- [TYNAMO-155] - Authorization cache is not cleared at logout
- [TYNAMO-143] - Create a marker annotation for SecurityConfiguration
- [TYNAMO-154] - add FirstExceptionStrategy as the default AuthenticationStrategy for projects with multiple realms
- [TYNAMO-159] - Add a NotFoundFilter
- [TYNAMO-160] - Handle no-context, no ending slash with the same wildcard rule
- [TYNAMO-161] - add a PatternMatcher field to SecurityFilterChain
- [TYNAMO-163] - Rename PageService to an internal LoginContextService
- [TYNAMO-150] - Implement the CasFilter (new in Shiro 1.2) as a tapestry-security filter
- [TYNAMO-162] - provide a configuration to block access to assets (like the AssetProtectionDispatcher)
Read more at tapestry-security guide and enjoy,
Would it not be great if you could write something like:
And be assured that EntityManager.merge() would fail even if somebody manually replaced the entity id somewhere along the way? Wouldn't it be equally cool if you could just do EntityManager.find(Account.class, null) to fetch the right Account for the currently logged-in user? If securing data instances have been causing gray hair for you before and you happen to be using JPA, you should definitely checkout Tynamo's latest module, tapestry-security-jpa.
On a related note, if you happen to live in SF Bay Area, I'll be talking about ERBAC, federated accounts, tapestry-security and using Shiro in modern Java web applications in an upcoming Shiro JUG meet-up this Wednesday, graciously sponsored by Stormpath, Inc.!