Apache release and features

["mad.rug" <ma...@gmail.com>]

Hi

I need a security framework for a web app I'm developing, and Apache Ki
sounded like a great solution for me. After a bit of research about Ki, a
few issues bother me, and I'd like to clarify them before choosing my
security framework.

First, there is no Apache release yet, I've built from source, but I'm a bit
afraid of stability of this code. I could use the last JSecurity release,
but that would force me to do some code refactoring when the Apache release
arrives. Is there any estimate for this release? Or should I use JSecurity
(better for production)?

Second, Ki is not 1.0 yet. The project may be already perfectly functional
(it is long running anyway) as it is but I don't know if there are major
functionalities still not implemented, but taking a look at Jira, todo
includes 'Run as', Digest and some other. Reading the 'welcome' and 'about',
the features I need were all addressed, but I'd like to know if they are
already implemented (in JSecurity 0.9 or current Apache snapshot): JDBC
authentication, fine grained authorization, roles, users, dynamically
added/updated roles/users/permissions, caching, heterogeneous client session
access (web/ejb/applet), cryptography/hashes. Also little XML (annotation
config) use is nice. Are these features implemented and functional?

Thanks for you attention, and hope I can start using Ki soon.
-- 
View this message in context: http://n2.nabble.com/Apache-release-and-features-tp3057821p3057821.html
Sent from the JSecurity User mailing list archive at Nabble.com.

Re: Apache release and features

[Les Hazlewood <lh...@apache.org>]

I'm not quite sure of the roadmap for our first release - we need to
discuss it on the dev list.  I'll bring that up on the dev list
shortly - I do think it is about time to finalize Jira issues around
an initial release.

