Blog from Jan 26, 2012

Tapestry-security, the comprehensive security package for Tapestry just got a bit more comprehensive with the new 0.4.1 release! 0.4.x is tested with and meant both for T5.2 and T5.3.

We picked up the brand new Apache Shiro 1.2.0 release of which development snapshots we've been running against for months now. We also decided it's time to start eating our own dog food, so we delegated tapestry-security's exception handling to another module from tynamo.org, tapestry-exceptionpage, in order to gracefully handle security responses as redirects, ajax or not. Read more about what tapestry-security can do for you from tapestry-security guide. Special thanks to Lenny Primak for relentlessly bugging us until we just had to get the 0.4.1 out the door (tongue)

Release notes:

Bug

  • [TYNAMO-102] - Specify id for RequestExceptionHandler advice for preventing unintentional override
  • [TYNAMO-103] - @Security, tapestry.secure-enabled, MetaDataConstants.SECURE_PAGE not honored by Tapestry security
  • [TYNAMO-105] - Warning is issued in the log file on every startup

Improvement

  • [TYNAMO-87] - Redirects should honor localization
  • [TYNAMO-106] - Login screen background file (login-bg.png) is too large for the web - smaller file attached
  • [TYNAMO-109] - Allow Unauthorized and Login page to be a single page
  • [TYNAMO-110] - redirect to login page for pages secured with @RequiresXXX annotations
  • [TYNAMO-113] - Test for ajax in the AccessControlFilter.issueRedirect and issue a client-side "soft" redirect if so
  • [TYNAMO-117] - Add symbol for disabling redirect to saved request
  • [TYNAMO-118] - Store savedrequest into a cookie instead of session
  • [TYNAMO-119] - In SecurityFilterChainFactoryImpl, use componentClassResolver to resolve pageclasses to urls

New Feature

  • [TYNAMO-111] - Add support for SslFilter & PortFilter