidden email]>
>>>>
>>>>>>  Rather than marry into one security framework (Shiro), 
> Deltaspike
>>>>  should
>>>>>>  enable all security frameworks to provide integration. That
> includes a
>>>>  DS
>>>>>>  integration from Shiro.
>>>>>  +1
>>>>>
>>>>>>  Agree. If DS can provide a layer to support different
> existing
>>>  security
>>>>>>  frameworks (Shiro, Spring Security, ...) with perhaps JAAS
> modules
>>>>  (LDAP,
>>>>>>  JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of
> CDI, that
>>>>>  should
>>>>>>  be fine
>>>>>  +1
>>>>>
>>>>>  With a good provided security integration api in DS, anyone
> interested
>>>  in
>>>>>  any of those security frameworks will be able to use DS and
> that sounds
>>>>>  very nice and elegant.
>>>>>  --
>>>>>  Mehdi Heidarzadeh Ardalani
>>>>>  Independent JEE Consultant, Architect and Developer.
>>>>>  http://www.TheBigJavaBlog.com
>>>>>
>>>>
>>>
>
Reply | Threaded
Open this post in threaded view
|

Re: security: why creating thg from scratch?

Romain Manni-Bucau
In reply to this post by Anil Saldhana
hmm, not sure it answers the question. Shiro is an (fine IMO) API, DS could
use it as base instead of creating a new one in the Apache ecosystem.

- Romain


2012/7/26 Anil Saldhana <[hidden email]>

> If Deltaspike desires to provide integration with shiro, make it as an
> independent sub module of security. Similar to the independence of the IDM
> component. Security is too large to reside as a single module.
>
> On Jul 25, 2012, at 4:45 PM, Romain Manni-Bucau <[hidden email]>
> wrote:
>
> > +1
> >
> > - Romain
> >
> >
> > 2012/7/25 Gerhard Petracek <[hidden email]>
> >
> >> hi @ all,
> >>
> >> if there are objections, we have to finish the discussion before we
> >> continue with it or we start a vote about it.
> >>
> >> regards,
> >> gerhard
> >>
> >>
> >>
> >> 2012/7/12 Jean-Louis MONTEIRO <[hidden email]>
> >>
> >>> Yes, fully agree.
> >>> I don't see any good reason to create a new framework.
> >>>
> >>> Shiro, which is also in Apache is really great.
> >>> They seem really interested in integrating CDI and they plan to do so.
> >>>
> >>> There is some interesting posts.
> >>>
> >>>
> >>
> http://shiro-developer.582600.n2.nabble.com/CDI-and-WSS4J-integration-tp7577503.html
> >>>
> >>>
> >>
> http://shiro-developer.582600.n2.nabble.com/Security-in-DeltaSpike-tp7577514.html
> >>>
> >>> Jean-Louis
> >>>
> >>>
> >>> 2012/7/12 Mehdi Heidarzadeh <[hidden email]>
> >>>
> >>>>> Rather than marry into one security framework (Shiro),  Deltaspike
> >>> should
> >>>>> enable all security frameworks to provide integration. That includes
> a
> >>> DS
> >>>>> integration from Shiro.
> >>>> +1
> >>>>
> >>>>> Agree. If DS can provide a layer to support different existing
> >> security
> >>>>> frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules
> >>> (LDAP,
> >>>>> JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI, that
> >>>> should
> >>>>> be fine
> >>>> +1
> >>>>
> >>>> With a good provided security integration api in DS, anyone interested
> >> in
> >>>> any of those security frameworks will be able to use DS and that
> sounds
> >>>> very nice and elegant.
> >>>> --
> >>>> Mehdi Heidarzadeh Ardalani
> >>>> Independent JEE Consultant, Architect and Developer.
> >>>> http://www.TheBigJavaBlog.com
> >>>>
> >>>
> >>
>
Reply | Threaded
Open this post in threaded view
|

Re: security: why creating thg from scratch?

Jason Porter
I had suggested that awhile ago, but I don't think there was consensus. Or maybe I just thought about it :) been awhile.

Sent from my iPhone

On Jul 26, 2012, at 9:22, Romain Manni-Bucau <[hidden email]> wrote:

