spring-security/changelog.txt

Changes in version 0.6 (2004-xx-xx)
-----------------------------------

* Added feature so DaoAuthenticationProvider returns User in Authentication
* Added AbstractIntegrationFilter.secureContext property for custom contexts
* Added stack trace logging to SecurityEnforcementFilter
* Added exception-specific target URLs to AbstractProcessingFilter
* Added JdbcDaoImpl hook so subclasses can insert custom granted authorities
* Added AuthenticationProvider that wraps JAAS login modules
* Added support for EL expressions in the authz tag library
* Added failed Authentication object to AuthenticationExceptions
* Updated Authentication to be serializable (Weblogic support)
* Updated to Clover 1.3
* Refactored User to net.sf.acegisecurity.UserDetails interface
* Refactored CAS package to store UserDetails in CasAuthenticationToken
* Improved organisation of DaoAuthenticationProvider to facilitate subclassing
* Improved test coverage (now 98.3%)
* Fixed Linux compatibility issues (directory case sensitivity etc)
* Fixed AbstractProcessingFilter to handle servlet spec container differences
* Fixed AbstractIntegrationFilter to resolve a Weblogic compatibility issue
* Fixed CasAuthenticationToken if proxy granting ticket callback not requested
* Documentation improvements

Changes in version 0.51 (2004-06-06)
------------------------------------

* Added samples/quick-start
* Added NullRunAsManager and made default for AbstractSecurityInterceptor
* Added event notification (see net.sf.acegisecurity.providers.dao.event)
* Updated JAR to Spring 1.0.2
* Updated JAR to Commons Attributes CVS snapshot from Spring 1.0.2 release
* Updated GrantedAuthorityImpl to be serializable (JBoss support)
* Updated Authentication interface to present extra details for a request
* Updated Authentication interface to subclass java.security.Principal
* Refactored DaoAuthenticationProvider caching (refer to reference docs)
* Improved HttpSessionIntegrationFilter to manage additional attributes
* Improved URL encoding during redirects
* Fixed issue with hot deploy of EhCacheBasedTicketCache (used with CAS)
* Fixed issue with NullPointerExceptions in taglib
* Removed DaoAuthenticationToken and session-based caching
* Documentation improvements
* Upgrade Note: DaoAuthenticationProvider no longer has a "key" property

Changes in version 0.5 (2004-04-29)
-----------------------------------

* Added single sign on support via Yale Central Authentication Service (CAS)
* Added full support for HTTP Basic Authentication
* Added caching for DaoAuthenticationProvider successful authentications
* Added Burlap and Hessian remoting to Contacts sample application
* Added pluggable password encoders including plaintext, SHA and MD5
* Added pluggable salt sources to enhance security of hashed passwords
* Added FilterToBeanProxy to obtain filters from Spring application context
* Added support for prepending strings to roles created by JdbcDaoImpl
* Added support for user definition of SQL statements used by JdbcDaoImpl
* Added definable prefixes to avoid expectation of "ROLE_" GrantedAuthoritys
* Added pluggable AuthenticationEntryPoints to SecurityEnforcementFilter
* Added Apache Ant path syntax support to SecurityEnforcementFilter
* Added filter to automate web channel requirements (eg HTTPS redirection)
* Updated JAR to Spring 1.0.1
* Updated several classes to use absolute (not relative) redirection URLs
* Refactored filters to use Spring application context lifecycle support
* Improved constructor detection of nulls in User and other key objects
* Fixed FilterInvocation.getRequestUrl() to also include getPathInfo()
* Fixed Contacts sample application <A></A> tags
* Established acegisecurity-developer mailing list
* Documentation improvements

