Skip to main content

Home/ SoftwareEngineering/ Group items tagged apache

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

Security Module Drafts - Apache DeltaSpike - Apache Software Foundation - 0 views

cwiki.apache.org/...Security+Module+Drafts

ApacheDeltaSpike

shared by kuni katsuya on 16 Aug 12 - No Cached
  • Authorization
  • Impersonalization
    • kuni katsuya
      kuni katsuya on 16 Aug 12
       
      impersonation
  • authenticates “as a user” or access application imitating his identity - without knowing his password
  • ...36 more annotations...
  • elements of the user interface are displayed to the user based on the user's privilege level
  • assign permissions to individual objects within the application’s business domain
    • kuni katsuya
      kuni katsuya on 16 Aug 12
       
      individual objects == instances
  • Permissions
  • Permissions assigned to user for a given resource in the tree are inherited by other resources
  • Permissions are inherited
  • persist user, group and role information in database. JPA implementation is his dream
  • Security Module Drafts
  • Identity
  • interface Identity
  • login()
  • logout()
  • getUser()
  • Events LoggedInEvent LoginFailedEvent AlreadyLoggedInEvent PreLoggedOutEvent PostLoggedOutEvent PreAuthenticateEvent PostAuthenticateEvent
  • Object level permission
  • Grant or revoke permissions
  • Group management
  • User/Identity management
  • identity.hasRole
  • identity.hasPermission
  • Permissions model
  • Identity Management (IDM)
  • User, Group and Role
  • Events
  • hooks for common IDM or Security operations
  • Audit and logging for permission and IDM related changes
  • Event API.
  • Impersonalization
  • Impersonalization
  • control which elements of the user interface are displayed to the user based on their assigned permissions
  • ask for permission
  • without need to obtain object from DB
  • String resourceId
  • structure of resources
  • more advanced security resolution mechanisms
  • Rules based engine
  • external services - XACML
kuni katsuya

java - Getting confused with Apache Shiro and Custom Authorizing Realms - Stack Overflow - 0 views

stackoverflow.com/...-and-custom-authorizing-realms

security ApacheShiro realm RealmSecurityManager SecurityManager authorization AuthorizationInfo

shared by kuni katsuya on 22 Sep 12 - No Cached
  • getRealms()
  • RealmSecurityManager
  • authorization is effectively disabled due to the default doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection) implementation returning null
kuni katsuya

Apache Camel: Shiro Security - 0 views

camel.apache.org/shiro-security.html

security ApacheShiro ApacheCamel

shared by kuni katsuya on 03 Jun 13 - No Cached
  • Shiro Security Component
  • Available as of Camel 2.5
kuni katsuya

Session Management | Apache Shiro - 0 views

shiro.apache.org/session-management.html

java security authentication authorization ApacheShiro SessionManagement session

shared by kuni katsuya on 04 Oct 12 - No Cached
  • available in any application,
  • regardless of container.
  • even if you deploy your application in a Servlet or EJB container, there are still compelling reasons to use Shiro's Session support instead of the container's
  • ...40 more annotations...
  • Easy Custom Session Storage
  • POJO/J2SE based (IoC friendly)
  • Container-Independent Clustering!
  • Heterogeneous Client Access
  • Event Listeners
  • listen to lifecycle events during a session's lifetime
  • Host Address Retention
  • retain the IP address or host name of the host from where the session was initiated
  • Inactivity/Expiration Support
  • can be prolonged via a touch() method to keep them 'alive' if desired
  • Transparent Web Use
  • can use Shiro sessions in existing web applications and you
  • don't need to change any of your existing web cod
  • Can be used for SSO
  • easily stored in any data source
  • can be
  • 'shared'
  • across applications if needed
  • 'poor man's SSO'
  • simple sign-on experience since the shared session can retain authentication state
  • interface-based and implemented with POJOs
  • allows you to easily configure all session components with any JavaBeans-compatible configuration format, like JSON, YAML
  • easily extend
  • customize session management functionality
  • session data can be easily stored in any number of data sources
  • easily clustered using any of the readily-available networked caching products
  • no matter what container you deploy to, your sessions will be clustered the same way
  • No need for container-specific configuration!
  • Shiro sessions can be 'shared' across various client technologies
  • listen for these events and react to them for custom application behavior
  • SecurityUtils.getSubject()
  • currentUser.getSession()
  • If the Subject already has a Session, the boolean argument is ignored and the Session is returned immediately
  • If the Subject does not yet have a Session and the create boolean argument is true,
  • a new session will be created
  • and returned.
  • If the Subject does not yet have a Session and the create boolean argument is false, a new session will not be created and null is returned.
  • Suject.getSession(boolean create)
  • method functions the same way as the
  • HttpServletRequest.getSession(boolean create) method:
    • kuni katsuya
      kuni katsuya on 04 Oct 12
kuni katsuya

