Spring Security 3.2.0.RC1 发布了,包含大量更新和 bug 修复,值得关注的有:
Polishing of Spring Security Java Configuration
Uses content negotiation to determine how to prompt user for authentication when multiple authentication mechanisms (i.e. HTTP Basic and Form login) enabled
AbstractSecurityWebApplicationInitializer allows registering Java Configuration directly
A number of bugs fixed
CSRF protection and automatic integration with Spring Web MVC jsp tags
Automatic cache control support
Defence against Clickjacking attacks
HTTP Strict Transport Security support to reduce Man in the Middle attacks
Samples include pom.xml so they can be imported as Maven projects
MediaTypeRequestMatcher for matching on requests with content negotiation
Over ten java configuration samples have been integrated into the samples directory
Three new guides that walk users through samples and provide detailed instructions on how to do specific tasks. More of these guides will follow in coming releases
官方首页:https://jira.springsource.org/secure/ReleaseNote.jspa?projectId=10040&version=13903
免费下载:http://www.springsource.com/download/community?project=Spring%20Security&version=3.2.0.RC1
来自:开源中国社区
