Just in case anyone is interested, I thought I'd report on how Professional JSP 2.0 (now being published by Apress) is progressing. I received some initial feedback that my Struts/XDoclet chapter would not be included in the book, but would be a separate download (I'd still get paid for it though). Most of the reasons seemed to be indicating that the chapter was too advanced - newbies wouldn't get it. Personally, I hate reading newbie books, so why would I write a newbie chapter? I also hate simple sample apps, that's why I wrote a fully functional one. Anyway, I convinced them that this chapter did have value and now they are going to include it in the book, but as a case study rather than a regular chapter.
As for the security chapter, they said they really liked the content, but (again) the example was too advanced. I have been asked to remove XDoclet as a dependency since I don't explain it until the Struts chapter. This turned out to be a lot easier than I thought it'd be - only took me about an hour last night. I simply built the project with XDoclet, and then copied the artifacts (web.xml, generated ValidatorForms, struts-config.xml, validation.xml, *.hbm.xml, etc.) back into the source tree. I then tweaked the build.xml file to pick up the artifacts, ran "test-all" and voila - it worked?!
The lesson I learned from all this is that XDoclet is great for rapid development - but possibly only while you you are developing new features. Once an application stabilizes or development is discontinued (I don't plan on further developing security-example), it's pretty easy to strip out the XDoclet dependency and (probably) make it easier for users to understand.