
Ask HN: Web framework, written in a typed language, auth out of the box? - ohgh1ieD
Don&#x27;t suggest me Spring Boot, asp.net mvc or the Play Framework.<p>Don&#x27;t ask me why I want a statically typed language and also don&#x27;t try to argue about it please.<p>I don&#x27;t want to think about auth, I just want to plug it in and it works out of the box but in case that 
I have to change something, it should be quite easy to make the changes without lots of pain.<p>thank you
======
niftich
If you don't want to think about auth, you're basically looking for a CMS.

All traditional web frameworks make you plug in your actual authentication
store, though most obviously provide some notion of access control or
permissions.

~~~
ohgh1ieD
Well ok, it can be an easy to handle module for the web framework.

The ideal example would be Rails devise[0]

It just works without wasting too much time.

[0]
[https://github.com/plataformatec/devise](https://github.com/plataformatec/devise)

~~~
niftich
In the Java world, the two modern, main authn/authz frameworks are Spring
Security [1] and Shiro [2]. Shiro is vastly easier to learn and apply.

Wicket [3] is a decent Java web framework that you can use together with
Shiro; in the past there was a deeper integration [4]. Tapestry is another web
framework that offers native integration [5].

[1] [http://projects.spring.io/spring-
security/](http://projects.spring.io/spring-security/)

[2] [http://shiro.apache.org/index.html](http://shiro.apache.org/index.html)

[3] [http://wicket.apache.org/](http://wicket.apache.org/)

[4] [https://github.com/55minutes/fiftyfive-
wicket](https://github.com/55minutes/fiftyfive-wicket)

[5]
[https://tapestry.apache.org/security.html](https://tapestry.apache.org/security.html)

~~~
ohgh1ieD
Spring security is the biggest boilerplate mess I've seen so far, that's also
the reason I'm moving away from spring.

Thank you for the other suggestions.