On Mon, Nov 30, 2009 at 4:56 AM, javamallu <bi...@gmail.com> wrote:
>
>
> Hi,
>
> Our team is interested in using Shiro as our security framework for our
> project. Would like to check with you about the roadmap for shiro and
> tentative date for shiro official release.
>
> Thanks
>
> Les Hazlewood-2 wrote:
>>
>> Yep, the inactivity has been mostly to things halting pending the name
>> change.  Once that is rounded out (mailing lists, jira, etc), we'll go
>> back
>> into full swing.
>>
>> The latest 0.9.0 final release is definitely stable - many, many people
>> use
>> that in production environments, particularly the many Grails JSecurity
>> plugin users, which uses 0.9 final under its groovy wrappings.
>>
>> Please feel free to try things out, and give us your feedback.  We're of
>> course open to any suggestions you may have along the way - and if you
>> find
>> something that isn't yet implemented or might need tweaking a bit and
>> you've
>> got a solution, by all means add that to a Jira issue so we can include
>> it.
>> The framework is mostly where it is today because of user feedback :)
>>
>> Obviously there is Spring Security out there and that might be suitable.
>> This project differs a bit in that is based on the premise of two core
>> concepts: ability to function in any environment (not just Spring) and
>> great
>> simplicity/ease-of-use.  Each framework has its place, but once we hit 1.0
>> and eventually graduate, we think we'll be able to service more people.
>> But
>> also because most of the core devs love Spring themselves, you'll find
>> that
>> we have superb Spring integration as well.  Definitely try both if you're
>> using Spring - it might be a preference thing at the end of the day.
>>
>> Anyway, I hope your experience goes well.  You'll find that the end-user
>> API
>> is just a dream to work with and is uber simple.  The configuration can be
>> a
>> little complicated at times, but we've gone through great lengths to
>> simplify that as best as possible.  Let us know how it goes.
>>
>> Cheers,
>>
>> Les
>>
>> On Wed, Jun 10, 2009 at 4:04 PM, mad rug <ma...@gmail.com> wrote:
>>
>>> Thanks for the *very* timely response ;-)
>>>
>>> Sorry about the instability thing. I wasn't talking about the project
>>> itself, but rather about using a development snapshot. About that, what
>>> version would be more suitable for production environment? Considering
>>> that
>>> will be another name change soon (shiro), using JSecurity may be no
>>> problem,
>>> as some refactoring will be needed anyway.
>>>
>>> Good to know about the annotation support. I just used EJB so far, but
>>> knowing this, I'll take some time on Spring beans (also, my other top
>>> candidate framework is Spring Security... :-P ).
>>>
>>> Hope I can some good support if I choose Ki, I mean, Shiro. I liked it
>>> because it described exactly what I needed, no boilerplate and highly
>>> dynamic... pretty much custom-tailored for my needs :D . I was a bit
>>> afraid
>>> that this project was half-abandoned (issues list, few user questions
>>> lately...) but I figured it was because of the whole name change thing.
>>>
>>> Best regards
>>>
>>>
>>> On Wed, Jun 10, 2009 at 4:42 PM, Les Hazlewood
>>> <lh...@apache.org>wrote:
>>>
>>>> Hi,
>>>>
>>>> Apache 'Ki' has recently gone through a name change within the Apache
>>>> Incubator - it is now called 'Apache Shiro'.
>>>>
>>>> But our name instability aside ;), the project as a code base is pretty
>>>> stable - the project is over 4 1/2 years old after all, with most of
>>>> that
>>>> time as a SourceForge project - we have only within the last year moved
