We are creating an O&M framework in Java that will support both the web interface and the CLI console interface. Later it will also be supported by a graphical interface, which can be accessed using handheld computers (Andriod application, etc.). I need to decide which open source Java security framework to use for this product.
My requirements are as follows:
The security framework should be agmatic for the container: I should have access to it from Java EE servers, Tomcat web containers, POJO in Java SE, etc.
Security frameworks must provide role-based authorization and support (RBAC) services
In some deployments, our operators may ask us to point to their LDAP servers for credentials and user roles, so LDAP support is required
Password strength control, password aging, automatic account blocking if not logged in for N days, automatic forced password change every N days, strong encryption support, channel security, single sign-on, etc. - all necessary functions
An open source project must be proactive and well supported in forums and must adhere to the latest security standards in practice.
Security-related data will be stored in various data warehouses, namely HBase, Cassandra, etc. Thus, the security structure must be extensible to read data from different data stores (or based on JPA, etc.)
/ li>I started looking for Spring Security. Not sure if it can satisfy the requirements of (1), and also I read some reviews that are very heavy and difficult to use, and can be easily used only with Spring applications. Our application is not based on Spring
What about Apache Shiro? Does it fit all I need?
java security spring-security
MK
source share