That's a good clarification. I'm new to configuring server security, so I guess a better question is "what kind of suspicious activity / threat detection does Shiro provide, if any?" and then I can compare that against what other products provide (if any). That's obviously a bigger question. If there is any documentation that describes this (which I was unable to find) a link to that would be perfectly fine.
Being able to configure Shiro to detect multiple login attempts and throw an exception if a threshold is exceeded within a certain amount of time is a good example of the kind of protection I'm thinking of. Upon further reading, OpenAM's /Adaptive Authentication Module/ provides the following features: - Failed Authentication Check (has there been a failed attempt to authenticate since the last success) - IP Address Range Check - IP Address History Check (is the user logging in from a new IP address they have not used before?) - Known Cookie Check (check for arbitrary cookie in the client) - Time Since Last Login Check - Profile Attribute Check (if the user specified has a specified attribute on their profile, flag it) - Geolocation Check - Request Header Check Each of these can be configured with various values. When any configured rule is violated it adds points to a total score for the user and if it exceeds a threshold then the authentication attempt is rejected and a second form of authentication is required. Granted, a lot of the examples from OpenAM can be coded manually, but it would be nice if there was a module that could easily be configured for these kinds of checks. -- View this message in context: http://shiro-user.582556.n2.nabble.com/Does-Shiro-provide-suspicious-activity-detection-threat-detection-tp7580510p7580514.html Sent from the Shiro User mailing list archive at Nabble.com.
