jGuard v0.70 final released!
the jGuard team is pleased to announce a new 'stable' release(v0.70 final) of the java security library called jGuard(http://www.jguard.net).
this library is build on top of jaas, for J2EE web applications.
his goal is to provide for webapp developers, an easy way to manage authentication and authorizations.
enhancements since the last 'stable' release (v0.65):
- fix the autorization persistance with role inheritance on mysql
=> thanks to Elliot Ting
- enhance jGuardExample look and feel
- implements role inheritance persisted by XML,and databases(Postgresql, mysql,SQL server,DB2)
- authorization-related sql queries customization
- role inheritance image generation
- fix bug #1350622 (Weird behavior in <jguard:authorized/>) by providing supports of the * symbol
in URLPermission: now, the * is not implicit, but explicit.
- integrate jGuard.tld into jguard-j2ee.jar as taglib.tld to avoid taglib declaration into web.xml
- integrate a css into jGuardExample
- add registration api (only on XML backend)
- enhance login failure feedback to the user
- manage any Principal implementation
- correct the bug #1303734 (String compare error)
=> thanks to lostwind
- correct the bug #1307708 (logout error)
=> thanks to lostwind
- correct the bug on JBoss application server (tested with JBoss AS 4.03)
- externalize in an XML file configuration all the web.xml parameters with the corresponding
- add the redirect after authentication feature (#1213549)
- add BASIC authentication
- add CLIENT_CERT (server and clients authenticate through certificates) authentication
via CRL(Certificate Revocation List) or OCSP(Online Certificate Status Protocol) mechanism
- manage any java.security.Permission subclasses with the XML backend(#1202809)
- propagate security controls on any code on the webapp
- add better integration with libraries which use
the 'isUserInrole' and 'getuserPrincipal' methods.
- add jGuard's own LDAPLoginModule through JNDI
- add an audit feature
- enhancement of design between loginModules and webapps through HtppCallbackHandler
- portuguese and japanese documentations translations started (English and french documentations
the main jGuard features are :
- clean separation of concerns: authentications are defined by the server administrator and
and authorizations are defined by webapp developers
- relies only on java 1.4 and j2ee 1.3 or higher
- can be adapted on any webapp, on any application server
- does not depend on a web framework, or an AOP framework
- build on top of the very secure and flexible JAAS(http://java.sun.com/products/jaas/)
- authentications and authorizations are handled by pluggable mechanisms
- changes take effects 'on the fly' (dynamic configuration)
- each webapp has its own authentications and authorizations configuration
- authentications can be configured through XML or databases (Oracle, MySQL,PostgreSQL)
- support encryption in authentication
- authorizations can be configured through XML or databases(Oracle, MySQL,PostgreSQL)
- a taglib is provided to protect jsp fragment
- support security manager
a webapp example(called 'jGuardExample') is provided to quickly test jGuard (via Xml configuration files, or Database with SQL scripts provided).
you can find
documentation is provided under the doc/jguard.sourceforge.net/ directory (look at the index.html file with your browser).
this project is released under the LGPL licence.
every users and project members are welcomed!
the jGuard web site:
the jGuard homePage on sourceforge:
jGuard forums are open:
2 mailing-list are provided:
easy JAAS integration for j2ee has gone!
Charles GAY(jGuard team).
Log in to post a comment.