On Tue, Jun 7, 2011 at 1:53 PM, Nelson Silva <[email protected]> wrote: > I need a SSO solution to integrate a Tomcat/JBoss app with WIAB (which > currently relies on Jetty mainly because of WebSocket support). > > I've seen people asking for LDAP support and perhaps, instead of focusing on > a single authentication/authorization solution it would be best to just > integrate something like Apache Shiro or Spring Security. > > I would really like to go with Apache Shiro, being an Apache project and > all, but I feel that Spring Security is more mature. > > Any ideas/opinions on this subject ?
I'm a strong believer that authentication is an orthogonal concern, and should be handled at the servlet-container level (with things like JASPI when available, or Tomcat valves and Jetty's own authenticators otherwise), so I'd rather oppose to a move to either Shiro or Spring Security (and Spring Security at least, like most "Spring" things, is really heavyweight!).
