Carlos Sanchez wrote:
If ldap dependencies are only for testing it may be fine, you set them
to test scope and that's all. Other thing if they are required to run
because everybody using acegi and not needing ldap will get them or
will have to exclude.
That's more related with something I'd like to propose to 1.1 which is
splitting the core jar a bit more based on the dependencies and the
possible uses, eg. acegisecurity-web for people using it in a web
environment, depending in the servlet api and other web stuff,
something similar to what spring has made for 2.0.
In hindsight it would have been better to name the last official release
1.0.0 M1, rather than 1.0.0 RC1. Justifying calling it RC1 was that the
existing LDAP code had been in the sandbox for many months; the
project's maturity meant we'd very unlikely need many RCs before 1.0.0
final; we had hoped to include LDAP in RC1 but had unexpected
difficulties with Apache DS (which the Apache DS team have been
excellent in assisting with, BTW); RC2 will still be a direct drop-in
replacement for RC1 without a single change being required; the APR
guidelines expressly state that they don't apply to pre-1.0.0 libraries;
and the new LDAP source code does not introduce any new dependencies
except to run the actual unit tests. I've also been on record as stating
1.0.0 final will include LDAP - and LDAP support is a key capability of
most enterprise security products - so it cannot be credibly deferred
until 1.1.0. I therefore believe that we need to call the next release
1.0.0 RC2, and with a little luck it will be the last RC before 1.0.0
final is released.
In relation to segmenting the project into different JARs, are other
projects actually doing this? My first instinct is one of caution, as it
would seem to increase the complexity of using Acegi Security for those
(many) members of the community not using Maven 2. Also, would it mean
we need to break out the /core source directory into different
subprojects, as doing so would mean disruption to CVS. Just a question:
how does Ivy handle "optional" JARs, compared with Maven 2? Also, how
are we progressing with a Maven 2-based build of Acegi Security?
Returning to the original thread, does anyone have any comments on the
LDAP integration that Luke has checked in? I've had a look over it, sent
some suggestions to Luke (which he has already implemented), and believe
the level of abstraction strikes a good balance between out-of-the-box
simplicity without compromising extensibility. Would some people
actually using the sandbox-based LDAP classes please take a look and
report whether or not it would accommodate their environments.
Thanks
Ben
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
