I am looking for frameworks/solution for authentication/ user-login management/ security in java web application that can make the naive developer's job easier/faster and make the application relatively more secured against potential threats.
As some people have suggested me to consider solutions like Spring Security & Apache Shiro, I wanted to know how does it go with JSF 2.0. Are there any downsides of using Shrino over Spring security for my case?
Any other better security solutions for JSF applications ?
Currently I'm using JSF 2.0(with Facelets) as the front-end development framework in my web application & it is backed by Cassandra, a NoSQL database.
Deluan Quintão has provided a good solution for Shiro and JSF that has been received well by the Shiro community:
http://techbeats.deluan.com/apache-shiro-tags-for-jsffacelets
Also note that Shiro can use Cassandra as a back-end to enable Servlet container-independent session clustering (You will need to write a CassandraSessionDAO and plug it in to Shiro's configuration). See http://shiro.apache.org/session-management.html for more.