Dear Apache Shiro Community, We are proud and excited to offer Apache Shiro's first stable release as an Apache Incubator podling!
Version 1.0.0-incubating is available immediately for download here: http://incubator.apache.org/shiro/download.html Associated documentation is available here: http://incubator.apache.org/shiro/documentation.html Release notes are included below. Thank you so much to the Apache community and the Apache Incubator for helping us move toward our first release. A very special thanks goes to our user community and early adopters for helping us refine our first stable release. Best Regards, Les Hazlewood ------ Release Notes are browsable online here: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&styleName=Html&version=12314078 And included here for convenience: Release Notes - Shiro - Version 1.0.0-incubating ** Bug * [SHIRO-10] - Aliases in the ini configuration builder do not work correctly * [SHIRO-82] - Shiro strips anchor (#) values from the URL if user is unauthenticated * [SHIRO-87] - Fix package name of package-info.java in shiro-core * [SHIRO-89] - Sample Spring Application - WebStart won't launch * [SHIRO-95] - Specifying my own Cache in ShiroFilter not working * [SHIRO-101] - Comma in role in the properties file is not read correctly by the PropertyRealm * [SHIRO-106] - AuthorizationFilter needs to use sendError not setStatus to make container process the request through ERROR dispatcher * [SHIRO-108] - Basic HTTP Auth: Empty password or username causes IllegalStateException * [SHIRO-115] - ActiveDirectoryRealm might by vulnerable to LDAP search code injection * [SHIRO-120] - AbstractLdapRealm's doGetAuthenticationInfo catches naming exception, but then only logs a message * [SHIRO-124] - MethodInvocation is missing a getThis() (or equivalent) method * [SHIRO-130] - ShiroFilter does not work with proxied security manager * [SHIRO-135] - AccessControlException exception on GAE with Grails * [SHIRO-138] - AbstractRememberMeManager attempts to process null/empty byte array * [SHIRO-141] - Problem with WebRememberMeManager * [SHIRO-142] - Jetty throws an IllegalStateException after redirect in AuthorizationFilter * [SHIRO-145] - Losing Session * [SHIRO-150] - RememberMeManager NPE * [SHIRO-154] - Adding ehcahe CacheManager to Spring Sample failes * [SHIRO-156] - SimpleAuthenticationInfo.merge does not merge principals if its internal principal collection is not mutable * [SHIRO-157] - RememberMeManager should no longer be consulted once a remembered identity is discovered * [SHIRO-158] - Date AbstractSessionManager.getLastAccessTime(Serializable) returns start time * [SHIRO-159] - ThreadLocal is not cleared upon the unloading of the webapp and the SHiro Servlet * [SHIRO-161] - No SecurityManager accessible to the calling code * [SHIRO-163] - ModularRealmAuthorizer.setRealms needs to call applyRolePermissionResolverToRealms * [SHIRO-164] - The request/response pair should be available at all times to web-related components * [SHIRO-167] - getServletContext allways return null with conf via spring (native mode) * [SHIRO-172] - Missing SVN properties ** Improvement * [SHIRO-59] - Refactor Realm implementations to favor delegation over inheritance * [SHIRO-83] - Make sessionId cookie optional * [SHIRO-86] - Add Builder design pattern for arbitrary Subject construction * [SHIRO-88] - Create a profile for installing javadocs and source to keep build time short * [SHIRO-104] - Default AuthenticationStrategy should be AtLeastOneSuccessful instead of All * [SHIRO-109] - RememberMeManager should have access to Subject context map * [SHIRO-110] - Remove org.apache.shiro.mgt.SubjectBinder and its usages * [SHIRO-111] - Web SecurityManager should not fail in non-request usages * [SHIRO-112] - Implement Externalizable for serializable classes * [SHIRO-114] - Break circular dependency between SubjectFactory and DefaultSecurityManager * [SHIRO-125] - Support overrding the credentialsMatcher for the implicit IniRealm * [SHIRO-128] - Remove convenience configuration methods * [SHIRO-131] - Improved Shiro Filter configuration for Spring environments * [SHIRO-133] - Automatically shut down the Session validation thread * [SHIRO-136] - Mark Spring as scope provided to let users specificy their own version of Spring * [SHIRO-137] - Go through Shiro dependencies and consider marking most third-party dependencies as provided * [SHIRO-139] - Cookie support refactoring - Simplify cookie configuration, support HttpOnly cookies and default session cookies to be HttpOnly = true * [SHIRO-144] - MemorySessionDao should be propably abstract * [SHIRO-146] - Annotation authorizations should throw UnauthenticationException if the subject identity is not known. * [SHIRO-148] - SimpleSession efficient serialization * [SHIRO-152] - INI configuration must support configuration of Lists, Sets and Maps * [SHIRO-153] - INI: remove need for [filters] section and perform all object configuration in [main] ** New Feature * [SHIRO-25] - Assumed Identity, aka 'Run As' support * [SHIRO-30] - Subject acquisition based on method argument * [SHIRO-92] - Add method to Subject interface: isRemembered() * [SHIRO-105] - PrincipalCollection should have a getPrimaryPrincipal() method * [SHIRO-107] - Filter chain definitions should match on request method as well as request path (REST support) * [SHIRO-116] - Ini configuration - users/roles sections should trigger automatic Realm creation * [SHIRO-118] - Ini Realm support * [SHIRO-121] - Change usages of java.net.InetAddress to be Strings * [SHIRO-122] - Create IdentifierGenerator interface for pluggable id generation strategies * [SHIRO-129] - Aspecjt integration for annotation base authorization * [SHIRO-140] - Add a subject-aware ExecutorService implementation to support Subject execution on other threads * [SHIRO-147] - Add an AES Cipher ** Task * [SHIRO-34] - Cipher refactoring * [SHIRO-37] - Deploy snapshots automatically * [SHIRO-43] - Ignore Eclipse folders & files and mvn target folders from svn * [SHIRO-49] - Fix SimpleAccountRealm to not rely on caching * [SHIRO-50] - Spring NOTICE * [SHIRO-52] - Verify all samples deploy/run successfully * [SHIRO-94] - Update web pages to change JSecurity and Ki to Shiro * [SHIRO-102] - Set-up AutoExport of Shiro documentation to the appropriate location * [SHIRO-103] - Fix "Ki" in the Apache Incubator Status Page * [SHIRO-149] - Create release configuration and a profile for deploying release docs to a separate directory * [SHIRO-155] - Remove all deprecated methods and classes * [SHIRO-162] - Create SessionContext to mirror SubjectContext concept for starting new sessions ** Test * [SHIRO-90] - org.apache.shiro.session.mgt.DefaultSessionManagerTest.testGlobalTimeout is unreliable * [SHIRO-91] - Tests for getRememberedPrincipals and getRememberedPrincipalsDecryptionError in WebRememberMeManagerTest are disabled * [SHIRO-93] - Add container-based integration tests for samples/web module * [SHIRO-96] - Add meaningful integration tests to assert key web functionality ** Wish * [SHIRO-143] - Change logging level from trace to warning in ModularRealmAuthenticator when a Realm throws an Exception --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