>>>> to
>>>> the Apache Incubator.  There are more than a few of us using it in
>>>> production applications, quite a few of which service hundreds of
>>>> thousands
>>>> of users per day.  Note that being in the Apache Incubator is _not_ a
>>>> sign
>>>> of instability.  All projects must go through the Incubator as part of a
>>>> clearing process, no matter if they're 10 years old or 1 month old.
>>>>
>>>> The project is not 1.0 as of yet because we were waiting to finalize our
>>>> new name.  Now that this has been done, I think we can aggressively move
>>>> towards 1.0 again.  This will be our first apache release under the
>>>> org.apache.shiro.* package space.
>>>>
>>>> So, as to our feature set on the about pages, everything that is listed
>>>> is
>>>> implemented and functional.  Annotation support is mostly
>>>> container-specific, and we don't have Annotations for EJB3 containers
>>>> working yet (just Spring environments).  That would be on the list for
>>>> 1.0.
>>>> The only things that are not yet functional are those listed in Jira
>>>> scheduled for the 1.0 release, which, again, we can now start attacking
>>>> with
>>>> vigor.
>>>>
>>>> Anyway, I hope that helps clarify the state of things.  Feel free to ask
>>>> more questions.  I can say that, if you choose to use the project,
>>>> you'll
>>>> find that most users receive decent support on the mailing lists and
>>>> usually
>>>> find what they need.  That you've already joined the list is more than
>>>> half
>>>> of the effort in getting support ;)
>>>>
>>>> Best,
>>>>
>>>> Les
>>>>
>>>>
>>>> On Wed, Jun 10, 2009 at 3:24 PM, mad.rug <ma...@gmail.com> wrote:
>>>>
>>>>>
>>>>> Hi
>>>>>
>>>>> I need a security framework for a web app I'm developing, and Apache Ki
>>>>> sounded like a great solution for me. After a bit of research about Ki,
>>>>> a
>>>>> few issues bother me, and I'd like to clarify them before choosing my
>>>>> security framework.
>>>>>
>>>>> First, there is no Apache release yet, I've built from source, but I'm
>>>>> a
>>>>> bit
>>>>> afraid of stability of this code. I could use the last JSecurity
>>>>> release,
>>>>> but that would force me to do some code refactoring when the Apache
>>>>> release
>>>>> arrives. Is there any estimate for this release? Or should I use
>>>>> JSecurity
>>>>> (better for production)?
>>>>>
>>>>> Second, Ki is not 1.0 yet. The project may be already perfectly
>>>>> functional
>>>>> (it is long running anyway) as it is but I don't know if there are
>>>>> major
>>>>> functionalities still not implemented, but taking a look at Jira, todo
>>>>> includes 'Run as', Digest and some other. Reading the 'welcome' and
>>>>> 'about',
>>>>> the features I need were all addressed, but I'd like to know if they
>>>>> are
>>>>> already implemented (in JSecurity 0.9 or current Apache snapshot): JDBC
>>>>> authentication, fine grained authorization, roles, users, dynamically
>>>>> added/updated roles/users/permissions, caching, heterogeneous client
>>>>> session
>>>>> access (web/ejb/applet), cryptography/hashes. Also little XML
>>>>> (annotation
>>>>> config) use is nice. Are these features implemented and functional?
>>>>>
>>>>> Thanks for you attention, and hope I can start using Ki soon.
>>>>> --
>>>>> View this message in context:
>>>>> http://n2.nabble.com/Apache-release-and-features-tp3057821p3057821.html
>>>>> Sent from the JSecurity User mailing list archive at Nabble.com.
>>>>>
>>>>>
>>>>
>>>
>>
>>
>
> --
> View this message in context: http://n2.nabble.com/Apache-release-and-features-tp3057821p4086796.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>

