Spring Security 2.0.0 Released!

[Ben Alex]

Dear Spring Community

After almost two years of development, Spring Security 2.0.0 is now available for download. This significant new release replaces Acegi Security as the official security module for Spring applications.

Spring Security 2.0.0 features substantially simplified configuration. Whilst old configurations required hundreds of lines of XML, our new convention over configuration approach ensures that many deployments will now require less than 10 lines.

We've also added many other new capabilities to Spring Security 2.0.0:

* OpenID integration, which is the web's emerging single sign on standard (supported by Google, IBM, Sun, Yahoo and others)

* Windows NTLM support, providing easy enterprise-wide single sign on against Windows corporate networks

* Support for JSR 250 ("EJB 3") security annotations, delivering a standards-based model for authorization metadata

* AspectJ pointcut expression language support, allowing developers to apply cross-cutting security logic across their Spring managed objects

* Substantial improvements to the high-performance domain object instance security ("ACL") capabilities

* Comprehensive support for RESTful web request authorization, which works well with Spring 2.5's @MVC model for building RESTful systems

* Long-requested support for groups, hierarchical roles and a user management API, which all combine to reduce development time and significantly improve system administration

* An improved, database-backed "remember me" implementation

* Support for portlet authentication out-of-the-box

* Support for additional languages

* Numerous other general improvements, documentation and new samples

* New support for web state and flow transition authorization through
the Spring Web Flow 2.0 release

* New support for visualizing secured methods, plus configuration auto-completion support in Spring IDE

* Enhanced WSS (formerly WS-Security) support through the Spring Web Services 1.5 release

Please visit http://www.springframework.org/download to download the latest release and access the change log.

We hope you find this new release useful in your projects.

Best regards

Ben Alex
Project Lead, Spring Security

[jaimemadrid]

Only a little comment the announcement link is linked to the release of spring security 2.0 RC1

[tkelley353]

Great work, guys! I've been a user for almost two years now and the improvements are both wise and welcome. I got a chance to read the docs from RC1 and they are a vast improvement over the older docs - much more cohesive with good flow. Hope you have a great release party :-)

[Luke Taylor]

Thanks . The Reference Guide has also been updated quite a bit since RC1. You'll find a link on the main website

http://www.springframework.org/spring-security/

We'll still be making improvements on that front in the coming weeks, though.

[dr_pompeii]

wonderful work guys

for an important and critical topic,

is possible see soon a book teaching all these features? (like Pro Spring ?)
or even better a book for beginner to advance programmers related with acegi?

congratulations

[kantorn]

Thank you for all your work!
This is a much anticipated release.

[qammm]

Quote:

Originally Posted by denov

till the docs get completely finished where would be the best place on understanding groups, hierarchical roles, and the user management API?

Hi denov,

I am the contributor of the hierarchical roles support. Unfortunately the documentation I have written didn't make it into the official reference documentation (and SEC-232/hierarchical roles also didn't make it into the changelog/release notes). It seems that it was forgotten. See http://jira.springframework.org/secu...hicalRoles.pdf for some helpful information about this new feature.

Cheers,
Michael

[Luke Taylor]

Quote:

Originally Posted by qammm

Hi denov,

I am the contributor of the hierarchical roles support. Unfortunately the documentation I have written didn't make it into the official reference documentation (and SEC-232/hierarchical roles also didn't make it into the changelog/release notes). It seems that it was forgotten.

The release notes generated by Jira are a list of issues fixed specifically for that release. You'll find it in the M1 release:

http://jira.springframework.org/secu...&version=10451

[qammm]

Quote:

Originally Posted by Luke

The release notes generated by Jira are a list of issues fixed specifically for that release. You'll find it in the M1 release:

http://jira.springframework.org/secu...&version=10451

Ok, I (maybe wrongly) assumed that the changelog/release notes would include all the features that were added since the last major release (because not everyone follows the intermediate milestone releases). This way one could do a 1:1 matching with the announcement mail and get more details about each new feature or bugfix. Anyway, now that I understand the logic behind the release notes I am also fine with the way they are now.

Cheers,
Michael

[cheng]

thanks for your great job.
i was waiting for two years.haha,