2004-11-20 05:28:01 -05:00
<?xml version="1.0" encoding="UTF-8"?>
<!--
* ========================================================================
*
2005-02-04 04:43:33 -05:00
* Copyright 2004, 2005 Acegi Technology Pty Limited
2004-11-20 05:28:01 -05:00
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* ========================================================================
-->
<document >
<properties >
2005-01-15 22:58:42 -05:00
<title > Acegi Security changes</title>
2004-11-20 05:28:01 -05:00
</properties>
<body >
2005-04-20 18:43:46 -04:00
<release version= "0.9.0" date= "In CVS" >
2005-06-22 02:30:46 -04:00
<action dev= "benalex" type= "update" > JdbcDaoImpl modified to support synthetic primary keys</action>
<action dev= "benalex" type= "update" > Greatly improve BasicAclEntryAfterInvocationCollectionFilteringProvider performance with large collections (if the principal has access to relatively few collection elements)</action>
<action dev= "benalex" type= "update" > Reorder DaoAuthenticationProvider exception logic as per developer list discussion</action>
<action dev= "benalex" type= "update" > ContextHolder refactored and replaced by SecurityContextHolder</action>
<action dev= "benalex" type= "fix" > Made AclEntry Serializable (correct issue with BasicAclEntryCache)</action>
<action dev= "luke_t" type= "update" > Changed order of credentials verification and expiry checking in DaoAuthenticationProvider. Password must now be successfully verified before expired credentials are reported. </action>
2005-04-21 19:02:58 -04:00
<action dev= "benalex" type= "update" > AnonymousProcessingFilter offers protected method to control when it should execute</action>
2005-04-29 18:29:00 -04:00
<action dev= "benalex" type= "fix" > AbstractAuthenticationToken.getName() now returns username alone if UserDetails present</action>
2005-06-22 02:30:46 -04:00
<action dev= "raykrueger" type= "update" > AuthorityGranter.grant now returns a java.util.Set of role names, instead of a single role name</action>
<action dev= "benalex" type= "update" > JavaDoc improvements</action>
2005-06-22 03:03:53 -04:00
<action dev= "benalex" type= "fix" > Correct synchronization issue with FilterToBeanProxy initialization</action>
2005-06-26 23:05:26 -04:00
<action dev= "benalex" type= "update" > Refactor Authentication.isAuthenticated() handling to be more performant</action>
2005-06-22 03:03:53 -04:00
<action dev= "benalex" type= "fix" > Silently catch NotSerializableException in AbstractProcessingFilter if rootCause is not Serializable</action>
2005-06-22 04:06:28 -04:00
<action dev= "benalex" type= "fix" > Remove getters and setters from JdbcDaoImpl so IoC container cannot modify MappingSqlQuerys</action>
2005-06-22 04:07:52 -04:00
<action dev= "benalex" type= "update" > Refactor DAO authentication failure events under a consistent abstract superclass</action>
2005-06-26 22:06:33 -04:00
<action dev= "benalex" type= "fix" > JBoss container adapter to use getName() instead to toString() (see http://opensource.atlassian.com/projects/spring/browse/SEC-22)</action>
2005-06-26 22:55:01 -04:00
<action dev= "benalex" type= "fix" > HttpSessionContextIntegrationFilter elegantly handles IOExceptions and ServletExceptions within filter chain (see http://opensource.atlassian.com/projects/spring/browse/SEC-20)</action>
2005-06-26 23:36:30 -04:00
<action dev= "benalex" type= "update" > Form, CAS, X509 and Remember-Me authentication mechanisms now publish an InteractiveAuthenticationSuccessEvent (see http://opensource.atlassian.com/projects/spring/browse/SEC-5)</action>
2005-06-26 23:57:31 -04:00
<action dev= "benalex" type= "update" > FilterSecurityInterceptor now has an observeOncePerRequest boolean property, allowing multiple fragments of the HTTP request to be individually authorized (see http://opensource.atlassian.com/projects/spring/browse/SEC-14)</action>
2005-07-23 06:05:32 -04:00
<action dev= "benalex" type= "update" > AnonymousProcessingFilter cleans up the Authentication object, avoiding HttpSession creation overhead</action>
2005-07-24 20:45:43 -04:00
<action dev= "luke_t" type= "fix" > UserAttributeEditor now removes trailing spaces</action>