> hmm, not sure it answers the question. Shiro is an (fine IMO) API, DS could
> use it as base instead of creating a new one in the Apache ecosystem.
>
> - Romain
>
>
> 2012/7/26 Anil Saldhana <[hidden email]>
>
>> If Deltaspike desires to provide integration with shiro, make it as an
>> independent sub module of security. Similar to the independence of the IDM
>> component. Security is too large to reside as a single module.
>>
>> On Jul 25, 2012, at 4:45 PM, Romain Manni-Bucau <[hidden email]>
>> wrote:
>>
>>> +1
>>>
>>> - Romain
>>>
>>>
>>> 2012/7/25 Gerhard Petracek <[hidden email]>
>>>
>>>> hi @ all,
>>>>
>>>> if there are objections, we have to finish the discussion before we
>>>> continue with it or we start a vote about it.
>>>>
>>>> regards,
>>>> gerhard
>>>>
>>>>
>>>>
>>>> 2012/7/12 Jean-Louis MONTEIRO <[hidden email]>
>>>>
>>>>> Yes, fully agree.
>>>>> I don't see any good reason to create a new framework.
>>>>>
>>>>> Shiro, which is also in Apache is really great.
>>>>> They seem really interested in integrating CDI and they plan to do so.
>>>>>
>>>>> There is some interesting posts.
>>>>>
>>>>>
>>>>
>> http://shiro-developer.582600.n2.nabble.com/CDI-and-WSS4J-integration-tp7577503.html
>>>>>
>>>>>
>>>>
>> http://shiro-developer.582600.n2.nabble.com/Security-in-DeltaSpike-tp7577514.html
>>>>>
>>>>> Jean-Louis
>>>>>
>>>>>
>>>>> 2012/7/12 Mehdi Heidarzadeh <[hidden email]>
>>>>>
>>>>>>> Rather than marry into one security framework (Shiro),  Deltaspike
>>>>> should
>>>>>>> enable all security frameworks to provide integration. That includes
>> a
>>>>> DS
>>>>>>> integration from Shiro.
>>>>>> +1
>>>>>>
>>>>>>> Agree. If DS can provide a layer to support different existing
>>>> security
>>>>>>> frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules
>>>>> (LDAP,
>>>>>>> JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI, that
>>>>>> should
>>>>>>> be fine
>>>>>> +1
>>>>>>
>>>>>> With a good provided security integration api in DS, anyone interested
>>>> in
>>>>>> any of those security frameworks will be able to use DS and that
>> sounds
>>>>>> very nice and elegant.
>>>>>> --
>>>>>> Mehdi Heidarzadeh Ardalani
>>>>>> Independent JEE Consultant, Architect and Developer.
>>>>>> http://www.TheBigJavaBlog.com
>>>>>>
>>>>>
>>>>
>>
Reply | Threaded
Open this post in threaded view
|

Re: security: why creating thg from scratch?

Romain Manni-Bucau
so it really seems a vote is needed no?

- Romain


2012/7/26 Jason Porter <[hidden email]>

> I had suggested that awhile ago, but I don't think there was consensus. Or
> maybe I just thought about it :) been awhile.
>
> Sent from my iPhone
>
> On Jul 26, 2012, at 9:22, Romain Manni-Bucau <[hidden email]>
> wrote:
>
> > hmm, not sure it answers the question. Shiro is an (fine IMO) API, DS
> could
> > use it as base instead of creating a new one in the Apache ecosystem.
> >
> > - Romain
> >
> >
> > 2012/7/26 Anil Saldhana <[hidden email]>
> >
> >> If Deltaspike desires to provide integration with shiro, make it as an
> >> independent sub module of security. Similar to the independence of the
> IDM
> >> component. Security is too large to reside as a single module.
> >>
> >> On Jul 25, 2012, at 4:45 PM, Romain Manni-Bucau <[hidden email]>
> >> wrote:
> >>
> >>> +1
> >>>
> >>> - Romain
> >>>
> >>>
> >>> 2012/7/25 Gerhard Petracek <[hidden email]>
> >>>
> >>>> hi @ all,
> >>>>
> >>>> if there are objections, we have to finish the discussion before we
> >>>> continue with it or we start a vote about it.
> >>>>
> >>>> regards,
> >>>> gerhard
> >>>>
> >>>>
> >>>>
> >>>> 2012/7/12 Jean-Louis MONTEIRO <[hidden email]>
> >>>>
> >>>>> Yes, fully agree.
> >>>>> I don't see any good reason to create a new framework.
> >>>>>
> >>>>> Shiro, which is also in Apache is really great.
> >>>>> They seem really interested in integrating CDI and they plan to do
> so.
> >>>>>
> >>>>> There is some interesting posts.
> >>>>>
> >>>>>
> >>>>
> >>
> http://shiro-developer.582600.n2.nabble.com/CDI-and-WSS4J-integration-tp7577503.html
> >>>>>
> >>>>>
> >>>>
> >>
> http://shiro-developer.582600.n2.nabble.com/Security-in-DeltaSpike-tp7577514.html
> >>>>>
> >>>>> Jean-Louis
> >>>>>
> >>>>>
> >>>>> 2012/7/12 Mehdi Heidarzadeh <[hidden email]>
> >>>>>
> >>>>>>> Rather than marry into one security framework (Shiro),  Deltaspike
> >>>>> should
> >>>>>>> enable all security frameworks to provide integration. That
> includes
> >> a
> >>>>> DS
> >>>>>>> integration from Shiro.
> >>>>>> +1
> >>>>>>
> >>>>>>> Agree. If DS can provide a layer to support different existing
> >>>> security
> >>>>>>> frameworks (Shiro, Spring Security, ...) with perhaps JAAS modules
> >>>>> (LDAP,
> >>>>>>> JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI,
> that
> >>>>>> should
> >>>>>>> be fine
> >>>>>> +1
> >>>>>>
> >>>>>> With a good provided security integration api in DS, anyone
> interested
> >>>> in
> >>>>>> any of those security frameworks will be able to use DS and that
> >> sounds
> >>>>>> very nice and elegant.
> >>>>>> --
> >>>>>> Mehdi Heidarzadeh Ardalani
> >>>>>> Independent JEE Consultant, Architect and Developer.
> >>>>>> http://www.TheBigJavaBlog.com
> >>>>>>
> >>>>>
> >>>>
> >>
>
Reply | Threaded
Open this post in threaded view
|

