jGuard v0.70 beta 1 released!
the jGuard team is pleased to announce a new 'experimental' release(v0.70 beta 1) of the java security library called jGuard(http://jguard.sourceforge.net).
this library is build on top of jaas, for J2EE web applications.
his goal is to provide for webapp developers, an easy way to manage authentication and authorizations.
enhancements since the last 'stable' release (v0.65):
- enhance jGuardExample look and feel
- implements role inheritance persisted by XML
- role inheritance image generation
- fix bug #1350622 (Weird behavior in <jguard:authorized/>) by providing supports of the * symbol
in URLPermission: now, the * is not implicit, but explicit.
- integrate jGuard.tld into jguard-j2ee.jar as taglib.tld to avoid taglib declaration into web.xml
- integrate a css into jGuardExample
- manage any Principal implementation
- correct the bug #1303734 (String compare error)
=> thanks to lostwind
- correct the bug #1307708 (logout error)
=> thanks to lostwind
- correct the bug on JBoss application server (tested with JBoss AS 4.03)
- externalize in an XML file configuration all the web.xml parameters with the corresponding
- add the redirect after authentication feature (#1213549)
- add BASIC authentication
- add CLIENT_CERT (server and clients authenticate through certificates) authentication
via CRL or OCSP mechanism
- manage any java.security.Permission subclasses with the XML backend(#1202809)
- propagate security controls on any code on the webapp
- add better integration with libraries which use
the 'isUserInrole' and 'getuserPrincipal' methods.
- add jGuard's own LDAPLoginModule through JNDI
- add an audit feature
the main jGuard features are :
- clean separation of concerns: authentications are defined by the server administrator and
and authorizations are defined by webapp developers
- relies only on java 1.4 and j2ee 1.3 or higher
- can be adapted on any webapp, on any application server
- does not depend on a web framework, or an AOP framework
- build on top of the very secure and flexible JAAS(http://java.sun.com/products/jaas/)
- authentications and authorizations are handled by pluggable mechanisms
- changes take effects 'on the fly' (dynamic configuration)
- each webapp has its own authentications and authorizations configuration
- authentications can be configured through XML or databases (Oracle, MySQL,PostgreSQL)
- support encryption in authentication
- authorizations can be configured through XML or databases(Oracle, MySQL,PostgreSQL)
- a taglib is provided to protect jsp fragment
- support security manager
a webapp example(called 'jGuardExample') is provided to quickly test jGuard (via Xml configuration files, or Database with SQL scripts provided).
you can find
documentation is provided under the doc/jguard.sourceforge.net/ directory (look at the index.html file with your browser).
this project is released under the LGPL licence.
every users and project members are welcomed!
the jGuard homePage on sourceforge:
the jGuard documentation:
jGuard forums are open:
2 mailing-list are provided:
easy JAAS integration for j2ee has gone!