jGuard / News: Recent posts

hi,
for information, the jGuard code repository has been migrated from subversion to git on the sourceforge platform, for a better flexibility in the code release process.

best regards,
Charles.

jGuard v2.2.0-beta-6 released!

the jGuard team is pleased to announce a new 'experimental' release(2.2.0-beta-6) of the java security library (http://www.jguard.net).

this library is build on top of JAAS, to securize web applications and standalone applications.
his goal is to provide for developers, an easy way to manage authentication and authorizations.

enhancements since the last 'experimental' release (v2.0.0-beta-5):
-add many unit tests
-refactor and reorganize a major part of the code with IOC/DI principle, with the help of Guice... read more

changelog:
- upgrade to java 5
- upgrade to JCapthca 1.0-RC6
- add authenticationSchemeHandler interface and the related authentication lifecycle
- fix a bug about CryptUtils : in a concurrency use case, some password check can fail.
=> thanks to Lars Feistner
-migrate from java.util.logging to SLF4J(logging facade) to permit for the end user to choose its logging library
- add a 'propagateThrowable' option (thanks to Lars Feistner for the idea) to permit to not catch any exception for a debugging purpose
- fix the setAttributes and setAttribute method in MbeanServerGuard (JMX)
=> thanks to Andriy Gapon
- add regexp support in JSFPermission
=> thanks to Victor Bucutea
- add more unit tests including JSF tests
-upgrade release number to 2.0.0 to reflect major API changes... read more

The jGuard team is pleased to announce a new 'experimental' release(v1.1.0 beta 3) of the java security library (http://www.jguard.net).

enhancements since the last 'experimental' release (v1.1.0 beta 2):
- multi-organizations support
- many JUNIT tests
- JdbcAuthenticationManager is replaced by HibernateAuthenticationManager
- fix some bugs on the JSF example

remaining tasks before the final release:
- re-establish other http authentication schemes(only FORM is supported in 1.1 beta release)
- complete the jGuard reference documentation

The jGuard team is pleased to announce a new 'experimental' release(v1.1.0 beta 3) of the java security library (http://www.jguard.net).

enhancements since the last 'experimental' release (v1.1.0 beta 2):
- multi-organizations support
- many JUNIT tests
- JdbcAuthenticationManager is replaced by HibernateAuthenticationManager
- fix some bugs on the JSF example

remaining tasks before the final release:
- re-establish other http authentication schemes(only FORM is supported in 1.1 beta release)
- complete the jGuard reference documentation

he jGuard team is pleased to announce a new 'experimental' release(v1.1.0 beta 2) of the java security library (http://www.jguard.net).

enhancements since the last 'experimental' release (v1.1.0 beta 1):
- integrate DBCP pool library when JDBC connections are defined in a Driver Manager way
- fix a bug in CRLLoginModule
- add support for JSF security through a PhaseListener implementation (see jguard-jsf-example for more details)
- add a redirectFilter in the jguard-jsf-example to prevent direct access to jsp
- only FORM authentication is supported in this release (other authentication schemes should be supported again in the next release)

jGuard v1.1.0 beta1 released!

the jGuard team is pleased to announce a new 'experimental' release(v1.1.0 beta1) of the java security library (http://www.jguard.net).
this release is a major release:
all jguard users will have a great benefit to upgrade to this new release.
this library is build on top of JAAS, to securize web applications and standalone applications.
his goal is to provide for developers, an easy way to manage authentication and authorizations.... read more

the jGuard doucmentation is in migration from wiki to the generated maven site (jguard.sf.net/mvnsite).
it contains a docbook based documentation for a more structured content, and some tutorials.

so, please have a look at this new reference location:
jguard.sf.net/mvnsite
note that the main content of the wiki will be only present at this location in the next release and the duplicate wiki content will be erased.... read more

the jGuard team is pleased to announce a new 'stable' release(v1.0.2) of the java security library called jGuard(http://www.jguard.net).
this is a BUG FIX release.

the main jGuard features are :
- stands on java standards (JAAS and jEE): we don't reinvent the wheel
- stands on security standards :enhanced RBAC(from NIST) standard called ABAC
- relies only on java 1.4 and j2ee 1.3 or higher
- can be adapted on any webapp, on any application server, or standalone applications
- does not depend on a web framework, or an AOP framework
- authentications and authorizations are handled by pluggable mechanisms
- changes take effects 'on the fly' (dynamic configuration)
- each webapp has its own authentications and authorizations configuration
- authentications can be configured through XML or databases (Oracle, MySQL,PostgreSQL,DB2,SQL Server)
- support encryption in authentication
- authorizations can be configured through XML or databases(Oracle, MySQL,PostgreSQL,DB2,SQL Server)
- a taglib is provided to protect jsp fragment
- support security manager ... read more

jGuard v1.0.1 released!

