Nice work Dave! I know Spring Security better than Shiro because I find it a lot more on client projects. However, I worked with it a few years ago[1] and found the experience to be enjoyable.
I think Roller is in a similar boat to AppFuse these days in that the primary goal should be making it easier to maintain[2]. I doubt we'll attract a lot of new users with all the blogging platforms available today, but that doesn't mean it can't be fun to work on. ;) Happy Holidays! Matt [1] http://raibledesigns.com/rd/entry/java_web_application_security_part2 [2] http://raibledesigns.com/rd/entry/appfuse_reduced On Tue, Dec 23, 2014 at 3:56 PM, Dave <snoopd...@gmail.com> wrote: > I'm learning about Apache Shiro, so I decided to see how hard it would be > to replace Spring Security in Roller with Shiro. It was a little painful, > but I eventually got it working. Shiro seems a lot easier to deal with, and > it allowed me to complete remove all Spring dependencies from my fork of > Roller. > > You can see my DIFFs here: > https://github.com/snoopdave/rollarcus/compare/shiro_not_spring?expand=1 > > And the shiro.ini config file is here: > > https://github.com/snoopdave/rollarcus/blob/shiro_not_spring/app/src/main/resources/shiro.ini > > Most of the changes are removal of Spring specific code. However, my branch > does not support LDAP or OpenID yet, so I would expect that some Shiro > specific code would have to be added to enable those things. > > I'm not convinced that Roller should switched to Shiro, but this is some > food for thought... > > - Dave >
