Spring Security 2.0.0 RC1 Released

**Ben Alex** · Apr 1st, 2008, 04:56 PM

Dear Spring Community

I'm delighted to announce that Spring Security 2.0.0 RC1 is now available. This is our first release candidate, with the core framework now considered feature complete.

We've addressed over 65 issues in this new release, including:

* Authentication support for OpenID, which is rapidly becoming the de facto standard for Internet SSO
* Method authorization support via the new "protect-pointcut" element, which uses the powerful AspectJ pointcut expression language
* Dynamic retrieval of method authorization metadata from multiple sources (AspectJ, declarative XML, @Secured, JSR 250 annotations etc)
* Complete support for method authorization on superclass, generic, bridge, class and interface methods
* Web authorization of restful URIs
* Further expansion of namespace capabilities
* Continued simplification and improvement of the end user experience
* Improvements to the "tutorial" sample
* Dependency updates and compatibility testing
* Various refactoring, repackaging and general fixes

This release is suitable for development purposes, and we warmly welcome your feedback, suggestions and issue reports. Over the coming weeks we will be finalizing the documentation, tests, and ACL support as part of our 2.0.0 final release.

Please visit http://www.springframework.org/download to download the latest release and access the change log.

We hope you find this new release useful in your projects.

Best regards

Ben Alex
Project Lead, Spring Security

**erikvaningen** · Apr 4th, 2008, 02:58 AM

Congratulations!

We are very happy with the active developments around Spring Security.

A question: I would like to integrate Spring Security into my Spring-JPA(Hibernate) application. At the moment the daoAuthenticationProviderfor is not based on JPA or Hibernate. I am urgently looking for a component who does this, including the ACL's. It would be great if such a component would be incorporated in Spring Security.

Are there any plans for this or are there known examples which I can use?

I saw this link
http://toubsen.de/appfuse/acls/new-models
Would that approach fit with the Spring Security strategy? Could this be done also with apects?

**Luke Taylor** · Apr 5th, 2008, 05:37 AM

Note that as with previous milestone releases, the jars are available from the Spring milestone repository if you are using maven. See Ben Hale's blog entry here for more information

http://blog.springsource.com/main/20...n-artifacts-2/

**erikvaningen** · Apr 5th, 2008, 07:47 AM

I understand this Maven thing, but this is now answering my question!

**Luke Taylor** · Apr 5th, 2008, 07:55 AM

My post wasn't meant to answer your question. It was supplementary information to the initial release note as we always get requests for this.

**domurtag** · Apr 7th, 2008, 09:36 AM

Congratulations on reaching this milestone.
Do you have a (very approximate) date for the final release of 2.0?

**Patrick Heiden** · Apr 9th, 2008, 04:30 PM

Hello together!

Why is there no release to the maven-repository for RC1? This would be very nice, because my actual projects using spring-security (SS) lack this dependency and everything needs to be done manually

Best regards,
Patrick

**Luke Taylor** · Apr 9th, 2008, 04:42 PM

Please read the blog article from my post above. Only final releases are uploaded to the central repository. If you want to use intermediate snapshots, milestone releases etc then you can do so by adding the appropriate repository declarations to your maven project.

**Patrick Heiden** · Apr 9th, 2008, 05:08 PM

Ahh, that is the reason

Thanks a lot!

**jontro** · Apr 14th, 2008, 03:14 PM

Originally Posted by erikvaningen

Congratulations!

We are very happy with the active developments around Spring Security.

A question: I would like to integrate Spring Security into my Spring-JPA(Hibernate) application. At the moment the daoAuthenticationProviderfor is not based on JPA or Hibernate.

You can still use daoAuthenticationProvider and do your own implementation of UserDetailsService and UserDetails to accomplish this.

This is how I did the configuration in applicationContext.xml:

Code:

  <bean id="authenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
        <property name="userDetailsService" ref="userDetailsService"/>
    </bean>
    
    <bean id="userDetailsService" class="se.xxx.invoice.UserDetailsServiceImpl">
        <property name="invoiceService" ref="invoiceService"/>
    </bean>

invoiceService is of course the dao service object

Thread: Spring Security 2.0.0 RC1 Released

Thread Tools

Display

Spring Security 2.0.0 RC1 Released

release for the maven repository

maven repository

Posting Permissions