First of, I want to say that what you've done is great. I was looking for a framework to help me setup security in our platform and Shiro is exactly what I needed. It's a simple framework that do not pretend to perform everything for you and (best of all) it's "embeddable" in any situation. It does not provide built-in audits (which is a requirement I have), but I can easily do that myself using the events generated by the framework.
In my case, the situation is not a web app and not a spring container. We want to perform authorization based on annotations for seamless development and integration. However I realized that it is not currently available for me... only spring-aop can do this for now. I looked in the forums and I found that I'm not the only one that want's to do that. So I decided to jump in and do what it needed to use aspectj for what I wanted to do (validating actions programmatically is not really an option for me). I currently have a prototype working and I need to work on the run-time now: integration of the compiler and/or the code weaving (in a seamless manner). But nonetheless, I thing it could be a great addition to Shiro. Would you guys be interested in a donation so that the community can benefit??? Regards, J-C
