Return-Path: X-Original-To: apmail-esme-dev-archive@www.apache.org Delivered-To: apmail-esme-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0408A9AB3 for ; Mon, 19 Sep 2011 10:50:35 +0000 (UTC) Received: (qmail 29405 invoked by uid 500); 19 Sep 2011 10:50:34 -0000 Delivered-To: apmail-esme-dev-archive@esme.apache.org Received: (qmail 29368 invoked by uid 500); 19 Sep 2011 10:50:34 -0000 Mailing-List: contact dev-help@esme.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@esme.apache.org Delivered-To: mailing list dev@esme.apache.org Received: (qmail 29354 invoked by uid 99); 19 Sep 2011 10:50:34 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 19 Sep 2011 10:50:34 +0000 X-ASF-Spam-Status: No, hits=0.0 required=5.0 tests=FREEMAIL_FROM,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of esjewett@gmail.com designates 209.85.212.50 as permitted sender) Received: from [209.85.212.50] (HELO mail-vw0-f50.google.com) (209.85.212.50) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 19 Sep 2011 10:50:27 +0000 Received: by vws14 with SMTP id 14so9668079vws.23 for ; Mon, 19 Sep 2011 03:50:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=GdAvUxaONigh/E9QO0p+9vCxboEyHA/S6aTGBxF7ZHg=; b=vLsbx/tgl1pS+UvbWtl9MKvwO2NDyBM4OWmBE2B97Rk/kWagP3m/JVXothXfJ4857N c/ceYacUiepd6dnNdGbWL3lObkZkjcvZHdjh482y1jdThGNlm7tME8qyNHpVk0hjedzK P0lWfmcDDfpsv/FzuF0zRtq6X87ifouU5jJsQ= MIME-Version: 1.0 Received: by 10.220.1.6 with SMTP id 6mr540934vcd.168.1316429406400; Mon, 19 Sep 2011 03:50:06 -0700 (PDT) Received: by 10.220.194.200 with HTTP; Mon, 19 Sep 2011 03:50:06 -0700 (PDT) In-Reply-To: References: Date: Mon, 19 Sep 2011 12:50:06 +0200 Message-ID: Subject: Re: Apache Shiro integration in ESME From: Ethan Jewett To: dev@esme.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org Hi all, My interest in this is based on the observation that I can think of the following places where we do authorization in ESME: 1. General access (you must be logged in - stored in database, LDAP, or container, thanks to Vladimir) 2. Pools (pool membership stored in database (or LDAP?)) 3. API super-user (allowed to create user accounts - configured through property files) Each of these is handled in a different way with different types of checks. Our current system is not very complex, so I'm not sure if we would benefit from a framework like Shiro, but my thought was that it might push us towards a more consistent approach. That said, I don't see a pressing need for it at the moment, since things seem to be working OK. Just my 2 cents :-) Ethan On Sun, Sep 18, 2011 at 1:25 PM, Richard Hirsch wro= te: > Ethan found an interesting blog about Apache Shiro integration in Lift > (http://goo.gl/fb/3kLxZ) > > Apache Shiro is a Java security framework (formally known as > JSecurity) and it comes with a fairly abstract set of classes for > building systems that have the familiar users, roles and permissions > setup. There is an interesting write up here with further details: > http://shiro.apache.org/authentication-features.html > > Thanks to Vladimir we already have some implemented some features such > as LDAP and container-based authentication. =A0Should we look at Shiro? > > Thoughts? > > D. >