the jGuard team is pleased to announce a new 'stable' release(v1.0.1) of the java security library called jGuard(http://www.jguard.net).
this is a BUG FIX release.

the main jGuard features are :
- stands on java standards (JAAS and jEE): we don't reinvent the wheel
- stands on security standards :enhanced RBAC(from NIST) standard called ABAC
- relies only on java 1.4 and j2ee 1.3 or higher
- can be adapted on any webapp, on any application server, or standalone applications
- does not depend on a web framework, or an AOP framework
- authentications and authorizations are handled by pluggable mechanisms
- changes take effects 'on the fly' (dynamic configuration)
- each webapp has its own authentications and authorizations configuration
- authentications can be configured through XML or databases (Oracle, MySQL,PostgreSQL,DB2,SQL Server)
- support encryption in authentication
- authorizations can be configured through XML or databases(Oracle, MySQL,PostgreSQL,DB2,SQL Server)
- a taglib is provided to protect jsp fragment
- support security manager... read more

jGuard v1.00 final released!

the jGuard team is pleased to announce a new 'stable' release(v1.00 final) of the java security library (http://www.jguard.net).
this release is a major release:
all jguard users will have a great benefit to upgrade to this new release.
this library is build on top of JAAS, to securize web applications and standalone applications.
his goal is to provide for developers, an easy way to manage authentication and authorizations.... read more

this release contains some bug fixes on :
- jdbc authentication and authorization
- OCSP and CRL mechanism

please see the notes for further details.

jguard 1.0.0-RC1 released!
any feedback on bugs is appreciated to provide a very stable 1.0.0 final release.

Charles.

jGuard v0.80.1 released!

the jGuard team is pleased to announce a new 'stable' release(v0.80.1) of the java security library called jGuard(http://www.jguard.net).
this is a BUG FIX release.
this library is build on top of jaas, for J2EE web applications.
his goal is to provide for webapp developers, an easy way to manage authentication and authorizations.

fixes since the last 'stable' release (v0.80):
- fix javadoc comments which prevent to generate a clean javadoc documentation
- add some missing queries in authentication properties files (related to db2, oracle, hsqldb).
- replace log4j by the commons-logging wrapper into ContextListener... read more

jGuard v0.80 final released!

the jGuard team is pleased to announce a new 'stable' release(v0.80 final) of the java security library called jGuard(http://www.jguard.net).

this library is build on top of jaas, for J2EE web applications.
his goal is to provide for webapp developers, an easy way to manage authentication and authorizations.

enhancements since the last 'stable' release (v0.70):

- add auto-ddl and auto insert data for database backend on the authentication part
- add JCaptcha integration
- add database backend for registration process
- reorganise sources
- support multiple authentication schemes at the same time
=> thanks to Filippo Guerzoni!
- enhance CLIENT-CERT authentication
- more unit tests have been written for a better Quality of Service
- digest password mechanism and salt have been refactored (not used by default)
- impact on the fly any changes with authenticationManager on users already connected
- and so many little enhancements........ read more

jGuard v0.80 beta2 released!

the jGuard team is pleased to announce a new 'experimental' release(v0.80 beta1) of the java security library called jGuard(http://www.jguard.net).

this library is build on top of jaas, for J2EE web applications.
his goal is to provide for webapp developers, an easy way to manage authentication and authorizations.

enhancements since the last 'stable' release (v0.70):
- add some user-roles management functions to the jGuardExample webapp
- fix bug on logoff action
=> thanks to jacksosa!
- fix bug with a trailing '?' in the uri
=> thanks to hiberbear!
- fix a bug on domain creation
=> thanks to Alireza Fattahi!
-fix a bug on CLIENT_CERT authentication
=> thanks to Filippo Guerzoni!
- add auto-ddl and auto insert data for database backend on the authentication part
- add JCaptcha integration
- add database backend for registration process
- reorganise sources
- support multiple authentication schemes at the same time
=> thanks to Filippo Guerzoni!
- enhance CLIENT-CERT authentication
- more unit tests have been written for a better Quality of Service
- digest password mechanism and salt have been refactored (not used by default)... read more

jGuard v0.80 beta1 released!

the jGuard team is pleased to announce a new 'experimental' release(v0.80 beta1) of the java security library called jGuard(http://www.jguard.net).

this library is build on top of jaas, for J2EE web applications.
his goal is to provide for webapp developers, an easy way to manage authentication and authorizations.

enhancements since the last 'stable' release (v0.70):
-fix a bug on CLIENT_CERT authentication
=> thanks to Filippo Guerzoni!
- add auto-ddl and auto insert data for database backend on the authentication part
- add JCaptcha integration
- add database backend for registration process
- reorganise sources
- support multiple authentication schemes at the same time
=> thanks to Filippo Guerzoni!
- enhance CLIENT-CERT authentication
- more unit tests have been written for a better Quality of Service
- digest password mechanism and salt have been refactored (not used by default)... read more

jGuard v0.70.2 final released!

