headers
Les Hazlewood (JIRA | 1 Apr 2011 19:52
Picon
Favicon

[jira] [Created] (SHIRO-280) Create a PasswordService to automate user password management techniques

Create a PasswordService to automate user password management techniques
------------------------------------------------------------------------

                 Key: SHIRO-280
                 URL: https://issues.apache.org/jira/browse/SHIRO-280
             Project: Shiro
          Issue Type: New Feature
          Components: Cryptography & Hashing
            Reporter: Les Hazlewood

While Shiro's hash support is great for both password hashing and general purpose hashing, when hashing
passwords, some common techniques and strategies are often used to ensure a consistently strong
password management experience.  These techniques are currently implemented by the application
developer however, which means that 1) they have to design a secure strategy and 2) implement it
themselves using Shiro's Hash mechanisms.

It'd be much nicer if Shiro provided, say, a PasswordService interface and implementations that
implement what the community feels are best practices that can be used out-of-the-box so 1) and 2) don't
need to be repeated on a per-app basis.

This is probably related to SHIRO-213 as well.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
Permalink | Reply | 3 comments |
headers
Les Hazlewood (JIRA | 3 Apr 2011 05:19
Picon
Favicon

[jira] [Created] (SHIRO-281) Create DAO Exception Hierarchy and Exception Translator mechanism

Create DAO Exception Hierarchy and Exception Translator mechanism
-----------------------------------------------------------------

                 Key: SHIRO-281
                 URL: https://issues.apache.org/jira/browse/SHIRO-281
             Project: Shiro
          Issue Type: New Feature
            Reporter: Les Hazlewood
            Assignee: Les Hazlewood

Per this mailing list thread:

http://shiro-developer.582600.n2.nabble.com/DAO-exception-hierarchy-td6057981.html

Shiro does not currently distinguish between problems associated with the
authentication/authorization workflow and orthogonal problems with the data resources themselves
(connections, timeouts, invalid schema, etc).

By providing a DataAccessException hierarchy, Shiro users (and other frameworks) can distinguish
between end-user related problems and resource/configuration related problems.

Furthermore, a Translation mechanism would allow conversion of API-specific exceptions into
DataAccessExceptions (and vice versa).

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
Permalink | Reply | 0 comments |
headers
Cristiano Gavião (JIRA | 5 Apr 2011 22:41
Picon
Favicon

[jira] [Commented] (SHIRO-274) Apache Karaf Features File


    [
https://issues.apache.org/jira/browse/SHIRO-274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13016108#comment-13016108
] 

Cristiano Gavião commented on SHIRO-274:
----------------------------------------

Well strange, I could swear that I had clicked on watch button... but I've not received any email from any comments.

I've delete my maven repository and tried again..

Everything is ok as stated by Andreas !!  thanks.

cheers

Cristiano

> Apache Karaf Features File
> --------------------------
>
>                 Key: SHIRO-274
>                 URL: https://issues.apache.org/jira/browse/SHIRO-274
>             Project: Shiro
>          Issue Type: New Feature
>            Reporter: Andreas Pieber
>            Assignee: Les Hazlewood
>             Fix For: 1.2.0
>
>         Attachments: karaf-features.patch
(Continue reading)

Permalink | Reply | 1 comment |
headers
Les Hazlewood (JIRA | 8 Apr 2011 20:46
Picon
Favicon

[jira] [Created] (SHIRO-282) Create ByteSource.Util inner class for creating ByteSource instances

Create ByteSource.Util inner class for creating ByteSource instances
--------------------------------------------------------------------

                 Key: SHIRO-282
                 URL: https://issues.apache.org/jira/browse/SHIRO-282
             Project: Shiro
          Issue Type: New Feature
            Reporter: Les Hazlewood
            Assignee: Les Hazlewood
             Fix For: 1.2.0

It would be a little cleaner/nicer to have a nested ByteSource.Util inner class that constructs
ByteSource instances instead of having to know the ByteSource implementation class to use.

90% of end-users could use this Util class instead of needing to know to look for the SimpleByteSource implementation.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
Permalink | Reply | 2 comments |
headers
Les Hazlewood (JIRA | 8 Apr 2011 20:59
Picon
Favicon

[jira] [Resolved] (SHIRO-282) Create ByteSource.Util inner class for creating ByteSource instances


     [
https://issues.apache.org/jira/browse/SHIRO-282?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Les Hazlewood resolved SHIRO-282.
---------------------------------

    Resolution: Fixed

> Create ByteSource.Util inner class for creating ByteSource instances
> --------------------------------------------------------------------
>
>                 Key: SHIRO-282
>                 URL: https://issues.apache.org/jira/browse/SHIRO-282
>             Project: Shiro
>          Issue Type: New Feature
>            Reporter: Les Hazlewood
>            Assignee: Les Hazlewood
>             Fix For: 1.2.0
>
>
> It would be a little cleaner/nicer to have a nested ByteSource.Util inner class that constructs
ByteSource instances instead of having to know the ByteSource implementation class to use.
> 90% of end-users could use this Util class instead of needing to know to look for the SimpleByteSource implementation.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
(Continue reading)

Permalink | Reply | 0 comments |
headers
Les Hazlewood (JIRA | 8 Apr 2011 21:03
Picon
Favicon

[jira] [Assigned] (SHIRO-73) Add Authenticating Cache to AuthenticatingRealm


     [
https://issues.apache.org/jira/browse/SHIRO-73?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Les Hazlewood reassigned SHIRO-73:
----------------------------------

