HomeSupportForumsGeneralGeneral Discussion

documentation please

Sat, 09/08/2007 - 8:24pm — afsina
i have seen this project by coincidence and looks promising. we used acegi in our projects bur i despise the configuration of acegi and steep leanring curve. . but if you want anybody to use this library you need solid and simplified documentation + lots of examples..
‹ JSecurity 0.2.0 PR1 Released! JSecurity Build Environment/Infrastructure ›
Sat, 09/08/2007 - 9:55pm — lhazlewood

Hi!

Hi!

Thanks very much for the encouragement and recommendations. We heartily agree with you!

We'll be releasing 0.2 this week (hopefully by tomorrow night), and the week after that we'll have some much better documentation.

Best regards,

Les Hazlewood

Sun, 09/09/2007 - 6:29pm — afsina

good

Good to know that there will be a new release and documentation. There are two more things i would like to see. Very good Java 5 and annotations support (meaning very few or no configuration ) and support for rich client applications. for example, in the current project we are using Hessian, and i am still struggling making it work with acegi's basic authentication mechanism.
Thu, 09/13/2007 - 7:39am — jhaile

afsina,Thanks for your

afsina,

Thanks for your feedback.  As Les mentioned, we do have pretty good annotations support so that methods can be annotated to only allow users with a particular role or permission to execute them.  These annotations are currently being used in the Spring sample application which is checked in to subversion and is available in the sources release.   For an example, check out the SampleManager.  (only shows role-based, although we offer permission-based annotations as well)  Setting up the annotations with Spring only requires a single bean definition (in addition to spring's boilerplate DefaultAdvisorAutoProxyCreator being declared).

As Les said, we'd love to better support your needs.  Please give us a clearer picture of what you are trying to accomplish so we can make sure JSecurity handles those needs well! 

Mon, 09/10/2007 - 12:08pm — lhazlewood

Hi!

Hi!

We do have some Java 5 annotations, but they are for Authorization - i.e. if a user is allowed to execute a method or not.

For example:

@RolesRequired( "administrator" )
public void createUser( User newUser ) { ... }

there is a similar @PermissionsRequired annotation as well for more granular control.

Also, there is already simple support for rich client applications. In fact, the Spring sample application shows such a set up.

A session is created and logged-in via a web page. Then, the Swing WebStart app is launched, attaching the previously created sessionId as an init parameter. The webstart app then uses that sessionId to communicate with the server thereafter.

If you want to start a session and authenticate in the rich client first (i.e. the rich client is launched before interacting w/ the server), that is relatively easy to do, but we don't have immediate support for it yet. You could create a Jira issue, and I'd be quite happy to add it as soon as possible!

(It'd be pretty easy - we would just have to create a remoting proxy to the server-side SecurityManager and use a DelegatingSecurityContext that communicates with this proxy for all security operations).

Pleae create a Jira issue explaining your needs/desires, and we'll make it a priority!

Thanks!

Les