<action dev= "raykrueger" type= "update" > SecureContextLoginModule now provides ignoreMissingAuthentication property</action>
<action dev= "raykrueger" type= "fix" > SecureContextLoginModuleTests fixes (see http://opensource.atlassian.com/projects/spring/browse/SEC-36)</action>
<action dev= "smccrory" type= "add" > SiteMinder authentication services (see http://opensource.atlassian.com/projects/spring/browse/SEC-35)</action>
<action dev= "luke_t" type= "add" > Acegifier sample added (see http://opensource.atlassian.com/projects/spring/browse/SEC-1)</action>
<action dev= "smccrory" type= "fix" > CVS changes to help new Eclipse-based developers get started</action>
2005-07-24 20:52:15 -04:00
<action dev= "smccrory" type= "fix" > AuthorizeTag no longer depends on JDK 1.4. Tested on Websphere 5.0 w/JDK 1.3 (see http://opensource.atlassian.com/projects/spring/browse/SEC-11)</action>
2005-07-24 23:46:23 -04:00
<action dev= "smccrory" type= "update" > Added debug statement to AbstractTicketValidator to help with Acegi+CAS+SSL setup (thanks Seth Ladd for the patch) (see http://opensource.atlassian.com/projects/spring/browse/SEC-34)</action>
2005-04-20 18:43:46 -04:00
</release>
2005-07-13 21:12:38 -04:00
<release version= "0.8.3" date= "2005-05-12" >
<action dev= "benalex" type= "fix" > HttpSessionContextIntegrationFilter elegantly handles IOExceptions and ServletExceptions within filter chain (see http://opensource.atlassian.com/projects/spring/browse/SEC-20)</action>
</release>
<release version= "0.8.1.1" date= "2005-07-12" >
<action dev= "benalex" type= "fix" > HttpSessionContextIntegrationFilter elegantly handles IOExceptions and ServletExceptions within filter chain (see http://opensource.atlassian.com/projects/spring/browse/SEC-20)</action>
</release>
<release version= "0.7.1" date= "2005-07-12" >
<action dev= "benalex" type= "fix" > AbstractIntegrationFilter elegantly handles IOExceptions and ServletExceptions within filter chain (see http://opensource.atlassian.com/projects/spring/browse/SEC-20)</action>
</release>
2005-04-20 10:15:03 -04:00
<release version= "0.8.2" date= "2005-04-20" >
2005-03-22 17:56:36 -05:00
<action dev= "benalex" type= "fix" > Correct location of AuthenticationSimpleHttpInvokerRequestExecutor in clientContext.xml</action>
2005-03-25 17:07:00 -05:00
<action dev= "benalex" type= "fix" > TokenBasedRememberMeServices changed to use long instead of int for tokenValiditySeconds (SPR-807)</action>
2005-03-27 01:36:41 -05:00
<action dev= "benalex" type= "fix" > Handle null Authentication.getAuthorities() in AuthorizeTag</action>
2005-04-03 17:48:45 -04:00
<action dev= "benalex" type= "fix" > PasswordDaoAuthenticationProvider no longer stores String against Authentication.setDetails()</action>
2005-03-25 17:33:18 -05:00
<action dev= "benalex" type= "update" > Update commons-codec dependency to 1.3</action>
2005-03-28 12:42:21 -05:00
<action dev= "raykrueger" type= "update" > AbstractProcessingFilter no longer has setters for failures, it uses the exceptionMappings property</action>
2005-04-20 08:29:36 -04:00
<action dev= "benalex" type= "update" > Update to match Spring 1.2-RC2 official JAR dependencies</action>
2005-04-13 18:17:05 -04:00
<action dev= "raykrueger" type= "update" > AuthenticationProcessingFilter now provides an obtainUsername method</action>
2005-04-20 08:29:36 -04:00
<action dev= "luke_t" type= "update" > Correct PathBasedFilterInvocationDefinitionMap compatibility with Spring 1.2-RC2</action>
<action dev= "luke_t" type= "update" > Refactoring to leverage Spring's Assert class and mocks where possible</action>
2005-03-22 06:57:32 -05:00
</release>
2005-03-22 06:25:41 -05:00
<release version= "0.8.1" date= "2005-03-22" >
2005-03-20 22:22:59 -05:00
<action dev= "luke_t" type= "add" > X509 (certificate-based) authentication support</action>
<action dev= "benalex" type= "update" > UserDetails now advises locked accounts, with corresponding DaoAuthenticationProvider events and enforcement</action>
2005-03-22 03:52:22 -05:00
<action dev= "benalex" type= "update" > ContextHolderAwareRequestWrapper methods return null if user is anonymous</action>