Changes in version 0.4 (2004-04-03)
-----------------------------------

* Added HTTP session authentication as an alternative to container adapters
* Added HTTP request security interceptor (offers considerable flexibility)
* Added security taglib
* Added Clover test coverage instrumentation (currently 97.2%)
* Added support for Catalina (Tomcat) 4.1.30 to in-container integration tests
* Added HTML test and summary reporting to in-container integration tests
* Updated JARs to Spring Framework release 1.0, with associated AOP changes
* Updated to Apache License version 2.0
* Updated copyright with permission of past contributors
* Refactored unit tests to use mock objects and focus on a single class each
* Refactored many classes to enable insertion of mock objects during testing
* Refactored core classes to ease support of new secure object types
* Changed package layout to better describe the role of contained items
* Changed the extractor to extract additional classes from JBoss and Catalina
* Changed Jetty container adapter configuration (see reference documentation)
* Improved AutoIntegrationFilter handling of deployments without JBoss JARs
* Fixed case handling support in data access object authentication provider
* Documentation improvements

Changes in version 0.3 (2004-03-16)
-----------------------------------

* Added "in container" unit test system for container adapters and sample app
* Added library extractor tool to reduce the "with deps" ZIP release sizes
* Added unit test to the attributes sample
* Added Jalopy source formatting
* Modified all files to use net.sf.acegisecurity namespace
* Renamed springsecurity.xml to acegisecurity.xml for consistency
* Reduced length of ZIP and JAR filenames
* Clarified licenses and sources for all included libraries
* Updated documentation to reflect new file and package names
* Setup Sourceforge.net project and added to CVS etc

Changes in version 0.2 (2004-03-10)
-----------------------------------

* Added Commons Attributes support and sample (thanks to Cameron Braid)
* Added JBoss container adapter
* Added Resin container adapter
* Added JDBC DAO authentication provider
* Added several filter implementations for container adapter integration
* Added SecurityInterceptor startup time validation of ConfigAttributes
* Added more unit tests
* Refactored ConfigAttribute to interface and added concrete implementation
* Enhanced diagnostics information provided by sample application debug.jsp
* Modified sample application for wider container portability (Resin, JBoss)
* Fixed switch block in voting decision manager implementations
* Removed Spring MVC interceptor for container adapter integration
* Documentation improvements

Changes in version 0.1 (2004-03-03)
-----------------------------------

* Initial public release


$Id$
Make User available from Authentication via DaoAuthenticationProvider. 2004-06-21 02:10:14 -04:00			`Changes in version 0.6 (2004-xx-xx)`
			`-----------------------------------`

			`* Added feature so DaoAuthenticationProvider returns User in Authentication`
Allow custom SecureContext implementations to be selected by user. 2004-06-29 19:28:59 -04:00			`* Added AbstractIntegrationFilter.secureContext property for custom contexts`
Make Authentication serializable (Weblogic support). 2004-07-12 18:40:33 -04:00			`* Added stack trace logging to SecurityEnforcementFilter`
Add today's changes. 2004-07-24 04:01:27 -04:00			`* Added exception-specific target URLs to AbstractProcessingFilter`
			`* Added JdbcDaoImpl hook so subclasses can insert custom granted authorities`
			`* Added AuthenticationProvider that wraps JAAS login modules`
			`* Added support for EL expressions in the authz tag library`
			`* Added failed Authentication object to AuthenticationExceptions`
Make Authentication serializable (Weblogic support). 2004-07-12 18:40:33 -04:00			`* Updated Authentication to be serializable (Weblogic support)`
Upgrade to Clover 1.3. 2004-07-12 22:18:54 -04:00			`* Updated to Clover 1.3`
Refactor CasAuthoritiesPopulator to use UserDetails rather than GrantedAuthority[]. 2004-07-14 05:54:09 -04:00			`* Refactored User to net.sf.acegisecurity.UserDetails interface`
			`* Refactored CAS package to store UserDetails in CasAuthenticationToken`
Improve organisation of DaoAuthenticationProvider to facilitate subclassing. 2004-06-30 19:18:47 -04:00			`* Improved organisation of DaoAuthenticationProvider to facilitate subclassing`
Upgrade to Clover 1.3. 2004-07-12 22:18:54 -04:00			`* Improved test coverage (now 98.3%)`
Make User available from Authentication via DaoAuthenticationProvider. 2004-06-21 02:10:14 -04:00			`* Fixed Linux compatibility issues (directory case sensitivity etc)`
Refactor User to an interface. 2004-06-24 19:24:14 -04:00			`* Fixed AbstractProcessingFilter to handle servlet spec container differences`
Resolve a Weblogic compatibility issue (patch thanks to Patrick Burleson). 2004-07-15 19:27:59 -04:00			`* Fixed AbstractIntegrationFilter to resolve a Weblogic compatibility issue`
Relax restriction on empty Strings for proxy callback URL, as this should be an empty String if no proxy callback was requested during service ticket validation. 2004-07-02 20:56:38 -04:00			`* Fixed CasAuthenticationToken if proxy granting ticket callback not requested`
Make User available from Authentication via DaoAuthenticationProvider. 2004-06-21 02:10:14 -04:00			`* Documentation improvements`

