Version 1.0
These are changes from the last version of the JSecurity plugin
- Configuration settings now start
security.shiro rather than jsecurity .
- Except
jsecurity.legacy.filter.enabled which is now security.shiro.annotationdriven.enabled .
- All
org.jsecurity packages are now org.apache.shiro .
- New
create-wildcard-realm command that creates a database realm based on Shiro's wildcard string permissions. This is simpler than the old DB realm.
- Access control by convention now uses wildcard permissions rather than
JsecBasicPermission .
- You can now configure an alternative login URL that the plugin will redirect to:
security.shiro.redirect.uri .
- You can now override the default permission resolver, remember me manager and authentication strategy by defining your own beans with the appropriate names (
shiroPermissionResolver , shiroRememberMeManager , shiroAuthenticationStrategy ).
- Implemented GRAILSPLUGINS-627: you can now protect URLs using Shiro's standard
FormAuthenticationFilter .
- Fixed GRAILSPLUGINS-869: HTTP Basic authentication no longer throws an exception for an empty username or password.
- The
quick-start command now creates a wildcard permission based database realm, although it has the default name ShiroDbRealm when installed.
There is one important breaking change if you already have an
AuthController class generated from an earlier version of the Shiro or JSecurity plugins:
this.securityManager.login(authToken)
becomes
SecurityUtils.subject.login(authToken)
Close