Not really sure how Howard feels regarding the whole security question, but for my money I've seen the "built-in" security framework idea blow up again and again. Most of the company's I've worked for already have security frameworks in place that their applications simply have to use. Therefore trying to juggle between a framework's built-in security versus that of a proprietary internal one can be a nightmare.
I don't disagree that default implementations or schemes should be made available, but this is certainly a feature no one should be forced to use or even download. To me, it would be better if this were a separate module that wrapped the existing micro-kernel and provides a wall through which all communications must pass. Otherwise, any bug fixes to the security can have serious implications on the product's release. Likewise, built-in security generally means more unmaintainable code when coupled with the container. Just my two cents. Cheers. On 6/26/07, Joshua Jackson <[EMAIL PROTECTED]> wrote:
Dear all, I'm quite happy currently trying out T5 now. And I really like the T5 IoC concept compared to other IoC container. - I really like how it has (or will have) built in AJAX components. - I really like how easy it is to create custom components compared to other component based web framework. - I also like the integration with hibernate. It's just too damn simple and works out of the box. - I really like the GridPager component (though it got me struggle to work it out :P). I don't know any other web framework that has built in pager component. Everything just seems to be so natural and how a web framework should have been. But I have a questions here. With the so complete features that I have just mentioned, will Tapestry 5 have the vision to be a full stack framework in the future? Some features that I think will be great to be added if T5 will be a full stack framework is: - Built in security or user authentication and authorization. I must admit that using Acegi for the security is just unnecessary because I will need Spring just to get Acegi running. And I will have 2 IoC container in my apps. I think T5 IoC already have the features (like the decorator) to make security feature made available. - Built in declarative transaction, since there's already tapestry-hibernate module. I don't know whether this is possible, but when I read the T5 IoC decorator feature, I think I can start and end transaction before and after I invoke a method. Is it possible? Well that's my opinion and some ideas I came up with. Hopefully it can come true. And thank you so much for making T5. I can see that it will be a great framework in the future. Keep up the good work guys. Hats off for you people -- Let's create a highly maintainable and efficient code YM!: thejavafreak Blog: http://www.nagasakti.or.id/roller/joshua/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- Gotta find my destiny, before it gets too late.-- Ian Curtis
