Quantcast

Security Changes - Switched to Shiro

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Security Changes - Switched to Shiro

Brian Demers-2
We have been talking about it for a while.  We upgraded from JSecurity to Shiro.  Shiro is the new project name for JSecurity and has been moved under the ASF's wing.  Also, Shiro was just promoted out of the incubator.  Check it out at: http://incubator.apache.org/shiro/  (This URL will change soon i assume to shiro.apache.org, once the infrastructure has changed.

We have also made a few other changes.

What this means to you:

  • Package names have changes org.jsecurity  to org.apache.shiro 

  • Realms need handle the doGetAuthorization method now.  Shiro is able to handle this.  Realm implementers just need to return the list of roles/group the user belongs to, Nexus can handle mapping those to permissions.

  • Our user object has a first name and last name fields, for migration we split on the first space. ( there is no other accurate way to do this, and it has very little downside)

  • Users will only be able to be authorized against the realm they authenticated with.  
           -This was only an issue for people with multiple directories with duplicate user Id.  ( this should not impact anyone )

  • We are dropping support for the Legacy Realm Adapter.


Most changes should be trivial ( an "organize imports" in your IDE ) and adding a doGetAuthorization method in your realm, you don't have one already.


Any question please, respond to this thread.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Security Changes - Switched to Shiro

justzzzz
Is this targeted at Nexus 1.9.0? or are you making the jump to 2.0?

On Wed, Oct 6, 2010 at 10:09 AM, Brian Demers <[hidden email]> wrote:

> We have been talking about it for a while.  We upgraded from JSecurity to
> Shiro.  Shiro is the new project name for JSecurity and has been moved under
> the ASF's wing.  Also, Shiro was just promoted out of the incubator.  Check
> it out at: http://incubator.apache.org/shiro/  (This URL will change soon i
> assume to shiro.apache.org, once the infrastructure has changed.
>
> We have also made a few other changes.
>
> What this means to you:
>
> Package names have changes org.jsecurity  to org.apache.shiro
>
> Realms need handle the doGetAuthorization method now.  Shiro is able to
> handle this.  Realm implementers just need to return the list of roles/group
> the user belongs to, Nexus can handle mapping those to permissions.
>
> Our user object has a first name and last name fields, for migration we
> split on the first space. ( there is no other accurate way to do this, and
> it has very little downside)
>
> Users will only be able to be authorized against the realm they
> authenticated with.
>
>            -This was only an issue for people with multiple directories with
> duplicate user Id.  ( this should not impact anyone )
>
> We are dropping support for the Legacy Realm Adapter.
>
> Most changes should be trivial ( an "organize imports" in your IDE ) and
> adding a doGetAuthorization method in your realm, you don't have one
> already.
>
> Any question please, respond to this thread.
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Security Changes - Switched to Shiro

Brian Demers-2
At this point the planned version is 1.9

On Wed, Oct 6, 2010 at 7:19 PM, Justin Edelson <[hidden email]> wrote:

> Is this targeted at Nexus 1.9.0? or are you making the jump to 2.0?
>
> On Wed, Oct 6, 2010 at 10:09 AM, Brian Demers <[hidden email]> wrote:
>> We have been talking about it for a while.  We upgraded from JSecurity to
>> Shiro.  Shiro is the new project name for JSecurity and has been moved under
>> the ASF's wing.  Also, Shiro was just promoted out of the incubator.  Check
>> it out at: http://incubator.apache.org/shiro/  (This URL will change soon i
>> assume to shiro.apache.org, once the infrastructure has changed.
>>
>> We have also made a few other changes.
>>
>> What this means to you:
>>
>> Package names have changes org.jsecurity  to org.apache.shiro
>>
>> Realms need handle the doGetAuthorization method now.  Shiro is able to
>> handle this.  Realm implementers just need to return the list of roles/group
>> the user belongs to, Nexus can handle mapping those to permissions.
>>
>> Our user object has a first name and last name fields, for migration we
>> split on the first space. ( there is no other accurate way to do this, and
>> it has very little downside)
>>
>> Users will only be able to be authorized against the realm they
>> authenticated with.
>>
>>            -This was only an issue for people with multiple directories with
>> duplicate user Id.  ( this should not impact anyone )
>>
>> We are dropping support for the Legacy Realm Adapter.
>>
>> Most changes should be trivial ( an "organize imports" in your IDE ) and
>> adding a doGetAuthorization method in your realm, you don't have one
>> already.
>>
>> Any question please, respond to this thread.
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Loading...