Plugin:org.tolven.shiro
From DOC
Contents |
Version 2.1 Notes
Version 2.1.4
- To prevent session commit conflicts that can affect performance, added the LastAccessTimeBean, which keeps a cache of session last access times and updates them to the database periodically via an EJB timer.
- To reduce commit conflicts when multiple threads need to update a session attribute, added new DefaultTolvenSessionAttribute Entity which corresponds to the table tolven_session_attribute, which now stores attributes one per row, instead of all in one row.
- The encryptedAttributes column of the core.tolven_session table is no longer required and can be dropped.
Version 2.1.3
- TransactionFilter will now treat a request as read only if the request attribute contains the following property:
- org.tolven.request.attribute.readonlytransaction=true
- Shiro supplies its entities and EJB APIs via a shiro-lib.jar.
- Renamed the shiroEJB jar to shiro-ejb.
- TolvenShiroFilter registers the following Shiro filters:
- anon,org.apache.shiro.web.filter.authc.AnonymousFilter
- authc,org.apache.shiro.web.filter.authc.FormAuthenticationFilter
- authcBasic,org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
- perms,org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
- port,org.apache.shiro.web.filter.authz.PortFilter
- rest,org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
- roles,org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
- ssl,org.apache.shiro.web.filter.authz.SslFilter
- user,org.apache.shiro.web.filter.authc.UserFilter
- rspreauthz,org.tolven.shiro.filter.RSPreAuthFilter
- preauthc,org.tolven.shiro.filter.PreAuthFormAuthenticationFilter
- tssl,org.tolven.shiro.filter.TolvenSslFilter
- troles,org.tolven.shiro.filter.TolvenRolesAuthorizationFilter
- Moved classes from package org.tolven.shiro.web.servlet to org.tolven.shiro.filter.
- Moved the hard-coded chain filter classes out to their respective plug-ins, where they are now registered via ServletContextListeners. This now makes it possible to add other plug-in-specific chain filters.
- Removed the hard-coded reference to realm, which can now be obtained from the TolvenSessionWrapper, which uses a session attribute.
- Made a fix to fix RESTful API access by by adding a log statement to log regarding which URL permission is denied.
- Also added a log statement to the log when the filter name in the tolvenauth table does not match a filter.
Version 2.1.2
- Added the following role methods to ShiroSessionWrapper:
- hasAllRoles(Collection<String> roleIdentifiers);
- hasRole(String roleIdentifier);
- hasRoles(List<String> roleIdentifiers);
- Also fixed a role handling bug in TolvenJndiLdapRealm.
- SUCCESSFUL_LOGIN, FAILED_LOGIN, and LOGGED_OUT are now audited indicating user, realm, and host.
- Removed GatekeeperServletContextListener from org.tolven.shiro, in favor of each plug-in's using its own ServletContextListener to more clearly indicate in their logs more detailed information about when those plug-ins come online, and what services they offer.
Version 2.1.1
- Consolidated the following now-deprecated plug-ins into org.tolven.shiro:
- org.tolven.shiroejb
- org.tolven.shirolib
- org.tolven.shiroweb
Version 2.1.0
- This new plug-in appears in tolven-config/plugins.xml to bring in Shiro-related functionality.
