Correct <A HREF> tags to use proper URL encoding.
This commit is contained in:
Ben Alex
parent
e2de3c9dbc
commit
26ff665dee
|
|
@ -1,13 +1,22 @@
|
|||
Changes in version 0.5 (2004-xx-xx)
|
||||
-----------------------------------
|
||||
|
||||
* Added support for HTTP Basic Authentication
|
||||
* Added single sign on support via Yale Central Authentication Service (CAS)
|
||||
* Added full support for HTTP Basic Authentication
|
||||
* Added Burlap and Hessian remoting to Contacts sample application
|
||||
* AuthenticationProcessingFilter by default finds configuration context using Spring's WebApplicationContextUtils.getWebApplicationContext()
|
||||
* AuthenticationProcessingFilter context may optionally be specified with 'contextConfigLocation' param (was previously 'appContextLocation')
|
||||
* SecurityEnforcementFilter by default finds configuration context using Spring's WebApplicationContextUtils.getWebApplicationContext()
|
||||
* SecurityEnforcementFilter context may optionally be specified with 'contextConfigLocation' param (was previously 'appContextLocation')
|
||||
* SecurityEnforcementFilter now supports URL definitions using the Apache Ant path syntax in addition to regular expressions
|
||||
* Added pluggable password encoders including plaintext, SHA and MD5
|
||||
* Added pluggable salt sources to enhance security of hashed passwords
|
||||
* Added FilterToBeanProxy to obtain filters from Spring application context
|
||||
* Added support for prepending strings to roles created by JdbcDaoImpl
|
||||
* Added support for user definition of SQL statements used by JdbcDaoImpl
|
||||
* Added definable prefixes to avoid expectation of "ROLE_" GrantedAuthoritys
|
||||
* Added pluggable AuthenticationEntryPoints to SecurityEnforcementFilter
|
||||
* Added Apache Ant path syntax support to SecurityEnforcementFilter
|
||||
* Updated JAR to Spring 1.0.1
|
||||
* Refactored filters to use Spring application context lifecycle support
|
||||
* Fixed FilterInvocation.getRequestUrl() to also include getPathInfo()
|
||||
* Fixed Contacts sample application <A></A> tags
|
||||
* Established acegisecurity-developer mailing list
|
||||
* Documentation improvements
|
||||
|
||||
Changes in version 0.4 (2004-04-03)
|
||||
|
|
|
|||
10
readme.txt
10
readme.txt
|
|
@ -32,8 +32,14 @@ directory. In addition, JavaDocs are located in the docs/api directory.
|
|||
OBTAINING SUPPORT
|
||||
-------------------------------------------------------------------------------
|
||||
|
||||
If you need any help, please post a question on the Spring Users mailing list
|
||||
or email ben.alex@acegi.com.au.
|
||||
If you need any help, please post a question on the Spring Users mailing list.
|
||||
|
||||
If you start using Acegi Security in your project, please consider joining
|
||||
the acegisecurity-developer mailing list. This is currently the best way to
|
||||
keep informed about the project's status and provide feedback in design
|
||||
discussions. You can join at:
|
||||
|
||||
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer.
