Luke Taylor(Migrated from SEC-737) said:
We’ve decided to sandbox the current captcha integration layer since the original contributor is no longer actively maintaining it.
Jon Osborn said:
Luke, I’d be happy to maintain the captcha code.
Ben Alex said:
Thanks for the offer to maintain the integration, although at this stage we’re going to leave it in the sandbox. The rationale for this is that the prior < 2.0.0 releases required the end user to manually compile code in order to use the integration, and as such we do not believe many (if any) users would have actually deployed the integration. Removing it therefore probably does not represent a loss to the majority of users. More fundamentally, Captcha integration with Spring Security is an ambiguous requirement. The prior integration simply required human user verification if certain request frequencies were met. Instead, most Captcha usage is embedded within a page (eg a lost password page) and therefore becomes more of an issue of designing the view/controller correctly. Such usage is out of scope for Spring Security, as it’s a web framework consideration. Additionally, the recent popularity of reCAPTCHA means any integration would need to be sufficiently generalised that it accommodates both, and for us to also address reCAPTCHA integration would represent additional time and effort.
We have not a final decision to permanently leave the Captcha integration in the sandbox nor promote nor remove it. It simply requires some more consideration and design, and at this stage we need to focus on completing the namespace improvements and documentation of the many new capabilities in 2.0.
Excellent…I agree that the requirement for captcha doesn’t fit well into what spring/spring security are attempting to accomplish. Is there a place in codehaus or some other environment I can host the code? I have completely re-written the captcha implementation to fit nicely with spring security 2.0 so I’d like to get it out there.
I’m already a committer on codehaus so maybe that is good option?
Luke, Ben, what about a ‘sub-project’ for spring security?
Batbayar Bazarragchaa said:
Could you please create sub project in spring or commit the code into any repository?
I really need the captcha support in spring.