shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ghislain Touratier <ghislain.tourat...@gmail.com>
Subject Re: Initial steps toward 2.0
Date Tue, 14 May 2013 01:30:36 GMT
Hi,

My 2 cents about the Shiro 2 Brainstorming:
(Don't know if it is the good thread for that)

* In the model of the AuthenticationStrategy, delegate logic of the
ModularRealmAutorizer to an AuthorizationStrategy that will play with the
new AuthorizationRequest/Response classes (already suggested somewhere I
think).

* Clarify/extend the role of the shiro Environment. Actually in the
"bootstrap/framework" related classes there are:
Environment: which is the provider of the security manager and eventual
other "main" objects.
SecurityUtils: convenient class which relies on a thread context (or a
static value) to provide the "current" security manager and subject, and
which may use the default subject builder.
It may be interesting to extend Environment to give it the responsability
to:
  - Provide the main objects (with at least the security manager and a
subject builder).
  - Provide the "current" context holder (a thing to bind/unbind subject,
and wrap callable/runnable) which can be by default based on the thread.
Thus SecurityUtils could then only rely on a static provider of environment
(which can return always the same instance, get it from the thread, from a
servlet context, from Guice Injector, the CDI BeanManager, a composition of
all, etc.)

* For the subject PrincipalCollection, it may be nice to have (in its
mutable version), an easy way to control the primary principal (instead of
just returning the first element in the collection).

* Some stuff currently in progress/discussed before but which don't appear
on the wiki:
  - The integration module for CDI based environment
  - A Multitenancy module

Regards.


2013/5/14 Les Hazlewood <lhazlewood@apache.org>

> As a matter of practice, we don't make estimates because people
> inevitably try to hold us to them ;)
>
> That caveat aside, my gut feeling is that it will take at least a few
> months (or more) of part-time development and continued discussion (I
> think most of the Shiro devs tinker with Shiro on nights and weekends
> as their time allows).  And that's just before an initial Alpha can be
> released, let alone a Beta or 2.0 final.
>
> Note that Java 1.6 is already publicly end-of lifed and it goes into
> 'long term premium support' by Oracle in Dec 2013, which is 7 months
> away.
>
> Les
>
> On Mon, May 13, 2013 at 12:54 PM, Martin Grigorov <mgrigorov@apache.org>
> wrote:
> > Hi,
> >
> > Do you have any estimations how long it will take until 2.0 is released ?
> > I think it is OK to require 1.7 now and even more by the time you are
> ready
> > with 2.0.
> > If someone cannot upgrade to Java 1.7 then Shiro 1.2.x will be still an
> > option.
> >
> >
> > On Mon, May 13, 2013 at 9:21 PM, Kalle Korhonen
> > <kalle.o.korhonen@gmail.com>wrote:
> >
> >> Don't have strong objections. I'm for JDK 1.7 for 2.0 for the same
> reasons
> >> as Les. What I see is a small percentage of companies still on JDK 1.5
> for
> >> whatever reasons but those on JDK 1.6 either planning on upgrading to
> JDK
> >> 1.7 or have already done so (but that's all anecdotal). We could even
> test
> >> the waters with an eventual alpha release of 2.0 with JDK 1.7 and if
> that
> >> doesn't fly too well, we could still downgrade in beta/GA release.
> >>
> >> Kalle
> >>
> >>
> >> On Mon, May 13, 2013 at 12:04 PM, Les Hazlewood <lhazlewood@apache.org
> >> >wrote:
> >>
> >> > I don't have any strong objections to this.  Does anyone else feel
> >> > strongly one way or another?
> >> >
> >> > On Mon, May 13, 2013 at 6:46 AM, Brian Demers <brian.demers@gmail.com
> >
> >> > wrote:
> >> > > I'm a little hesitent about dropping 1.6, as it may slow the
> adoption
> >> of
> >> > 2.0
> >> > >
> >> > > It is unfortunate, but 1.6 is likely to stay in production in many
> >> shops
> >> > > for a few years.
> >> > >
> >> > >
> >> > >
> >> > >
> >> > > On Sat, May 11, 2013 at 8:22 PM, Les Hazlewood <
> lhazlewood@apache.org
> >> > >wrote:
> >> > >
> >> > >> P.S. I also believe Shiro 2.x should target JDK 1.7 and above.
>  1.6 is
> >> > >> already past its public end-of-life period, and since it will
take
> a
> >> > >> little while to get a 2.0 version out, I'd hesitate to target
> >> > >> something that will be even that much more out of date.
> >> > >>
> >> > >> Anyone feel otherwise?
> >> > >>
> >> > >> Best,
> >> > >>
> >> > >> Les
> >> > >>
> >> > >> On Sat, May 11, 2013 at 5:18 PM, Les Hazlewood <
> lhazlewood@apache.org
> >> >
> >> > >> wrote:
> >> > >> > Hi dev team,
> >> > >> >
> >> > >> > I made the following initial changes in SVN to facilitate
> >> kickstarting
> >> > >> > development on Shiro 2.x:
> >> > >> >
> >> > >> > 1.  I moved (using 'svn move' to retain version history)
the
> >> existing
> >> > >> > trunk to a new 1.x branch located here:
> >> > >> > https://svn.apache.org/repos/asf/shiro/branches/1.x
> >> > >> >
> >> > >> > If we ever feel the need to release a 1.3 version before
2.0,
> this
> >> is
> >> > >> > the branch where that work would exist (also continuously
merging
> >> any
> >> > >> > bugfixes from 1.2.x into 1.x).
> >> > >> >
> >> > >> > 2.  I copied (using 'svn copy') this 1.x branch to what is
now
> the
> >> > >> > trunk here: https://svn.apache.org/repos/asf/shiro/trunk
> >> > >> >
> >> > >> > 3.  I'll be updating the poms to reflect version
> 2.alpha.0-SNAPSHOT
> >> > >> >
> >> > >> > I suspect we'll want to make some alpha and then beta releases
> >> before
> >> > >> > we release 2.0.0 final.  If you guys have any concerns or
ideas
> >> about
> >> > >> > the versioning scheme, please discuss.
> >> > >> >
> >> > >> > 4.  I'll start extracting config-specific things (Ini-specific
> >> > >> > configuration mechanisms, etc) to a separate config module.
>  Please
> >> > >> > review (and edit)
> >> > >> >
> >> > >>
> >> >
> >>
> https://cwiki.apache.org/confluence/display/SHIRO/Version+2+Brainstorming
> >> > >> > with any additional ideas related to this effort so we can
> discuss.
> >> > >> >
> >> > >> > All of the above actions are based on our previous 'Spring
> Cleaning'
> >> > >> > thread discussion so I don't think anyone would have issues
with
> >> this.
> >> > >> >  They are easily reversible however, so let me know if you
have
> >> > >> > concerns.
> >> > >> >
> >> > >> > Thanks,
> >> > >> >
> >> > >> > Les
> >> > >>
> >> >
> >>
> >
> >
> >
> > --
> > Martin Grigorov
> > Wicket Training & Consulting
> > http://jWeekend.com <http://jweekend.com/>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message