When to move from Container managed security to alternatives like Apache Shiro, Spring Security?
What I like about Shiro is that it’s really ease to setup permission based security. JAAS is heavily role based which is a granularity that ironically is more useful to consumer webapps than to enterprise apps (as we can notice from your requirements). It’s common for an application server to provide some services on top … Read more