incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <>
Subject [ANN] Apache Shiro 1.0.0-incubating Released!
Date Tue, 01 Jun 2010 17:01:24 GMT
Dear Apache Shiro Community,

We are proud and excited to offer Apache Shiro's first stable release
as an Apache Incubator podling!

Version 1.0.0-incubating is available immediately for download here:

Associated documentation is available here:

Release notes are included below.

Thank you so much to the Apache community and the Apache Incubator for
helping us move toward our first release.  A very special thanks goes
to our user community and early adopters for helping us refine our
first stable release.

Best Regards,

Les Hazlewood


Release Notes are browsable online here:

And included here for convenience:

Release Notes - Shiro - Version 1.0.0-incubating

** Bug
    * [SHIRO-10] - Aliases in the ini configuration builder do not
work correctly
    * [SHIRO-82] - Shiro strips anchor (#) values from the URL if user
is unauthenticated
    * [SHIRO-87] - Fix package name of in shiro-core
    * [SHIRO-89] - Sample Spring Application - WebStart won't launch
    * [SHIRO-95] - Specifying my own Cache in ShiroFilter not working
    * [SHIRO-101] - Comma in role in the properties file is not read
correctly by the PropertyRealm
    * [SHIRO-106] - AuthorizationFilter needs to use sendError not
setStatus to make container process the request through ERROR
    * [SHIRO-108] - Basic HTTP Auth: Empty password or username causes
    * [SHIRO-115] - ActiveDirectoryRealm might by vulnerable to LDAP
search code injection
    * [SHIRO-120] - AbstractLdapRealm's doGetAuthenticationInfo
catches naming exception, but then only logs a message
    * [SHIRO-124] - MethodInvocation is missing a getThis() (or
equivalent) method
    * [SHIRO-130] - ShiroFilter does not work with proxied security manager
    * [SHIRO-135] - AccessControlException exception on GAE with Grails
    * [SHIRO-138] - AbstractRememberMeManager attempts to process
null/empty byte array
    * [SHIRO-141] - Problem with WebRememberMeManager
    * [SHIRO-142] - Jetty throws an IllegalStateException after
redirect in AuthorizationFilter
    * [SHIRO-145] - Losing Session
    * [SHIRO-150] - RememberMeManager NPE
    * [SHIRO-154] - Adding ehcahe CacheManager to Spring Sample failes
    * [SHIRO-156] - SimpleAuthenticationInfo.merge does not merge
principals if its internal principal collection is not mutable
    * [SHIRO-157] - RememberMeManager should no longer be consulted
once a remembered identity is discovered
    * [SHIRO-158] - Date
AbstractSessionManager.getLastAccessTime(Serializable) returns start
    * [SHIRO-159] - ThreadLocal is not cleared upon the unloading of
the webapp and the SHiro Servlet
    * [SHIRO-161] - No SecurityManager accessible to the calling code
    * [SHIRO-163] - ModularRealmAuthorizer.setRealms needs to call
    * [SHIRO-164] - The request/response pair should be available at
all times to web-related components
    * [SHIRO-167] - getServletContext allways return null with conf
via spring (native mode)
    * [SHIRO-172] - Missing SVN properties

** Improvement
    * [SHIRO-59] - Refactor Realm implementations to favor delegation
over inheritance
    * [SHIRO-83] - Make sessionId cookie optional
    * [SHIRO-86] - Add Builder design pattern for arbitrary Subject construction
    * [SHIRO-88] - Create a profile for installing javadocs and source
to keep build time short
    * [SHIRO-104] - Default AuthenticationStrategy should be
AtLeastOneSuccessful instead of All
    * [SHIRO-109] - RememberMeManager should have access to Subject context map
    * [SHIRO-110] - Remove org.apache.shiro.mgt.SubjectBinder and its usages
    * [SHIRO-111] - Web SecurityManager should not fail in non-request usages
    * [SHIRO-112] - Implement Externalizable for serializable classes
    * [SHIRO-114] - Break circular dependency between SubjectFactory
and DefaultSecurityManager
    * [SHIRO-125] - Support overrding the credentialsMatcher for the
implicit IniRealm
    * [SHIRO-128] - Remove convenience configuration methods
    * [SHIRO-131] - Improved Shiro Filter configuration for Spring environments
    * [SHIRO-133] - Automatically shut down the Session validation thread
    * [SHIRO-136] - Mark Spring as scope provided to let users
specificy their own version of Spring
    * [SHIRO-137] - Go through Shiro dependencies and consider marking
most third-party dependencies as provided
    * [SHIRO-139] - Cookie support refactoring - Simplify cookie
configuration, support HttpOnly cookies and default session cookies to
be HttpOnly = true
    * [SHIRO-144] - MemorySessionDao should be propably abstract
    * [SHIRO-146] - Annotation authorizations should throw
UnauthenticationException if the subject identity is not known.
    * [SHIRO-148] - SimpleSession efficient serialization
    * [SHIRO-152] - INI configuration must support configuration of
Lists, Sets and Maps
    * [SHIRO-153] - INI: remove need for [filters] section and perform
all object configuration in [main]

** New Feature
    * [SHIRO-25] - Assumed Identity, aka 'Run As' support
    * [SHIRO-30] - Subject acquisition based on method argument
    * [SHIRO-92] - Add method to Subject interface: isRemembered()
    * [SHIRO-105] - PrincipalCollection should have a
getPrimaryPrincipal() method
    * [SHIRO-107] - Filter chain definitions should match on request
method as well as request path (REST support)
    * [SHIRO-116] - Ini configuration - users/roles sections should
trigger automatic Realm creation
    * [SHIRO-118] - Ini Realm support
    * [SHIRO-121] - Change usages of to be Strings
    * [SHIRO-122] - Create IdentifierGenerator interface for pluggable
id generation strategies
    * [SHIRO-129] - Aspecjt integration for annotation base authorization
    * [SHIRO-140] - Add a subject-aware ExecutorService implementation
to support Subject execution on other threads
    * [SHIRO-147] - Add an AES Cipher

** Task
    * [SHIRO-34] - Cipher refactoring
    * [SHIRO-37] - Deploy snapshots automatically
    * [SHIRO-43] - Ignore Eclipse folders & files and mvn target
folders from svn
    * [SHIRO-49] - Fix SimpleAccountRealm to not rely on caching
    * [SHIRO-50] - Spring NOTICE
    * [SHIRO-52] - Verify all samples deploy/run successfully
    * [SHIRO-94] - Update web pages to change JSecurity and Ki to Shiro
    * [SHIRO-102] - Set-up AutoExport of Shiro documentation to the
appropriate location
    * [SHIRO-103] - Fix "Ki" in the Apache Incubator Status Page
    * [SHIRO-149] - Create release configuration and a profile for
deploying release docs to a separate directory
    * [SHIRO-155] - Remove all deprecated methods and classes
    * [SHIRO-162] - Create SessionContext to mirror SubjectContext
concept for starting new sessions

** Test
    * [SHIRO-90] -
is unreliable
    * [SHIRO-91] - Tests for getRememberedPrincipals and
getRememberedPrincipalsDecryptionError in WebRememberMeManagerTest are
    * [SHIRO-93] - Add container-based integration tests for samples/web module
    * [SHIRO-96] - Add meaningful integration tests to assert key web

** Wish
    * [SHIRO-143] - Change logging level from trace to warning in
ModularRealmAuthenticator when a Realm throws an Exception

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message