j2ee implementing security and using a framwork pros and cons
- by Ismail Marmoush
I'm a newbie to j2ee security, and i'm not j2ee expert either, though i'm really willing to put some effort and learn I've an application that i'm about to develop on Google App Engine (GAE) --with no time constraints. As you know GAE handles a lot of web container security issues for you, also
I will be using openID for authentication exclusively (sessions will be handled by provider).
GAE supports SSL which will help with confidentiality and integrity maybe.
Authorization can be done through filters.
I know reinventing the wheel is a mess, but I was looking forward to learn something about security and implement that in my new app.
so what the pros and cons of using a framework like shiro, spring security, jguard etc or filling the rest of gaps on my own ?