status of spring security 2M1

[tiborb]

Hi,

we are going to develop new web application and we planned to use acegi for authentication & authorization. We want to use ACL module. Is code under 2M1 ready to be used or should we stay at 1.0.5 ? Are there any significant improvements in 2M1 (particularly in new ACL module)? I was unable to find any roadmap for 2M1.

[ralph.poellath]

I would also like to know what the future ACL support will look like (and I don't have the time to dig into the code).

The "new" ACL module has been around as a "preview" for about a year now (IIRC).

[Luke Taylor]

Hi,

we are going to develop new web application and we planned to use acegi for authentication & authorization. We want to use ACL module. Is code under 2M1 ready to be used or should we stay at 1.0.5 ? Are there any significant improvements in 2M1 (particularly in new ACL module)? I was unable to find any roadmap for 2M1.

2M1 hasn't been released yet. "Ready to be used" will probably depend on what features you want to use, but there will be a lot of changes some of which probably won't be backwards compatible (e.g. migration of LDAP to make use of Spring LDAP). But then again backwards compatibility issues will often only occur if you are using customized classes. Namespace-based configuration will greatly simplify some configuration tasks, but is still being written. So stick with 1.0.5 if you want stability as there are no guarantees regarding the current trunk codebase. Of course, there is nothing to stop you trying it out to get a feel for new features and how easy the migration path might be.

The roadmap can be viewed in Jira.