On 28/09/2015 20:44, Les Hazlewood wrote:
Hi Francesco,
This looks good to me - thanks for sharing. One question though (since it
helps us with feature development and supporting our community): if you're
already using Spring Security, why are you looking to move to Apache
Shiro? There's no right or wrong answer of course - I'm just curious as to
the motivation.
Hi Les,
good to know I am not on a wrong page :-)
These are the main reasons why I'm proposing such switch:
1. session management (session store in particular) - we are planning
to add support for OAuth 2.0 and possibly SAML 2.0 providers, so having
a working abstraction for session store (instead of building it from
scratch, even on Spring Security foundations) looks attractive
2. ASF-ness! The more ASF projects we work with (as we've been doing
with OpenJPA and CXF for long time now) the higher is the chance that we
can get some influence - in the spirit of cooperation, naturally
3. refactoring - internal authentication &authorization have grown by
additions since the very early versions, as many other aspects of
Syncope that were recently refactored as part of effort towards 2.0.0;
changing the supporting framework is giving us the chance to reconsider
our assumptions, design and implementation
Regards.
On Mon, Sep 28, 2015 at 2:27 AM, Francesco Chicchiriccò <[email protected]>
wrote:
Hi all,
at Syncope we are starting discussion [1] around replacing the current
authentication / authorization implementation with something based on
Shiro. I have assembled a quick summary of proposed integration - which
also describes at high-level the current status - at [2].
Can you take a look at [2] and / or provide some upfront advice? Do you
see anything essentially wrong with it?
TIA
Regards.
P.S. Any chance to meet in Budapest at ApacheCon: Core this week?
[1] http://markmail.org/message/crc7gwugmyzw3bib
[2]
https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+Apache+Shiro+integration+for+authentication+and+authorization
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
