lmco / streamflow

StreamFlow™ is a stream processing tool designed to help build and monitor processing workflows.
https://github.com/lmco/streamflow/wiki
Apache License 2.0
253 stars 69 forks source link

Security enhancements #10

Open juliencruz opened 9 years ago

juliencruz commented 9 years ago

The existing Shiro authentication mechanism should be improved with the following features to enhance security:

christopherlakey commented 9 years ago

Optional Gravatar support might be easier to providing a full account pictures service.

https://en.gravatar.com/

There are also a couple of open-source clones of Gravatar.

christopherlakey commented 9 years ago

It is possible to register multiple shiro realms so that one can provide authentication and the other can provide authorization. This makes it possible to mix an ldap realm for identity and authentication and a local permission store for authorization.

This might remove the need to create a custom dao.