Just over fourteen months since its first release as an Apache top-level project, the Apache Shiro developers have released version 1.2.0, the first major update to the Shiro application security framework.
Shiro is designed to enable Java developers to create enterprise applications with features such as authentication, authorisation, enterprise management and cryptography services, without having to use JAAS or EJB security models. One design goal of Shiro was to make the software understandable after a ten minute tutorial.

The 1.2.0 release includes new features such as the ability to selectively disable sessions and a LogoutFilter for applications which need to redirect users after logging them out. A command line program to securely hash passwords and new secure password hash formats are designed to be easier to work with, while working in a similar fashion to Apache HTTPD's passwd program. A new PasswordService module makes secure password hash storage simpler and can be used directly in applications along with a PasswordMatcher module to perform comparisons.

The link for this article located at H Security is no longer available.