Apache Shiro 1.2.4 发布了,改进记录包括: Bug [SHIRO-421] - Unable to set long timeouts on HttpServletSession [SHIRO-442] - CAS client fails with multi-valued SAML attributes [SHIRO-444] - Rewrite AuthorizingRealm, and configure the cacheManager throws an exception [SHIRO-462] - Authentication exceptions are swallowed [SHIRO-483] - passwordsMatch() returns false with right plain password-encrypted password in JVM with default locale tr_TR [SHIRO-517] - Caused by: java.lang.NoClassDefFoundError: Lcom/google/inject/internal/util/$ImmutableList; [SHIRO-518] - Shiro-CAS: Security Problem in cas-client-core versions older than 3.3.2 Documentation [SHIRO-534] - Provide better documentation around permissions Improvement [SHIRO-332] - Change access level of method 'isPermitted' in org.apache.shiro.realm.AuthorizingRealm (line 461) from private to protected [SHIRO-428] - AuthorizingRealm "no cache" logging should be at DEBUG level, not INFO, OR is should log only once [SHIRO-465] - Support externalized principal mapping in AuthenticatingRealm and ModularRealmAuthenticator [SHIRO-479] - update ehcache dependency [SHIRO-496] - Update shior.guice dependency [SHIRO-498] - ThreadLocal should not be created when not necessary [SHIRO-499] - Kerberos Realm [SHIRO-504] - Java 8 support New Feature [SHIRO-445] - Mechanism needed to secure passwords in shiro.ini [SHIRO-464] - Support role mapping similar to PermissionResolver and RolePermissionResolver [SHIRO-501] - Add ability to set system properties in shiro.ini Apche Shiro 1.2.4 发布,轻量安全框架下载地址
