Apache Shiro 1.2.4 发布了,改进记录包括:
Bug
[SHIRO-421] - Unable to set long timeouts on HttpServletSession
[SHIRO-442] - CAS client fails with multi-valued SAML attributes
[SHIRO-444] - Rewrite AuthorizingRealm, and configure the cacheManager throws an exception
[SHIRO-462] - Authentication exceptions are swallowed
[SHIRO-483] - passwordsMatch() returns false with right plain password-encrypted password in JVM with default locale tr_TR
[SHIRO-517] - Caused by: java.lang.NoClassDefFoundError: Lcom/google/inject/internal/util/$ImmutableList;
[SHIRO-518] - Shiro-CAS: Security Problem in cas-client-core versions older than 3.3.2
Documentation
[SHIRO-534] - Provide better documentation around permissions
Improvement
[SHIRO-332] - Change access level of method 'isPermitted' in org.apache.shiro.realm.AuthorizingRealm (line 461) from private to protected
[SHIRO-428] - AuthorizingRealm "no cache" logging should be at DEBUG level, not INFO, OR is should log only once
[SHIRO-465] - Support externalized principal mapping in AuthenticatingRealm and ModularRealmAuthenticator
[SHIRO-479] - update ehcache dependency
[SHIRO-496] - Update shior.guice dependency
[SHIRO-498] - ThreadLocal should not be created when not necessary
[SHIRO-499] - Kerberos Realm
[SHIRO-504] - Java 8 support