Apache Shiro 1.2.0 发布了，Shiro 是一个权限控制框架，因其简单而又不失强大的特点引起了不少开发者的注意。
该版本包含自 1.1.0 以来的大量 bug 修复，同时也有不少新特性，下载地址：Download page.
- The ability to disable sessions per filter chain or entirely for an application.
- Servlet Context Listener initialization in web apps (to allow components to utilize Shiro before Filter initialization)
- A command line program to securely hash passwords (or any url, file or stream input for that matter).
- New secure password hash formats that adhere to Modular Crypt Format conventions. These secure password hashes can be computed with the above named command line program and saved in text config (e.g. shiro.ini) directly. Plaintext passwords should never be stored. For those familiar with the Apache HTTPD passwd program, this achieves the same benefits.
- A new LogoutFilter, as many apps don't need to show a view during logout (just logout and redirect to some known location).
- Shiro filters can be enabled or disabled without removing them from the filter chain - useful in development (e.g. turn ssl requirement off in dev, but keep it on in production).
- A lot of work has gone into making secure password hash storage and comparison a much simpler task in Shiro, focused around the new concept of a PasswordService. You can use a PasswordService directly in your application code to hash passwords securely. You can then configure a PasswordMatcher on your Realm(s) to use the same PasswordService for password comparisons. See the PasswordService JavaDoc for example .ini configuration:
- Three new 'support' modules: