Wednesday, February 23, 2011

Release 2.0.12

Today we updated BibSonomy to version 2.0.12. As always, the new libraries are at your disposal at our Maven repository. Next to various small bugfixes and internal restructuring the following features were included / updated:
  • File Upload: It is now possible to upload and attach several documents to one BibTeX-Post. Furthermore, the upload is enabled already in the posting dialogue as well as in the editing and detail views.
  • API: API-Requests for Tags now allow a new parameter, that specifies the order in that the tags are delivered. Currently, we support alphabetic order and order by frequency.
  • Date: We changed the behaviour of the dates of our posts. From now on, the date is set fix once the post is created and does no longer change with each update/editing of that post.
The next release (2.0.13) is scheduled for March 30th. If you have any feedback or comments regarding our new release, we would be happy to hear from you!


Friday, February 18, 2011

Feature of the week: authentication

With our latest Release 2.0.11 we migrated BibSonomy's authentication to Spring Security. In this post we want to give you some details and background information.

Remember Me

Before the last release you always got a cookie from BibSonomy after a successful login. This cookie contained your (hashed) password and user name and allowed you to stay logged in for one year. This was clearly security-relevant because when you forgot to log out on a shared computer, one could use your BibSonomy account and could even copy that cookie. Then, one could use it for an unlimited time (until you changed your password, actually) or run a password attack to obtain your plain-text password.

This cookie is now optional - you can use BibSonomy without getting this cookie (cf. this post). Furthermore, the cookie is now encrypted and contains a non-modifiable expiration date of one year. This means that password cracking is now much more complicated and the cookie always expires after one year. You can find more information in the Spring Security manual.

On the sign in page you can now decide whether you want this cookie set or not by (de)activating the stay logged in checkbox:

We recommend to not activate the checkbox when you are using a shared computer (e.g., in an internet cafe). Furthermore, you should always log out when you use such computers.

Note that by using the quick-login that you find in the top right corner of BibSonomy's pages (cf. the next screenshot) you always get the remember me cookie set.


Though BibSonomy supports OpenID authentication for quite a while, the underlying implementation was rather buggy. Now, we are building upon Spring Security's implementation which has been tested in many production environments. Furthermore, we simplified the registration process for OpenID. Actually, if you sign in the first time with your OpenID you have to fill out one form and that's it. If your OpenID provider supports attribute exchange according to, some parts of the form are already filled by the user details you gave your OpenID provider.

LDAP & Co.

For the PUMA project (cf. this post) that is based upon BibSonomy technology we are using Spring Security's LDAP implementation to integrate PUMA into the University Library's user management.

For other setups we are now prepared - we can easily integrate X.509 or CAS authentication since Spring Security supports them out of the box. Other mechanisms can be added in a standardized way by implementing the corresponding interfaces.

Tuesday, February 15, 2011

New Release of BibSonomy Typo3 Plugin

In many corporate and academic environments, Typo3 is a widely used Content Management System. Because including publication lists and tag clouds from BibSonomy directly into Typo3-based web pages is a frequent requirement, we are offering a Typo3-Plugin for BibSonomy since quite some time. Basically it makes it easy very easy to display BibSonomy content in various formats. Here are some examples of pages created with this plugin:

We are now happy to announce a new version of this plugin, namely 2.0.7. It is basically a bugfix release, including some enhanced layout options (e.g. specifying the width of publication/tagcloud columns). We recommend all users of the plugin to update to this version. It can be downloaded from here:
An extensive documentation (including two quickstart sections how to include a publication list / a tag cloud in your Typo3-based website) is also provided. Finally, we are - as usual - happy about any feedback how we can optimize the plugin according to your needs!


Wednesday, February 9, 2011

New version 2.5 of JabRef Plugin available

Since a while, we are offering a BibSonomy Plugin for JabRef, the latter being a popular application to manage BibTeX-files locally. The plugin basically combines the advantages of an online system like BibSonomy with the comfortable editing facilities of a local standalone client.

We are happy to announce version 2.5.1 of this plugin, which contains several bugfixes and interface improvements; in addition, the file handling (i.e. the management of PDFs associated to entries) has been worked over and is much smoother now. Have a look at the new version here:

We'd be happy about and comments or suggestions for improvements!


Friday, February 4, 2011

Feature of the week: The 'myown'-checkbox

As you may already know, you can use the keyword myown for tagging publications in BibSonomy, that were created by yourself. Those posts then appeared on your CV page under the publications section or within your publication list.

For making the meaning of this special tag more transparent and intuitive we added a checkbox to the edit publication form. Activating it adds myown as a tag to the selected post, while deactivation removes it.

Popular Posts