    Assignee: Les Hazlewood

> Add Authenticating Cache to AuthenticatingRealm
> -----------------------------------------------
>
>                 Key: SHIRO-73
>                 URL: https://issues.apache.org/jira/browse/SHIRO-73
>             Project: Shiro
>          Issue Type: Improvement
>         Environment: Any
>            Reporter: Toby Stevens
>            Assignee: Les Hazlewood
>
> Stateless clients would benefit from an authentication cache.
> For example if a stateless client may make several authentication requests within a few seconds.
> Ideally the cache timeouts would be different.  For example i might want to sent the Authentication cache
to 30 seconds, but the Authorization cache to longer.
> (From previous email to Les)
> I created a Realm that authenticates against a URL, if the user has
> access.  The problem is that we have a stateless client [maven2] that
> connects to our server[Nexus], and needs to authenticate each time.
> This means the same user needs to authenticate 9+ times in a few
> seconds (for a single task).
(Continue reading)

Permalink | Reply | 0 comments |
headers
Les Hazlewood | 9 Apr 2011 03:05
Picon
Favicon

Re: RESTful support - feedback appreciated

Hi all,

An initial implementation for Authentication Caching (with copious
amounts of JavaDoc to clarify security + caching-related concerns) has
been committed to trunk.  Unit tests for the AuthenticatingRealm and
its parent class are now at 100% method and line coverage, so I feel
pretty comfortable recommending people to try it out.

For those up for peer review, I'd appreciate any feedback you may have!

http://svn.apache.org/viewvc/shiro/trunk/core/src/main/java/org/apache/shiro/realm/AuthenticatingRealm.java?view=markup

Cheers,

--

-- 
Les Hazlewood
Founder, Katasoft, Inc.
Application Security Products & Professional Apache Shiro Support and Training:
http://www.katasoft.com
Permalink | Reply | 2 comments |
headers
Les Hazlewood | 9 Apr 2011 03:15
Picon
Favicon

Re: RESTful support - feedback appreciated

P.S. A good starting point after reading the top class-level JavaDoc
is to look at the getAuthenticationInfo method implementation (line
561).

HTH,

Les

On Fri, Apr 8, 2011 at 6:05 PM, Les Hazlewood <lhazlewood@...> wrote:
> Hi all,
>
> An initial implementation for Authentication Caching (with copious
> amounts of JavaDoc to clarify security + caching-related concerns) has
> been committed to trunk.  Unit tests for the AuthenticatingRealm and
> its parent class are now at 100% method and line coverage, so I feel
> pretty comfortable recommending people to try it out.
>
> For those up for peer review, I'd appreciate any feedback you may have!
>
> http://svn.apache.org/viewvc/shiro/trunk/core/src/main/java/org/apache/shiro/realm/AuthenticatingRealm.java?view=markup
>
> Cheers,
>
> --
> Les Hazlewood
> Founder, Katasoft, Inc.
> Application Security Products & Professional Apache Shiro Support and Training:
> http://www.katasoft.com
(Continue reading)

Permalink | Reply | 1 comment |
headers
Les Hazlewood (JIRA | 12 Apr 2011 02:49
Picon
Favicon

[jira] [Updated] (SHIRO-73) Add Authentication Caching to AuthenticatingRealm


     [
https://issues.apache.org/jira/browse/SHIRO-73?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Les Hazlewood updated SHIRO-73:
-------------------------------

    Issue Type: New Feature  (was: Improvement)
       Summary: Add Authentication Caching to AuthenticatingRealm  (was: Add Authenticating Cache to AuthenticatingRealm)

> Add Authentication Caching to AuthenticatingRealm
> -------------------------------------------------
>
>                 Key: SHIRO-73
>                 URL: https://issues.apache.org/jira/browse/SHIRO-73
>             Project: Shiro
>          Issue Type: New Feature
>         Environment: Any
>            Reporter: Toby Stevens
>            Assignee: Les Hazlewood
>
> Stateless clients would benefit from an authentication cache.
> For example if a stateless client may make several authentication requests within a few seconds.
> Ideally the cache timeouts would be different.  For example i might want to sent the Authentication cache
to 30 seconds, but the Authorization cache to longer.
> (From previous email to Les)
> I created a Realm that authenticates against a URL, if the user has
> access.  The problem is that we have a stateless client [maven2] that
> connects to our server[Nexus], and needs to authenticate each time.
> This means the same user needs to authenticate 9+ times in a few
(Continue reading)

Permalink | Reply | 0 comments |
headers
Les Hazlewood (JIRA | 12 Apr 2011 02:51
Picon
Favicon

[jira] [Commented] (SHIRO-73) Add Authentication Caching to AuthenticatingRealm


    [
https://issues.apache.org/jira/browse/SHIRO-73?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13018651#comment-13018651
] 

Les Hazlewood commented on SHIRO-73:
------------------------------------

I implemented this feature to trunk over the weekend - 100% test coverage for methods and lines in
AuthenticatingRealm and its parent class.  Please try it out!

> Add Authentication Caching to AuthenticatingRealm
> -------------------------------------------------
>
>                 Key: SHIRO-73
>                 URL: https://issues.apache.org/jira/browse/SHIRO-73
>             Project: Shiro
>          Issue Type: New Feature
>         Environment: Any
>            Reporter: Toby Stevens
>            Assignee: Les Hazlewood
>
> Stateless clients would benefit from an authentication cache.
> For example if a stateless client may make several authentication requests within a few seconds.
> Ideally the cache timeouts would be different.  For example i might want to sent the Authentication cache
to 30 seconds, but the Authorization cache to longer.
> (From previous email to Les)
> I created a Realm that authenticates against a URL, if the user has
> access.  The problem is that we have a stateless client [maven2] that
> connects to our server[Nexus], and needs to authenticate each time.
(Continue reading)

Permalink | Reply | 0 comments |

Gmane