the jGuard team is pleased to announce a new 'stable' release(v0.70.1) of the java security library called jGuard(http://www.jguard.net).

this library is build on top of jaas, for J2EE web applications.
his goal is to provide for webapp developers, an easy way to manage authentication and authorizations.

this version is a bug fix release.
changes since the 0.70.1 release:... read more

jGuard v0.70.1 final released!

the jGuard team is pleased to announce a new 'stable' release(v0.71) of the java security library called jGuard(http://www.jguard.net).

this library is build on top of jaas, for J2EE web applications.
his goal is to provide for webapp developers, an easy way to manage authentication and authorizations.

this version is a bug fix release.
changes since the 0.70 release:
- fix bug [ 1403339 ] misspelled initialization on SubjectTemplate
=>thanks to Manuel Castro
- fix bug when multiple webapps are protected by jGuard on the same server
=> thanks to Andrew Bartkiv... read more

jGuard v0.70 final released!

the jGuard team is pleased to announce a new 'stable' release(v0.70 final) of the java security library called jGuard(http://www.jguard.net).

this library is build on top of jaas, for J2EE web applications.
his goal is to provide for webapp developers, an easy way to manage authentication and authorizations.

enhancements since the last 'stable' release (v0.65):
- fix the autorization persistance with role inheritance on mysql
=> thanks to Elliot Ting
- enhance jGuardExample look and feel
- implements role inheritance persisted by XML,and databases(Postgresql, mysql,SQL server,DB2)
- authorization-related sql queries customization
- role inheritance image generation
- fix bug #1350622 (Weird behavior in <jguard:authorized/>) by providing supports of the * symbol
in URLPermission: now, the * is not implicit, but explicit.
- integrate jGuard.tld into jguard-j2ee.jar as taglib.tld to avoid taglib declaration into web.xml
- integrate a css into jGuardExample
- add registration api (only on XML backend)
- enhance login failure feedback to the user
- manage any Principal implementation
- correct the bug #1303734 (String compare error)
=> thanks to lostwind
- correct the bug #1307708 (logout error)
=> thanks to lostwind
- correct the bug on JBoss application server (tested with JBoss AS 4.03)
- externalize in an XML file configuration all the web.xml parameters with the corresponding
dtd
- add the redirect after authentication feature (#1213549)
- add BASIC authentication
- add CLIENT_CERT (server and clients authenticate through certificates) authentication
via CRL(Certificate Revocation List) or OCSP(Online Certificate Status Protocol) mechanism
- manage any java.security.Permission subclasses with the XML backend(#1202809)
- propagate security controls on any code on the webapp
- add better integration with libraries which use
the 'isUserInrole' and 'getuserPrincipal' methods.
- add jGuard's own LDAPLoginModule through JNDI
- add an audit feature
- enhancement of design between loginModules and webapps through HtppCallbackHandler
- portuguese and japanese documentations translations started (English and french documentations
available)... read more

a new beta in the 0.70 series is out!
some changes have been done on the configuration part; so it can be useful for users to test it before the 0.70 final release.

many improvements have been done, ,like support for Postgresql and Oracle support in authorization part, and so on.....

enjoy,

Charles(jGuard team).

jGuard v0.70 beta 1 released!

the jGuard team is pleased to announce a new 'experimental' release(v0.70 beta 1) of the java security library called jGuard(http://jguard.sourceforge.net).

this library is build on top of jaas, for J2EE web applications.
his goal is to provide for webapp developers, an easy way to manage authentication and authorizations.

enhancements since the last 'stable' release (v0.65):... read more

jGuard v0.65.5 released!
the jGuard team is pleased to announce a new stable release(v0.65.5)
of the java security library called jGuard(http://jguard.sourceforge.net).
SPECIAL INSTRUCTIONS:
both archives jGuard_jvm.jar and jGuard_j2ee.jar must be placed on your application server:
jGuard_jvm.jar in the "shared libs" directory (libraries shared by multiple webapps),
and jGuard_j2ee.jar in each "WEB-INF/lib" directories of webapps protected by jGuard.... read more

hi,
a jGuard's wiki is out!
it can be reached here:
http://jguard.xwiki.com
at start, it contains the informations in English located on the sourceforge web site.
more content will be provided on it quickly.
the port of the French translation is in progress, and a Portuguese translation has started.
it will replace shortly the static html content of the sourceforge web site.
like we want to enhance the documentation quickly, the xwiki based wiki system (http://www.xwiki.com) is a more approriate way to do it.... read more