1
I am developing a fairly simple but widely distributed system that involves including use of Ejbs and other agents, which requires both Authentication and Authorization.
The system will initially consist of Spring+Hibernate+JSF+Jboss, I will be using initially for the process of identification and authorization Spring Security
Is it safe to rely exclusively on this Framework? What should I avoid or Watch to avoid surprises?
2
Delfino, you want to make sure that when choosing Spring Security for Authentication and Authorization, you won’t have problems in the future.
The answer is: Spring Security can perfectly meet your needs, and it is not necessary for any reason to use JAAS directly. You can trust him.
I did a lot of research looking for comparisons between Spring Security and JAAS, and found that both are excellent in their proposals, Spring, offering an excellent taglib.
Here’s a link from the official Spring Security documentation for JSF integration:
http://docs.spring.io/spring-webflow/docs/current-SNAPSHOT/reference/html/spring-faces.html
As for surprises, it’s hard to say, because it can depend a lot on the type of application Voce will be building, there are no perfect Frameworks, there can always be improvements, new features, and bugs in all frameworks. I recommend that you take a look at the Issues.
Issues:
I also took a look at the most critical current issues in the development of Spring Security, from a glance:
https://jira.spring.io/browse/SEC/? selectedTab=com.atlassian.jira.jira-Projects-plugin:issues-panel
Tips and Tricks for Spring Security
https://www.packtpub.com/books/content/spring-security-3-tips-and-tricks
Browser other questions tagged spring ejb spring-security
You are not signed in. Login or sign up in order to post.
Thank you Felipe, sorry for the delay in confirming your reply, was involved in another project in another language.
– Delfino