Yep, the inactivity has been mostly to things halting pending the name change. Once that is rounded out (mailing lists, jira, etc), we'll go back into full swing.
The latest 0.9.0 final release is definitely stable - many, many people use that in production environments, particularly the many Grails JSecurity plugin users, which uses 0.9 final under its groovy wrappings. Please feel free to try things out, and give us your feedback. We're of course open to any suggestions you may have along the way - and if you find something that isn't yet implemented or might need tweaking a bit and you've got a solution, by all means add that to a Jira issue so we can include it. The framework is mostly where it is today because of user feedback :) Obviously there is Spring Security out there and that might be suitable. This project differs a bit in that is based on the premise of two core concepts: ability to function in any environment (not just Spring) and great simplicity/ease-of-use. Each framework has its place, but once we hit 1.0 and eventually graduate, we think we'll be able to service more people. But also because most of the core devs love Spring themselves, you'll find that we have superb Spring integration as well. Definitely try both if you're using Spring - it might be a preference thing at the end of the day. Anyway, I hope your experience goes well. You'll find that the end-user API is just a dream to work with and is uber simple. The configuration can be a little complicated at times, but we've gone through great lengths to simplify that as best as possible. Let us know how it goes. Cheers, Les On Wed, Jun 10, 2009 at 4:04 PM, mad rug <[email protected]> wrote: > Thanks for the *very* timely response ;-) > > Sorry about the instability thing. I wasn't talking about the project > itself, but rather about using a development snapshot. About that, what > version would be more suitable for production environment? Considering that > will be another name change soon (shiro), using JSecurity may be no problem, > as some refactoring will be needed anyway. > > Good to know about the annotation support. I just used EJB so far, but > knowing this, I'll take some time on Spring beans (also, my other top > candidate framework is Spring Security... :-P ). > > Hope I can some good support if I choose Ki, I mean, Shiro. I liked it > because it described exactly what I needed, no boilerplate and highly > dynamic... pretty much custom-tailored for my needs :D . I was a bit afraid > that this project was half-abandoned (issues list, few user questions > lately...) but I figured it was because of the whole name change thing. > > Best regards > > > On Wed, Jun 10, 2009 at 4:42 PM, Les Hazlewood <[email protected]>wrote: > >> Hi, >> >> Apache 'Ki' has recently gone through a name change within the Apache >> Incubator - it is now called 'Apache Shiro'. >> >> But our name instability aside ;), the project as a code base is pretty >> stable - the project is over 4 1/2 years old after all, with most of that >> time as a SourceForge project - we have only within the last year moved to >> the Apache Incubator. There are more than a few of us using it in >> production applications, quite a few of which service hundreds of thousands >> of users per day. Note that being in the Apache Incubator is _not_ a sign >> of instability. All projects must go through the Incubator as part of a >> clearing process, no matter if they're 10 years old or 1 month old. >> >> The project is not 1.0 as of yet because we were waiting to finalize our >> new name. Now that this has been done, I think we can aggressively move >> towards 1.0 again. This will be our first apache release under the >> org.apache.shiro.* package space. >> >> So, as to our feature set on the about pages, everything that is listed is >> implemented and functional. Annotation support is mostly >> container-specific, and we don't have Annotations for EJB3 containers >> working yet (just Spring environments). That would be on the list for 1.0. >> The only things that are not yet functional are those listed in Jira >> scheduled for the 1.0 release, which, again, we can now start attacking with >> vigor. >> >> Anyway, I hope that helps clarify the state of things. Feel free to ask >> more questions. I can say that, if you choose to use the project, you'll >> find that most users receive decent support on the mailing lists and usually >> find what they need. That you've already joined the list is more than half >> of the effort in getting support ;) >> >> Best, >> >> Les >> >> >> On Wed, Jun 10, 2009 at 3:24 PM, mad.rug <[email protected]> wrote: >> >>> >>> Hi >>> >>> I need a security framework for a web app I'm developing, and Apache Ki >>> sounded like a great solution for me. After a bit of research about Ki, a >>> few issues bother me, and I'd like to clarify them before choosing my >>> security framework. >>> >>> First, there is no Apache release yet, I've built from source, but I'm a >>> bit >>> afraid of stability of this code. I could use the last JSecurity release, >>> but that would force me to do some code refactoring when the Apache >>> release >>> arrives. Is there any estimate for this release? Or should I use >>> JSecurity >>> (better for production)? >>> >>> Second, Ki is not 1.0 yet. The project may be already perfectly >>> functional >>> (it is long running anyway) as it is but I don't know if there are major >>> functionalities still not implemented, but taking a look at Jira, todo >>> includes 'Run as', Digest and some other. Reading the 'welcome' and >>> 'about', >>> the features I need were all addressed, but I'd like to know if they are >>> already implemented (in JSecurity 0.9 or current Apache snapshot): JDBC >>> authentication, fine grained authorization, roles, users, dynamically >>> added/updated roles/users/permissions, caching, heterogeneous client >>> session >>> access (web/ejb/applet), cryptography/hashes. Also little XML (annotation >>> config) use is nice. Are these features implemented and functional? >>> >>> Thanks for you attention, and hope I can start using Ki soon. >>> -- >>> View this message in context: >>> http://n2.nabble.com/Apache-release-and-features-tp3057821p3057821.html >>> Sent from the JSecurity User mailing list archive at Nabble.com. >>> >>> >> >
