Marc-Antoine Garrigue wrote:
Ben Alex told me recently that the API is now stabilized and thus we
planned to share our code before two weeks and release it this summer.
What is your opinion about the plan?
Hi George and Marc-Antoine
George, if you post your code against the JIRA task I would be pleased
to take a look and explore integration.
Marc-Antoine, I believe the Acegi Security-JCaptcha integration would be
better maintained within the Acegi Security project, for a few reasons:
* I would like to give Acegi Security users the benefits of JCaptcha
without having to download it separately. People will like seeing
JCaptcha demonstrated in the Contacts sample application included with
Acegi Security. Many people cut 'n' copy the sample code into their own
application, so many will keep the JCaptcha integration. In reverse, I
cannot imagine JCaptcha having a sample application that demonstrates
Acegi Security features.
* The specific approach to JCaptcha integration with Acegi Security
configuration attributes, filter security interceptor, the ThreadLocal
and Authentication object is likely to develop over time. As decisions
about when to invoke JCaptcha and record the outcome are more concerns
of Acegi Security, it seems more desirable the integration be managed in
the latter's source code.
* Luke is well-progressed on a web.xml to Acegi Security migration tool
(http://opensource.atlassian.com/projects/spring/browse/SEC-1). In a
later version we will include as part of the wizard process a question,
"would you like JCaptcha services?" or similar. This will allow people
addressing their webapp security to adopt JCaptcha. We can only ask this
question if JCaptcha is included with Acegi Security.
* In terms of exposure by where to bundle, many Spring users who
download Acegi Security would be unaware of JCaptcha. So bundling
JCaptcha with Acegi Security will increase exposure of JCaptcha. On the
other hand, Spring users who download JCaptcha will probably already be
aware of Acegi Security (due to the forum, reference documentation,
subproject status, several books on it etc). I cannot therefore see
Acegi Security increasing its user base by being bundled with JCaptcha,
whereas I can see an exposure benefit to JCaptcha by being bundled with
Acegi Security.
* Acegi Security already bundles the CAS client, so a precedent has been
set of placing third party project integration within Acegi Security.
The CAS integration demonstrates what I was referring to earlier about
the integration being more tightly coupled with Acegi Security than CAS,
with the latter offering well-defined protocol standards.
* JCaptcha has currently had 4,498 downloads
(http://sourceforge.net/project/stats/index.php?group_id=97877&ugn=jcaptcha&type=&mode=alltime)
whilst Acegi Security has currently had 21,468
(http://sourceforge.net/project/stats/index.php?group_id=104215&ugn=acegisecurity&type=&mode=alltime).
Both projects have been around for a similar length of time. Given this,
it seems reasonable to have greater confidence in my earlier point that
JCaptcha exposure would increase through being bundled with Acegi
Security, as opposed to the other way around.
It would be good to work with you on this. If you wanted to maintain the
JCaptcha integration within Acegi Security, I would be pleased to give
you CVS access to ensure ongoing integration compatibility.
I welcome other people's comments on this. I am just trying to achieve
maximum awareness and exposure for both projects, as JCaptcha is a good
solution which I know people will use if it's easy for them to do so.
Cheers
Ben
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
