From 26ff665dee3fdf088cf3cb170840201e60fd2667 Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Fri, 23 Apr 2004 01:39:21 +0000 Subject: [PATCH] Correct tags to use proper URL encoding. --- changelog.txt | 21 +++++++--- readme.txt | 10 ++++- samples/contacts/war/WEB-INF/jsp/add.jsp | 2 +- samples/contacts/war/WEB-INF/jsp/deleted.jsp | 2 +- samples/contacts/war/WEB-INF/jsp/hello.jsp | 3 +- samples/contacts/war/WEB-INF/jsp/index.jsp | 4 +- upgrade-04-05.txt | 40 ++++++++++++++------ 7 files changed, 58 insertions(+), 24 deletions(-) diff --git a/changelog.txt b/changelog.txt index 74d5f0b14e..468a722f2d 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,13 +1,22 @@ Changes in version 0.5 (2004-xx-xx) ----------------------------------- -* Added support for HTTP Basic Authentication +* Added single sign on support via Yale Central Authentication Service (CAS) +* Added full support for HTTP Basic Authentication * Added Burlap and Hessian remoting to Contacts sample application -* AuthenticationProcessingFilter by default finds configuration context using Spring's WebApplicationContextUtils.getWebApplicationContext() -* AuthenticationProcessingFilter context may optionally be specified with 'contextConfigLocation' param (was previously 'appContextLocation') -* SecurityEnforcementFilter by default finds configuration context using Spring's WebApplicationContextUtils.getWebApplicationContext() -* SecurityEnforcementFilter context may optionally be specified with 'contextConfigLocation' param (was previously 'appContextLocation') -* SecurityEnforcementFilter now supports URL definitions using the Apache Ant path syntax in addition to regular expressions +* Added pluggable password encoders including plaintext, SHA and MD5 +* Added pluggable salt sources to enhance security of hashed passwords +* Added FilterToBeanProxy to obtain filters from Spring application context +* Added support for prepending strings to roles created by JdbcDaoImpl +* Added support for user definition of SQL statements used by JdbcDaoImpl +* Added definable prefixes to avoid expectation of "ROLE_" GrantedAuthoritys +* Added pluggable AuthenticationEntryPoints to SecurityEnforcementFilter +* Added Apache Ant path syntax support to SecurityEnforcementFilter +* Updated JAR to Spring 1.0.1 +* Refactored filters to use Spring application context lifecycle support +* Fixed FilterInvocation.getRequestUrl() to also include getPathInfo() +* Fixed Contacts sample application tags +* Established acegisecurity-developer mailing list * Documentation improvements Changes in version 0.4 (2004-04-03) diff --git a/readme.txt b/readme.txt index dd89c216da..fbfa52f184 100644 --- a/readme.txt +++ b/readme.txt @@ -32,8 +32,14 @@ directory. In addition, JavaDocs are located in the docs/api directory. OBTAINING SUPPORT ------------------------------------------------------------------------------- -If you need any help, please post a question on the Spring Users mailing list -or email ben.alex@acegi.com.au. +If you need any help, please post a question on the Spring Users mailing list. + +If you start using Acegi Security in your project, please consider joining +the acegisecurity-developer mailing list. This is currently the best way to +keep informed about the project's status and provide feedback in design +discussions. You can join at: + + https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer. $Id$ diff --git a/samples/contacts/war/WEB-INF/jsp/add.jsp b/samples/contacts/war/WEB-INF/jsp/add.jsp index 43e121732d..7df92b09b4 100644 --- a/samples/contacts/war/WEB-INF/jsp/add.jsp +++ b/samples/contacts/war/WEB-INF/jsp/add.jsp @@ -35,6 +35,6 @@

-">Home +">Home diff --git a/samples/contacts/war/WEB-INF/jsp/deleted.jsp b/samples/contacts/war/WEB-INF/jsp/deleted.jsp index 89a91b5198..c68a207ae0 100644 --- a/samples/contacts/war/WEB-INF/jsp/deleted.jsp +++ b/samples/contacts/war/WEB-INF/jsp/deleted.jsp @@ -8,6 +8,6 @@ -

Manage +

">Manage diff --git a/samples/contacts/war/WEB-INF/jsp/hello.jsp b/samples/contacts/war/WEB-INF/jsp/hello.jsp index c2c500f24d..12a0a7a5eb 100644 --- a/samples/contacts/war/WEB-INF/jsp/hello.jsp +++ b/samples/contacts/war/WEB-INF/jsp/hello.jsp @@ -19,6 +19,7 @@ the random contact that is shown below:

-

Manage Debug +

">Manage +">Debug diff --git a/samples/contacts/war/WEB-INF/jsp/index.jsp b/samples/contacts/war/WEB-INF/jsp/index.jsp index 7cb530b855..76614c727a 100644 --- a/samples/contacts/war/WEB-INF/jsp/index.jsp +++ b/samples/contacts/war/WEB-INF/jsp/index.jsp @@ -19,11 +19,11 @@ - ">Del + ">Del -

Add Logoff +

">Add

">Logoff diff --git a/upgrade-04-05.txt b/upgrade-04-05.txt index f69b792fd0..b8f3a4228b 100644 --- a/upgrade-04-05.txt +++ b/upgrade-04-05.txt @@ -5,21 +5,39 @@ The following should help most casual users of the project update their applications: -- By default, AuthenticationProcessingFilter and SecurityEnforcementFilter now - use Spring's WebApplicationContextUtils.getApplicationContext to load the - ApplicationContext in which their respective configs may be found. Ideally, - move your configuration for these filters from the separate contexts you were - using before, to the main context used by your webapp. Alternately, the old - mechanism of having the filter load its own specific context is still - supported, but the param specifying the location of this context has been - changed to match the equivalent param as used by Spring's ContextLoader class. - If you do still want to use this approach, just rename your param from - 'appContextLocation' to 'contextConfigLocation'. +- All filters are now loaded via FilterToBeanProxy. The FilterToBeanProxy + obtains the filter from a Spring application context via the + WebApplicationContextUtils.getApplicationContext() method. Refer to the + reference documentation to see the new configuration of filters. + +- SecurityEnforcementFilter now requires an AuthenticationEntryPoint. + Refer to the reference documentation to see the alternatives available. + +- Any of your login or login failure pages that previously referred to + AuthenticationProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY + should now use + net.sf.acegisecurity.ui.AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY + +- DaoAuthenticationProvider no longer provides setters for case sensitivity + handling. The respective AuthenticationDao implementations should decide + whether or not to return User instances reflecting the exact case of the + requested username. The new PlaintextPasswordEncoder offers a setter for + ignoring the password case (defaults to require exact case matches). - If you're using container adapters, please refer to the reference documentation as additional JARs are now required in your container classloader. -We hope you find the new features useful in your projects. +- Whilst not really a change needed to your program, if you're using + Acegi Security please consider joining the acegisecurity-developer mailing + list. This is currently the best way to keep informed about the project's + status and provide feedback in design discussions. You can join at + https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer. + Please continue using the Spring Users mailing list for general support. + +There are also lots of new features you might wish to consider for your +projects. These include CAS integration, pluggable password encoders +(such as MD5 and SHA), along with pluggable salt sources. We hope you find +the new features useful in your projects. $Id$