|
||||
|
||||
|
||||
$Id$
|
||||
|
|
|
|||
|
|
@ -35,6 +35,6 @@
|
|||
<br><br>
|
||||
<input name="execute" type="submit" alignment="center" value="Execute">
|
||||
</form>
|
||||
<a href="<c:url value="hello.htm"/>">Home</a>
|
||||
<a href="<c:url value="../hello.htm"/>">Home</a>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -8,6 +8,6 @@
|
|||
<code>
|
||||
<c:out value="${contact}"/>
|
||||
</code>
|
||||
<p><A HREF="index.htm">Manage</a>
|
||||
<p><a href="<c:url value="index.htm"/>">Manage</a>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ the random contact that is shown below:
|
|||
<c:out value="${contact}"/>
|
||||
</code>
|
||||
<p>
|
||||
<p><A HREF="secure/index.htm">Manage</a> <A HREF="secure/debug.jsp">Debug</a>
|
||||
<p><A HREF="<c:url value="secure/index.htm"/>">Manage</a>
|
||||
<A HREF="<c:url value="secure/debug.jsp"/>">Debug</a>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@
|
|||
<c:out value="${contact.email}"/>
|
||||
</td>
|
||||
<authz:authorize ifAllGranted="ROLE_SUPERVISOR">
|
||||
<td><A HREF="del.htm?id=<c:out value="${contact.id}"/>">Del</A></td>
|
||||
<td><A HREF="<c:url value="del.htm"><c:param name="id" value="${contact.id}"/></c:url>">Del</A></td>
|
||||
</authz:authorize>
|
||||
</tr>
|
||||
</c:forEach>
|
||||
</table>
|
||||
<p><A HREF="add.htm">Add</a> <A HREF="../logoff.jsp">Logoff</A>
|
||||
<p><a href="<c:url value="add.htm"/>">Add</a> <p><a href="<c:url value="../logoff.jsp"/>">Logoff</a>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -5,21 +5,39 @@
|
|||
The following should help most casual users of the project update their
|
||||
applications:
|
||||
|
||||
- By default, AuthenticationProcessingFilter and SecurityEnforcementFilter now
|
||||
use Spring's WebApplicationContextUtils.getApplicationContext to load the
|
||||
ApplicationContext in which their respective configs may be found. Ideally,
|
||||
move your configuration for these filters from the separate contexts you were
|
||||
using before, to the main context used by your webapp. Alternately, the old
|
||||
mechanism of having the filter load its own specific context is still
|
||||
supported, but the param specifying the location of this context has been
|
||||
changed to match the equivalent param as used by Spring's ContextLoader class.
|
||||
If you do still want to use this approach, just rename your param from
|
||||
'appContextLocation' to 'contextConfigLocation'.
|
||||
- All filters are now loaded via FilterToBeanProxy. The FilterToBeanProxy
|
||||
obtains the filter from a Spring application context via the
|
||||
WebApplicationContextUtils.getApplicationContext() method. Refer to the
|
||||
reference documentation to see the new configuration of filters.
|
||||
|
||||
- SecurityEnforcementFilter now requires an AuthenticationEntryPoint.
|
||||
Refer to the reference documentation to see the alternatives available.
|
||||
|
||||
- Any of your login or login failure pages that previously referred to
|
||||
AuthenticationProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY
|
||||
should now use
|
||||
net.sf.acegisecurity.ui.AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY
|
||||
|
||||
- DaoAuthenticationProvider no longer provides setters for case sensitivity
|
||||
handling. The respective AuthenticationDao implementations should decide
|
||||
whether or not to return User instances reflecting the exact case of the
|
||||
requested username. The new PlaintextPasswordEncoder offers a setter for
|
||||
ignoring the password case (defaults to require exact case matches).
|
||||
|
||||
- If you're using container adapters, please refer to the reference
|
||||
documentation as additional JARs are now required in your container
|
||||
classloader.
|
||||
|
||||
We hope you find the new features useful in your projects.
|
||||
- Whilst not really a change needed to your program, if you're using
|
||||
Acegi Security please consider joining the acegisecurity-developer mailing
|
||||
list. This is currently the best way to keep informed about the project's
|
||||
status and provide feedback in design discussions. You can join at
|
||||
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer.
|
||||
Please continue using the Spring Users mailing list for general support.
|
||||
|
||||
There are also lots of new features you might wish to consider for your
|
||||
projects. These include CAS integration, pluggable password encoders
|
||||
(such as MD5 and SHA), along with pluggable salt sources. We hope you find
|
||||
the new features useful in your projects.
|
||||
|
||||
$Id$
|
||||
|
|
|
|||
Loading…
Reference in New Issue