[
https://issues.apache.org/activemq/browse/CAMEL-2779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=60851#action_60851
]
Les Hazlewood commented on CAMEL-2779:
--------------------------------------
Hi Ashwin, Claus,
A quick note: Shiro does not require Spring - it can work in any environment.
I also have some minor questions about the current ShiroSecurityPolicy
implementation (in the diff file):
Why does it have a DefaultBlockCipherService reference instead of just
CipherService (an interface)? That way an end-user could configure whatever
Cipher mechanism they want. Also, since you're using Blowfish by default, you
might want to use the already-available BlowfishCipherService instead of
manually configuring a DefaultBlockCipherService implementation (minor, but
still).
Finally, and this is very minor - while Blowfish has not been susceptible to
modern cryptanalyst attacks with a sufficient key size (e.g. 128 bits or more),
AES has been approved for highest U.S. government top-secret clearance (at 256
bit keysize). A lot of people end up choosing AES by default just because of
the extra scrutiny it has been through, making them feel a little 'safer'. Why
not default to an AesCipherService by default?
Anyway, just trying to help!
Cheers,
Les
(Apache Shiro team)
> Security - Allow to use Apache Shiro as security framework as well
> ------------------------------------------------------------------
>
> Key: CAMEL-2779
> URL: https://issues.apache.org/activemq/browse/CAMEL-2779
> Project: Apache Camel
> Issue Type: New Feature
> Reporter: Claus Ibsen
> Assignee: Ashwin Karpe
> Fix For: Future
>
> Attachments: camel-shiro-20100714.zip, camel-shiro.diff
>
>
> Looks like Apache Shiro could be a good security framework
> http://incubator.apache.org/shiro/index.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