Update for release 0.51. 2004-06-06 02:58:07 -04:00			`Changes in version 0.51 (2004-06-06)`
			`------------------------------------`
Fixed issue with caching by making AbstractIntegrationFilter (and its subclasses) write the new Authentication object to the well-known location. 2004-04-30 01:16:08 -04:00
			`* Added samples/quick-start`
Update for release 0.51. 2004-06-06 02:58:07 -04:00			`* Added NullRunAsManager and made default for AbstractSecurityInterceptor`
			`* Added event notification (see net.sf.acegisecurity.providers.dao.event)`
			`* Updated JAR to Spring 1.0.2`
			`* Updated JAR to Commons Attributes CVS snapshot from Spring 1.0.2 release`
			`* Updated GrantedAuthorityImpl to be serializable (JBoss support)`
			`* Updated Authentication interface to present extra details for a request`
			`* Updated Authentication interface to subclass java.security.Principal`
			`* Refactored DaoAuthenticationProvider caching (refer to reference docs)`
			`* Improved HttpSessionIntegrationFilter to manage additional attributes`
			`* Improved URL encoding during redirects`
			`* Fixed issue with hot deploy of EhCacheBasedTicketCache (used with CAS)`
			`* Fixed issue with NullPointerExceptions in taglib`
			`* Removed DaoAuthenticationToken and session-based caching`
			`* Documentation improvements`
			`* Upgrade Note: DaoAuthenticationProvider no longer has a "key" property`
Fixed issue with caching by making AbstractIntegrationFilter (and its subclasses) write the new Authentication object to the well-known location. 2004-04-30 01:16:08 -04:00
Make ChannelDecisionManagerImpl iterate through a list of channel security processors. 2004-04-28 22:17:07 -04:00			`Changes in version 0.5 (2004-04-29)`
change AuthenticationProcessingFilter and SecurityEnforcementFilter to use Spring's WebApplicationContextUtils by defualt to find their config context. 2004-04-08 22:44:17 -04:00			`-----------------------------------`
Support configuration via Apache Ant paths (not only regular expressions). 2004-04-09 05:51:23 -04:00
Correct <A HREF> tags to use proper URL encoding. 2004-04-22 21:39:21 -04:00			`* Added single sign on support via Yale Central Authentication Service (CAS)`
			`* Added full support for HTTP Basic Authentication`
Add DaoAuthenticationProvider caching support. 2004-04-23 01:01:57 -04:00			`* Added caching for DaoAuthenticationProvider successful authentications`
Add support for HTTP Basic Authentication. 2004-04-11 08:09:08 -04:00			`* Added Burlap and Hessian remoting to Contacts sample application`
Correct <A HREF> tags to use proper URL encoding. 2004-04-22 21:39:21 -04:00			`* Added pluggable password encoders including plaintext, SHA and MD5`
			`* Added pluggable salt sources to enhance security of hashed passwords`
			`* Added FilterToBeanProxy to obtain filters from Spring application context`
			`* Added support for prepending strings to roles created by JdbcDaoImpl`
			`* Added support for user definition of SQL statements used by JdbcDaoImpl`
			`* Added definable prefixes to avoid expectation of "ROLE_" GrantedAuthoritys`
			`* Added pluggable AuthenticationEntryPoints to SecurityEnforcementFilter`
			`* Added Apache Ant path syntax support to SecurityEnforcementFilter`
Make ChannelDecisionManagerImpl iterate through a list of channel security processors. 2004-04-28 22:17:07 -04:00			`* Added filter to automate web channel requirements (eg HTTPS redirection)`
Correct <A HREF> tags to use proper URL encoding. 2004-04-22 21:39:21 -04:00			`* Updated JAR to Spring 1.0.1`
Significantly enhance channel processing filter. 2004-04-27 02:21:00 -04:00			`* Updated several classes to use absolute (not relative) redirection URLs`
Correct <A HREF> tags to use proper URL encoding. 2004-04-22 21:39:21 -04:00			`* Refactored filters to use Spring application context lifecycle support`
Add DaoAuthenticationProvider caching support. 2004-04-23 01:01:57 -04:00			`* Improved constructor detection of nulls in User and other key objects`
Correct <A HREF> tags to use proper URL encoding. 2004-04-22 21:39:21 -04:00			`* Fixed FilterInvocation.getRequestUrl() to also include getPathInfo()`
			`* Fixed Contacts sample application <A></A> tags`
			`* Established acegisecurity-developer mailing list`
Support configuration via Apache Ant paths (not only regular expressions). 2004-04-09 05:51:23 -04:00			`* Documentation improvements`
change AuthenticationProcessingFilter and SecurityEnforcementFilter to use Spring's WebApplicationContextUtils by defualt to find their config context. 2004-04-08 22:44:17 -04:00
Update for version 0.4. 2004-04-03 00:37:20 -05:00			`Changes in version 0.4 (2004-04-03)`
			`-----------------------------------`

