My name is Tom from a German firm.
We have jGuard in contemplation for a project but there are still open questions. Could you ask following questions?
When is there a new stable release of jGuard? Do you generally advance jGuard? The last release was on the 28th of March 2009 and it is past a long time.
Besides, for which size of web apps jGuard is construed? How many users can legitimate? How is the performance of jGuard?
Are there credentials for jGuard? Do you know firms or organiszations which apply jGuard?
few answers to your questions:
yes, you're right, the last beta release (beta 5), was released in march 2009, which is far away.
you can see in the svn log, that development continue with a noticeable activity.
the beta 6, will introduce the IOC container called Guice in jguard internals.
a lot of internal changes has been provoked by this design change.
more unit tests have been also written.
the beta 6 is imminent : jguard-core,jguard-ext, jguard-jee, jguard-jee-extras changes are finished. remains some unit tests for jguard-struts-example and jguard-jsf-example.
i hope in 1 or 2 weeks, the beta 6 will be out, with a better stability (with the help of written unit tests), and intenal modularity with guice modules.
like beta 5 and beta 6 releases, have been done with big durations, here are the planned next beta releases with little scope, for a more aggressive release plan (note that these release include almost some already implemented features present in the 1.X product line: only quick wins will be added for new features):
beta 7: replace jdbcAuthorizationManager by a JPAAuthorizationManager, for a more robust and agile implementation and maintenance (sql dialects will not be handled anymore :-) ).
beta 8: BASIC and Digest authentication (basic was present in jguard 1.X).
beta 9: CLIENT-CERT authentication( like in 1.X).
beta 10 :will contains registration ( like in 1.X).
i hope that the beta 10 will be the last unstable release before the final 2.0 one (but i have no idea of the release target date: it depends also on the community participation to contribute).
-for which size of web apps jGuard is built:
for webapps of any size, but remind that jguard does not yet handle EJB security.
-Do you generally advance jGuard
i have not seen any performance drawbacks.
-Are there credentials for jGuard?
yes, jguard handle credentials
-Do you know firms or organiszations which apply jGuard
yes, but i cannot publicize their names.
hope it helps,