Re: Apache release and features

[javamallu <bi...@gmail.com>]

Hi,

Our team is interested in using Shiro as our security framework for our
project. Would like to check with you about the roadmap for shiro and
tentative date for shiro official release. 

Thanks

Les Hazlewood-2 wrote:
> 
> Yep, the inactivity has been mostly to things halting pending the name
> change.  Once that is rounded out (mailing lists, jira, etc), we'll go
> back
> into full swing.
> 
> The latest 0.9.0 final release is definitely stable - many, many people
> use
> that in production environments, particularly the many Grails JSecurity
> plugin users, which uses 0.9 final under its groovy wrappings.
> 
> Please feel free to try things out, and give us your feedback.  We're of
> course open to any suggestions you may have along the way - and if you
> find
> something that isn't yet implemented or might need tweaking a bit and
> you've
> got a solution, by all means add that to a Jira issue so we can include
> it.
> The framework is mostly where it is today because of user feedback :)
> 
> Obviously there is Spring Security out there and that might be suitable.
> This project differs a bit in that is based on the premise of two core
> concepts: ability to function in any environment (not just Spring) and
> great
> simplicity/ease-of-use.  Each framework has its place, but once we hit 1.0
> and eventually graduate, we think we'll be able to service more people. 
> But
> also because most of the core devs love Spring themselves, you'll find
> that
> we have superb Spring integration as well.  Definitely try both if you're
> using Spring - it might be a preference thing at the end of the day.
> 
> Anyway, I hope your experience goes well.  You'll find that the end-user
> API
> is just a dream to work with and is uber simple.  The configuration can be
> a
> little complicated at times, but we've gone through great lengths to
> simplify that as best as possible.  Let us know how it goes.
> 
> Cheers,
> 
> Les
> 
> On Wed, Jun 10, 2009 at 4:04 PM, mad rug <ma...@gmail.com> wrote:
> 
>> Thanks for the *very* timely response ;-)
>>
>> Sorry about the instability thing. I wasn't talking about the project
>> itself, but rather about using a development snapshot. About that, what
>> version would be more suitable for production environment? Considering
>> that
>> will be another name change soon (shiro), using JSecurity may be no
>> problem,
>> as some refactoring will be needed anyway.
>>
>> Good to know about the annotation support. I just used EJB so far, but
>> knowing this, I'll take some time on Spring beans (also, my other top
>> candidate framework is Spring Security... :-P ).
>>
>> Hope I can some good support if I choose Ki, I mean, Shiro. I liked it
>> because it described exactly what I needed, no boilerplate and highly
>> dynamic... pretty much custom-tailored for my needs :D . I was a bit
>> afraid
>> that this project was half-abandoned (issues list, few user questions
>> lately...) but I figured it was because of the whole name change thing.
>>
>> Best regards
>>
>>
>> On Wed, Jun 10, 2009 at 4:42 PM, Les Hazlewood
>> <lh...@apache.org>wrote:
>>
>>> Hi,
>>>
>>> Apache 'Ki' has recently gone through a name change within the Apache
>>> Incubator - it is now called 'Apache Shiro'.
>>>
>>> But our name instability aside ;), the project as a code base is pretty
>>> stable - the project is over 4 1/2 years old after all, with most of
>>> that
>>> time as a SourceForge project - we have only within the last year moved
>>> to
>>> the Apache Incubator.  There are more than a few of us using it in
>>> production applications, quite a few of which service hundreds of
>>> thousands
>>> of users per day.  Note that being in the Apache Incubator is _not_ a
>>> sign
>>> of instability.  All projects must go through the Incubator as part of a
>>> clearing process, no matter if they're 10 years old or 1 month old.
>>>
>>> The project is not 1.0 as of yet because we were waiting to finalize our
>>> new name.  Now that this has been done, I think we can aggressively move
>>> towards 1.0 again.  This will be our first apache release under the
>>> org.apache.shiro.* package space.
>>>
>>> So, as to our feature set on the about pages, everything that is listed
>>> is
>>> implemented and functional.  Annotation support is mostly
>>> container-specific, and we don't have Annotations for EJB3 containers
>>> working yet (just Spring environments).  That would be on the list for
>>> 1.0.
>>> The only things that are not yet functional are those listed in Jira
>>> scheduled for the 1.0 release, which, again, we can now start attacking
>>> with
>>> vigor.
>>>
>>> Anyway, I hope that helps clarify the state of things.  Feel free to ask
>>> more questions.  I can say that, if you choose to use the project,
>>> you'll
>>> find that most users receive decent support on the mailing lists and
>>> usually
>>> find what they need.  That you've already joined the list is more than
>>> half
>>> of the effort in getting support ;)
>>>
>>> Best,
>>>
>>> Les
>>>
>>>
>>> On Wed, Jun 10, 2009 at 3:24 PM, mad.rug <ma...@gmail.com> wrote:
>>>
>>>>
>>>> Hi
>>>>
>>>> I need a security framework for a web app I'm developing, and Apache Ki
>>>> sounded like a great solution for me. After a bit of research about Ki,
>>>> a
>>>> few issues bother me, and I'd like to clarify them before choosing my
>>>> security framework.
>>>>
>>>> First, there is no Apache release yet, I've built from source, but I'm
>>>> a
>>>> bit
>>>> afraid of stability of this code. I could use the last JSecurity
>>>> release,
>>>> but that would force me to do some code refactoring when the Apache
>>>> release
>>>> arrives. Is there any estimate for this release? Or should I use
>>>> JSecurity
>>>> (better for production)?
>>>>
>>>> Second, Ki is not 1.0 yet. The project may be already perfectly
>>>> functional
>>>> (it is long running anyway) as it is but I don't know if there are
>>>> major
>>>> functionalities still not implemented, but taking a look at Jira, todo
>>>> includes 'Run as', Digest and some other. Reading the 'welcome' and
>>>> 'about',
>>>> the features I need were all addressed, but I'd like to know if they
>>>> are
>>>> already implemented (in JSecurity 0.9 or current Apache snapshot): JDBC
>>>> authentication, fine grained authorization, roles, users, dynamically
>>>> added/updated roles/users/permissions, caching, heterogeneous client
>>>> session
>>>> access (web/ejb/applet), cryptography/hashes. Also little XML
>>>> (annotation
>>>> config) use is nice. Are these features implemented and functional?
>>>>
>>>> Thanks for you attention, and hope I can start using Ki soon.
>>>> --
>>>> View this message in context:
>>>> http://n2.nabble.com/Apache-release-and-features-tp3057821p3057821.html
>>>> Sent from the JSecurity User mailing list archive at Nabble.com.
>>>>
>>>>
>>>
>>
> 
> 

-- 
View this message in context: http://n2.nabble.com/Apache-release-and-features-tp3057821p4086796.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Apache release and features

[Les Hazlewood <lh...@apache.org>]

Yep, the inactivity has been mostly to things halting pending the name
change.  Once that is rounded out (mailing lists, jira, etc), we'll go back
into full swing.

The latest 0.9.0 final release is definitely stable - many, many people use
that in production environments, particularly the many Grails JSecurity
plugin users, which uses 0.9 final under its groovy wrappings.

