Congrats !!
\o/
Le 1 juin 2010 à 19:01, Les Hazlewood <[email protected]> a
écrit :
Dear Apache Shiro Community,
We are proud and excited to offer Apache Shiro's first stable release
as an Apache Incubator podling!
Version 1.0.0-incubating is available immediately for download here:
http://incubator.apache.org/shiro/download.html
Associated documentation is available here:
http://incubator.apache.org/shiro/documentation.html
Release notes are included below.
Thank you so much to the Apache community and the Apache Incubator for
helping us move toward our first release. A very special thanks goes
to our user community and early adopters for helping us refine our
first stable release.
Best Regards,
Les Hazlewood
------
Release Notes are browsable online here:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&styleName=Html&version=12314078
And included here for convenience:
Release Notes - Shiro - Version 1.0.0-incubating
** Bug
* [SHIRO-10] - Aliases in the ini configuration builder do not
work correctly
* [SHIRO-82] - Shiro strips anchor (#) values from the URL if user
is unauthenticated
* [SHIRO-87] - Fix package name of package-info.java in shiro-core
* [SHIRO-89] - Sample Spring Application - WebStart won't launch
* [SHIRO-95] - Specifying my own Cache in ShiroFilter not working
* [SHIRO-101] - Comma in role in the properties file is not read
correctly by the PropertyRealm
* [SHIRO-106] - AuthorizationFilter needs to use sendError not
setStatus to make container process the request through ERROR
dispatcher
* [SHIRO-108] - Basic HTTP Auth: Empty password or username causes
IllegalStateException
* [SHIRO-115] - ActiveDirectoryRealm might by vulnerable to LDAP
search code injection
* [SHIRO-120] - AbstractLdapRealm's doGetAuthenticationInfo
catches naming exception, but then only logs a message
* [SHIRO-124] - MethodInvocation is missing a getThis() (or
equivalent) method
* [SHIRO-130] - ShiroFilter does not work with proxied security
manager
* [SHIRO-135] - AccessControlException exception on GAE with Grails
* [SHIRO-138] - AbstractRememberMeManager attempts to process
null/empty byte array
* [SHIRO-141] - Problem with WebRememberMeManager
* [SHIRO-142] - Jetty throws an IllegalStateException after
redirect in AuthorizationFilter
* [SHIRO-145] - Losing Session
* [SHIRO-150] - RememberMeManager NPE
* [SHIRO-154] - Adding ehcahe CacheManager to Spring Sample failes
* [SHIRO-156] - SimpleAuthenticationInfo.merge does not merge
principals if its internal principal collection is not mutable
* [SHIRO-157] - RememberMeManager should no longer be consulted
once a remembered identity is discovered
* [SHIRO-158] - Date
AbstractSessionManager.getLastAccessTime(Serializable) returns start
time
* [SHIRO-159] - ThreadLocal is not cleared upon the unloading of
the webapp and the SHiro Servlet
* [SHIRO-161] - No SecurityManager accessible to the calling code
* [SHIRO-163] - ModularRealmAuthorizer.setRealms needs to call
applyRolePermissionResolverToRealms
* [SHIRO-164] - The request/response pair should be available at
all times to web-related components
* [SHIRO-167] - getServletContext allways return null with conf
via spring (native mode)
* [SHIRO-172] - Missing SVN properties
** Improvement
* [SHIRO-59] - Refactor Realm implementations to favor delegation
over inheritance
* [SHIRO-83] - Make sessionId cookie optional
* [SHIRO-86] - Add Builder design pattern for arbitrary Subject
construction
* [SHIRO-88] - Create a profile for installing javadocs and source
to keep build time short
* [SHIRO-104] - Default AuthenticationStrategy should be
AtLeastOneSuccessful instead of All
* [SHIRO-109] - RememberMeManager should have access to Subject
context map
* [SHIRO-110] - Remove org.apache.shiro.mgt.SubjectBinder and its
usages
* [SHIRO-111] - Web SecurityManager should not fail in non-
request usages
* [SHIRO-112] - Implement Externalizable for serializable classes
* [SHIRO-114] - Break circular dependency between SubjectFactory
and DefaultSecurityManager
* [SHIRO-125] - Support overrding the credentialsMatcher for the
implicit IniRealm
* [SHIRO-128] - Remove convenience configuration methods
* [SHIRO-131] - Improved Shiro Filter configuration for Spring
environments
* [SHIRO-133] - Automatically shut down the Session validation
thread
* [SHIRO-136] - Mark Spring as scope provided to let users
specificy their own version of Spring
* [SHIRO-137] - Go through Shiro dependencies and consider marking
most third-party dependencies as provided
* [SHIRO-139] - Cookie support refactoring - Simplify cookie
configuration, support HttpOnly cookies and default session cookies to
be HttpOnly = true
* [SHIRO-144] - MemorySessionDao should be propably abstract
* [SHIRO-146] - Annotation authorizations should throw
UnauthenticationException if the subject identity is not known.
* [SHIRO-148] - SimpleSession efficient serialization
* [SHIRO-152] - INI configuration must support configuration of
Lists, Sets and Maps
* [SHIRO-153] - INI: remove need for [filters] section and perform
all object configuration in [main]
** New Feature
* [SHIRO-25] - Assumed Identity, aka 'Run As' support
* [SHIRO-30] - Subject acquisition based on method argument
* [SHIRO-92] - Add method to Subject interface: isRemembered()
* [SHIRO-105] - PrincipalCollection should have a
getPrimaryPrincipal() method
* [SHIRO-107] - Filter chain definitions should match on request
method as well as request path (REST support)
* [SHIRO-116] - Ini configuration - users/roles sections should
trigger automatic Realm creation
* [SHIRO-118] - Ini Realm support
* [SHIRO-121] - Change usages of java.net.InetAddress to be Strings
* [SHIRO-122] - Create IdentifierGenerator interface for pluggable
id generation strategies
* [SHIRO-129] - Aspecjt integration for annotation base
authorization
* [SHIRO-140] - Add a subject-aware ExecutorService implementation
to support Subject execution on other threads
* [SHIRO-147] - Add an AES Cipher
** Task
* [SHIRO-34] - Cipher refactoring
* [SHIRO-37] - Deploy snapshots automatically
* [SHIRO-43] - Ignore Eclipse folders & files and mvn target
folders from svn
* [SHIRO-49] - Fix SimpleAccountRealm to not rely on caching
* [SHIRO-50] - Spring NOTICE
* [SHIRO-52] - Verify all samples deploy/run successfully
* [SHIRO-94] - Update web pages to change JSecurity and Ki to Shiro
* [SHIRO-102] - Set-up AutoExport of Shiro documentation to the
appropriate location
* [SHIRO-103] - Fix "Ki" in the Apache Incubator Status Page
* [SHIRO-149] - Create release configuration and a profile for
deploying release docs to a separate directory
* [SHIRO-155] - Remove all deprecated methods and classes
* [SHIRO-162] - Create SessionContext to mirror SubjectContext
concept for starting new sessions
** Test
* [SHIRO-90] -
org.apache.shiro.session.mgt.DefaultSessionManagerTest.testGlobalTimeout
is unreliable
* [SHIRO-91] - Tests for getRememberedPrincipals and
getRememberedPrincipalsDecryptionError in WebRememberMeManagerTest are
disabled
* [SHIRO-93] - Add container-based integration tests for samples/
web module
* [SHIRO-96] - Add meaningful integration tests to assert key web
functionality
** Wish
* [SHIRO-143] - Change logging level from trace to warning in
ModularRealmAuthenticator when a Realm throws an Exception
