Spring Security 2.0.4 Released

[Luke Taylor]

Dear Spring Community

We're pleased to an announce the release of Spring Security 2.0.4.

This is a minor bugfix release. There are also some changes to the security namespace so you should update to the new 2.0.4 schema file if necessary. There are also some documentation updates, including two new reference appendices - one describing the database schema used within Spring Security and one which details the elements and attributes in the namepace and how they map to implementation classes.

Please note that container adapters will not be included in the next major release.

To see what's new you can browse the changelog.

You can download the latest version from http://www.springframework.org/download.

Please see the project website for more information including access to the reference manual, Javadoc, code cross reference, build instructions and the FAQ.

[kantorn]

Thanks for this release, the database listing is MOST welcome and will provide a great resource to continue using Spring Security.

[fanfy]

Thank you. Glad to see a release after all this debate on the maintenance policy. I was afraid that 2.0.4 binaries was only registered partners. Its nice also that the maven repositories was updated. Thank you.

[wwheeler]

Sorry, I posted a new thread over this, but then I saw this one. Did the taglib JAR get inadvertently (or intentionally?) left out of 2.0.4?

[Luke Taylor]

If it's missing, then that's my mistake.

You can download it directly from the maven repo:

http://repo2.maven.org/maven2/org/sp...libs-2.0.4.jar

I've also updated the release zip on Sourceforge to add the extra jar file.

[ehab_refaat82]

thanks alot

[bongosdude]

My project depends on SpringFramework latest release 2.5.6 but SpringSecurity depends on SpringFramework release 2.0.8. Is there a way that I can use SpringSecurity with SpringFramework 2.5.6. Or do I have to fall back to version 2.0.8?

Thanks
=B

[J Ball]

My project depends on SpringFramework latest release 2.5.6 but SpringSecurity depends on SpringFramework release 2.0.8. Is there a way that I can use SpringSecurity with SpringFramework 2.5.6. Or do I have to fall back to version 2.0.8?

Thanks
=B

I am using the latest Spring Security with the latest Spring Framework with no problems.

[Luke Taylor]

Does the preauth example only has the configuration file and index.jsp?

Yes. It's just intended to illustrate the configuration.

[oli]

Thanks for clarification. I am new to Spring Security and try to find an example about how to only use Spring Security to do the authorization.

I was looking at the applicatonContext-security.xml in the preauth sample.

<bean id="filterChainProxy" class="org.springframework.security.util.FilterCha inProxy">
<sec:filter-chain-map path-type="ant">
<sec:filter-chain pattern="/**" filters="sif,j2eePreAuthFilter,logoutFilter,etf,fs i"/>
</sec:filter-chain-map>
</bean>

It uses j2eePreAuthFilter which is defined as:

<bean id="j2eePreAuthFilter" class="org.springframework.security.ui.preauth.j2e e.J2eePreAuthenticatedProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationDetailsSource" ref="authenticationDetailsSource"/>
</bean>

I am using external web service for authentication, and I was following the chapter 16 Siteminder Example Configuration, and keep getting SM_USER not found in header exception, then I created my own PreAuthenticatedProcessingFilter as described here:

http://jira.springframework.org/browse/SEC-1020
So I can login in using the external web site and I have a LoginController extends MultiActionController to handle the login logic and call the service layer to get the roles info from DB. But how can I plug in Spring Security in?
Should I modified the LoginController to implements filter and plug into the filter chain to be able to load my own UserDetails object?