We're hardly starting from scratch, much of the DeltaSpike security
design is an "improved" re-visiting of Seam Security, which has been
actively developed and improved for a number of years. I've also taken
a look at Shiro and while it has many cool features, it also seems to be
missing some critical features like Identity and Permission Management.
Its identity model also doesn't satisfy some of the use cases we've
identified (such as its simplified named roles). This is not to say that
we can't provide interfaces for developers who wish to use Shiro, but I
think we're moving in the right direction by building a security module
purpose-built for developing Java EE/CDI applications.
On 09/07/12 16:59, Romain Manni-Bucau wrote:
Hi,
maybe i missed some discussion but here is the question: why not using an
existing framework? i particularly think of Shiro which is really fine and
simply needs
- a CDI integration (pretty easy and obvious to do)
- a JPA implementation
- Romain