2005-03-17 19:50:12 -05:00
<action dev= "benalex" type= "update" > AbstractBasicAclEntry improved compatibility with Hibernate</action>
2005-03-21 00:33:51 -05:00
<action dev= "benalex" type= "update" > User now provides a more useful toString() method</action>
2005-03-22 06:17:22 -05:00
<action dev= "benalex" type= "update" > Update to match Spring 1.1.5 official JAR dependencies (NB: now using Servlet 2.4 and related JSP/taglib JARs)</action>
2005-03-10 06:11:25 -05:00
<action dev= "benalex" type= "fix" > SecurityEnforcementFilter caused NullPointerException when anonymous authentication used with BasicProcessingFilterEntryPoint</action>
2005-03-10 20:41:43 -05:00
<action dev= "benalex" type= "fix" > FilterChainProxy now supports replacement of ServletRequest and ServetResponse by Filter beans</action>
2005-03-20 22:22:59 -05:00
<action dev= "fbos" type= "fix" > Corrected Authz parsing of whitespace in GrantedAuthoritys</action>
2005-03-17 19:50:12 -05:00
<action dev= "benalex" type= "fix" > TokenBasedRememberMeServices now respects expired users, expired credentials and disabled users</action>
<action dev= "benalex" type= "fix" > HttpSessionContextIntegrationFilter now handles HttpSession invalidation without redirection</action>
2005-03-21 00:14:48 -05:00
<action dev= "benalex" type= "fix" > StringSplitUtils.split() ignored delimiter argument</action>
2005-03-21 03:03:11 -05:00
<action dev= "benalex" type= "fix" > DigestProcessingFilter now provides userCache getter and setter</action>
2005-03-22 06:17:22 -05:00
<action dev= "benalex" type= "fix" > Contacts Sample made to work with UserDetails-based Principal</action>
<action dev= "benalex" type= "update" > Documentation improvements</action>
<action dev= "benalex" type= "update" > Test coverage improvements</action>
2005-03-03 08:29:46 -05:00
</release>
2005-03-02 19:06:46 -05:00
<release version= "0.8.0" date= "2005-03-03" >
2005-02-22 01:14:44 -05:00
<action dev= "benalex" type= "add" > Added Digest Authentication support (RFC 2617 and RFC 2069)</action>
2005-02-28 21:30:38 -05:00
<action dev= "benalex" type= "add" > Added pluggable remember-me services</action>
<action dev= "benalex" type= "add" > Added pluggable mechnism to prevent concurrent login sessions</action>
<action dev= "benalex" type= "add" > FilterChainProxy added to significantly simplify web.xml configuration of Acegi Security</action>
<action dev= "benalex" type= "add" > AuthenticationProcessingFilter now provides hook for extra credentials (eg postcodes)</action>
<action dev= "benalex" type= "add" > New WebAuthenticationDetails class now used by processing filters for Authentication.setDetails()</action>
<action dev= "benalex" type= "add" > Additional debug-level logging</action>
<action dev= "benalex" type= "add" > Improved Tapestry support in AbstractProcessingFilter</action>
2005-01-19 16:25:01 -05:00
<action dev= "benalex" type= "update" > Made ConfigAttributeDefinition and ConfigAttribute Serializable</action>
2005-02-20 00:40:57 -05:00
<action dev= "benalex" type= "update" > User now accepts blank passwords (null passwords still rejected)</action>
2005-01-19 16:25:01 -05:00
<action dev= "benalex" type= "update" > FilterToBeanProxy now searches hierarchical bean factories</action>
2005-02-04 04:43:33 -05:00
<action dev= "benalex" type= "update" > User now accepted blank passwords (null passwords still rejected)</action>
2005-02-04 17:38:07 -05:00
<action dev= "benalex" type= "update" > ContextHolderAwareRequestWrapper now provides a getUserPrincipal() method</action>
2005-02-10 02:15:20 -05:00
<action dev= "benalex" type= "update" > HttpSessionIntegrationFilter no longer creates a HttpSession unnecessarily</action>
2005-02-11 00:49:41 -05:00
<action dev= "benalex" type= "update" > FilterSecurityInterceptor now only executes once per request (improves performance with SiteMesh)</action>
2005-01-31 00:18:17 -05:00
<action dev= "raykrueger" type= "update" > JaasAuthenticatinProvider now uses System.property "java.security.auth.login.config"</action>
2005-02-14 22:28:18 -05:00
<action dev= "raykrueger" type= "update" > JaasAuthenticationCallbackHandler Authentication is passed to handle method setAuthentication removed</action>
