Thanks for all the info! I'll definitely look into it...
-jeff Tamás Cservenák wrote:
Hi there, as integration i meant making those two (restlet + jsecurity) to play together. But in fact, we are using out-of-the-box (slightly nexus-ified) JSecurity Servlet filters, thus our Restlet Application is completely unaware of being protected (unless resources where we use it explicitly). The "integration" is more Plexus + JSecurity way, and also we integrated Plexus + Restlet, thus all major stuff is simply a Plexus Component (something like spring managed bean). All our related code is in our Spice OSS SVN (that makes our life spicey): http://svn.sonatype.org/spice/trunk/ In short: plexus-restlet-bridge -- is the restlet + plexus integration plexus-jsecurity-realms -- are various JSecurity Realm implementations (allowing us to do a lot of magic, ie. using LDAP for auth/authz and if failing, falling back to "local" XML for example, it is great for transitions) JSecurity is very flexible piece of software, and almost all you have to do is implement a Realm to hook it in into whatever you want. It is not an aggressive library, that is clearly proved by Nexus already: you can simply "envelope" a web application (in this case a Restlet Application that is run in ServletServer) into JSecurity with their SerlvetFilters almost without any changes (the simplest/static solution would need some web.xml tweaking and that's all!). You can grep some info from here too: https://docs.sonatype.com/display/NX/Nexus+Security+FAQ Hope helps, ~t~
