Announcement Announcement Module
Collapse
No announcement yet.
Spring Security 2.0.0 Released! Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security 2.0.0 Released!

    Dear Spring Community

    After almost two years of development, Spring Security 2.0.0 is now available for download. This significant new release replaces Acegi Security as the official security module for Spring applications.

    Spring Security 2.0.0 features substantially simplified configuration. Whilst old configurations required hundreds of lines of XML, our new convention over configuration approach ensures that many deployments will now require less than 10 lines.

    We've also added many other new capabilities to Spring Security 2.0.0:

    * OpenID integration, which is the web's emerging single sign on standard (supported by Google, IBM, Sun, Yahoo and others)

    * Windows NTLM support, providing easy enterprise-wide single sign on against Windows corporate networks

    * Support for JSR 250 ("EJB 3") security annotations, delivering a standards-based model for authorization metadata

    * AspectJ pointcut expression language support, allowing developers to apply cross-cutting security logic across their Spring managed objects

    * Substantial improvements to the high-performance domain object instance security ("ACL") capabilities

    * Comprehensive support for RESTful web request authorization, which works well with Spring 2.5's @MVC model for building RESTful systems

    * Long-requested support for groups, hierarchical roles and a user management API, which all combine to reduce development time and significantly improve system administration

    * An improved, database-backed "remember me" implementation

    * Support for portlet authentication out-of-the-box

    * Support for additional languages

    * Numerous other general improvements, documentation and new samples

    * New support for web state and flow transition authorization through
    the Spring Web Flow 2.0 release

    * New support for visualizing secured methods, plus configuration auto-completion support in Spring IDE

    * Enhanced WSS (formerly WS-Security) support through the Spring Web Services 1.5 release

    Please visit http://www.springframework.org/download to download the latest release and access the change log.

    We hope you find this new release useful in your projects.

    Best regards

    Ben Alex
    Project Lead, Spring Security

  • #2
    Congratulastions !!!

    Only a little comment the announcement link is linked to the release of spring security 2.0 RC1

    Comment


    • #3
      Great work, guys! I've been a user for almost two years now and the improvements are both wise and welcome. I got a chance to read the docs from RC1 and they are a vast improvement over the older docs - much more cohesive with good flow. Hope you have a great release party :-)

      Comment


      • #4
        Thanks . The Reference Guide has also been updated quite a bit since RC1. You'll find a link on the main website

        http://www.springframework.org/spring-security/

        We'll still be making improvements on that front in the coming weeks, though.

        Comment


        • #5
          wonderful work guys

          for an important and critical topic,

          is possible see soon a book teaching all these features? (like Pro Spring ?)
          or even better a book for beginner to advance programmers related with acegi?

          congratulations

          Comment


          • #6
            Thank you for all your work!
            This is a much anticipated release.

            Comment


            • #7
              Originally posted by denov
              till the docs get completely finished where would be the best place on understanding groups, hierarchical roles, and the user management API?
              Hi denov,

              I am the contributor of the hierarchical roles support. Unfortunately the documentation I have written didn't make it into the official reference documentation (and SEC-232/hierarchical roles also didn't make it into the changelog/release notes). It seems that it was forgotten. See http://jira.springframework.org/secu...hicalRoles.pdf for some helpful information about this new feature.

              Cheers,
              Michael

              Comment


              • #8
                Originally posted by qammm View Post
                Hi denov,

                I am the contributor of the hierarchical roles support. Unfortunately the documentation I have written didn't make it into the official reference documentation (and SEC-232/hierarchical roles also didn't make it into the changelog/release notes). It seems that it was forgotten.
                The release notes generated by Jira are a list of issues fixed specifically for that release. You'll find it in the M1 release:

                http://jira.springframework.org/secu...&version=10451

                Comment


                • #9
                  Originally posted by Luke View Post
                  The release notes generated by Jira are a list of issues fixed specifically for that release. You'll find it in the M1 release:

                  http://jira.springframework.org/secu...&version=10451
                  Ok, I (maybe wrongly) assumed that the changelog/release notes would include all the features that were added since the last major release (because not everyone follows the intermediate milestone releases). This way one could do a 1:1 matching with the announcement mail and get more details about each new feature or bugfix. Anyway, now that I understand the logic behind the release notes I am also fine with the way they are now.

                  Cheers,
                  Michael

                  Comment


                  • #10
                    thanks for your great job.
                    i was waiting for two years.haha,

                    Comment


                    • #11
                      Groups, User Management, etc

                      I googled around for a bit, but couldn't find any relevant documentation about the groups and the user management API. The PDF in this forum covers only some of the aspects of hierarchical roles, but we don't seem to get anything on the other topics. Are there at least some test cases that we could learn from until the docs get out? (The JavaDocs doesn't seem to be enough in this case)

                      Many thanks,
                      Cosmin

                      Comment


                      • #12
                        What about hibernate integration for persistence? Does it support it? Meaning can you use hibernate in place of the jdbcDaoImpl?

                        Comment


                        • #13
                          Originally posted by spastos View Post
                          What about hibernate integration for persistence? Does it support it? Meaning can you use hibernate in place of the jdbcDaoImpl?
                          No, Spring Security only supports JDBC out-of-the-box. There has been some discussion on Hibernate not scaling that well on for example ACL-handling etc. I don't know if this is true or not, but you may of course implement the ACLs using Hibernate yourself.

                          Comment


                          • #14
                            This is great stuff!
                            Can someone please point me to the section which talks about portlet security. We are using BEA Portal and would like to see how we can implement Spring security with BEA. I did skim through the reference documentation but couldn't find anything related to portlets

                            Comment


                            • #15
                              Where can i find detail information about the JSP Tag Libraries of Spring Security?

                              This link gives me only some basic information about the usage ...

                              http://static.springframework.org/sp...structure.html

                              Can anyone help me?

                              Comment

                              Working...
                              X