blob: 5f3a826bc6bb2015ee4fd051e977df3202617927 [file] [log] [blame]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<TITLE>OSBP Authentication Bundle Overview</TITLE>
The <b>OSBP Authentication Bundle</b> implements the functionality needed for an application to identify a user.<br>
This is done by using the features of the Apache Shiro framework.
The following excerpt from the Shiro feature list gives an overview of the capabilities of Shiro:
<li>The easiest to understand Java Security API anywhere. Class and Interface names are intuitive and make sense. Anything is pluggable but good defaults exist for everything.<br></li>
<li>Support authentication ('logins') across one or more pluggable data sources (LDAP, JDBC, ActiveDirectory, etc).<br></li>
<li>Perform authorization ('access control') based on roles or fine-grained permissions, also using pluggable data sources.<br></li>
<li>First-class caching support for enhanced application performance.<br></li>
<li>Built-in POJO-based Enterprise Session Management. Use in both web and non-web environments or in any environment where Single Sign On (SSO) or clustered or distributed sessions are desired.<br></li>
<li>Heterogeneous client session access. You are no longer forced to use only the httpSession or Stateful Session Beans, which often unnecessarily tie applications to specific environments. Flash applets, C# applications, Java Web Start, and Web Applications, etc. can now all share session state regardless of deployment environment.<br></li>
<li>Simple Single Sign-On (SSO) support piggybacking the above Enterprise Session Management. If sessions are federated across multiple applications, the user's authentication state can be shared too. Log in once to any application and the others all recognize that log-in.<br></li>
<li>Secure data with the easiest possible Cryptogrpahy APIs available, giving you power and simplicity beyond what Java provides by default for ciphers and hashes.<br></li>
<li>An incredibly robust yet low-configuration web framework that can secure any url or resource, automatically handle logins and logouts, perform Remember Me services, and more.<br></li>
<li>Extremely low number of required dependencies. Standalone configuration requires only slf4j-api.jar and one of slf4j's binding .jars. Web configuration additionally requires commons-beanutils-core.jar. Feature-based dependencies (Ehcache caching, Quartz-based Session validation, Spring dependency injection, etc.) can be added when needed.<br></li>
For details about shiro check out <a href="" >the Shiro homepage</a>
<h4>The Class Diagram</h4>
<img src="org/eclipse/osbp/authentication/doc-files/model.png" alt="The Class Dependency Graph">