THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
| Info |
|---|
This page contains topics supporting ongoing discussion at dev@syncope.apache.org. |
Tracked as SYNCOPE-699.
| Table of Contents | ||
|---|---|---|
|
Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application – from the smallest mobile applications to the largest web and enterprise applications.
In the following an integration proposal with Shiro, for improved authentication and authorization handling, is outlined.
...
- introduce session management
- avoid checking the internal storage for each and every operation
- make the upgrade from basic to digest authentication cost-effective
- bonus 1: clustering support is there
- bonus 2: separate session store concept is available, for scaling
- keep annotation-based authorization
- design better integration between core (currently session-less) and console (where session is defined instead), especially with the perspective of having more clients (CLI and end-user)
- leverage the "Run As" feature for implementing delegation (SYNCOPE-129)
- prepare for OAuth 2.0 provider implementation