...
Rather than continually modifying the legacy authentication and authorization code in DSpace, we should adopt a 3rd-part framework to provide these same services to the DSpace applications. This will hopefully strengthen our authentication and authorization code, and allow our work in this area to help other projects with similar needs.
This proposal was discussed at the DSpace Developers' Meeting on 2014-02-19
Background
Prior discussion of AuthZ here:
https://wiki.duraspace.org/display/DSPACE/AuthorisationSystem
...
framework | pro | con | notes |
---|---|---|---|
Apache Shiro | large community, used by Fedora Futures | ||
JAAS | currently used by Fedora Commons 3.x | ||
Spring Security | we already use other parts of Spring |
...