Hi Chris
On 14/07/14 02:01, Chris Geer wrote:
Christian,
I'm not sure I have specific advice about how to approach Shiro
compatibility without spending some cycles on it. I think we could engage
Les and Shiro community to help though. One possible approach might just be
to have CXF use a pluggable approach so that it calls out to an API when it
checks if a user is authentication/authorized. That way a JAAS
implementation could be put in place but a Shiro or Spring Security
implementation could also be put in place. This would have to be made OSGI
friendly, but I bet it could be done.
I guess I just wanted to toss that out there so that any decisions that
were made wouldn't preclude using frameworks other than JAAS. In my
experience, using JAAS in an OSGI environments, with cross-service calls,
is very problematic so I'd just hate to see CXF require usage of JAAS.
AFAIK depending on JAAS will be completely optional.
Cheers, Sergey
One
could argue that CXF didn't need to provide A&A at all in the core and
external libraries can be used through filters/interceptors as the
standard.
I'll give it some more thought as this conversation continues.
Chris
On Sun, Jul 13, 2014 at 10:56 AM, Christian Schneider <
[email protected]> wrote:
I think it would be great to stay compatible to the external security
frameworks.
What do you think needs to be considered regarding shiro?
Christian
Am 13.07.2014 17:50, schrieb Chris Geer:
While authentication/authorization is being discussed it would also be
good
if compatibility with Apache Shiro was kept in mind.
--
Christian Schneider
http://www.liquid-reality.de
Open Source Architect
Talend Application Integration Division http://www.talend.com
