Details

    • Type: Task Task
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.0.0 RC1
    • Component/s: None
    • Labels:
      None

      Description

      We've decided to sandbox the current captcha integration layer since the original contributor is no longer actively maintaining it.

        Issue Links

          Activity

          Hide
          Jon Osborn added a comment -

          Luke, I'd be happy to maintain the captcha code.

          Jon

          Show
          Jon Osborn added a comment - Luke, I'd be happy to maintain the captcha code. Jon
          Hide
          Ben Alex added a comment -

          Thanks for the offer to maintain the integration, although at this stage we're going to leave it in the sandbox. The rationale for this is that the prior < 2.0.0 releases required the end user to manually compile code in order to use the integration, and as such we do not believe many (if any) users would have actually deployed the integration. Removing it therefore probably does not represent a loss to the majority of users. More fundamentally, Captcha integration with Spring Security is an ambiguous requirement. The prior integration simply required human user verification if certain request frequencies were met. Instead, most Captcha usage is embedded within a page (eg a lost password page) and therefore becomes more of an issue of designing the view/controller correctly. Such usage is out of scope for Spring Security, as it's a web framework consideration. Additionally, the recent popularity of reCAPTCHA means any integration would need to be sufficiently generalised that it accommodates both, and for us to also address reCAPTCHA integration would represent additional time and effort.

          We have not a final decision to permanently leave the Captcha integration in the sandbox nor promote nor remove it. It simply requires some more consideration and design, and at this stage we need to focus on completing the namespace improvements and documentation of the many new capabilities in 2.0.

          Cheers
          Ben

          Show
          Ben Alex added a comment - Thanks for the offer to maintain the integration, although at this stage we're going to leave it in the sandbox. The rationale for this is that the prior < 2.0.0 releases required the end user to manually compile code in order to use the integration, and as such we do not believe many (if any) users would have actually deployed the integration. Removing it therefore probably does not represent a loss to the majority of users. More fundamentally, Captcha integration with Spring Security is an ambiguous requirement. The prior integration simply required human user verification if certain request frequencies were met. Instead, most Captcha usage is embedded within a page (eg a lost password page) and therefore becomes more of an issue of designing the view/controller correctly. Such usage is out of scope for Spring Security, as it's a web framework consideration. Additionally, the recent popularity of reCAPTCHA means any integration would need to be sufficiently generalised that it accommodates both, and for us to also address reCAPTCHA integration would represent additional time and effort. We have not a final decision to permanently leave the Captcha integration in the sandbox nor promote nor remove it. It simply requires some more consideration and design, and at this stage we need to focus on completing the namespace improvements and documentation of the many new capabilities in 2.0. Cheers Ben
          Hide
          Jon Osborn added a comment -

          Ben,
          Excellent...I agree that the requirement for captcha doesn't fit well into what spring/spring security are attempting to accomplish. Is there a place in codehaus or some other environment I can host the code? I have completely re-written the captcha implementation to fit nicely with spring security 2.0 so I'd like to get it out there.

          I'm already a committer on codehaus so maybe that is good option?

          Beers,
          Jon

          Show
          Jon Osborn added a comment - Ben, Excellent...I agree that the requirement for captcha doesn't fit well into what spring/spring security are attempting to accomplish. Is there a place in codehaus or some other environment I can host the code? I have completely re-written the captcha implementation to fit nicely with spring security 2.0 so I'd like to get it out there. I'm already a committer on codehaus so maybe that is good option? Beers, Jon
          Hide
          Jon Osborn added a comment -

          Luke, Ben, what about a 'sub-project' for spring security?

          Show
          Jon Osborn added a comment - Luke, Ben, what about a 'sub-project' for spring security?
          Hide
          Batbayar Bazarragchaa added a comment -

          Could you please create sub project in spring or commit the code into any repository?
          I really need the captcha support in spring.

          Thanks,
          Batbayar

          Show
          Batbayar Bazarragchaa added a comment - Could you please create sub project in spring or commit the code into any repository? I really need the captcha support in spring. Thanks, Batbayar

            People

            • Assignee:
              Luke Taylor
              Reporter:
              Luke Taylor
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: