Is Oracle NOW fully supported by .NET entity framework?

Which Java security framework should we use?

• Hi, We are building an O&M framework in Java, which will support both web based GUI and console based CLI. Later, it will also be supported with GUI that can be accessed using handhelds (Andriod app etc). I need to decide on which open source java security framework to use for this product. My requirements are as follows: 1) The security framework should be container agnostic: I should be able to access it from J2EE servers, Tomcat web containers, POJO in J2SE etc 2) The security framework must provide authentication & role based authorization (RBAC) services 3) In some deployments, our operators may ask us to point to their LDAP servers for user credentials and roles, so LDAP support is required 4) Password strength control, Password ageing, Automatic lockout of account if not logged in for N days, Automatic password change enforcement every N days, Strong encryption support, Channel security, Single Sign On etc are all required features 5) The open source project must be active & well supported in forums and must adhere to latest security standards in practice 6) The security related data will be stored in various data stores namely HBase, Cassandra etc. So the security framework must be extensible to read data from different data stores (or be based on JPA etc) 7) I started looking at Spring Security. Not sure if it can meet requirement (1) and also I read some feedback that its very heavy and tough to use and also it can be used easily only with Spring Based apps. Our application is not Spring based 8) How about Apache Shiro? Does it meet all that I need above? Thanks in advance. MK

• Answer:

  Give http://shiro.apache.org/a try. Based on your requirements this is what i found the closest. From their documentation, these are few of the advantages: Easy To Use - Ease of use is the project’s ultimate goal. Application security can be extremely confusing and frustrating and thought of as a ‘necessary evil’. If you make it so easy to use that novice programmers can start using it, it doesn’t have to be painful anymore. Comprehensive - There is no other security framework with the breadth of scope that Apache Shiro claims, so it can likely be your ‘one stop shop’ for your security needs. Flexible - Apache Shiro can work in any application environment. While it works in web, EJB, and IoC environments it does not require them. Nor does Shiro mandate any specification or even have many dependencies. Web Capable - Apache Shiro has fantastic web application support, allowing you to create flexible security policies based on application URLs and web protocols (e.g. REST), while also providing a set of JSP libraries to control page output. Pluggable - Shiro’s clean API and design patterns make it easy to integrate with many other frameworks and applications. You’ll see Shiro integrated seamlessly with frameworks like Spring, Grails, Wicket, Tapestry, Mule, Apache Camel, Vaadin, and many others. Supported - Apache Shiro is part of the http://www.apache.org/, an organization proven to act in the best interest of its community. The project development and user groups have friendly citizens ready to help. Commercial companies like http://www.katasoft.com/ also provide professional support and services if desired.