<action dev= "raykrueger" type= "update" > Added AuthenticationException to the AutenticationEntryPoint.commence method signature</action>
<action dev= "raykrueger" type= "update" > Added AccessDeniedException to the SecurityEncorcementFilter.sendAccessDeniedError method signature</action>
2005-02-20 00:40:57 -05:00
<action dev= "benalex" type= "update" > FilterToBeanProxy now addresses lifecycle mismatch (IoC container vs servlet container) issue</action>
2005-02-21 01:48:31 -05:00
<action dev= "benalex" type= "update" > Significantly refactor "well-known location model" to authentication processing mechanism and HttpSessionContextIntegrationFilter model</action>
2005-02-28 21:30:38 -05:00
<action dev= "benalex" type= "fix" > Correct issue with JdbcDaoImpl default SQL query not using consistent case sensitivity</action>
2005-02-27 22:02:32 -05:00
<action dev= "benalex" type= "fix" > Improve Linux and non-Sun JDK (specifically IBM JDK) compatibility</action>
2005-02-28 21:30:38 -05:00
<action dev= "benalex" type= "fix" > Log4j now included in generated WAR artifacts (fixes issue with Log4j listener)</action>
2005-02-28 17:06:53 -05:00
<action dev= "benalex" type= "fix" > Correct NullPointerException in FilterInvocationDefinitionSource implementations</action>
2005-01-19 16:25:01 -05:00
</release>
2005-01-15 22:58:42 -05:00
<release version= "0.7.0" date= "2005-01-16" >
2004-11-20 05:28:01 -05:00
<action dev= "carlossg" type= "add" > Major CVS repository restructure to support Maven and eliminate libraries</action>
<action dev= "benalex" type= "update" > Major improvements to Contacts sample application (now demos ACL security)</action>
<action dev= "benalex" type= "add" > Added AfterInvocationManager to mutate objects return from invocations</action>
<action dev= "benalex" type= "add" > Added BasicAclEntryAfterInvocationProvider to ACL evaluate returned Object</action>
<action dev= "benalex" type= "add" > Added BasicAclEntryAfterInvocationCollectionFilteringProvider</action>
<action dev= "benalex" type= "add" > Added security propagation during RMI invocations (from sandbox)</action>
<action dev= "benalex" type= "add" > Added security propagation for Spring's HTTP invoker</action>
<action dev= "benalex" type= "add" > Added BasicAclEntryVoter, which votes based on AclManager permissions</action>
<action dev= "benalex" type= "add" > Added AspectJ support (especially useful for instance-level security)</action>
<action dev= "benalex" type= "add" > Added MethodDefinitionSourceAdvisor for performance and autoproxying</action>
<action dev= "benalex" type= "add" > Added MethodDefinitionMap querying of interfaces defined by secure objects</action>
<action dev= "benalex" type= "add" > Added AuthenticationProcessingFilter.setDetails for use by subclasses</action>
<action dev= "benalex" type= "add" > Added 403-causing exception to HttpSession via SecurityEnforcementFilter</action>
<action dev= "benalex" type= "add" > Added net.sf.acegisecurity.intercept.event package</action>
<action dev= "benalex" type= "add" > Added BasicAclExtendedDao interface and JdbcExtendedDaoImpl for ACL CRUD</action>
<action dev= "benalex" type= "add" > Added additional remoting protocol demonstrations to Contacts sample</action>
2004-11-22 16:38:14 -05:00
<action dev= "benalex" type= "add" > Added AbstractProcessingFilter property to always use defaultTargetUrl</action>
2004-12-05 01:11:18 -05:00
<action dev= "benalex" type= "add" > Added ContextHolderAwareRequestWrapper to integrate with getRemoteUser()</action>
2004-12-26 03:48:25 -05:00
<action dev= "benalex" type= "add" > Added attempted username to view if processed by AuthenticationProcessingFilter</action>
2005-01-02 20:14:26 -05:00
<action dev= "benalex" type= "add" > Added UserDetails account and credentials expiration methods</action>
<action dev= "benalex" type= "add" > Added exceptions and events to support new UserDetails methods</action>
2005-01-04 14:58:27 -05:00
<action dev= "benalex" type= "add" > Added new exceptions to JBoss container adapter</action>
2004-11-20 05:28:01 -05:00
