Scott McCrory wrote:
Ben,
Excellent, sounds like a well thought-out plan towards 1.0.
I'd recommend an "in-between" approach for the container adapters. I agree that including lightly-used, non-portable modules in the main distribution can lead to expectations that they be maintained as fully as the core. However, there is potentially a lot of value in having them available with documentation and samples, and you never know which of them may become heavily used over the next year.
As you already know, app security is a big problem space that Acegi helps a lot with, but everyone historically has taken different approaches to the problem so there's a lot to think through when incorporating Acegi into their project (add to that Spring IoC/DI - something new to most developers). The good thing is that container adapters, documentation and samples can help a lot with the initial learning curve since it helps the developer get a working prototype up and running faster in the environment they need to operate in, and I'd posit that there will be a handful of popular ones to boil out over 2005, probably including Siteminder (but that may just be my own environment talking).
So what's a middle-ground? Perhaps keep them in the same project, but distribute them out into separate, optional JARs, a la Hibernate-Tools and document them in addendums of the main reference, and then clarify that these are platform-dependant without official owners, so they aren't considered part of the core product. Not a bad idea to try to pin an owner on each one nonetheless... Just thinking out loud - take or discard as you wish...!
Scott
Hi Scott
The adapters are already in separate Maven subprojects and have different JAR artifacts generated. We also document the preferred (filter-based) solution nearly everywhere, so I don't think people would use container adapters without being aware they're generally discouraged. You've made some good points though about easing the transition from traditional Servlet Spec security to Acegi Security, and the increased adoption scenarios likely once 1.0.0 is released. It seems appropriate therefore to leave them alone and not deprecate.
I'd be happy to hear from volunteers, though, who may wish to maintain each container adapter.
Ben
------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
