Hi I need a security framework for a web app I'm developing, and Apache Ki sounded like a great solution for me. After a bit of research about Ki, a few issues bother me, and I'd like to clarify them before choosing my security framework.
First, there is no Apache release yet, I've built from source, but I'm a bit afraid of stability of this code. I could use the last JSecurity release, but that would force me to do some code refactoring when the Apache release arrives. Is there any estimate for this release? Or should I use JSecurity (better for production)? Second, Ki is not 1.0 yet. The project may be already perfectly functional (it is long running anyway) as it is but I don't know if there are major functionalities still not implemented, but taking a look at Jira, todo includes 'Run as', Digest and some other. Reading the 'welcome' and 'about', the features I need were all addressed, but I'd like to know if they are already implemented (in JSecurity 0.9 or current Apache snapshot): JDBC authentication, fine grained authorization, roles, users, dynamically added/updated roles/users/permissions, caching, heterogeneous client session access (web/ejb/applet), cryptography/hashes. Also little XML (annotation config) use is nice. Are these features implemented and functional? Thanks for you attention, and hope I can start using Ki soon. -- View this message in context: http://n2.nabble.com/Apache-release-and-features-tp3057821p3057821.html Sent from the JSecurity User mailing list archive at Nabble.com.
