Re: Apache release and features

[javamallu <bi...@gmail.com>]

Hi,

Our team is interested in using Shiro as our security framework for our
project. Would like to check with you about the roadmap for shiro and
tentative date for shiro official release. 

Thanks

Les Hazlewood-2 wrote:
> 
> Yep, the inactivity has been mostly to things halting pending the name
> change.  Once that is rounded out (mailing lists, jira, etc), we'll go
> back
> into full swing.
> 
> The latest 0.9.0 final release is definitely stable - many, many people
> use
> that in production environments, particularly the many Grails JSecurity
> plugin users, which uses 0.9 final under its groovy wrappings.
> 
> Please feel free to try things out, and give us your feedback.  We're of
> course open to any suggestions you may have along the way - and if you
> find
> something that isn't yet implemented or might need tweaking a bit and
> you've
> got a solution, by all means add that to a Jira issue so we can include
> it.
> The framework is mostly where it is today because of user feedback :)
> 
> Obviously there is Spring Security out there and that might be suitable.
> This project differs a bit in that is based on the premise of two core
> concepts: ability to function in any environment (not just Spring) and
> great
> simplicity/ease-of-use.  Each framework has its place, but once we hit 1.0
> and eventually graduate, we think we'll be able to service more people. 
> But
> also because most of the core devs love Spring themselves, you'll find
> that
> we have superb Spring integration as well.  Definitely try both if you're
> using Spring - it might be a preference thing at the end of the day.
> 
> Anyway, I hope your experience goes well.  You'll find that the end-user
> API
> is just a dream to work with and is uber simple.  The configuration can be
> a
> little complicated at times, but we've gone through great lengths to
> simplify that as best as possible.  Let us know how it goes.
> 
> Cheers,
> 
> Les
> 
> On Wed, Jun 10, 2009 at 4:04 PM, mad rug <ma...@gmail.com> wrote:
> 
>> Thanks for the *very* timely response ;-)
>>
>> Sorry about the instability thing. I wasn't talking about the project
>> itself, but rather about using a development snapshot. About that, what
>> version would be more suitable for production environment? Considering
>> that
>> will be another name change soon (shiro), using JSecurity may be no
>> problem,
>> as some refactoring will be needed anyway.
>>
>> Good to know about the annotation support. I just used EJB so far, but
>> knowing this, I'll take some time on Spring beans (also, my other top
>> candidate framework is Spring Security... :-P ).
>>
>> Hope I can some good support if I choose Ki, I mean, Shiro. I liked it
>> because it described exactly what I needed, no boilerplate and highly
>> dynamic... pretty much custom-tailored for my needs :D . I was a bit
>> afraid
>> that this project was half-abandoned (issues list, few user questions
>> lately...) but I figured it was because of the whole name change thing.
>>
>> Best regards
>>
>>
>> On Wed, Jun 10, 2009 at 4:42 PM, Les Hazlewood
>> <lh...@apache.org>wrote:
>>
>>> Hi,
>>>
>>> Apache 'Ki' has recently gone through a name change within the Apache
>>> Incubator - it is now called 'Apache Shiro'.
>>>
>>> But our name instability aside ;), the project as a code base is pretty
>>> stable - the project is over 4 1/2 years old after all, with most of
>>> that
>>> time as a SourceForge project - we have only within the last year moved
>>> to
>>> the Apache Incubator.  There are more than a few of us using it in
>>> production applications, quite a few of which service hundreds of
>>> thousands
>>> of users per day.  Note that being in the Apache Incubator is _not_ a
>>> sign
>>> of instability.  All projects must go through the Incubator as part of a
>>> clearing process, no matter if they're 10 years old or 1 month old.
>>>
>>> The project is not 1.0 as of yet because we were waiting to finalize our
>>> new name.  Now that this has been done, I think we can aggressively move
>>> towards 1.0 again.  This will be our first apache release under the
>>> org.apache.shiro.* package space.
>>>
>>> So, as to our feature set on the about pages, everything that is listed
>>> is
>>> implemented and functional.  Annotation support is mostly
>>> container-specific, and we don't have Annotations for EJB3 containers
>>> working yet (just Spring environments).  That would be on the list for
>>> 1.0.
>>> The only things that are not yet functional are those listed in Jira
>>> scheduled for the 1.0 release, which, again, we can now start attacking
>>> with
>>> vigor.
>>>
>>> Anyway, I hope that helps clarify the state of things.  Feel free to ask
>>> more questions.  I can say that, if you choose to use the project,
>>> you'll
>>> find that most users receive decent support on the mailing lists and
>>> usually
>>> find what they need.  That you've already joined the list is more than
>>> half
>>> of the effort in getting support ;)
>>>
>>> Best,
>>>
>>> Les
>>>
>>>
>>> On Wed, Jun 10, 2009 at 3:24 PM, mad.rug <ma...@gmail.com> wrote:
>>>
>>>>
>>>> Hi
>>>>
>>>> I need a security framework for a web app I'm developing, and Apache Ki
>>>> sounded like a great solution for me. After a bit of research about Ki,
>>>> a
>>>> few issues bother me, and I'd like to clarify them before choosing my
>>>> security framework.
>>>>
>>>> First, there is no Apache release yet, I've built from source, but I'm
>>>> a
>>>> bit
>>>> afraid of stability of this code. I could use the last JSecurity
>>>> release,
>>>> but that would force me to do some code refactoring when the Apache
>>>> release
>>>> arrives. Is there any estimate for this release? Or should I use
>>>> JSecurity
>>>> (better for production)?
>>>>
>>>> Second, Ki is not 1.0 yet. The project may be already perfectly
>>>> functional
>>>> (it is long running anyway) as it is but I don't know if there are
>>>> major
>>>> functionalities still not implemented, but taking a look at Jira, todo
>>>> includes 'Run as', Digest and some other. Reading the 'welcome' and
>>>> 'about',
>>>> the features I need were all addressed, but I'd like to know if they
>>>> are
>>>> already implemented (in JSecurity 0.9 or current Apache snapshot): JDBC
>>>> authentication, fine grained authorization, roles, users, dynamically
>>>> added/updated roles/users/permissions, caching, heterogeneous client
>>>> session
>>>> access (web/ejb/applet), cryptography/hashes. Also little XML
>>>> (annotation
>>>> config) use is nice. Are these features implemented and functional?
>>>>
>>>> Thanks for you attention, and hope I can start using Ki soon.
>>>> --
>>>> View this message in context:
>>>> http://n2.nabble.com/Apache-release-and-features-tp3057821p3057821.html
>>>> Sent from the JSecurity User mailing list archive at Nabble.com.
>>>>
>>>>
>>>
>>
> 
> 

