Hi Reto, On 02/06/14 10:28, Reto Gmür wrote:
There have been two releases of these components. This one brings clear improvement over the older (it works with Jersey >=2) without afaict bringing any disadvantage. The code with the patch has been in subversion since June 10th of 2013 so it can be assumed that it has been community tested quite a bit. It has not not only been used in Stanbol but also in Clerezza.
Well, my comment comes to raise the issue that, according to the feedback I read in this mailing list, the security components are not really community-driven, but motivated by a concrete use case from another project and not really well documented:
http://stanbol.apache.org/development/security.html
I don't think that the problem you had with other components are in any way specific to the patch incorporated to this release and probably not even caused by a bug in these components. But if you create issues then these could help improve situations. But even if these problems are real (JIRA issues rather than FUD) we cannot only make a release if that release solves all the problems the software might have.
Well, for casting a positive vote I'd like to know the modules coverage: how many implement that, how many they just ignore it, etc. Sorry, I did not report proper issues to Jira since just disabling the security worked fine in my deployment scenarios.
In the end I think we should clarify is such security granularity is actually necessary here. Because my understanding of Stanbol is a set of reusable restful components for semantic content management, not a semantic cms itself, which is the direction where this security modules pushed it.
Cheers, -- Sergio Fernández Senior Researcher Knowledge and Media Technologies Salzburg Research Forschungsgesellschaft mbH Jakob-Haringer-Straße 5/3 | 5020 Salzburg, Austria T: +43 662 2288 318 | M: +43 660 2747 925 sergio.fernan...@salzburgresearch.at http://www.salzburgresearch.at
