[jira] [Updated] (ISIS-3305) [DISCUSS] Re-platform on top of Spring security.

Thu, 15 Dec 2022 00:49:05 -0800 


     [ 
https://issues.apache.org/jira/browse/ISIS-3305?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andi Huber updated ISIS-3305:
-----------------------------
    Description: 
as per [https://the-asf.slack.com/archives/CFC42LWBV/p1670661588201299]

 
Andi's wish list of changes is:
 # drop Shiro support -> or perhaps provide a default Spring Security 
integration if simple enough
 # -drop Keycloak support-  -> keep Keycloak, provide a default Spring Security 
integration 
 # instead fully integrate with Spring Security -> YES
 # -drop SudoService-  -> NO keep
 # -instead provide impersonation via a specialized login page-
 # drop Wicket's .../signin, .../logout -> ONHOLD as long as there is only the 
Wicket Viewer, we don't yet need to think about this too hard
 # instead provide simple replacements under /security/... central to the 
application (not using Wicket) -> a common /logout would make sense, however 
viewer specific /login could be kept as is for now

Why? Focus on one security stack and do that integration well
 

  was:
as per [https://the-asf.slack.com/archives/CFC42LWBV/p1670661588201299]

 
Andi's wish list of changes is: 
 # drop Shiro support
 # drop Keycloak support
 # instead fully integrate with Spring Security
 # drop SudoService
 # instead provide impersonation via a specialized login page
 # drop Wicket's .../login, .../logout
 # instead provide simple replacements under /security/... central to the 
application (not using Wicket)

Why? Focus on one security stack and do that integration well
 


> [DISCUSS] Re-platform on top of Spring security.
> ------------------------------------------------
>
>                 Key: ISIS-3305
>                 URL: https://issues.apache.org/jira/browse/ISIS-3305
>             Project: Isis
>          Issue Type: Task
>    Affects Versions: 2.0.0-M9
>            Reporter: Daniel Keir Haywood
>            Priority: Major
>             Fix For: 2.1.0
>
>
> as per [https://the-asf.slack.com/archives/CFC42LWBV/p1670661588201299]
>  
> Andi's wish list of changes is:
>  # drop Shiro support -> or perhaps provide a default Spring Security 
> integration if simple enough
>  # -drop Keycloak support-  -> keep Keycloak, provide a default Spring 
> Security integration 
>  # instead fully integrate with Spring Security -> YES
>  # -drop SudoService-  -> NO keep
>  # -instead provide impersonation via a specialized login page-
>  # drop Wicket's .../signin, .../logout -> ONHOLD as long as there is only 
> the Wicket Viewer, we don't yet need to think about this too hard
>  # instead provide simple replacements under /security/... central to the 
> application (not using Wicket) -> a common /logout would make sense, however 
> viewer specific /login could be kept as is for now
> Why? Focus on one security stack and do that integration well
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to