<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Jason,<br>
I did see this on the apache list this morning. <br>
<br>
I think quickstarts such as TicketMonster will help IMO.<br>
<br>
Regards,<br>
Anil<br>
<br>
On 01/15/2013 08:04 AM, Jason Porter wrote:<br>
</div>
<blockquote
cite="mid:67DA30C6-0A18-495C-9872-3C93EB06E002@gmail.com"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<div>Thought if forward this one on to make sure we have it
covered. <br>
<br>
</div>
<div>Begin forwarded message:<br>
<br>
</div>
<blockquote type="cite">
<div><b>From:</b> Glh <<a moz-do-not-send="true"
href="mailto:gsouzeau@gmail.com">gsouzeau@gmail.com</a>><br>
<b>Date:</b> January 15, 2013, 3:50:32 MST<br>
<b>To:</b> <a moz-do-not-send="true"
href="mailto:deltaspike-dev@incubator.apache.org">deltaspike-dev@incubator.apache.org</a><br>
<b>Subject:</b> <b>Re: security: why creating thg from
scratch?</b><br>
<b>Reply-To:</b> <a moz-do-not-send="true"
href="mailto:deltaspike-dev@incubator.apache.org">deltaspike-dev@incubator.apache.org</a><br>
<br>
</div>
</blockquote>
<div><span></span></div>
<blockquote type="cite">
<div><span>Dear all,</span><br>
<span></span><br>
<span>I start a JEE6 project (CDI/JPA/JSF) in a few months and
security is a</span><br>
<span>problem. The 3 main frameworks handling security are
(sorry if i miss one):</span><br>
<span></span><br>
<span>*- Spring Security:* not a good idea for a CDI-oriented
architecture.</span><br>
<span>*- Apache Shiro:* very interesting but doesn't support
multi-stage</span><br>
<span>authentication and need to be "POCed" because rather
"exotic" (different</span><br>
<span>identity model, not based on JAAS). I lack of time to
perform such a POC.</span><br>
<span>*- Seam Security:* has no future, lack of documentation.</span><br>
<span></span><br>
<span>So if we consider that delta-spike security is the
future but not available</span><br>
<span>and not mature enough before a (too) long time; what
should we do?</span><br>
<span></span><br>
<span>I'm under the impression that you pick the best of
several security</span><br>
<span>frameworks and add some features of your own so how can
we choose a security</span><br>
<span>framework that will not imply a costly refactoring when
delta spike will be</span><br>
<span>available?</span><br>
<span>I found some answers along this forum (and related-jiras
such as "Discuss</span><br>
<span>Security Module"; yet we need a clear path: </span><br>
<span></span><br>
<span>1) please, what will exactly be the deltaspike security
module? </span><br>
<span>2) which existing security framework is the closest to
the target? </span><br>
<span>3) which one will imply the least refactoring?</span><br>
<span></span><br>
<span>If the answer is accurate/clear, it would be useful to
highlight it: I think</span><br>
<span>a lot of architects are in the same trouble than me.</span><br>
<span></span><br>
<span>I'm not yet very confortable with Apache process so
please forgive me if I</span><br>
<span>ask questions that have already been answered somewhere.</span><br>
<span></span><br>
<span>Regards.</span><br>
<span>Glh</span><br>
<span></span><br>
<span>P.S: I don't have the security requirements yet, I just
know that</span><br>
<span>multi-authentication could be required.</span><br>
<span></span><br>
<span></span><br>
</div>
</blockquote>
</blockquote>
</body>
</html>