I see - should have said I assume you are using CMA. I'm biased of course, but when ever I've used CMA, I've found it too cumbersome and limiting.
Kalle On Wed, Jun 1, 2011 at 2:03 PM, Lenny Primak <lpri...@hope.nyc.ny.us> wrote: > Thanks! I am not using CMA actually, it is JSP home-grown security, > which I am looking to replace. > In your opinion, should I look use CMA or go with tynamo & shiro? > I guess I can do a bake-off but I would rather not. > > On Jun 1, 2011, at 4:29 PM, Kalle Korhonen wrote: > >> The big three for Java are CMA (Container Managed Authentication) >> which you are using, Spring Security (ex-Acegi Security, Tapestry >> integration provided by tapestry-spring-security module) and Apache >> Shiro (ex-JSecurity, Tapestry integration provided by Tynamo's >> tapestry-security). I've spent more time with all of them that I care >> to admit, and I've moved through them in that order in search of more >> flexible security framework that allows me to do what I want without >> getting in the way. Shiro is by no means perfect (which is why I >> signed up as a committer) but from my experience, by far the most >> flexible. For OpenId and Oauth there are several projects available >> and you can piecemeal it together to your home-grown security >> framework or CMA if you really wanted to, but I wouldn't recommend. >> >> Kalle >> >> >> On Wed, Jun 1, 2011 at 12:40 PM, Lenny Primak <lpri...@hope.nyc.ny.us> wrote: >>> Thanks guys I'll definitely look at tynamo security. >>> There is a lot of homegrown code in our implementation that feels like it >>> should be a part of a framework that's already been written. I guess that >>> tynamo security is that framework. >>> >>> Anything else I should be l should be looking at in this space? Perhaps >>> not necessarily tapestry related? >>> >>> >>> On Jun 1, 2011, at 2:11 PM, "Thiago H. de Paula Figueiredo" >>> <thiag...@gmail.com> wrote: >>> >>>> On Wed, 01 Jun 2011 14:33:47 -0300, Lenny Primak <lpri...@hope.nyc.ny.us> >>>> wrote: >>>> >>>>> My current project is to refresh a client's web site using tapestry. The >>>>> web site currently uses JSP. We have a JEE/web service backend that uses >>>>> JPA/EJB3.1 which we will continue to use. >>>>> We now have a JEE based authorization service API based on plain method >>>>> calls now. >>>>> What we want is to keep the current login scheme and add LDAP and >>>>> possibly Facebook ID and openid. >>>> >>>> For using Facebook ID and OpenID, check >>>> http://tynamo.org/tynamo-federatedaccounts+guide. Beyond that, I can't see >>>> why using the existing API in Tapestry would be different from your >>>> existing code, besides that Tapestry templates don't allow code >>>> (scriptlets). I'd suggest you to build some components to encapsulate >>>> common scenarios (something like a IfUserHasPermission component), maybe a >>>> couple mixins, and using the ComponentRequestFilter and/or RequestFilter >>>> pipelines for cross-page logic. >>>> >>>> -- >>>> Thiago H. de Paula Figueiredo >>>> Independent Java, Apache Tapestry 5 and Hibernate consultant, developer, >>>> and instructor >>>> Owner, Ars Machina Tecnologia da Informação Ltda. >>>> http://www.arsmachina.com.br >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >>>> For additional commands, e-mail: users-h...@tapestry.apache.org >>>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >>> For additional commands, e-mail: users-h...@tapestry.apache.org >>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >> For additional commands, e-mail: users-h...@tapestry.apache.org >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
