Spring Security 2.0.0 RC1 Released

[Ben Alex]

Dear Spring Community

I'm delighted to announce that Spring Security 2.0.0 RC1 is now available. This is our first release candidate, with the core framework now considered feature complete.

We've addressed over 65 issues in this new release, including:

* Authentication support for OpenID, which is rapidly becoming the de facto standard for Internet SSO
* Method authorization support via the new "protect-pointcut" element, which uses the powerful AspectJ pointcut expression language
* Dynamic retrieval of method authorization metadata from multiple sources (AspectJ, declarative XML, @Secured, JSR 250 annotations etc)
* Complete support for method authorization on superclass, generic, bridge, class and interface methods
* Web authorization of restful URIs
* Further expansion of namespace capabilities
* Continued simplification and improvement of the end user experience
* Improvements to the "tutorial" sample
* Dependency updates and compatibility testing
* Various refactoring, repackaging and general fixes

This release is suitable for development purposes, and we warmly welcome your feedback, suggestions and issue reports. Over the coming weeks we will be finalizing the documentation, tests, and ACL support as part of our 2.0.0 final release.

Please visit http://www.springframework.org/download to download the latest release and access the change log.

We hope you find this new release useful in your projects.

Best regards

Ben Alex
Project Lead, Spring Security

[erikvaningen]

Congratulations!

We are very happy with the active developments around Spring Security.

A question: I would like to integrate Spring Security into my Spring-JPA(Hibernate) application. At the moment the daoAuthenticationProviderfor is not based on JPA or Hibernate. I am urgently looking for a component who does this, including the ACL's. It would be great if such a component would be incorporated in Spring Security.

Are there any plans for this or are there known examples which I can use?

I saw this link
http://toubsen.de/appfuse/acls/new-models
Would that approach fit with the Spring Security strategy? Could this be done also with apects?

[jontro]

Congratulations!

We are very happy with the active developments around Spring Security.

A question: I would like to integrate Spring Security into my Spring-JPA(Hibernate) application. At the moment the daoAuthenticationProviderfor is not based on JPA or Hibernate.

You can still use daoAuthenticationProvider and do your own implementation of UserDetailsService and UserDetails to accomplish this.

This is how I did the configuration in applicationContext.xml:

Code:

  <bean id="authenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
        <property name="userDetailsService" ref="userDetailsService"/>
    </bean>
    
    <bean id="userDetailsService" class="se.xxx.invoice.UserDetailsServiceImpl">
        <property name="invoiceService" ref="invoiceService"/>
    </bean>

invoiceService is of course the dao service object

[Luke Taylor]

Note that as with previous milestone releases, the jars are available from the Spring milestone repository if you are using maven. See Ben Hale's blog entry here for more information

http://blog.springsource.com/main/20...n-artifacts-2/

[erikvaningen]

I understand this Maven thing, but this is now answering my question!

[Luke Taylor]

My post wasn't meant to answer your question. It was supplementary information to the initial release note as we always get requests for this.

[domurtag]

Congratulations on reaching this milestone.
Do you have a (very approximate) date for the final release of 2.0?

[Patrick Heiden]

Hello together!

Why is there no release to the maven-repository for RC1? This would be very nice, because my actual projects using spring-security (SS) lack this dependency and everything needs to be done manually

Best regards,
Patrick