I'm working on a new JBOSS JEE application. We want to share JSON services (REST near philosophy).
My question is about authentication, we need to cover multiple authentication(LDAP, Custom database and others private module)
For example :
- /authentication/directory1 --> will call a LDAP
- /authentication/directory2 --> will call a custom database (and not the LDAP)
- /authentication/directory3 --> maybe an other directory
I was hoping to do this with JEE security but if I configure a realm, I can't choose realm by URI...
So, after many search on Internet, I found:
- JAAS --> Seems to do my job but a bit odd to configure? Httpservletrequest doesn't work with it. So I need to do authentication, authorization by implement an interceptor.
- Picketlink --> Framework seems to work well and they have merged with keycloak.
- Apache shiro --> no idea about this one, it seems to do the job.
- Spring security --> Too many configurations, and I don't know well spring
What do you think for a scalable application? What is the best according to you?
Thanks for your advice!
Aucun commentaire:
Enregistrer un commentaire