Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security enhancements #10

Open
juliencruz opened this issue Nov 29, 2014 · 2 comments
Open

Security enhancements #10

juliencruz opened this issue Nov 29, 2014 · 2 comments
Labels
enhancement

Comments

@juliencruz
Copy link
Contributor

The existing Shiro authentication mechanism should be improved with the following features to enhance security:

  • Lock user account after providing an incorrect password a specific number of times in a given time window.
  • Allow custom realm implementations to provide a custom dao implementation to create/edit/retrieve user accounts. This is necessary to support using custom implementations which store user data such as LDAP and Active Directory.
  • Add support for user account pictures in the user service
@christopherlakey
Copy link
Contributor

Optional Gravatar support might be easier to providing a full account pictures service.

https://en.gravatar.com/

There are also a couple of open-source clones of Gravatar.

@christopherlakey
Copy link
Contributor

It is possible to register multiple shiro realms so that one can provide authentication and the other can provide authorization. This makes it possible to mix an ldap realm for identity and authentication and a local permission store for authorization.

This might remove the need to create a custom dao.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@christopherlakey @juliencruz