I'm not quite sure of the roadmap for our first release - we need to discuss it on the dev list. I'll bring that up on the dev list shortly - I do think it is about time to finalize Jira issues around an initial release.
On Mon, Nov 30, 2009 at 4:56 AM, javamallu <[email protected]> wrote: > > > Hi, > > Our team is interested in using Shiro as our security framework for our > project. Would like to check with you about the roadmap for shiro and > tentative date for shiro official release. > > Thanks > > Les Hazlewood-2 wrote: >> >> Yep, the inactivity has been mostly to things halting pending the name >> change. Once that is rounded out (mailing lists, jira, etc), we'll go >> back >> into full swing. >> >> The latest 0.9.0 final release is definitely stable - many, many people >> use >> that in production environments, particularly the many Grails JSecurity >> plugin users, which uses 0.9 final under its groovy wrappings. >> >> Please feel free to try things out, and give us your feedback. We're of >> course open to any suggestions you may have along the way - and if you >> find >> something that isn't yet implemented or might need tweaking a bit and >> you've >> got a solution, by all means add that to a Jira issue so we can include >> it. >> The framework is mostly where it is today because of user feedback :) >> >> Obviously there is Spring Security out there and that might be suitable. >> This project differs a bit in that is based on the premise of two core >> concepts: ability to function in any environment (not just Spring) and >> great >> simplicity/ease-of-use. Each framework has its place, but once we hit 1.0 >> and eventually graduate, we think we'll be able to service more people. >> But >> also because most of the core devs love Spring themselves, you'll find >> that >> we have superb Spring integration as well. Definitely try both if you're >> using Spring - it might be a preference thing at the end of the day. >> >> Anyway, I hope your experience goes well. You'll find that the end-user >> API >> is just a dream to work with and is uber simple. The configuration can be >> a >> little complicated at times, but we've gone through great lengths to >> simplify that as best as possible. Let us know how it goes. >> >> Cheers, >> >> Les >> >> On Wed, Jun 10, 2009 at 4:04 PM, mad rug <[email protected]> wrote: >> >>> Thanks for the *very* timely response ;-) >>> >>> Sorry about the instability thing. I wasn't talking about the project >>> itself, but rather about using a development snapshot. About that, what >>> version would be more suitable for production environment? Considering >>> that >>> will be another name change soon (shiro), using JSecurity may be no >>> problem, >>> as some refactoring will be needed anyway. >>> >>> Good to know about the annotation support. I just used EJB so far, but >>> knowing this, I'll take some time on Spring beans (also, my other top >>> candidate framework is Spring Security... :-P ). >>> >>> Hope I can some good support if I choose Ki, I mean, Shiro. I liked it >>> because it described exactly what I needed, no boilerplate and highly >>> dynamic... pretty much custom-tailored for my needs :D . I was a bit >>> afraid >>> that this project was half-abandoned (issues list, few user questions >>> lately...) but I figured it was because of the whole name change thing. >>> >>> Best regards >>> >>> >>> On Wed, Jun 10, 2009 at 4:42 PM, Les Hazlewood >>> <[email protected]>wrote: >>> >>>> Hi, >>>> >>>> Apache 'Ki' has recently gone through a name change within the Apache >>>> Incubator - it is now called 'Apache Shiro'. >>>> >>>> But our name instability aside ;), the project as a code base is pretty >>>> stable - the project is over 4 1/2 years old after all, with most of >>>> that >>>> time as a SourceForge project - we have only within the last year moved >>>> to >>>> the Apache Incubator. There are more than a few of us using it in >>>> production applications, quite a few of which service hundreds of >>>> thousands >>>> of users per day. Note that being in the Apache Incubator is _not_ a >>>> sign >>>> of instability. All projects must go through the Incubator as part of a >>>> clearing process, no matter if they're 10 years old or 1 month old. >>>> >>>> The project is not 1.0 as of yet because we were waiting to finalize our >>>> new name. Now that this has been done, I think we can aggressively move >>>> towards 1.0 again. This will be our first apache release under the >>>> org.apache.shiro.* package space. >>>> >>>> So, as to our feature set on the about pages, everything that is listed >>>> is >>>> implemented and functional. Annotation support is mostly >>>> container-specific, and we don't have Annotations for EJB3 containers >>>> working yet (just Spring environments). That would be on the list for >>>> 1.0. >>>> The only things that are not yet functional are those listed in Jira >>>> scheduled for the 1.0 release, which, again, we can now start attacking >>>> with >>>> vigor. >>>> >>>> Anyway, I hope that helps clarify the state of things. Feel free to ask >>>> more questions. I can say that, if you choose to use the project, >>>> you'll >>>> find that most users receive decent support on the mailing lists and >>>> usually >>>> find what they need. That you've already joined the list is more than >>>> half >>>> of the effort in getting support ;) >>>> >>>> Best, >>>> >>>> Les >>>> >>>> >>>> On Wed, Jun 10, 2009 at 3:24 PM, mad.rug <[email protected]> wrote: >>>> >>>>> >>>>> Hi >>>>> >>>>> I need a security framework for a web app I'm developing, and Apache Ki >>>>> sounded like a great solution for me. After a bit of research about Ki, >>>>> a >>>>> few issues bother me, and I'd like to clarify them before choosing my >>>>> security framework. >>>>> >>>>> First, there is no Apache release yet, I've built from source, but I'm >>>>> a >>>>> bit >>>>> afraid of stability of this code. I could use the last JSecurity >>>>> release, >>>>> but that would force me to do some code refactoring when the Apache >>>>> release >>>>> arrives. Is there any estimate for this release? Or should I use >>>>> JSecurity >>>>> (better for production)? >>>>> >>>>> Second, Ki is not 1.0 yet. The project may be already perfectly >>>>> functional >>>>> (it is long running anyway) as it is but I don't know if there are >>>>> major >>>>> functionalities still not implemented, but taking a look at Jira, todo >>>>> includes 'Run as', Digest and some other. Reading the 'welcome' and >>>>> 'about', >>>>> the features I need were all addressed, but I'd like to know if they >>>>> are >>>>> already implemented (in JSecurity 0.9 or current Apache snapshot): JDBC >>>>> authentication, fine grained authorization, roles, users, dynamically >>>>> added/updated roles/users/permissions, caching, heterogeneous client >>>>> session >>>>> access (web/ejb/applet), cryptography/hashes. Also little XML >>>>> (annotation >>>>> config) use is nice. Are these features implemented and functional? >>>>> >>>>> Thanks for you attention, and hope I can start using Ki soon. >>>>> -- >>>>> View this message in context: >>>>> http://n2.nabble.com/Apache-release-and-features-tp3057821p3057821.html >>>>> Sent from the JSecurity User mailing list archive at Nabble.com. >>>>> >>>>> >>>> >>> >> >> > > -- > View this message in context: > http://n2.nabble.com/Apache-release-and-features-tp3057821p4086796.html > Sent from the Shiro User mailing list archive at Nabble.com. >