Please feel free to try things out, and give us your feedback.  We're of
course open to any suggestions you may have along the way - and if you find
something that isn't yet implemented or might need tweaking a bit and you've
got a solution, by all means add that to a Jira issue so we can include it.
The framework is mostly where it is today because of user feedback :)

Obviously there is Spring Security out there and that might be suitable.
This project differs a bit in that is based on the premise of two core
concepts: ability to function in any environment (not just Spring) and great
simplicity/ease-of-use.  Each framework has its place, but once we hit 1.0
and eventually graduate, we think we'll be able to service more people.  But
also because most of the core devs love Spring themselves, you'll find that
we have superb Spring integration as well.  Definitely try both if you're
using Spring - it might be a preference thing at the end of the day.

Anyway, I hope your experience goes well.  You'll find that the end-user API
is just a dream to work with and is uber simple.  The configuration can be a
little complicated at times, but we've gone through great lengths to
simplify that as best as possible.  Let us know how it goes.

Cheers,

Les

On Wed, Jun 10, 2009 at 4:04 PM, mad rug <ma...@gmail.com> wrote:

> Thanks for the *very* timely response ;-)
>
> Sorry about the instability thing. I wasn't talking about the project
> itself, but rather about using a development snapshot. About that, what
> version would be more suitable for production environment? Considering that
> will be another name change soon (shiro), using JSecurity may be no problem,
> as some refactoring will be needed anyway.
>
> Good to know about the annotation support. I just used EJB so far, but
> knowing this, I'll take some time on Spring beans (also, my other top
> candidate framework is Spring Security... :-P ).
>
> Hope I can some good support if I choose Ki, I mean, Shiro. I liked it
> because it described exactly what I needed, no boilerplate and highly
> dynamic... pretty much custom-tailored for my needs :D . I was a bit afraid
> that this project was half-abandoned (issues list, few user questions
> lately...) but I figured it was because of the whole name change thing.
>
> Best regards
>
>
> On Wed, Jun 10, 2009 at 4:42 PM, Les Hazlewood <lh...@apache.org>wrote:
>
>> Hi,
>>
>> Apache 'Ki' has recently gone through a name change within the Apache
>> Incubator - it is now called 'Apache Shiro'.
>>
>> But our name instability aside ;), the project as a code base is pretty
>> stable - the project is over 4 1/2 years old after all, with most of that
>> time as a SourceForge project - we have only within the last year moved to
>> the Apache Incubator.  There are more than a few of us using it in
>> production applications, quite a few of which service hundreds of thousands
>> of users per day.  Note that being in the Apache Incubator is _not_ a sign
>> of instability.  All projects must go through the Incubator as part of a
>> clearing process, no matter if they're 10 years old or 1 month old.
>>
>> The project is not 1.0 as of yet because we were waiting to finalize our
>> new name.  Now that this has been done, I think we can aggressively move
>> towards 1.0 again.  This will be our first apache release under the
>> org.apache.shiro.* package space.
>>
>> So, as to our feature set on the about pages, everything that is listed is
>> implemented and functional.  Annotation support is mostly
>> container-specific, and we don't have Annotations for EJB3 containers
>> working yet (just Spring environments).  That would be on the list for 1.0.
>> The only things that are not yet functional are those listed in Jira
>> scheduled for the 1.0 release, which, again, we can now start attacking with
>> vigor.
>>
>> Anyway, I hope that helps clarify the state of things.  Feel free to ask
>> more questions.  I can say that, if you choose to use the project, you'll
>> find that most users receive decent support on the mailing lists and usually
>> find what they need.  That you've already joined the list is more than half
>> of the effort in getting support ;)
>>
>> Best,
>>
>> Les
>>
>>
>> On Wed, Jun 10, 2009 at 3:24 PM, mad.rug <ma...@gmail.com> wrote:
>>
>>>
>>> Hi
>>>
>>> I need a security framework for a web app I'm developing, and Apache Ki
>>> sounded like a great solution for me. After a bit of research about Ki, a
>>> few issues bother me, and I'd like to clarify them before choosing my
>>> security framework.
>>>
>>> First, there is no Apache release yet, I've built from source, but I'm a
>>> bit
>>> afraid of stability of this code. I could use the last JSecurity release,
>>> but that would force me to do some code refactoring when the Apache
>>> release
>>> arrives. Is there any estimate for this release? Or should I use
>>> JSecurity
>>> (better for production)?
>>>
>>> Second, Ki is not 1.0 yet. The project may be already perfectly
>>> functional
>>> (it is long running anyway) as it is but I don't know if there are major
>>> functionalities still not implemented, but taking a look at Jira, todo
>>> includes 'Run as', Digest and some other. Reading the 'welcome' and
>>> 'about',
>>> the features I need were all addressed, but I'd like to know if they are
>>> already implemented (in JSecurity 0.9 or current Apache snapshot): JDBC
>>> authentication, fine grained authorization, roles, users, dynamically
>>> added/updated roles/users/permissions, caching, heterogeneous client
>>> session
>>> access (web/ejb/applet), cryptography/hashes. Also little XML (annotation
>>> config) use is nice. Are these features implemented and functional?
>>>
>>> Thanks for you attention, and hope I can start using Ki soon.
>>> --
>>> View this message in context:
>>> http://n2.nabble.com/Apache-release-and-features-tp3057821p3057821.html
>>> Sent from the JSecurity User mailing list archive at Nabble.com.
>>>
>>>
>>
>

