Hi Martin, On 13 June 2014 09:25, Martin Grigorov <[email protected]> wrote:
> Hi Isis devs, > > On Thu, Jun 12, 2014 at 1:14 PM, Dan Haywood <[email protected] > > > wrote: > > > > > 4. Improved support for Shiro > > I have a small doubt here. > Maybe it is just temporarily but it seems Apache Shiro project has some > development issues lately. > Users fill issues at their JIRA and no one addresses them. > They don't have new committers since 2 years. > There was a security fix this year but apart from it there is no active > development for a rather long period of time - > https://github.com/apache/shiro/commits/1.2.x. > Les (the main guy) just committed a rather big refactoring in the 2.x > branch - https://github.com/apache/shiro/commits/2.0-api-design-changes. > > So there is a hope for the project, but I don't feel comfortable to > recommend Shiro to my clients. > Unfortunately the alternatives are even worse. > > Just my 2c. > > Thanks for this, Martin, understand what you're saying. Even if Shiro hasn't had much work done on it, it could be just that it is "done" (at least as far as the 1.x codeline is concerned). Certainly outside of Apache I think that Shiro has a good reputation; as you say, there's nothing else really out there. So from a marketing perspective (of Isis) there's no harm in being coupled with Shiro. Meantime we're trying to figure out what Isis' core responsibility are: namely being a metamodel and container for domain logic. But Isis isn't really about the security domain. And certainly I suspect that Shiro's security classes have had a lot more love and attention than Isis'. I'll ping Les about his views on the health of Shiro. If he's just done a big refactoring, that means that he at least is committed to maintaining the project. And if we were to find issues with either the 1.x or new 2.x codebase, well, we can always go and contribute over there in the context of that project. That feels like the right thing to do. Dan
