java google Android mysql HTML5 linux命令 Windows apache shell Python 微软 程序员 开源 centos Firefox wordpress nginx linux Ubuntu php

Spring安全框架:Spring Security 3.1.0 GA版 发布

Spring Security 的前身是 Acegi Security ,是 Spring 项目组中用来提供安全认证服务的框架。

Spring Security 为基于J2EE企业应用软件提供了全面安全服务。特别是使用领先的J2EE解决方案-Spring框架开发的企业软件项目。人们使用Spring Security有很多种原因,不过通常吸引他们的是在J2EE Servlet规范或EJB规范中找不到典型企业应用场景的解决方案。

下载地址:http://static.springsource.org/spring-security/site/downloads.html

Bug

  • [SEC-1802] - RFC 1738 / 3986 compliant schemes will not be recognized as valid schemes.
  • [SEC-1820] - NPE in OpenID4JavaConsumer.fetchAxAttributes
  • [SEC-1828] - PasswordEncoder DataAccessException undocumented
  • [SEC-1833] - HttpSessionSecurityContextRepository is missing setter for securityContextClass in 3.1.0 RC3
  • [SEC-1836] - NPE when authorizing using JspAuthorizeTag
  • [SEC-1839] - PreAuth documentation refers to </security-authentication-manager> but should be </security:authentication-manager>
  • [SEC-1848] - AbstractLdapAuthenticator must escape username
  • [SEC-1857] - ContextPropagatingRemoteInvocation does not correctly propagate the principal

Defect

  • [SEC-1815] - Samples - OpenId - Google login - hostname in Certificate didn't match

Improvement

  • [SEC-1678] - Add a "What's New" section to the documentation
  • [SEC-1779] - AbstractAuthenticationProcessingFilter should have getters for AuthenticationFailureHandler and AuthenticationSuccessHandler
  • [SEC-1785] - Remove auto-config from namespace docs
  • [SEC-1793] - DefaultSpringSecurityContextSource convenience constructor for multiple servers
  • [SEC-1800] - Default text input box for OpenID is too small
  • [SEC-1812] - Authentication Managers can not be overridden
  • [SEC-1826] - Excessive (and misleading) logging in DelegatingMethodSecurityMetadataSource
  • [SEC-1827] - Remember me use-secure-cookie set to false does not actually prevent the cookie being flagged as secure
  • [SEC-1830] - Remove use of deprecated methods in namespace parsing code
  • [SEC-1835] - ID types in schema not conducive to using Spring 3.1 profiles
  • [SEC-1858] - Improve Namespace Documentation

New Feature

  • [SEC-1472] - Add support for bcrypt password encoding
  • [SEC-1841] - Allow use of an explicit RequestMatcher when defining a filter chain using the namespace
  • [SEC-1847] - Allow use of custom AuthenticationManager in <http> and <global-method-security>

延伸阅读

  • 抱歉,暂无相关内容!

评论