Hi Jesse,
Peter Ledbrook, the JSecurity Grails plugin maintainer has been doing
a great job getting JSecurity cleanly integrated. After I release
JSecurity 1.0 in a week or two, he'll implement the necessary changes
in the plugin as soon as his time permits.
As far as a full Acegi comparison is concerned, I'm afraid I don't
know exactly what low level parts are different from either
framework. I do know that Authentication, Authorization, pluggable
authentication modules (JSecurity calls these 'Realms'), remember me
login, securing URLs, etc, are all supported already (or will be in
1.0). It is the low-level comparison where I'm not knowledgeable. I
do know one big difference between the two frameworks is that
JSecurity's Session management infrastructure is second to none -
there are no other frameworks available that can do what it does
(Acegi doesn't provide any such functionality to the best of my
knowledge).
One of the other things I'm happy with is that JSecurity was built
from the ground up to work without Spring, but still be perfectly
Spring 'integratable'. I.e. It was built with Dependency Injection
always in mind, because I personally use Spring for everything - I
wanted perfect support, but still not be tied to Spring from an
architectural or even implementation perspective. But it worked out
quite well, and JSecurity's full Spring support (including AOP
annotations) is only like 4 or 5 classes :) It also can integrate
with PicoContainer or Google Guice and the new JBoss Microcontainer
seamlessly. (I know Acegi wasn't designed like this from the
beginning, but their team has made great strides to eliminate this
problem now).
And just let me be clear to everyone - I have a tremendous amount of
respect for Ben Alex and the rest of the Acegi team. We just do
things a little differently and think about things differently. I'd
like to say that JSecurity is far easier to understand, and that a lot
of things just 'make sense', with low configuration, but I am
definitely biased - but it is what I strive for. I want an insanely
low learning curve :) It is my opinion that a security framework
(most frameworks in fact) should just stay out of your way and do as
much as they can on your behalf without much intervention. I guess a
purely subjective comparison that I often think of is that I feel
JSecurity is to Acegi as say, Sitemesh is to Tiles - both are great,
and do mostly the same things, but their approaches differ.
And as to my location, I'm sad to say that I'm not close to
Minnesota :/ I live and work in Atlanta, so that would be a bit of a
trip for me. I've given some JUG presentations, but I plan to have
some screencasts eventually on
jsecurity.org to alleviate the travel
problem.
Anyway, when you start using JSecurity, please drop me a line or post
in our forums. I'm eager to help people out and listen to suggestions
(and constructive criticism!) to make the framework better for
everyone. But if we do our job well enough, perhaps we might not hear
from you at all ;)
Best regards,
Les
On Jan 17, 2:11 pm, "Jesse O'Neill-Oine" <
je...@refactr.com> wrote:
> Awesome, thanks for chiming in Les. I've used Acegi in my apps thus far,
> because I wasn't aware of JSecurity. I have been less than thrilled with
> the Acegi plugin for Grails, though, so if JSecurity 1.0 has good Grails
> support it may just be enough for me to switch. How close would you say you
> are to parity with Acegi at this point? What parts are missing?
>
> Unrelated: Are you local? I'm just curious and if you are would love to
> have a presentation about JSecurity if you're interested. :)
>
> Jesse
>
> --
> ----------------------------------------------------------
> Refactr LLC //
http://refactr.com
> mobile //
612-670-5037
> ----------------------------------------------------------