Announcement Announcement Module
Collapse
No announcement yet.
Spring Security 2.0.4 Released Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security 2.0.4 Released

    Dear Spring Community

    We're pleased to an announce the release of Spring Security 2.0.4.

    This is a minor bugfix release. There are also some changes to the security namespace so you should update to the new 2.0.4 schema file if necessary. There are also some documentation updates, including two new reference appendices - one describing the database schema used within Spring Security and one which details the elements and attributes in the namepace and how they map to implementation classes.

    Please note that container adapters will not be included in the next major release.

    To see what's new you can browse the changelog.

    You can download the latest version from http://www.springframework.org/download.

    Please see the project website for more information including access to the reference manual, Javadoc, code cross reference, build instructions and the FAQ.

  • #2
    Thanks for this release, the database listing is MOST welcome and will provide a great resource to continue using Spring Security.

    Comment


    • #3
      Thank you. Glad to see a release after all this debate on the maintenance policy. I was afraid that 2.0.4 binaries was only registered partners. Its nice also that the maven repositories was updated. Thank you.

      Comment


      • #4
        Sorry, I posted a new thread over this, but then I saw this one. Did the taglib JAR get inadvertently (or intentionally?) left out of 2.0.4?

        Comment


        • #5
          If it's missing, then that's my mistake.

          You can download it directly from the maven repo:

          http://repo2.maven.org/maven2/org/sp...libs-2.0.4.jar

          I've also updated the release zip on Sourceforge to add the extra jar file.
          Last edited by Luke Taylor; Oct 3rd, 2008, 07:21 AM.

          Comment


          • #6
            thanks

            thanks alot

            Comment


            • #7
              SpringSecurity Release 2.0.4 and SpringFramework 2.5.6

              My project depends on SpringFramework latest release 2.5.6 but SpringSecurity depends on SpringFramework release 2.0.8. Is there a way that I can use SpringSecurity with SpringFramework 2.5.6. Or do I have to fall back to version 2.0.8?

              Thanks
              =B

              Comment


              • #8
                Originally posted by bongosdude View Post
                My project depends on SpringFramework latest release 2.5.6 but SpringSecurity depends on SpringFramework release 2.0.8. Is there a way that I can use SpringSecurity with SpringFramework 2.5.6. Or do I have to fall back to version 2.0.8?

                Thanks
                =B
                I am using the latest Spring Security with the latest Spring Framework with no problems.

                Comment


                • #9
                  Originally posted by oli
                  Does the preauth example only has the configuration file and index.jsp?
                  Yes. It's just intended to illustrate the configuration.

                  Comment


                  • #10
                    Thanks for clarification. I am new to Spring Security and try to find an example about how to only use Spring Security to do the authorization.

                    I was looking at the applicatonContext-security.xml in the preauth sample.

                    <bean id="filterChainProxy" class="org.springframework.security.util.FilterCha inProxy">
                    <sec:filter-chain-map path-type="ant">
                    <sec:filter-chain pattern="/**" filters="sif,j2eePreAuthFilter,logoutFilter,etf,fs i"/>
                    </sec:filter-chain-map>
                    </bean>

                    It uses j2eePreAuthFilter which is defined as:

                    <bean id="j2eePreAuthFilter" class="org.springframework.security.ui.preauth.j2e e.J2eePreAuthenticatedProcessingFilter">
                    <property name="authenticationManager" ref="authenticationManager"/>
                    <property name="authenticationDetailsSource" ref="authenticationDetailsSource"/>
                    </bean>

                    I am using external web service for authentication, and I was following the chapter 16 Siteminder Example Configuration, and keep getting SM_USER not found in header exception, then I created my own PreAuthenticatedProcessingFilter as described here:

                    http://jira.springframework.org/browse/SEC-1020
                    So I can login in using the external web site and I have a LoginController extends MultiActionController to handle the login logic and call the service layer to get the roles info from DB. But how can I plug in Spring Security in?
                    Should I modified the LoginController to implements filter and plug into the filter chain to be able to load my own UserDetails object?

                    Comment


                    • #11
                      Spring Security &amp; Ntlm &amp; Tomcat

                      I'm looking for a complete web application sample using the latest spring security with windows authentication (NTLM) and Tomcat. I know how to authenticate using spring security against a database but I'm struggling when trying to authenticate based on NTLM in Windows Server 2003. Any guidance you can give will be appreciated.

                      Thank,

                      Alberto Acevedo

                      Comment


                      • #12
                        @Override
                        public void logout(HttpServletRequest request, HttpServletResponse response,
                        Authentication authentication) {
                        if (authentication.getPrincipal() instanceof User) {
                        User user = (User) authentication.getPrincipal();
                        if (user != null) {
                        ...}
                        }
                        }

                        Am getting authentication parameter as null in Spring security 2.0.4 at the time of session timeout.

                        Comment


                        • #13
                          Spring security &amp; JCIF not working with NTLMv2

                          Originally posted by pitirre View Post
                          I'm looking for a complete web application sample using the latest spring security with windows authentication (NTLM) and Tomcat. I know how to authenticate using spring security against a database but I'm struggling when trying to authenticate based on NTLM in Windows Server 2003. Any guidance you can give will be appreciated.

                          Thank,

                          Alberto Acevedo
                          I tried using Spring security that is dependent on JCIF to authenticate users based on NTLMV2 SSO windows authentication. All intents to make it to work failed. I even tried samples I found in the internet with the same result. After all the hard work I found out that Spring Security and JCIF can not SSO authenticate based on NTLMV2. I finally found a solution by using Jespa. Jespa is not open source but the cost of the license is affordable. Are there any plans to have Spring security doing SSO NTLMV2 authentication in Windows platforms? Is there any solution already available of Spring security with Jespa?

                          Thanks,

                          Alberto Acevedo

                          Comment

                          Working...
                          X