[security-dev] Fwd: security: why creating thg from scratch?

Jason Porter lightguard.jp at gmail.com
Tue Jan 15 09:04:12 EST 2013

Thought if forward this one on to make sure we have it covered. 

Begin forwarded message:

> From: Glh <gsouzeau at gmail.com>
> Date: January 15, 2013, 3:50:32 MST
> To: deltaspike-dev at incubator.apache.org
> Subject: Re: security: why creating thg from scratch?
> Reply-To: deltaspike-dev at incubator.apache.org
> Dear all,
> I start a JEE6 project (CDI/JPA/JSF) in a few months and security is a
> problem. The 3 main frameworks handling security are (sorry if i miss one):
> *- Spring Security:* not a good idea for a CDI-oriented architecture.
> *- Apache Shiro:* very interesting but doesn't support multi-stage
> authentication and need to be "POCed" because rather "exotic" (different
> identity model, not based on JAAS). I lack of time to perform such a POC.
> *- Seam Security:* has no future, lack of documentation.
> So if we consider that delta-spike security is the future but not available
> and not mature enough before a (too) long time; what should we do?
> I'm under the impression that you pick the best of several security
> frameworks and add some features of your own so how can we choose a security
> framework that will not imply a costly refactoring when delta spike will be
> available?
> I found some answers along this forum (and related-jiras such as "Discuss
> Security Module"; yet we need a clear path: 
> 1) please, what will exactly be the deltaspike security module? 
> 2) which existing security framework is the closest to the target? 
> 3) which one will imply the least refactoring?
> If the answer is accurate/clear, it would be useful to highlight it: I think
> a lot of architects are in the same trouble than me.
> I'm not yet very confortable with Apache process so please forgive me if I
> ask questions that have already been answered somewhere.
> Regards.
> Glh
> P.S: I don't have the security requirements yet, I just know that
> multi-authentication could be required.
> --
> View this message in context: http://apache-deltaspike-incubator-discussions.2316169.n4.nabble.com/security-why-creating-thg-from-scratch-tp4653216p4654382.html
> Sent from the Apache DeltaSpike Incubator Discussions mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/security-dev/attachments/20130115/8485a14b/attachment.html 

More information about the security-dev mailing list