I think the most convincing argument to placing the integration point in Acegi is that one day there could be other Captcha implementations. Acegi based Captcha interfaces and adapters allows people to swap their implementations in/out as the need arise ... in the spirit of Spring and Acegi!
I'll post my raw code in JIRA so you take a look. ----- Original Message ----- From: "Ben Alex" <[EMAIL PROTECTED]> To: <acegisecurity-developer@lists.sourceforge.net> Sent: Sunday, June 26, 2005 12:37 AM Subject: Re: [Acegisecurity-developer] Captcha > Marc-Antoine Garrigue wrote: > > > Ben Alex told me recently that the API is now stabilized and thus we > > planned to share our code before two weeks and release it this summer. > > What is your opinion about the plan? > > Hi George and Marc-Antoine > > George, if you post your code against the JIRA task I would be pleased > to take a look and explore integration. > > Marc-Antoine, I believe the Acegi Security-JCaptcha integration would be > better maintained within the Acegi Security project, for a few reasons: > > * I would like to give Acegi Security users the benefits of JCaptcha > without having to download it separately. People will like seeing > JCaptcha demonstrated in the Contacts sample application included with > Acegi Security. Many people cut 'n' copy the sample code into their own > application, so many will keep the JCaptcha integration. In reverse, I > cannot imagine JCaptcha having a sample application that demonstrates > Acegi Security features. > * The specific approach to JCaptcha integration with Acegi Security > configuration attributes, filter security interceptor, the ThreadLocal > and Authentication object is likely to develop over time. As decisions > about when to invoke JCaptcha and record the outcome are more concerns > of Acegi Security, it seems more desirable the integration be managed in > the latter's source code. > * Luke is well-progressed on a web.xml to Acegi Security migration tool > (http://opensource.atlassian.com/projects/spring/browse/SEC-1). In a > later version we will include as part of the wizard process a question, > "would you like JCaptcha services?" or similar. This will allow people > addressing their webapp security to adopt JCaptcha. We can only ask this > question if JCaptcha is included with Acegi Security. > * In terms of exposure by where to bundle, many Spring users who > download Acegi Security would be unaware of JCaptcha. So bundling > JCaptcha with Acegi Security will increase exposure of JCaptcha. On the > other hand, Spring users who download JCaptcha will probably already be > aware of Acegi Security (due to the forum, reference documentation, > subproject status, several books on it etc). I cannot therefore see > Acegi Security increasing its user base by being bundled with JCaptcha, > whereas I can see an exposure benefit to JCaptcha by being bundled with > Acegi Security. > * Acegi Security already bundles the CAS client, so a precedent has been > set of placing third party project integration within Acegi Security. > The CAS integration demonstrates what I was referring to earlier about > the integration being more tightly coupled with Acegi Security than CAS, > with the latter offering well-defined protocol standards. > * JCaptcha has currently had 4,498 downloads > (http://sourceforge.net/project/stats/index.php?group_id=97877&ugn=jcaptcha&; type=&mode=alltime) > whilst Acegi Security has currently had 21,468 > (http://sourceforge.net/project/stats/index.php?group_id=104215&ugn=acegisec urity&type=&mode=alltime). > Both projects have been around for a similar length of time. Given this, > it seems reasonable to have greater confidence in my earlier point that > JCaptcha exposure would increase through being bundled with Acegi > Security, as opposed to the other way around. > > It would be good to work with you on this. If you wanted to maintain the > JCaptcha integration within Acegi Security, I would be pleased to give > you CVS access to ensure ongoing integration compatibility. > > I welcome other people's comments on this. I am just trying to achieve > maximum awareness and exposure for both projects, as JCaptcha is a good > solution which I know people will use if it's easy for them to do so. > > Cheers > Ben > > > ------------------------------------------------------- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click > _______________________________________________ > Home: http://acegisecurity.sourceforge.net > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
