Group items tagged

"Java Authentication and Authorization Service, or JAAS, pronounced "Jazz", is a Java security framework for user-centric security to augment the Java code-based security. Since Java Runtime Environment 1.4 JAAS has been integrated with the JRE - previously JAAS was supplied as an extension library by Sun. JAAS's main goal is to separate the concerns of user authentication so that they may be managed independently."

Apache Shiro (pronounced "shee-roh", the Japanese word for 'castle') is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management and can be used to secure any application - from the command line applications, mobile applications to the largest web and enterprise applications. Shiro provides the application security API to perform the following aspects (I like to call these the 4 cornerstones of application security): Authentication - proving user identity, often called user 'login'. Authorization - access control Cryptography - protecting or hiding data from prying eyes Session Management - per-user time-sensitive state Shiro also supports some auxiliary features, such as web application security, unit testing, and multithreading support, but these exist to reinforce the above four primary concerns.

Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications Spring Security is one of the most mature and widely used Spring projects. Founded in 2003 and actively maintained by SpringSource since, today it is used to secure numerous demanding environments including government agencies, military applications and central banks. It is released under an Apache 2.0 license so you can confidently use it in your projects. Spring Security is also easy to learn, deploy and manage. Our dedicated security namespace provides directives for most common operations, allowing complete application security in just a few lines of XML. We also offer complete tooling integration in SpringSource Tool Suite, plus our Spring Roo rapid application development framework. The Spring Community Forum and SpringSource offer a variety of free and paid support services. Spring Security is also integrated with many other Spring technologies, including Spring Web Flow, Spring Web Services, SpringSource Enterprise, SpringSource Application Management Suite and SpringSource tc Server.

JDBC realm has a lot of attention in recent months. This blog summarizes the evolution of the JDBC realm implementation in GlassFish and explains how the latest implementation works. I would like to thank Jean-Baptiste, and Richter for their contributions and comments. The participation from the open source community definitely helps everyone. I encourage all of you to give feedback, participate, and help evolve this feature further. GlassFish always had the capability for anyone to plug-in a realm. Implementing a custom realm in the Sun Java System Application Server EE 8.0 is described in the article Authentication Using Custom Realms in Sun Java System Application Server. In S1AS 7.x, there is a JDBC Realm bundled in sample. Jean-Baptiste formally filed an enhancement and provided a clear text version of JDBCRealm for GlassFish. Richter wrote another implementation because the GlassFish JDBCRealm at that time not compatible with Tomcat.

"Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro's easy-to-understand API, you can quickly and easily secure any application - from the smallest mobile applications to the largest web and enterprise applications. We recommend you start with the 10 Minute Tutorial which gives you a feel for Shiro and its API. Then feel free to get started using Shiro in your own applications."

"Spring Social is an extension of the Spring Framework that allows you to connect your applications with Software-as-a-Service (SaaS) providers such as Facebook and Twitter. Features An extensible service provider framework that greatly simplifies the process of connecting local user accounts to hosted provider accounts. A connect controller that handles the authorization flow between your Java/Spring web application, a service provider, and your users. Java bindings to popular service provider APIs such as Facebook, Twitter, LinkedIn, TripIt, GitHub, and Gowalla. A sign-in controller that enable users to authenticate with your application by signing through a service provider. "

"This how-to is written in the hope that it will help souls in achieving basic LDAP login with Bonita User Experience, using EJB3. This how-to is written based on the thread at http://www.bonitasoft.org/forum/viewtopic.php?id=2397."