I've been looking at 375 / Soteria on and off for a little while, trying to
gauge how to incorporate these bits into Apache Shiro.
Particularly, I've been confused about the identity store annotations, for
example the usage of @LdapIdentityStoreDefinition
https://github.com/javaee-security-spec/soteria/blob/
master/test/app-ldap2/src/main/java/org/glassfish/
soteria/test/Servlet.java#L16-L22
This seems very specific, given the flexibility of LDAP schemas, further
more, it seems to imply baking in a password into source is a good idea.
At first glance, I wouldn't want to implement these default
IdentityStoreDefinitions, as they are a bit more narrow focused then the
equivalent Shiro implementations. But only implementing part of a spect
isn't really a good option either.
I'm guessing I'm missing some background here, so can someone point me in
the right direction?
Sorry if this question has been asked already, my google fu, has failed me,
-Brian