Last updated by 4 years ago

Page: Shiro Release Notes, Version:3

Version 1.0

These are changes from the last version of the JSecurity plugin

  • Configuration settings now start security.shiro rather than jsecurity .
  • Except jsecurity.legacy.filter.enabled which is now security.shiro.annotationdriven.enabled .
  • All org.jsecurity packages are now org.apache.shiro .
  • New create-wildcard-realm command that creates a database realm based on Shiro's wildcard string permissions. This is simpler than the old DB realm.
  • Access control by convention now uses wildcard permissions rather than JsecBasicPermission .
  • You can now configure an alternative login URL that the plugin will redirect to: security.shiro.redirect.uri .
  • You can now override the default permission resolver, remember me manager and authentication strategy by defining your own beans with the appropriate names ( shiroPermissionResolver , shiroRememberMeManager , shiroAuthenticationStrategy ).
  • Implemented GRAILSPLUGINS-627: you can now protect URLs using Shiro's standard FormAuthenticationFilter .
  • Fixed GRAILSPLUGINS-869: HTTP Basic authentication no longer throws an exception for an empty username or password.