			`* Added HTTP session authentication as an alternative to container adapters`
			`* Added HTTP request security interceptor (offers considerable flexibility)`
			`* Added security taglib`
			`* Added Clover test coverage instrumentation (currently 97.2%)`
			`* Added support for Catalina (Tomcat) 4.1.30 to in-container integration tests`
			`* Added HTML test and summary reporting to in-container integration tests`
			`* Updated JARs to Spring Framework release 1.0, with associated AOP changes`
			`* Updated to Apache License version 2.0`
			`* Updated copyright with permission of past contributors`
			`* Refactored unit tests to use mock objects and focus on a single class each`
			`* Refactored many classes to enable insertion of mock objects during testing`
			`* Refactored core classes to ease support of new secure object types`
			`* Changed package layout to better describe the role of contained items`
			`* Changed the extractor to extract additional classes from JBoss and Catalina`
			`* Changed Jetty container adapter configuration (see reference documentation)`
			`* Improved AutoIntegrationFilter handling of deployments without JBoss JARs`
			`* Fixed case handling support in data access object authentication provider`
			`* Documentation improvements`

Initial commit. 2004-03-16 18:57:17 -05:00			`Changes in version 0.3 (2004-03-16)`
			`-----------------------------------`

			`* Added "in container" unit test system for container adapters and sample app`
			`* Added library extractor tool to reduce the "with deps" ZIP release sizes`
			`* Added unit test to the attributes sample`
			`* Added Jalopy source formatting`
			`* Modified all files to use net.sf.acegisecurity namespace`
			`* Renamed springsecurity.xml to acegisecurity.xml for consistency`
			`* Reduced length of ZIP and JAR filenames`
			`* Clarified licenses and sources for all included libraries`
			`* Updated documentation to reflect new file and package names`
			`* Setup Sourceforge.net project and added to CVS etc`

			`Changes in version 0.2 (2004-03-10)`
			`-----------------------------------`

			`* Added Commons Attributes support and sample (thanks to Cameron Braid)`
			`* Added JBoss container adapter`
			`* Added Resin container adapter`
			`* Added JDBC DAO authentication provider`
			`* Added several filter implementations for container adapter integration`
			`* Added SecurityInterceptor startup time validation of ConfigAttributes`
			`* Added more unit tests`
			`* Refactored ConfigAttribute to interface and added concrete implementation`
			`* Enhanced diagnostics information provided by sample application debug.jsp`
			`* Modified sample application for wider container portability (Resin, JBoss)`
			`* Fixed switch block in voting decision manager implementations`
			`* Removed Spring MVC interceptor for container adapter integration`
			`* Documentation improvements`

			`Changes in version 0.1 (2004-03-03)`
			`-----------------------------------`

			`* Initial public release`



			$Id$