Re: Apache release and features

[mad rug <ma...@gmail.com>]

Thanks for the *very* timely response ;-)

Sorry about the instability thing. I wasn't talking about the project
itself, but rather about using a development snapshot. About that, what
version would be more suitable for production environment? Considering that
will be another name change soon (shiro), using JSecurity may be no problem,
as some refactoring will be needed anyway.

Good to know about the annotation support. I just used EJB so far, but
knowing this, I'll take some time on Spring beans (also, my other top
candidate framework is Spring Security... :-P ).

Hope I can some good support if I choose Ki, I mean, Shiro. I liked it
because it described exactly what I needed, no boilerplate and highly
dynamic... pretty much custom-tailored for my needs :D . I was a bit afraid
that this project was half-abandoned (issues list, few user questions
lately...) but I figured it was because of the whole name change thing.

Best regards

On Wed, Jun 10, 2009 at 4:42 PM, Les Hazlewood <lh...@apache.org>wrote:

> Hi,
>
> Apache 'Ki' has recently gone through a name change within the Apache
> Incubator - it is now called 'Apache Shiro'.
>
> But our name instability aside ;), the project as a code base is pretty
> stable - the project is over 4 1/2 years old after all, with most of that
> time as a SourceForge project - we have only within the last year moved to
> the Apache Incubator.  There are more than a few of us using it in
> production applications, quite a few of which service hundreds of thousands
> of users per day.  Note that being in the Apache Incubator is _not_ a sign
> of instability.  All projects must go through the Incubator as part of a
> clearing process, no matter if they're 10 years old or 1 month old.
>
> The project is not 1.0 as of yet because we were waiting to finalize our
> new name.  Now that this has been done, I think we can aggressively move
> towards 1.0 again.  This will be our first apache release under the
> org.apache.shiro.* package space.
>
> So, as to our feature set on the about pages, everything that is listed is
> implemented and functional.  Annotation support is mostly
> container-specific, and we don't have Annotations for EJB3 containers
> working yet (just Spring environments).  That would be on the list for 1.0.
> The only things that are not yet functional are those listed in Jira
> scheduled for the 1.0 release, which, again, we can now start attacking with
> vigor.
>
> Anyway, I hope that helps clarify the state of things.  Feel free to ask
> more questions.  I can say that, if you choose to use the project, you'll
> find that most users receive decent support on the mailing lists and usually
> find what they need.  That you've already joined the list is more than half
> of the effort in getting support ;)
>
> Best,
>
> Les
>
>
> On Wed, Jun 10, 2009 at 3:24 PM, mad.rug <ma...@gmail.com> wrote:
>
>>
>> Hi
>>
>> I need a security framework for a web app I'm developing, and Apache Ki
>> sounded like a great solution for me. After a bit of research about Ki, a
>> few issues bother me, and I'd like to clarify them before choosing my
>> security framework.
>>
>> First, there is no Apache release yet, I've built from source, but I'm a
>> bit
>> afraid of stability of this code. I could use the last JSecurity release,
>> but that would force me to do some code refactoring when the Apache
>> release
>> arrives. Is there any estimate for this release? Or should I use JSecurity
>> (better for production)?
>>
>> Second, Ki is not 1.0 yet. The project may be already perfectly functional
>> (it is long running anyway) as it is but I don't know if there are major
>> functionalities still not implemented, but taking a look at Jira, todo
>> includes 'Run as', Digest and some other. Reading the 'welcome' and
>> 'about',
>> the features I need were all addressed, but I'd like to know if they are
>> already implemented (in JSecurity 0.9 or current Apache snapshot): JDBC
>> authentication, fine grained authorization, roles, users, dynamically
>> added/updated roles/users/permissions, caching, heterogeneous client
>> session
>> access (web/ejb/applet), cryptography/hashes. Also little XML (annotation
>> config) use is nice. Are these features implemented and functional?
>>
>> Thanks for you attention, and hope I can start using Ki soon.
>> --
>> View this message in context:
>> http://n2.nabble.com/Apache-release-and-features-tp3057821p3057821.html
>> Sent from the JSecurity User mailing list archive at Nabble.com.
>>
>>
>

