Re: Security refactor

Fri, 17 Sep 2010 08:47:58 -0700

Shiro would replace the home-grown Authorization Manager in the security redesign - https://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+Security+Redesign.
Integrating Shiro in the execution context branch should be pretty straightforward - since it is nearly identical to the authorization manager. 

-Adrian

On 9/15/2010 1:09 AM, james_sg wrote:


Anyone look at Apache Shiro for OFBiz? I have used it in one of my project
and am happy with it. Seems a nice fit for OFBiz.

-james

Adrian Crum wrote:


Anyone wanting to give the security redesign a try is welcome to do so.
The Example component is converted over to the new security design, but
the rest of the applications still use the old-style security.

One of the goals of the redesign was to have it work along side the
old-style security - so OFBiz users can migrate over to the new design
when time and resources permit. The notion that the redesign would have
a big impact on existing installations isn't true.

-Adrian

On 9/13/2010 8:33 AM, David E Jones wrote:


I think we've hit the point where large framework changes like the
ExecutionContext and the security redesign have so much of an impact on
higher level code and on large numbers of people in the community that it
is unlikely they will be implemented and pushed out. If they were to be
completed there would then be a TON of stuff that could be cleaned up and
eliminated from the framework, which would also be great, but also have a
lot of impact on people/organizations and on existing code.

This is not really likely, and probably not really a good idea. That's
why I started a separate project to incorporate many redesign ideas for
the framework (ie Moqui), and it is structured differently to help with
certain other difficulties we're having in OFBiz (ie framework only
instead of full stack, fully moderated instead of community-driven, etc).
Anyway, I put together a list a while ago with all of the major
differences between Moqui and the OFBiz Framework and that is still
easily available on the Moqui SourceForge site in a forum post. Of
course, Moqui is also just a design exercise so far and I haven't started
any implementation (not that I haven't been itching to for a while... ;)
).

-David


On Sep 13, 2010, at 2:40 AM, Jacques Le Roux wrote:


Hi,

Just curious, what is going on finally with Security refactor?

Jacques



































					Reply via email to