Plugin:org.tolven.shiroweb

From DOC

Contents 1 Deprecated 2 Version 2.1 Notes 2.1 Version 2.1.10 2.2 Version 2.1.9 2.3 Version 2.1.8 2.4 Version 2.1.7 2.5 Version 2.1.6 2.6 Version 2.1.5 2.7 Version 2.1.4 2.8 Version 2.1.3 2.9 Version 2.1.2 2.10 Version 2.1.1 2.11 Version 2.1.0

Deprecated

This plug-in was deprecated on 1/18/2012 when it was consolidated into org.tolven.shiro.

Version 2.1 Notes

Version 2.1.10

• All transaction handling has been moved to TransactionFilter, which appears as the first filter in all war files. References to UserTransaction have been removed from elsewhere in Tolven code.
• TolvenSessionDAO now uses a session attribute called "org.tolven.session.transientAttributes" to determine whether to encrypt and persist a session attribute. The value of this attribute can be set using a ContextParam of the same name.
• Functionality has been added which allows customers to prevent selected session attributes from being persisted, for example, where those attributes are not serializable. This can be done by setting the ContextParam of the web.xml in question as follows:

<context-param>
<param-name>org.tolven.session.transientAttributes</param-name>
<param-value>NonSerializable1,NonSerializable2,NonSerializable3</param-value>
</context-param>

This can be done in plug-in manifest, by referring to the war file. For example, adding a ContextParam to tolvenweb is done as follows:

<extension id="non-serializable-context-param" plugin-id="org.tolven.component.war" point-id="context-param">
<parameter id="param-name" value="org.tolven.session.transientAttributes" />
<parameter id="param-value" value="NonSerializable1,NonSerializable2,NonSerializable3" />
<parameter id="target-plugin-id" value="org.tolven.component.tolvenweb" />
</extension>

It is not certain however, that all applications which place attributes into sesssion will behave correctly, especially if the server goes down, and the session is retrieved from persistence without whatever was lost locally. Users will have to determine this through testing.

Version 2.1.9

• Updated the following jars from Metro v1.3 to v2.2.1:
  • webservices-api.jar
  • webservices-extra.jar
  • webservices-extra-api.jar
  • webservices-extra-jdk-packages.jar
  • webservices-rt.jar
  • webservices-tools.jar
• Added project lib as a compilation-endorsed directory for plug-in manager.
• Re-compiled AuthenticationService with new jars.
• Removed WSPreAuthFilter. Filter functionality is now handled by JAX-WS handlers.
• Moved WSAuthenticationHandler from package org.tolven.ws to org.tolven.ws.common.
• Added new JAX-WS handlers: TransactionHandler, AuthenticationHandler, UsernameTokenPlainHandler.

Version 2.1.8

• Added metro Web service library files for compilation.
• Plug-in now provides an AuthenticationWebServiceClient to request authentication from the Tolven GateKeeper
• Added WSAuthenticationHandler which currently denies access to all callers, which require authentication. Only the EchoService does not require authentication at this time.
• WSPreAuthFilter now indicates by a request attribute, whether the WSAuthenticationHandler is active. This allows customers to control access to WS via the Shiro URL permissions, since the handler must be hard-coded to the actual services via an @HandlerChain.

Version 2.1.7

• A change was made as follows to fix the Switch Account function:
  • Added more logging to indicate the activity of a user with respect to login/logout, as well as entering and exiting the vestibule.

Version 2.1.6

• Minor changes were made to accommodate Tolven's build process.

Version 2.1.5

• Now, when the user is already logged in, if the login page is requested, then the user is redirected to the home page.
• Added GatekeeperServletContextListener.
• Removed ShiroSessionWrapperFilter and added its functionality to TolvenShiroFilter.
• Moved Tolven classes which were subclassed under Shiro's Ini* equivalents since Tolven no longer uses the shiro.ini file.

Version 2.1.4

• Removed the suppressed Exception, which occurs during the creation and start of the UserTransaction.
• Added the following new chain filters:
  • "apiaf,org.tolven.api.security.AccountFilter"
  • "entervf,org.tolven.web.security.EnterVestibuleFilter"
  • "selectvf,org.tolven.web.security.SelectAccountVestibuleFilter"
  • "exitvf,org.tolven.web.security.ExitVestibuleFilter"
  • "af,org.tolven.web.security.AccountFilter"

Version 2.1.3

• Removed tolvenNow from TolvenShiroFilter.

Version 2.1.2

• Enhanced a login failure log statement to more clearly show the cause of a login failure in the logs. The log statement is identified by "LOGIN_FAILED". The logs now show: LDAP: error code 49 - Invalid Credentials

Version 2.1.1

• ???

Version 2.1.0

1. This plug-in was added to provide support for the JBoss 6 Java application server and for "Tolven Gatekeeper," Tolven's implementation of the Apache Shiro Java Security Framework. Tolven Gatekeeper provides an alternative to OpenAM for interacting with LDAP (OpenDS) for user registration and password management.