jGuard v1.00 final released!
the jGuard team is pleased to announce a new 'stable' release(v1.00 final) of the java security library (http://www.jguard.net).
this release is a major release:
all jguard users will have a great benefit to upgrade to this new release.
this library is build on top of JAAS, to securize web applications and standalone applications.
his goal is to provide for developers, an easy way to manage authentication and authorizations.
enhancements since the last 'stable' release (v0.80.1):
- new flexible security architecture
- add ABAC feature (Attribute Based Access Control)
- add a complete LDAP support for authentication (LoginModule implementation)
- activate/unactivate a role on the fly by user
- maven 2 migration
- subversion migration
- negative permission
- add 'hasPermission' tag
- provide DWR integration
- provide a Swing example
- add an isolated authentication mechanism
- support multiple security model (with advanced domain combiners)
- singlePolicy for standalone applications
- enhanced JMX security comapred to the one shipped with java
- localized execution rights restriction
- activate/passivate roles on the fly
- internationalization of jguard error messages
- import/export authentication and authorization data
- dynamic role definition
- Contextual permissions
the main jGuard features are :
- stands on java standards (JAAS and jEE): we don't reinvent the wheel
- stands on security standards :enhanced RBAC(from NIST) standard called ABAC
- relies only on java 1.4 and j2ee 1.3 or higher
- can be adapted on any webapp, on any application server, or standalone applications
- does not depend on a web framework, or an AOP framework
- authentications and authorizations are handled by pluggable mechanisms
- changes take effects 'on the fly' (dynamic configuration)
- each webapp has its own authentications and authorizations configuration
- authentications can be configured through XML or databases (Oracle, MySQL,PostgreSQL,DB2,SQL Server)
- support encryption in authentication
- authorizations can be configured through XML or databases(Oracle, MySQL,PostgreSQL,DB2,SQL Server)
- a taglib is provided to protect jsp fragment
- support security manager
a webapp example(called 'jGuardExample') is provided to quickly test jGuard (via Xml configuration files, or Database).
a swing example is provided too.
this project is released under the LGPL licence.
the jGuard web site:
the jGuard homePage on sourceforge:
jGuard forums are open:
easy JAAS integration for j2ee and j2se has gone!
don't reinvent the wheel, use the standards.
Charles GAY(jGuard team).