esme-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ethan Jewett <>
Subject Re: Apache Shiro integration in ESME
Date Mon, 19 Sep 2011 10:50:06 GMT
Hi all,

My interest in this is based on the observation that I can think of
the following places where we do authorization in ESME:

1. General access (you must be logged in - stored in database, LDAP,
or container, thanks to Vladimir)
2. Pools (pool membership stored in database (or LDAP?))
3. API super-user (allowed to create user accounts - configured
through property files)

Each of these is handled in a different way with different types of
checks. Our current system is not very complex, so I'm not sure if we
would benefit from a framework like Shiro, but my thought was that it
might push us towards a more consistent approach. That said, I don't
see a pressing need for it at the moment, since things seem to be
working OK.

Just my 2 cents :-)


On Sun, Sep 18, 2011 at 1:25 PM, Richard Hirsch <> wrote:
> Ethan found an interesting blog about Apache Shiro integration in Lift
> (
> Apache Shiro is a Java security framework (formally known as
> JSecurity) and it comes with a fairly abstract set of classes for
> building systems that have the familiar users, roles and permissions
> setup. There is an interesting write up here with further details:
> Thanks to Vladimir we already have some implemented some features such
> as LDAP and container-based authentication.  Should we look at Shiro?
> Thoughts?
> D.

View raw message