<action dev= "benalex" type= "update" > Improved BasicAclProvider to only respond to specified ACL object requests</action>
<action dev= "benalex" type= "update" > Refactored MethodDefinitionSource to work with Method, not MethodInvocation</action>
2004-12-05 00:04:52 -05:00
<action dev= "benalex" type= "update" > Refactored AbstractFilterInvocationDefinitionSource to work with URL Strings alone</action>
2004-11-20 05:28:01 -05:00
<action dev= "benalex" type= "update" > Refactored AbstractSecurityInterceptor to better support other AOP libraries</action>
2004-11-30 15:38:15 -05:00
<action dev= "benalex" type= "update" > Improved performance of JBoss container adapter (see reference docs)</action>
2004-12-03 01:44:13 -05:00
<action dev= "benalex" type= "update" > Made DaoAuthenticationProvider detect null in Authentication.principal</action>
<action dev= "benalex" type= "update" > Improved JaasAuthenticationProvider startup error detection</action>
2004-12-04 23:37:05 -05:00
<action dev= "benalex" type= "update" > Refactored EH-CACHE implementations to use Spring IoC defined caches instead</action>
2004-12-20 06:14:34 -05:00
<action dev= "benalex" type= "update" > AbstractProcessingFilter now has various hook methods to assist subclasses</action>
2004-12-21 15:53:32 -05:00
<action dev= "benalex" type= "update" > DaoAuthenticationProvider better detects AuthenticationDao interface violations</action>
2005-01-02 20:14:26 -05:00
<action dev= "benalex" type= "update" > The User class has a new constructor (the old constructor is deprecated)</action>
2004-12-05 00:30:26 -05:00
<action dev= "benalex" type= "fix" > Fixed ambiguous column references in JdbcDaoImpl default query</action>
2004-11-20 05:28:01 -05:00
<action dev= "benalex" type= "fix" > Fixed AbstractProcessingFilter to use removeAttribute (JRun compatibility)</action>
<action dev= "benalex" type= "fix" > Fixed GrantedAuthorityEffectiveAclResolver support of UserDetails principals</action>
2004-12-05 00:30:26 -05:00
<action dev= "benalex" type= "fix" > Fixed HttpSessionIntegrationFilter "cannot commit to container" during logoff</action>
2004-11-20 05:28:01 -05:00
<action dev= "benalex" type= "update" > Moved MethodSecurityInterceptor to ...intercept.method.aopalliance package</action>
<action dev= "benalex" type= "update" > Documentation improvements</action>
2004-12-03 01:44:13 -05:00
<action dev= "benalex" type= "update" > Test coverage improvements</action>
2004-11-20 05:28:01 -05:00
</release>
2004-12-11 18:01:51 -05:00
<release version= "0.6.1" date= "2004-09-24" >
2004-11-20 16:29:53 -05:00
<action dev= "benalex" type= "update" > Resolved to use http://apr.apache.org/versioning.html for future versioning</action>
<action dev= "benalex" type= "add" > Added additional DaoAuthenticationProvider event when user not found</action>
<action dev= "benalex" type= "add" > Added Authentication.getDetails() to DaoAuthenticationProvider response</action>
<action dev= "benalex" type= "add" > Added DaoAuthenticationProvider.hideUserNotFoundExceptions (default=true)</action>
<action dev= "benalex" type= "add" > Added PasswordAuthenticationProvider for password-validating DAOs (eg LDAP)</action>
<action dev= "benalex" type= "add" > Added FilterToBeanProxy compatibility with ContextLoaderServlet (lazy inits)</action>
<action dev= "benalex" type= "add" > Added convenience methods to ConfigAttributeDefinition</action>
<action dev= "benalex" type= "update" > Improved sample applications' bean reference notation</action>
<action dev= "benalex" type= "update" > Clarified contract for ObjectDefinitionSource.getAttributes(Object)</action>
<action dev= "benalex" type= "update" > Extracted removeUserFromCache(String) to UserCache interface</action>
<action dev= "benalex" type= "update" > Improved ConfigAttributeEditor so it trims preceding and trailing spaces</action>
<action dev= "benalex" type= "update" > Refactored UsernamePasswordAuthenticationToken.getDetails() to Object</action>
<action dev= "benalex" type= "fix" > Fixed MethodDefinitionAttributes to implement ObjectDefinitionSource change</action>
<action dev= "benalex" type= "fix" > Fixed EH-CACHE-based caching implementation behaviour when cache exists</action>
