Apache Shiro 1.2.4 发布了,改进记录包括:
Bug
-
[SHIRO-421] – Unable to set long timeouts on HttpServletSession
-
[SHIRO-442] – CAS client fails with multi-valued SAML attributes
-
[SHIRO-444] – Rewrite AuthorizingRealm, and configure the cacheManager throws an exception
-
[SHIRO-462] – Authentication exceptions are swallowed
-
[SHIRO-483] – passwordsMatch() returns false with right plain password-encrypted password in JVM with default locale tr_TR
-
[SHIRO-517] – Caused by: java.lang.NoClassDefFoundError: Lcom/google/inject/internal/util/$ImmutableList;
-
[SHIRO-518] – Shiro-CAS: Security Problem in cas-client-core versions older than 3.3.2
Documentation
-
[SHIRO-534] – Provide better documentation around permissions
Improvement
-
[SHIRO-332] – Change access level of method 'isPermitted' in org.apache.shiro.realm.AuthorizingRealm (line 461) from private to protected
-
[SHIRO-428] – AuthorizingRealm "no cache" logging should be at DEBUG level, not INFO, OR is should log only once
-
[SHIRO-465] – Support externalized principal mapping in AuthenticatingRealm and ModularRealmAuthenticator
-
[SHIRO-479] – update ehcache dependency
-
[SHIRO-496] – Update shior.guice dependency
-
[SHIRO-498] – ThreadLocal should not be created when not necessary
-
[SHIRO-499] – Kerberos Realm
-
[SHIRO-504] – Java 8 support
