SecurityFilter / News: Recent posts

This is the first production-quality release that includes "remember me" functionality. Please see the securityfilter-rememberme.war application (included in the distribution) for an example (configuration details, etc.) of how to use this functionality.

This release also includes support for cookie-less users.

Release 2.0, 2004-Dec-13

* Fixed URL-rewriting to support session persistence without cookies.
http://sourceforge.net/tracker/index.php?func=detail&aid=734184&group_id=59484&atid=491164... read more

This is an alpha release that includes "remember me" functionality. Please see the securityfilter-rememberme.war application for an example (configuration details, etc.) of how to use this functionality.

This is an alpha release, so please use caution when considering it for use in a production environment. This release passes the automated tests for all the functionality in previous releases, but there are no tests yet for the "remember me" functionality. It also passes new tests for cookie-less users (a feature added in this release), and may be worth upgrading if support for usage without cookies is an immediate concern. A full release with "remember me" functionality and cookie-less user support is coming soon.... read more

securityfilter-1.1 released

NOTES:
The securityfilter-1.1 release adds BASIC authentication support
that was not available in previous (non-beta) releases. A number
of functionality-related bugs have been fixed as well.

This release does not have any major security-vulnerability fixes
in it when compared to securityfilter-1.0.1. There is one minor
fix related to invalidating the session if the user is logged in and
then logs in as a different user in the same session (see
http://sourceforge.net/tracker/index.php?func=detail&aid=824791&group_id=59484&atid=491164\).
If you are happy with the functionality of securityfilter-1.0.1 and
the session invalidation issue is not a problem, there is little
reason to upgrade. Users of previous versions (pre-1.0.1) should
upgrade to securityfilter-1.1 for maximum security, however.... read more

securityfilter-1.1-b1 released

Notes:
------
This release adds support for the BASIC authentication method.

This is a beta release. The final 1.1 release will be available soon.

Changes:
--------
* Added support for BASIC authentication scheme.

* User is compeletely logged out of the system on a logout request even when using BASIC Authentication scheme. This feature has not been implemented in any J2EE Application server known so far. This feature has been tested on Orion 1.5.2 (which implements "Servlet 2.3 public final draft" but not "Servlet 2.3 specification") and Weblogic 6.1 SP3. This feature is useful for developers using Orion 1.5.2.

This release includes a fix for matching UTF-encoded request URLs. It is recommended that all users of SecurityFilter update their applications to fix this security vulnerability.

Please see the project home page for complete details:
http://www.securityfilter.org/

Click here for downloads:
http://sourceforge.net/project/showfiles.php?group_id=59484&release_id=149720

Thanks for your interest,
The SecurityFilter Team

This release represents the efforts of SecurityFilter developers and user community to produce a production-ready, stable release of the SecurityFilter project. SecurityFilter is a filter-based replacement for J2EE container-managed security.

This release fixes a few minor bugs from the last beta release (1.0-b5). This is the securityfilter-1.0 release.

Please see the project home page for complete details:
http://www.securityfilter.org/... read more

Version 1.0-b5 of SecurityFilter has been released!

It is recommended that all users of previous versions upgrade to this release for increased security and reliability.

NOTES:
This release fixes a number of bugs, security issues, and Servlet-spec compliance bugs.

CHANGES:
* Fixed sort order for "exact" pattern types:
http://sourceforge.net/tracker/index.php?func=detail&aid=661261&group_id=59484&atid=491164... read more

This is a minor release that adds support for using the local copy of the securityfilter-config.xml DTD. This eliminates the need to access the DTD from the internet for increased reliability and for servers behind a restrictive firewall.

This release fixes a bug in SimpleSecurityRealmBase that would throw a NullPointerException when isUserInRole() was called when the user was not authenticated.

There are no new features in this release.

This new release adds <http-method> element and Servlet spec-compliant <url-pattern> matching order support. It also fixes some bugs that caused errors on WebLogic and other containers.

Please see the project home page for SecurityFilter information:
http://securityfilter.sourceforge.net

Release 1.0-b2 can be downloaded from:
http://sourceforge.net/project/showfiles.php?group_id=59484&release_id=105338

The first public release of the securityfilter project is now available for download. This is a Java Servlet Filter that mimics container-based security but allows you to have a login form on every page or deploy your whole app (including the realm implementation) as a single war file. It uses the familiar web.xml security settings syntax to make it easy to switch from container to filter based security, and includes a small and simple realm interface for easy implementation. A Tomcat/Catalina realm adapter is also included in the package, and it is easy to implement and configure a realm adapter for any kind of realm you may have.... read more