<action dev= "benalex" type= "fix" > Fixed Ant "release" target not including project.properties</action>
<action dev= "benalex" type= "fix" > Fixed GrantedAuthorityEffectiveAclsResolver if null ACLs provided to method</action>
<action dev= "benalex" type= "update" > Documentation improvements</action>
2004-12-11 18:01:51 -05:00
</release>
<release version= "0.6" date= "2004-08-08" >
2004-11-20 16:29:53 -05:00
<action dev= "benalex" type= "add" > Added domain object instance access control list (ACL) packages</action>
<action dev= "benalex" type= "add" > Added feature so DaoAuthenticationProvider returns User in Authentication</action>
<action dev= "benalex" type= "add" > Added AbstractIntegrationFilter.secureContext property for custom contexts</action>
<action dev= "benalex" type= "add" > Added stack trace logging to SecurityEnforcementFilter</action>
<action dev= "benalex" type= "add" > Added exception-specific target URLs to AbstractProcessingFilter</action>
<action dev= "benalex" type= "add" > Added JdbcDaoImpl hook so subclasses can insert custom granted authorities</action>
<action dev= "raykrueger" type= "add" > Added AuthenticationProvider that wraps JAAS login modules</action>
<action dev= "fbos" type= "add" > Added support for EL expressions in the authz tag library</action>
<action dev= "benalex" type= "add" > Added failed Authentication object to AuthenticationExceptions</action>
<action dev= "benalex" type= "add" > Added signed JARs to all official release builds (see readme.txt)</action>
<action dev= "benalex" type= "add" > Added remote client authentication validation package</action>
<action dev= "benalex" type= "add" > Added protected sendAccessDeniedError method to SecurityEnforcementFilter</action>
<action dev= "benalex" type= "update" > Updated Authentication to be serializable (Weblogic support)</action>
<action dev= "benalex" type= "update" > Updated JAR to Spring 1.1 RC 1</action>
<action dev= "benalex" type= "update" > Updated to Clover 1.3</action>
<action dev= "benalex" type= "update" > Updated to HSQLDB version 1.7.2 Release Candidate 6D</action>
<action dev= "benalex" type= "update" > Refactored User to net.sf.acegisecurity.UserDetails interface</action>
<action dev= "benalex" type= "update" > Refactored CAS package to store UserDetails in CasAuthenticationToken</action>
<action dev= "benalex" type= "update" > Improved organisation of DaoAuthenticationProvider to facilitate subclassing</action>
<action dev= "benalex" type= "update" > Improved test coverage (now 98.3%)</action>
<action dev= "benalex" type= "update" > Improved JDBC-based tests to use in-memory database rather than filesystem</action>
<action dev= "benalex" type= "update" > Fixed Linux compatibility issues (directory case sensitivity etc)</action>
<action dev= "benalex" type= "update" > Fixed AbstractProcessingFilter to handle servlet spec container differences</action>
<action dev= "benalex" type= "update" > Fixed AbstractIntegrationFilter to resolve a Weblogic compatibility issue</action>
<action dev= "benalex" type= "fix" > Fixed CasAuthenticationToken if proxy granting ticket callback not requested</action>
<action dev= "benalex" type= "fix" > Fixed EH-CACHE handling on web context refresh</action>
<action dev= "benalex" type= "update" > Documentation improvements</action>
2004-12-11 18:01:51 -05:00
</release>
<release version= "0.5.1" date= "2004-06-05" >
2004-11-20 16:29:53 -05:00
<action dev= "benalex" type= "add" > Added samples/quick-start</action>
<action dev= "benalex" type= "add" > Added NullRunAsManager and made default for AbstractSecurityInterceptor</action>
<action dev= "benalex" type= "add" > Added event notification (see net.sf.acegisecurity.providers.dao.event)</action>
<action dev= "benalex" type= "update" > Updated JAR to Spring 1.0.2</action>
<action dev= "benalex" type= "update" > Updated JAR to Commons Attributes CVS snapshot from Spring 1.0.2 release</action>
<action dev= "benalex" type= "update" > Updated GrantedAuthorityImpl to be serializable (JBoss support)</action>
<action dev= "benalex" type= "update" > Updated Authentication interface to present extra details for a request</action>
