Apche Shiro 1.2.4 发布,轻量安全框架

来源: 投稿
作者: NestleCaau
2015-08-01

Apache Shiro 1.2.4 发布了,改进记录包括:

Bug

  • [SHIRO-421] - Unable to set long timeouts on HttpServletSession

  • [SHIRO-442] - CAS client fails with multi-valued SAML attributes

  • [SHIRO-444] - Rewrite AuthorizingRealm, and configure the cacheManager throws an exception

  • [SHIRO-462] - Authentication exceptions are swallowed

  • [SHIRO-483] - passwordsMatch() returns false with right plain password-encrypted password in JVM with default locale tr_TR

  • [SHIRO-517] - Caused by: java.lang.NoClassDefFoundError: Lcom/google/inject/internal/util/$ImmutableList;

  • [SHIRO-518] - Shiro-CAS: Security Problem in cas-client-core versions older than 3.3.2

Documentation

  • [SHIRO-534] - Provide better documentation around permissions

Improvement

  • [SHIRO-332] - Change access level of method 'isPermitted' in org.apache.shiro.realm.AuthorizingRealm (line 461) from private to protected

  • [SHIRO-428] - AuthorizingRealm "no cache" logging should be at DEBUG level, not INFO, OR is should log only once

  • [SHIRO-465] - Support externalized principal mapping in AuthenticatingRealm and ModularRealmAuthenticator

  • [SHIRO-479] - update ehcache dependency

  • [SHIRO-496] - Update shior.guice dependency

  • [SHIRO-498] - ThreadLocal should not be created when not necessary

  • [SHIRO-499] - Kerberos Realm

  • [SHIRO-504] - Java 8 support

New Feature

  • [SHIRO-445] - Mechanism needed to secure passwords in shiro.ini

  • [SHIRO-464] - Support role mapping similar to PermissionResolver and RolePermissionResolver

  • [SHIRO-501] - Add ability to set system properties in shiro.ini

展开阅读全文
29 收藏
分享
加载中
更多评论
20 评论
29 收藏
分享
返回顶部
顶部