Les, thanks for your help. 1. I agree user manual or something similar would be very helpful, and I agree with your reasoning about 0.9 and 1.0 version in this domain. And JavaDoc is really of high quality.
2. As I said before, I believe that the Maven pom files are extremely important, especially for open source projects. It's not that maven is perfect as a build tool, but the real value is the pom file which provides you with fantastic set of metadata (you may not like the xml syntax - that's other thing). Pom file makes your project really portable accross environements and IDEs, simplifies setup, simplifies using it as library with other projects etc. If you use it for actual building or not is another thing (though personally I don't see the reason for not using it). If I have time and find JSecurity useful, perhaps I will add the required poms for simple applications, as this is probably not much work. Still it's good you have the main pom.xml file in the project. 3. The "global" jsecurity setting for filters makes now sense for me. I even found the loginUrl property - it was inherited by FormAuthenticationFiler, what I haven't noticed before. I think I like this global setting more than variables, but obviously variable can be useful too. 4.Regarding default users settings - that's interesting. I found the properties file, it is actually called org\jsecurity\realm\text\default-jsecurity-users.properties. This can be useful for jumpstarting, but it should be also clearly explained that it is installed by deafult! Please at least update the QuickStart article on JSecurity page to mention this fact - I was really puzzled how it can work without defining users and roles somewhere! One thing is not clear for me: I undertand those default users are linked to some realm. How is this realm defined? How can I be sure it will not be active in production? I don't see any [realms] or so section in JSecurityFilter config. And more generally: how do I turn off the default settings (e.g. turn off basic http authentication filter?) Recently I was trying to learn Spring Security, especially ACL functionality. I have even published my results here: http://grzegorzborkowski.blogspot.com/2008/10/spring-security-acl-very-basic-tutorial.html http://grzegorzborkowski.blogspot.com/2008/10/spring-security-acl-very-basic-tutorial.html - you may look at it in your free time. I will try to implement similar sample application in JSecurity now, and will let you know about results. -- View this message in context: http://n2.nabble.com/Problematic-first-steps-with-JSecurity-tp1316205p1336981.html Sent from the JSecurity Developer mailing list archive at Nabble.com.