<action dev= "benalex" type= "update" > Updated Authentication interface to subclass java.security.Principal</action>
<action dev= "benalex" type= "update" > Refactored DaoAuthenticationProvider caching (refer to reference docs)</action>
<action dev= "benalex" type= "update" > Improved HttpSessionIntegrationFilter to manage additional attributes</action>
<action dev= "benalex" type= "update" > Improved URL encoding during redirects</action>
<action dev= "benalex" type= "fix" > Fixed issue with hot deploy of EhCacheBasedTicketCache (used with CAS)</action>
<action dev= "fbos" type= "fix" > Fixed issue with NullPointerExceptions in taglib</action>
<action dev= "benalex" type= "update" > Removed DaoAuthenticationToken and session-based caching</action>
<action dev= "benalex" type= "update" > Documentation improvements</action>
<action dev= "benalex" type= "update" > Upgrade Note: DaoAuthenticationProvider no longer has a "key" property</action>
2004-12-11 18:01:51 -05:00
</release>
<release version= "0.5" date= "2004-04-28" >
2004-11-20 16:29:53 -05:00
<action dev= "benalex" type= "add" > Added single sign on support via Yale Central Authentication Service (CAS)</action>
<action dev= "benalex" type= "add" > Added full support for HTTP Basic Authentication</action>
<action dev= "benalex" type= "add" > Added caching for DaoAuthenticationProvider successful authentications</action>
<action dev= "benalex" type= "add" > Added Burlap and Hessian remoting to Contacts sample application</action>
<action dev= "colins" type= "add" > Added pluggable password encoders including plaintext, SHA and MD5</action>
<action dev= "benalex" type= "add" > Added pluggable salt sources to enhance security of hashed passwords</action>
<action dev= "benalex" type= "add" > Added FilterToBeanProxy to obtain filters from Spring application context</action>
<action dev= "colins" type= "add" > Added support for prepending strings to roles created by JdbcDaoImpl</action>
<action dev= "colins" type= "add" > Added support for user definition of SQL statements used by JdbcDaoImpl</action>
<action dev= "colins" type= "add" > Added definable prefixes to avoid expectation of "ROLE_" GrantedAuthoritys</action>
<action dev= "benalex" type= "add" > Added pluggable AuthenticationEntryPoints to SecurityEnforcementFilter</action>
<action dev= "benalex" type= "add" > Added Apache Ant path syntax support to SecurityEnforcementFilter</action>
<action dev= "benalex" type= "add" > Added filter to automate web channel requirements (eg HTTPS redirection)</action>
<action dev= "benalex" type= "update" > Updated JAR to Spring 1.0.1</action>
<action dev= "benalex" type= "update" > Updated several classes to use absolute (not relative) redirection URLs</action>
<action dev= "benalex" type= "update" > Refactored filters to use Spring application context lifecycle support</action>
<action dev= "benalex" type= "update" > Improved constructor detection of nulls in User and other key objects</action>
<action dev= "benalex" type= "fix" > Fixed FilterInvocation.getRequestUrl() to also include getPathInfo()</action>
<action dev= "benalex" type= "fix" > Fixed Contacts sample application <A > </A> tags</action>
<action dev= "benalex" type= "update" > Established acegisecurity-developer mailing list</action>
<action dev= "benalex" type= "update" > Documentation improvements</action>
2004-12-11 18:01:51 -05:00
</release>
<release version= "0.4" date= "2004-04-03" >
2004-11-20 16:29:53 -05:00
<action dev= "benalex" type= "add" > Added HTTP session authentication as an alternative to container adapters</action>
<action dev= "benalex" type= "add" > Added HTTP request security interceptor (offers considerable flexibility)</action>
<action dev= "fbos" type= "add" > Added security taglib</action>
<action dev= "benalex" type= "add" > Added Clover test coverage instrumentation (currently 97.2%)</action>
<action dev= "benalex" type= "add" > Added support for Catalina (Tomcat) 4.1.30 to in-container integration tests</action>
<action dev= "benalex" type= "add" > Added HTML test and summary reporting to in-container integration tests</action>
