A general observation:
There are many mechanisms for doing AuthN/AuthZ and session
management, and every project either builds their own or uses some
thing off the shelf. When trying to embed a 3rd party library into the
application, competing frameworks for AUthN and AuthZ frequently
conflict and require rewriting. IMHO when 3rd part libraries express
AuthN and AuthZ as service interfaces, with example implementations
its far easier to integrate that library.
So for Shindig, having service API's for AuthN and AuthZ makes sense.
Reusing standard java interfaces like java.security.Principal, &
Credentials make sense.
Then providing a sample implementation using a capable jar like
JSecurity makes sense, provided its clear and easy to identify where
the core shindig code ends and the sample implementation starts.
I haven't used JSecurity which on inspection looks Ok but IMVHO it
would be a mistake to bind to it directly. The SPI for caching and the
social API has kept concrete bindings out of shindig core so far.
Ian
On 20 Jan 2009, at 19:18, Paul Lindner wrote:
Hi,
I was wondering what people think about Jsecurity? I came across
this when I was looking for PAM-like authentication when working on
the AuthenticationHandler interfaces.
