[CONF] Apache Syncope > [DISCUSS] Apache Shiro integration for authentication and authorization

[Colm O hEigeartaigh (Confluence)]

Title: Message Title

Colm O hEigeartaigh commented on a page

Re: [DISCUSS] Apache Shiro integration for authentication and authorization I agree that Shiro is not needed. Do we really need to introduce Spring Session though, won't Spring Security take care of it already, via for example "<sec:session-management session-authentication-strategy-ref="sas"/>"? Perhaps Apache CXF Fediz could give us some pointers here. It ships with a plugin for Spring Security for WS-Federation, that sets up a session based on parsing a SAML Token received as part of the redirection process involved in WS-Federation SSO: https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=tree;f=plugins/spring;h=f4f6d060128b96872d3eadff6955897658163443;hb=HEAD A webapp configuration using this module is here: https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=blob;f=systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml;h=2f5a518d013c8fedd672b14fc96f21398e523158;hb=HEAD   Reply • Like

In reply to Francesco Chicchiricco I am actually not sure if Shiro is the right choice to implement what described. As alternative approach, once can think of enhancing the current Spring Security usage and introducing Spring Session for session management.

Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4