2012年1月24日,Shiro小组发布了Apache Shiro 1.2.0版。此版本在修改BUG的同时增加了一些新功能。
这些新功能包括:
- The ability to disable sessions per filter chain or entirely for anapplication.
- Servlet Context Listener initialization in web apps (to allowcomponents to utilize Shiro before Filter initialization)
- A command line program to securely hash passwords (or any url, fileor stream input for that matter).
- New secure password hash formats that adhere to Modular Crypt Formatconventions. These secure password hashes can be computed with theabove named command line program and saved in text config (e.g.shiro.ini) directly. Plaintext passwords should never
be stored. Forthose familiar with the Apache HTTPD passwd program, this achieves thesame benefits.
- A new LogoutFilter, as many apps don't need to show a view duringlogout (just logout and redirect to some known location).
- Shiro filters can be enabled or disabled without removing them fromthe filter chain - useful in development (e.g. turn ssl requirementoff in dev, but keep it on in production).
- A lot of work has gone into making secure password hash storage andcomparison a much simpler task in Shiro, focused around the newconcept of a PasswordService. You can use a PasswordService directlyin your application code to hash passwords securely.
You can thenconfigure a PasswordMatcher on your Realm(s) to use the samePasswordService for password comparisons. See the PasswordServiceJavaDoc for example .ini configuration:
More complete PasswordService and related configdocumentation will beadded to the Shiro website in the next few days - itwas better torelease now for the many who are waiting on the release, andfollow upwith this part of the documentation
shortly.
- Three new 'support' modules:
分享到:
相关推荐
Apache Shiro 是一个强大且易用的 Java 安全框架,它提供了认证、授权、加密以及会话管理功能,能够简化开发人员在构建安全应用程序时的复杂性。本全面教程将帮助你从入门到精通地了解和使用 Shiro。 1. **Shiro ...
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <!-- 单realm应用。如果有多个realm,使用‘realms’属性代替 --> ...
Apache Shiro是一个强大且易用的Java安全框架,它提供了身份验证、授权、加密和会话管理功能,可以非常容易地开发出足够安全的应用。本文旨在详细介绍如何在Web项目中有效地运用Shiro框架。 #### 二、用户权限模型 ...
- **发展阶段**:截止本文撰写之时,Shiro尚未发布正式版本,本文所讨论的内容基于J-Security 0.9稳定版,该版本在功能与稳定性方面已达到较高水平。 #### 三、Shiro的核心特点 1. **简洁的Java安全API**:Shiro...
首先,`shiro-core-1.2.0.jar`是Apache Shiro框架的核心库。Shiro是一个强大且易用的Java安全框架,提供了认证、授权、加密和会话管理功能,可以非常轻松地用于构建安全的Java应用。在调用接口时,Shiro可以帮助我们...
mybatis-spring-1.2.0.jar mysql-connector-java-5.0.8.jar mysql-connector-java-5.1.13-bin.jar mysql-connector-java-5.1.15.jar mysql-connector-java-5.1.2-beta-bin.jar mysql-connector-java-5.1.20-bin.jar ...