Java權限組件， Spring Security 3.1.4 發布

Spring Security是一個能夠為基于Spring的企業應用系統提供描述性安全訪問控制解決方案的安全框架。它提供了一組可以在Spring應用上下文中配置的Bean，充分利用了Spring IoC（依賴注入，也稱控制反轉）和AOP（面向切面編程）功能，為應用系統提供聲明式的安全訪問控制功能，減少了為企業系統安全控制編寫大量重復代碼的工作。

Bug

• [SEC-2069] - Reference - FilterSecurityMetadataSource instead of FilterInvocationSecurityMetadataSource
• [SEC-2072] - <security:anonymous> no longer supports multiple authories
• [SEC-2074] - Injection of MethodSecurityMetadataSource through XML
• [SEC-2084] - NullPointerException for intercept-url without specified method
• [SEC-2133] - intercept-url@requires-channel ChannelAuthenticationFilter
• [SEC-2138] - RoleHierarchyVoter sample incorrectly ends with </class>
• [SEC-2161] - <ldap-server> should select unique directory if one is not provided
• [SEC-2162] - ApacheDSContainer should throw RuntimeException on failure to start

Defect

• [SEC-2087] - GlobalMethodSecurityBeanDefinitionParser.AuthenticationManagerDelegator attempts to get a bean using the concrete implementation

Improvement

• [SEC-2118] - Update Spring Security 3.1.x to work with Spring Framework 3.2.0 in a OSGI container

Task

• [SEC-2147] - Deprecate .encoding.PasswordEncoder