3 Replies Latest reply on Feb 9, 2012 1:44 PM by Jason Porter

    Future of Security module in DeltaSpike?

    Karsten Wutzke Expert

      After reading




      does anyone know where Seam 3 Security is going? I cannot see it in the DeltaSpike project... will it be supported? Will it be extended?


      Can anybody recommend a not too complicated security implementation other than PicketLink, which doesn't seem to quite give me what I need, escpecially because it requires a specific data model which I cannot guarantee?




        • 1. Re: Future of Security module in DeltaSpike?
          Jason Porter Master

          We're actually going to start discussing it soon (maybe next week?). Start tracking the DeltaSpike dev list for more info.  In the short term may I suggest Apache Shiro? It doesn't have full CDI support, but it's all POJO based, and creating producers for the objects you need would not be that difficult.

          • 2. Re: Future of Security module in DeltaSpike?
            Johnny Keys Newbie

            Shiro is a really nice security model especially since it handles instance/row level security. Unfortunately it's not CDI based which is a problem since it relies on the user providing a realm object which acts as a kind of security advisor and is invoked/calledback during security handling events by shiro core and ideally in a CDI application that Realm object would be CDI managed.


            So you'd need to create some sort of hack where you provide a CDI aware delegating realm object which would look up the CDI bean manager and request the actual CDI Realm implementation and delegate the Realm interface calls to the CDI provided realm object.


            I really do hope the deltaspike devs do consider the shiro security model and provide nice Annotations and JSF extensions for the security implementation to be hooked into the appropriate places in an application.




            • 3. Re: Future of Security module in DeltaSpike?
              Jason Porter Master

              If you'd like to get involved with the discussions, please subscribe to the deltaspike-dev mailing list and let your voice be heard