Re: security: why creating thg from scratch?

Gerhard Petracek
Administrator
+1 for a vote about the IDM part, but imo we need a clear majority to
continue or drop with it.
if we don't have a clear majority, we should discuss it again in detail
(independent of the result).

regards,
gerhard



2012/7/26 Romain Manni-Bucau <[hidden email]>

> so it really seems a vote is needed no?
>
> - Romain
>
>
> 2012/7/26 Jason Porter <[hidden email]>
>
> > I had suggested that awhile ago, but I don't think there was consensus.
> Or
> > maybe I just thought about it :) been awhile.
> >
> > Sent from my iPhone
> >
> > On Jul 26, 2012, at 9:22, Romain Manni-Bucau <[hidden email]>
> > wrote:
> >
> > > hmm, not sure it answers the question. Shiro is an (fine IMO) API, DS
> > could
> > > use it as base instead of creating a new one in the Apache ecosystem.
> > >
> > > - Romain
> > >
> > >
> > > 2012/7/26 Anil Saldhana <[hidden email]>
> > >
> > >> If Deltaspike desires to provide integration with shiro, make it as an
> > >> independent sub module of security. Similar to the independence of the
> > IDM
> > >> component. Security is too large to reside as a single module.
> > >>
> > >> On Jul 25, 2012, at 4:45 PM, Romain Manni-Bucau <
> [hidden email]>
> > >> wrote:
> > >>
> > >>> +1
> > >>>
> > >>> - Romain
> > >>>
> > >>>
> > >>> 2012/7/25 Gerhard Petracek <[hidden email]>
> > >>>
> > >>>> hi @ all,
> > >>>>
> > >>>> if there are objections, we have to finish the discussion before we
> > >>>> continue with it or we start a vote about it.
> > >>>>
> > >>>> regards,
> > >>>> gerhard
> > >>>>
> > >>>>
> > >>>>
> > >>>> 2012/7/12 Jean-Louis MONTEIRO <[hidden email]>
> > >>>>
> > >>>>> Yes, fully agree.
> > >>>>> I don't see any good reason to create a new framework.
> > >>>>>
> > >>>>> Shiro, which is also in Apache is really great.
> > >>>>> They seem really interested in integrating CDI and they plan to do
> > so.
> > >>>>>
> > >>>>> There is some interesting posts.
> > >>>>>
> > >>>>>
> > >>>>
> > >>
> >
> http://shiro-developer.582600.n2.nabble.com/CDI-and-WSS4J-integration-tp7577503.html
> > >>>>>
> > >>>>>
> > >>>>
> > >>
> >
> http://shiro-developer.582600.n2.nabble.com/Security-in-DeltaSpike-tp7577514.html
> > >>>>>
> > >>>>> Jean-Louis
> > >>>>>
> > >>>>>
> > >>>>> 2012/7/12 Mehdi Heidarzadeh <[hidden email]>
> > >>>>>
> > >>>>>>> Rather than marry into one security framework (Shiro),
>  Deltaspike
> > >>>>> should
> > >>>>>>> enable all security frameworks to provide integration. That
> > includes
> > >> a
> > >>>>> DS
> > >>>>>>> integration from Shiro.
> > >>>>>> +1
> > >>>>>>
> > >>>>>>> Agree. If DS can provide a layer to support different existing
> > >>>> security
> > >>>>>>> frameworks (Shiro, Spring Security, ...) with perhaps JAAS
> modules
> > >>>>> (LDAP,
> > >>>>>>> JDBC, PropertiesFile, EncryptedPropertiesFile, ...) top of CDI,
> > that
> > >>>>>> should
> > >>>>>>> be fine
> > >>>>>> +1
> > >>>>>>
> > >>>>>> With a good provided security integration api in DS, anyone
> > interested
> > >>>> in
> > >>>>>> any of those security frameworks will be able to use DS and that
> > >> sounds
> > >>>>>> very nice and elegant.
> > >>>>>> --
> > >>>>>> Mehdi Heidarzadeh Ardalani
> > >>>>>> Independent JEE Consultant, Architect and Developer.
> > >>>>>> http://www.TheBigJavaBlog.com
> > >>>>>>
> > >>>>>
> > >>>>
> > >>
> >
>
12