Hi,

I've just completed a project with Rails (a once off project), and setting up security was a breeze using a plugin called Authlogic - all database tables and logic were "just there" after running the "gem install authlogic".

I would like to know if something similar is in the pipeline for Roo.

I've followed the tutorial at http://grzegorzborkowski.blogspot.com/2008/10/spring-security-acl-very-basic-tutorial.html, but can't help feeling that having a default ACL implementation from the command line would be much better eg. "security-acl setup"

This is undoubtedly one of the best Java frameworks out there, and having this feature will take the product one step closer to saving developers hours of configuration and coding.

We do intend to improve Roo's Spring Security add-on, but to be entirely honest ACL-level security is a relatively unusual requirement. I know this as I wrote both the original and the current Spring Security ACL features and I know the frequency it is used is relatively low compared with Spring Security authorization capabilities more generally.

Given the above ACL services within the Spring Security add-on is not currently on the roadmap, although I would certainly welcome you opening a Jira ticket and enumerating your ideas on what it should do (perhaps with examples from your Authlogic usage experience). In the first half of 2010 we'll be spending some time enhancing integration with other Spring portfolio projects. Having specific ideas on what the community would like in terms of portfolio integration is extremely useful to us in determining what to work on first.