The big three for Java are CMA (Container Managed Authentication) which you are using, Spring Security (ex-Acegi Security, Tapestry integration provided by tapestry-spring-security module) and Apache Shiro (ex-JSecurity, Tapestry integration provided by Tynamo's tapestry-security). I've spent more time with all of them that I care to admit, and I've moved through them in that order in search of more flexible security framework that allows me to do what I want without getting in the way. Shiro is by no means perfect (which is why I signed up as a committer) but from my experience, by far the most flexible. For OpenId and Oauth there are several projects available and you can piecemeal it together to your home-grown security framework or CMA if you really wanted to, but I wouldn't recommend.
Kalle On Wed, Jun 1, 2011 at 12:40 PM, Lenny Primak <lpri...@hope.nyc.ny.us> wrote: > Thanks guys I'll definitely look at tynamo security. > There is a lot of homegrown code in our implementation that feels like it > should be a part of a framework that's already been written. I guess that > tynamo security is that framework. > > Anything else I should be l should be looking at in this space? Perhaps not > necessarily tapestry related? > > > On Jun 1, 2011, at 2:11 PM, "Thiago H. de Paula Figueiredo" > <thiag...@gmail.com> wrote: > >> On Wed, 01 Jun 2011 14:33:47 -0300, Lenny Primak <lpri...@hope.nyc.ny.us> >> wrote: >> >>> My current project is to refresh a client's web site using tapestry. The >>> web site currently uses JSP. We have a JEE/web service backend that uses >>> JPA/EJB3.1 which we will continue to use. >>> We now have a JEE based authorization service API based on plain method >>> calls now. >>> What we want is to keep the current login scheme and add LDAP and possibly >>> Facebook ID and openid. >> >> For using Facebook ID and OpenID, check >> http://tynamo.org/tynamo-federatedaccounts+guide. Beyond that, I can't see >> why using the existing API in Tapestry would be different from your existing >> code, besides that Tapestry templates don't allow code (scriptlets). I'd >> suggest you to build some components to encapsulate common scenarios >> (something like a IfUserHasPermission component), maybe a couple mixins, and >> using the ComponentRequestFilter and/or RequestFilter pipelines for >> cross-page logic. >> >> -- >> Thiago H. de Paula Figueiredo >> Independent Java, Apache Tapestry 5 and Hibernate consultant, developer, and >> instructor >> Owner, Ars Machina Tecnologia da Informação Ltda. >> http://www.arsmachina.com.br >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >> For additional commands, e-mail: users-h...@tapestry.apache.org >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
