security - Authentication and Authorization Framework for Java Web-Application -


I am programming a web application with JavaE, JSF and Hibernate. I do not use Spring or EJB! Now I am at that point where certification and authorization have to be implemented. I need access to an Active Directory or LDAP and I want to implement my own roles, which can not be obtained with AD / LDAP.

My question is, what is the easiest way to implement it? Should I use the frame like the JAAS / Apache head? And which is the best for my intentions?

About the concept of small roles: I had planned to set up a property file, where I can configure roles.

Apache head is more useful than spring security, if only because SS Enterprise does not support session management or simplifies cryptography outside the box (does it) Supports even better micro-security models (such as the wildcardpromination of the head) She also does LDAP and Active Directory. Also keep in mind that Shiro was built with architectural foundation from day one, so that no application should work in the environment, not only the spring application (but it is better in the spring app to make sure). The same can not be said about spring safety (it was actually just started for spring applications.)

As far as the small number of users and / or roles are, you can easily Can do in For example: [main] ... [users] jsmith = password, role 1 ajones = other password, role 1, role 2 [roles] role1 = perm1, perm2, ..., permn role 2 = perma, PermB, ..., permz

At the end of the day, both Apache Shiro and Spring Protection are great frameworks - both are standing well on their properties

Cheers ,

Cheers,

should be the basis of your choice, which should fit your mental model better (which means the name of interface and class more Understandable?)

les


Comments

Popular posts from this blog

c# - sqlDecimal to decimal clr stored procedure Unable to cast object of type 'System.Data.SqlTypes.SqlDecimal' to type 'System.IConvertible' -

Calling GetGUIThreadInfo from Outlook VBA -

Obfuscating Python code? -