Re: Apache release and features

[Les Hazlewood <lh...@apache.org>]

Hi,

Apache 'Ki' has recently gone through a name change within the Apache
Incubator - it is now called 'Apache Shiro'.

But our name instability aside ;), the project as a code base is pretty
stable - the project is over 4 1/2 years old after all, with most of that
time as a SourceForge project - we have only within the last year moved to
the Apache Incubator.  There are more than a few of us using it in
production applications, quite a few of which service hundreds of thousands
of users per day.  Note that being in the Apache Incubator is _not_ a sign
of instability.  All projects must go through the Incubator as part of a
clearing process, no matter if they're 10 years old or 1 month old.

The project is not 1.0 as of yet because we were waiting to finalize our new
name.  Now that this has been done, I think we can aggressively move towards
1.0 again.  This will be our first apache release under the
org.apache.shiro.* package space.

So, as to our feature set on the about pages, everything that is listed is
implemented and functional.  Annotation support is mostly
container-specific, and we don't have Annotations for EJB3 containers
working yet (just Spring environments).  That would be on the list for 1.0.
The only things that are not yet functional are those listed in Jira
scheduled for the 1.0 release, which, again, we can now start attacking with
vigor.

Anyway, I hope that helps clarify the state of things.  Feel free to ask
more questions.  I can say that, if you choose to use the project, you'll
find that most users receive decent support on the mailing lists and usually
find what they need.  That you've already joined the list is more than half
of the effort in getting support ;)

Best,

Les

On Wed, Jun 10, 2009 at 3:24 PM, mad.rug <ma...@gmail.com> wrote:

>
> Hi
>
> I need a security framework for a web app I'm developing, and Apache Ki
> sounded like a great solution for me. After a bit of research about Ki, a
> few issues bother me, and I'd like to clarify them before choosing my
> security framework.
>
> First, there is no Apache release yet, I've built from source, but I'm a
> bit
> afraid of stability of this code. I could use the last JSecurity release,
> but that would force me to do some code refactoring when the Apache release
> arrives. Is there any estimate for this release? Or should I use JSecurity
> (better for production)?
>
> Second, Ki is not 1.0 yet. The project may be already perfectly functional
> (it is long running anyway) as it is but I don't know if there are major
> functionalities still not implemented, but taking a look at Jira, todo
> includes 'Run as', Digest and some other. Reading the 'welcome' and
> 'about',
> the features I need were all addressed, but I'd like to know if they are
> already implemented (in JSecurity 0.9 or current Apache snapshot): JDBC
> authentication, fine grained authorization, roles, users, dynamically
> added/updated roles/users/permissions, caching, heterogeneous client
> session
> access (web/ejb/applet), cryptography/hashes. Also little XML (annotation
> config) use is nice. Are these features implemented and functional?
>
> Thanks for you attention, and hope I can start using Ki soon.
> --
> View this message in context:
> http://n2.nabble.com/Apache-release-and-features-tp3057821p3057821.html
> Sent from the JSecurity User mailing list archive at Nabble.com.
>
>