Shiro小组于2012年1月24日发布了Apache Shiro 1.2.0版,此版本在修复BUG的同时增加了新功能,包括会话管理、安全密码哈希、命令行工具等,显著提高了应用的安全性和易用性。
2012年1月24日,Shiro小组发布了Apache Shiro 1.2.0版。此版本在修改BUG的同时增加了一些新功能。
这些新功能包括:
- The ability to disable sessions per filter chain or entirely for anapplication.
- Servlet Context Listener initialization in web apps (to allowcomponents to utilize Shiro before Filter initialization)
- A command line program to securely hash passwords (or any url, fileor stream input for that matter).
- New secure password hash formats that adhere to Modular Crypt Formatconventions. These secure password hashes can be computed with theabove named command line program and saved in text config (e.g.shiro.ini) directly. Plaintext passwords should never be stored. Forthose familiar with the Apache HTTPD passwd program, this achieves thesame benefits.
- A new LogoutFilter, as many apps don't need to show a view duringlogout (just logout and redirect to some known location).
- Shiro filters can be enabled or disabled without removing them fromthe filter chain - useful in development (e.g. turn ssl requirementoff in dev, but keep it on in production).
- A lot of work has gone into making secure password hash storage andcomparison a much simpler task in Shiro, focused around the newconcept of a PasswordService. You can use a PasswordService directlyin your application code to hash passwords securely. You can thenconfigure a PasswordMatcher on your Realm(s) to use the samePasswordService for password comparisons. See the PasswordServiceJavaDoc for example .ini configuration:
More complete PasswordService and related configdocumentation will beadded to the Shiro website in the next few days - itwas better torelease now for the many who are waiting on the release, andfollow upwith this part of the documentation shortly.
- Three new 'support' modules:
- Apache Karaf features (shiro-features-1.2.0.jar)
- Google Guice:http://shiro.apache.org/guice.html
- Jasig CAS:http://shiro.apache.org/cas.html
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
