If you have not noticed Rajesh's email on the JBoss.org development mailing list, then you should look at the new JBoss 4.2.0.GA release to the community.
You can download it from:
http://sourceforge.net/project/showfiles.php?group_id=22866&package_id=16942&release_id=507793
The release notes:
http://sourceforge.net/project/shownotes.php?release_id=507793&group_id=22866
For security, the following may be interesting:
[ JBAS-1824 ] JACC: * in web.xml should allow configurable authorization bypass
[ JBAS-2895 ] Extend SecureIdentityLoginModule to externalize the secret
[ JBAS-3400 ] JaasSecurityManagerService can show security provider/JCA algorithm information
[ JBAS-1537 ] When Tomcat error handler is invoked, JBossGenericPrincipal is returned instead of custom principal
[ JBAS-4158 ] JACC:WebUserDataPermission creation for unchecked policy should consider excluded constraints
[ JBAS-4149 ] Update Jacc Authorization to consider deployment level roles
There are other security related stuff in the release.
If you have an opportunity, just use it.
No comments:
Post a Comment