incubator-shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Grzegorz Borkowski <>
Subject Re: Problematic first steps with JSecurity
Date Wed, 15 Oct 2008 14:25:58 GMT

Les, thanks for your help.

1. I agree user manual or something similar would be very helpful, and I
agree with your reasoning about 0.9 and 1.0 version in this domain. And
JavaDoc is really of high quality.

2. As I said before, I believe that the Maven pom files are extremely
important, especially for open source projects. It's not that maven is
perfect as a build tool, but the real value is the pom file which provides
you with fantastic set of metadata (you may not like the xml syntax - that's
other thing). Pom file makes your project really portable accross
environements and IDEs, simplifies setup, simplifies using it as library
with other projects etc. If you use it for actual building or not is another
thing (though personally I don't see the reason for not using it). If I have
time and find JSecurity useful, perhaps I will add the required poms for
simple applications, as this is probably not much work. Still it's good you
have the main pom.xml file in the project.

3. The "global" jsecurity setting for filters makes now sense for me. I even
found the loginUrl property - it was inherited by FormAuthenticationFiler,
what I haven't noticed before. I think I like this global setting more than
variables, but obviously variable can be useful too.

4.Regarding default users settings - that's interesting. I found the
properties file, it is actually called
org\jsecurity\realm\text\ This can be
useful for jumpstarting, but it should be also clearly explained that it is
installed by deafult! Please at least update the QuickStart article on
JSecurity page to mention this fact - I was really puzzled how it can work
without defining users and roles somewhere! 
One thing is not clear for me: I undertand those default users are linked to
some realm. How is this realm defined? How can I be sure it will not be
active in production? I don't see any [realms] or so section in
JSecurityFilter config. And more generally: how do I turn off the default
settings (e.g. turn off basic http authentication filter?)

Recently I was trying to learn Spring Security, especially ACL
functionality. I have even published my results here:

- you may look at it in your free time. I will try to implement similar
sample application in JSecurity now, and will let you know about results.
View this message in context:
Sent from the JSecurity Developer mailing list archive at

View raw message