-- 
View this message in context: http://n2.nabble.com/Apache-release-and-features-tp3057821p4086796.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Apache release and features

[Les Hazlewood <lh...@apache.org>]

I'm not quite sure of the roadmap for our first release - we need to
discuss it on the dev list.  I'll bring that up on the dev list
shortly - I do think it is about time to finalize Jira issues around
an initial release.

On Mon, Nov 30, 2009 at 4:56 AM, javamallu <bi...@gmail.com> wrote:
>
>
> Hi,
>
> Our team is interested in using Shiro as our security framework for our
> project. Would like to check with you about the roadmap for shiro and
> tentative date for shiro official release.
>
> Thanks
>
> Les Hazlewood-2 wrote:
>>
>> Yep, the inactivity has been mostly to things halting pending the name
>> change.  Once that is rounded out (mailing lists, jira, etc), we'll go
>> back
>> into full swing.
>>
>> The latest 0.9.0 final release is definitely stable - many, many people
>> use
>> that in production environments, particularly the many Grails JSecurity
>> plugin users, which uses 0.9 final under its groovy wrappings.
>>
>> Please feel free to try things out, and give us your feedback.  We're of
>> course open to any suggestions you may have along the way - and if you
>> find
>> something that isn't yet implemented or might need tweaking a bit and
>> you've
>> got a solution, by all means add that to a Jira issue so we can include
>> it.
>> The framework is mostly where it is today because of user feedback :)
>>
>> Obviously there is Spring Security out there and that might be suitable.
>> This project differs a bit in that is based on the premise of two core
>> concepts: ability to function in any environment (not just Spring) and
>> great
>> simplicity/ease-of-use.  Each framework has its place, but once we hit 1.0
>> and eventually graduate, we think we'll be able to service more people.
>> But
>> also because most of the core devs love Spring themselves, you'll find
>> that
>> we have superb Spring integration as well.  Definitely try both if you're
>> using Spring - it might be a preference thing at the end of the day.
>>
>> Anyway, I hope your experience goes well.  You'll find that the end-user
>> API
>> is just a dream to work with and is uber simple.  The configuration can be
>> a
>> little complicated at times, but we've gone through great lengths to
>> simplify that as best as possible.  Let us know how it goes.
>>
>> Cheers,
>>
>> Les
>>
>> On Wed, Jun 10, 2009 at 4:04 PM, mad rug <ma...@gmail.com> wrote:
>>
>>> Thanks for the *very* timely response ;-)
>>>
>>> Sorry about the instability thing. I wasn't talking about the project
>>> itself, but rather about using a development snapshot. About that, what
>>> version would be more suitable for production environment? Considering
>>> that
>>> will be another name change soon (shiro), using JSecurity may be no
>>> problem,
>>> as some refactoring will be needed anyway.
>>>
>>> Good to know about the annotation support. I just used EJB so far, but
>>> knowing this, I'll take some time on Spring beans (also, my other top
>>> candidate framework is Spring Security... :-P ).
>>>
>>> Hope I can some good support if I choose Ki, I mean, Shiro. I liked it
>>> because it described exactly what I needed, no boilerplate and highly
>>> dynamic... pretty much custom-tailored for my needs :D . I was a bit
>>> afraid
>>> that this project was half-abandoned (issues list, few user questions
>>> lately...) but I figured it was because of the whole name change thing.
>>>
>>> Best regards
>>>
>>>
>>> On Wed, Jun 10, 2009 at 4:42 PM, Les Hazlewood
>>> <lh...@apache.org>wrote:
>>>
>>>> Hi,
>>>>
>>>> Apache 'Ki' has recently gone through a name change within the Apache
>>>> Incubator - it is now called 'Apache Shiro'.
>>>>