Apache Geronimo : Index - 0 views

geronimo.apache.org

javaee javaee5

shared by kuni katsuya on 28 May 12 - Cached
  • fully certified Java EE 5 application server
kuni katsuya

Terminology | Apache Shiro - 0 views

shiro.apache.org/terminology.html

ApacheShiro shiro security terminology

shared by kuni katsuya on 24 Aug 12 - No Cached
  • . Role
  • Role as simply a named collection of Permissions
  • This is a more concrete definition than the implicit one used by many applications
  • ...4 more annotations...
  • Permission
  • A Permission is only a statement of behavior, nothing more.
  • a statement that describes raw functionality in an application and nothing more
  • define only "What" the application can do
kuni katsuya

Rejection of Social Media API by JCP Expert Group Members Sparks Debate On Innovation - 0 views

www.infoq.com/...jcp-rejects-social-api

SeamSocial SocialMediaApi jsr-357

shared by kuni katsuya on 01 Sep 12 - No Cached
  • Rejection of Social Media API by JCP Expert Group Members Sparks Debate On Innovation
  • JCP rejected JSR 357 (Social Media API) in an 8 to 5 vote
  • criticised it for being too broad in scope and not taking sufficient account of security and the mobile space
  • ...11 more annotations...
  • JSR was voted down for four reasons
  • 1) New JSR type
  • 2) Too soon
  • 3) No real Proof of concept
  • 4) Not enough preparation
  • Seam Social
  • DaliCore
  • Apache Rave
  • eXo Social
  • Spring Social
  • Twitter4J
kuni katsuya

How to get EntityManager in a Apache Shiro Realm | OpenShift by Red Hat - 0 views

openshift.redhat.com/...anager-in-a-apache-shiro-realm

ApacheShiro EntityManager Realm PersistenceContext

shared by kuni katsuya on 29 Aug 12 - No Cached
kuni katsuya

Mirror/deltaspike at master · DeltaSpike/Mirror · GitHub - 0 views

github.com/...deltaspike

ApacheDeltaSpike github CDI CdiExtensions ReleaseNotes

shared by kuni katsuya on 16 Sep 12 - No Cached
  • CDI Extensions Project
  • best mature features of
  • JBoss Seam3
  • ...27 more annotations...
  • Apache MyFaces CODI
  • other CDI Extensions projects.
  • container agnostic
  • different containers get activated via
  • Maven Profiles
  • CDI container integration via
  • Arquillian
  • Building Apache DeltaSpike
  • DeltaSpike-0.3
  • Release Notes
  • [DELTASPIKE-62] - Discuss security module
  • [DELTASPIKE-74] - unit and integration tests for @Secured
  •  [DELTASPIKE-75] - documentation for @Secured
  • [DELTASPIKE-78] - review and discuss Authentication API
  •  [DELTASPIKE-77] - review and discuss Identity API
  • [DELTASPIKE-79] - review and discuss Authorization API
  • [DELTASPIKE-81] - review and discuss Identity Management
  • [DELTASPIKE-82] - review and discuss external authentication
  • [DELTASPIKE-176] - unit and integration tests for @Transactional
  • [DELTASPIKE-177] - documentation for @Transactional
  •  [DELTASPIKE-179] - unit and integration tests for @TransactionScoped
  • [DELTASPIKE-175] - @Transactional for EntityTransaction
  •  [DELTASPIKE-178] - @TransactionScoped
  •  [DELTASPIKE-190] - Create ConfigurableDataSource
  • [DELTASPIKE-219] - @Transactional for JTA UserTransaction
  • [DELTASPIKE-230] - Fallback stragtegy for resource bundles and locales
  •   [DELTASPIKE-223] - Add convention for @MessageResource annotated types.
kuni katsuya

Realm | Apache Shiro - 0 views

shiro.apache.org/realm.html

Shiro Realm

shared by kuni katsuya on 09 Aug 12 - No Cached
  • A Realm is a component that can access application-specific security data such as users, roles, and permissions. The Realm translates this application-specific data into a format that Shiro understands so Shiro can in turn provide a single easy-to-understand Subject programming API no matter how many data sources exist or how application-specific your data might be.
  • A Realm is essentially a security-specific DAO
kuni katsuya

Cryptography Features | Apache Shiro - 0 views

shiro.apache.org/cryptography-features.html

Shiro cryptography features

shared by kuni katsuya on 09 Aug 12 - No Cached
  • Hash Features
  • Deault interface implementations - Shiro provides default Hash (aka Message Digests in the JDK) implementations out-of-the-box, such as MD5, SHA1, SHA-256
  • Built-in Hex and Base64 conversion - Shiro Hash instances can automatically provide Hex and Base-64 encoding of hashed data via their toHex() and toBase64() methods
  • ...1 more annotation...
  • Built-in Salt and repeated hashing support
« First ‹ Previous 41 - 60 of 103 Next › Last »
Showing 20 items per page