jGuard v0.65 final released!

jGuard v0.65 final released!

the jGuard team is pleased to announce a new stable release(v0.65 final) of the java security library called jGuard(http://jguard.sourceforge.net).

this library is build on top of jaas, for J2EE web applications.
his goal is to provide for webapp developers, an easy way to manage authentication and authorizations.

enhancements since the last 'stable' release:
- fix a bug on 'update role name' feature
- enhance the documentation
- add the Oracle based authorization backend
- add a convenient logging system based on jakarta commons-logging
- correct a bug on the applicationName discovery mechanism present in the beta2 release
- remove the need to specify the webapp name => a discovery mechanism has been implemented
- easy install and test has gone!: there is no more need to install and configure stuff on the jvm side
- enable java configuration (relating to the Configuration class) through the web.xml
with the JGuardCOnfiguration class
- enable authentication configuration through the web.xml
- clean Subject internals when http session expire
- reduce the 'jvm part' classes size (it remains only two classes)
=> avoid classloader issues
- add MS SQLServer and DB2 authentication
- add authorization jGuard API with the XML , MS SQLServer,PostgreSQL, and DB2 implementations
- fix bug #1184015 'Can't configure tables names in JDBC based LoginModules'
- fix bug #1200119 'URLPermission.toString cause StackOverflowError'
- fix bug when the webapp (but not the application server) stops and restarts
- fix bug #1213037 'Changes in domains and permissions dont make effect in roles'
- prevent errors and enhance error message displayed depending
on the XmlAuthorizationManager 'fileLocation'(parameter configured in the web.xml file)
- upgrade dom4j to the 1.6.1 release.
- auto-discover mechanism policy implementation added for an easier use
=> the jguard.policy which set the platform policy is now optional (only for advanced users)
- remove net.sf.jguard.permissionmanager package and move the corresponding classes
into the net.sf.jguard.authorization package
- rename some classes
- update hasRole tag to support multiple role ('roles' attribute replace 'name') associated with another
new attribute('operator') wich support three values ('ANY','ALL','NONE')
- add authorization jGuard API with the PostgreSQL implementation (XML will be provided in the beta2
release, mysql in the beta3, and oracle in the final release)
- add authorization webapp example to manage domains, permissions,roles (CRUD operations on each one),
and associate roles with their domains and permissions. all these operations can be done on the fly.

the main jGuard features are :
- clean separation of concerns: authentications are defined by the server administrator and
and authorizations are defined by webapp developers
- relies only on java 1.4 and j2ee 1.3 or higher
- can be adapted on any webapp, on any application server
- does not depend on a web framework, or an AOP framework
- build on top of the very secure and flexible JAAS(http://java.sun.com/products/jaas/)
- authentications and authorizations are handled by pluggable mechanisms
- changes take effects 'on the fly' (dynamic configuration)
- each webapp has its own authentications and authorizations configuration
- authentications can be configured through XML or databases (Oracle, MySQL,PostgreSQL)
- support encryption in authentication
- authorizations can be configured through XML or databases(Oracle, MySQL,PostgreSQL)
- a taglib is provided to protect jsp fragment
- support security manager

future 0.70 feature:
- add a management api for authentications (on XML and databases)

a webapp example(called 'jGuardExample') is provided to quickly test jGuard (via Xml configuration files, or Database with SQL scripts provided).
you can find
documentation is provided under the doc/jguard.sourceforge.net/ directory (look at the index.html file with your browser).

this project is released under the GPL licence.

every users and project members are welcomed!

the jGuard homePage on sourceforge:
http://sourceforge.net/projects/jguard/

the jGuard documentation:
http://jguard.sourceforge.net

jGuard forums are open:
http://sourceforge.net/forum/?group_id=107276

2 mailing-list are provided:
- jguard-announce@lists.sourceforge.net
- jguard-users@lists.sourceforge.net

easy JAAS integration for j2ee has gone!

charles(jGuard team).