<action dev= "benalex" type= "update" > Updated JARs to Spring Framework release 1.0, with associated AOP changes</action>
<action dev= "benalex" type= "update" > Updated to Apache License version 2.0</action>
<action dev= "benalex" type= "update" > Updated copyright with permission of past contributors</action>
<action dev= "benalex" type= "update" > Refactored unit tests to use mock objects and focus on a single class each</action>
<action dev= "benalex" type= "update" > Refactored many classes to enable insertion of mock objects during testing</action>
<action dev= "benalex" type= "update" > Refactored core classes to ease support of new secure object types</action>
<action dev= "benalex" type= "update" > Changed package layout to better describe the role of contained items</action>
<action dev= "benalex" type= "update" > Changed the extractor to extract additional classes from JBoss and Catalina</action>
<action dev= "benalex" type= "update" > Changed Jetty container adapter configuration (see reference documentation)</action>
<action dev= "benalex" type= "update" > Improved AutoIntegrationFilter handling of deployments without JBoss JARs</action>
<action dev= "benalex" type= "fix" > Fixed case handling support in data access object authentication provider</action>
<action dev= "benalex" type= "update" > Documentation improvements</action>
2004-12-11 18:01:51 -05:00
</release>
<release version= "0.3" date= "2004-03-18" >
2004-11-20 16:29:53 -05:00
<action dev= "benalex" type= "add" > Added "in container" unit test system for container adapters and sample app</action>
<action dev= "benalex" type= "add" > Added library extractor tool to reduce the "with deps" ZIP release sizes</action>
<action dev= "benalex" type= "add" > Added unit test to the attributes sample</action>
<action dev= "benalex" type= "add" > Added Jalopy source formatting</action>
<action dev= "benalex" type= "update" > Modified all files to use net.sf.acegisecurity namespace</action>
<action dev= "benalex" type= "update" > Renamed springsecurity.xml to acegisecurity.xml for consistency</action>
<action dev= "benalex" type= "update" > Reduced length of ZIP and JAR filenames</action>
<action dev= "benalex" type= "update" > Clarified licenses and sources for all included libraries</action>
<action dev= "benalex" type= "update" > Updated documentation to reflect new file and package names</action>
<action dev= "benalex" type= "update" > Setup Sourceforge.net project and added to CVS etc</action>
2004-12-11 18:01:51 -05:00
</release>
<release version= "0.2" date= "2004-03-10" >
2004-11-20 16:29:53 -05:00
<action dev= "benalex" type= "add" > Added Commons Attributes support and sample (thanks to Cameron Braid)</action>
<action dev= "benalex" type= "add" > Added JBoss container adapter</action>
<action dev= "benalex" type= "add" > Added Resin container adapter</action>
<action dev= "benalex" type= "add" > Added JDBC DAO authentication provider</action>
<action dev= "benalex" type= "add" > Added several filter implementations for container adapter integration</action>
<action dev= "benalex" type= "add" > Added SecurityInterceptor startup time validation of ConfigAttributes</action>
<action dev= "benalex" type= "add" > Added more unit tests</action>
<action dev= "benalex" type= "update" > Refactored ConfigAttribute to interface and added concrete implementation</action>
<action dev= "benalex" type= "update" > Enhanced diagnostics information provided by sample application debug.jsp</action>
<action dev= "benalex" type= "update" > Modified sample application for wider container portability (Resin, JBoss)</action>
<action dev= "benalex" type= "fix" > Fixed switch block in voting decision manager implementations</action>
<action dev= "benalex" type= "update" > Removed Spring MVC interceptor for container adapter integration</action>
<action dev= "benalex" type= "update" > Documentation improvements</action>
2004-12-11 18:01:51 -05:00
</release>
<release version= "0.1" date= "2004-03-03" >
2004-11-20 16:29:53 -05:00
<action dev= "benalex" type= "add" > Initial public release</action>
2004-12-11 18:01:51 -05:00
</release>
2004-11-20 05:28:01 -05:00
</body>
</document>