>>>> But our name instability aside ;), the project as a code base is pretty
>>>> stable - the project is over 4 1/2 years old after all, with most of
>>>> that
>>>> time as a SourceForge project - we have only within the last year moved
>>>> to
>>>> the Apache Incubator.  There are more than a few of us using it in
>>>> production applications, quite a few of which service hundreds of
>>>> thousands
>>>> of users per day.  Note that being in the Apache Incubator is _not_ a
>>>> sign
>>>> of instability.  All projects must go through the Incubator as part of a
>>>> clearing process, no matter if they're 10 years old or 1 month old.
>>>>
>>>> The project is not 1.0 as of yet because we were waiting to finalize our
>>>> new name.  Now that this has been done, I think we can aggressively move
>>>> towards 1.0 again.  This will be our first apache release under the
>>>> org.apache.shiro.* package space.
>>>>
>>>> So, as to our feature set on the about pages, everything that is listed
>>>> is
>>>> implemented and functional.  Annotation support is mostly
>>>> container-specific, and we don't have Annotations for EJB3 containers
>>>> working yet (just Spring environments).  That would be on the list for
>>>> 1.0.
>>>> The only things that are not yet functional are those listed in Jira
>>>> scheduled for the 1.0 release, which, again, we can now start attacking
>>>> with
>>>> vigor.
>>>>
>>>> Anyway, I hope that helps clarify the state of things.  Feel free to ask
>>>> more questions.  I can say that, if you choose to use the project,
>>>> you'll
>>>> find that most users receive decent support on the mailing lists and
>>>> usually
>>>> find what they need.  That you've already joined the list is more than
>>>> half
>>>> of the effort in getting support ;)
>>>>
>>>> Best,
>>>>
>>>> Les
>>>>
>>>>
>>>> On Wed, Jun 10, 2009 at 3:24 PM, mad.rug <ma...@gmail.com> wrote:
>>>>
>>>>>
>>>>> Hi
>>>>>
>>>>> I need a security framework for a web app I'm developing, and Apache Ki
>>>>> sounded like a great solution for me. After a bit of research about Ki,
>>>>> a
>>>>> few issues bother me, and I'd like to clarify them before choosing my
>>>>> security framework.
>>>>>
>>>>> First, there is no Apache release yet, I've built from source, but I'm
>>>>> a
>>>>> bit
>>>>> afraid of stability of this code. I could use the last JSecurity
>>>>> release,
>>>>> but that would force me to do some code refactoring when the Apache
>>>>> release
>>>>> arrives. Is there any estimate for this release? Or should I use
>>>>> JSecurity
>>>>> (better for production)?
>>>>>
>>>>> Second, Ki is not 1.0 yet. The project may be already perfectly
>>>>> functional
>>>>> (it is long running anyway) as it is but I don't know if there are
>>>>> major
>>>>> functionalities still not implemented, but taking a look at Jira, todo
>>>>> includes 'Run as', Digest and some other. Reading the 'welcome' and
>>>>> 'about',
>>>>> the features I need were all addressed, but I'd like to know if they
>>>>> are
>>>>> already implemented (in JSecurity 0.9 or current Apache snapshot): JDBC
>>>>> authentication, fine grained authorization, roles, users, dynamically
>>>>> added/updated roles/users/permissions, caching, heterogeneous client
>>>>> session
>>>>> access (web/ejb/applet), cryptography/hashes. Also little XML
>>>>> (annotation
>>>>> config) use is nice. Are these features implemented and functional?
>>>>>
>>>>> Thanks for you attention, and hope I can start using Ki soon.
>>>>> --
>>>>> View this message in context:
>>>>> http://n2.nabble.com/Apache-release-and-features-tp3057821p3057821.html
>>>>> Sent from the JSecurity User mailing list archive at Nabble.com.
>>>>>
>>>>>
>>>>
>>>
>>
>>
>
> --
> View this message in context: http://n2.nabble.com/Apache-release-and-features-tp3057821p4086796.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>