Various changes to support 1.0.0 release.

2025-06-26 13:53:14 +00:00 · 2006-05-29 10:57:47 +00:00 · 2006-05-29 10:57:47 +00:00 · 318bd88968
commit 318bd88968
parent 120124f79e
4 changed files with 61 additions and 78 deletions
--- a/doc/xdocs/building.html
+++ b/doc/xdocs/building.html
@ -116,48 +116,5 @@
 	<pre>maven clover:html-report -Dmaven.jar.override=on -Dmaven.jar.clover-ant=1.3.3_01</pre>
  </ol>
  <h2>CVS-over-SSH Workarounds</h2>
  <p>Another possible problem is related to CVS-over-SSH ("ext" in CVSROOT) appearing to freeze.
 	The following instructions assume you're an Acegi Security developer who has CVS access
 	to the project, as if you're not then you shouldn't be trying to use CVS-over-SSH.
 	The instructions above all relate to goals which use the default, anonymous
 	pserver CVS repository.</p>
  <p>If you really need authenticated SSH-based access, first check your
 	<code>$ACEGI_SECURITY/build.properties</code> contains a
 	<code>maven.username</code> equal to your SourceForge username. If your Maven CVS
 	or SSH commands still don't work, test you have automatic CVS-over-SSH access operational
 	by executing the following command:</p>
  <ol>
 	<pre>cvs -d :ext:YOUR_SOURCEFORGE_USERNAME@cvs.sourceforge.net:/cvsroot/acegisecurity</pre>
  </ol>
  <p>If this CVS command executes without requiring any interaction such as password
 	entry, you're ready to proceed. If it fails (or requires a password entry), you 
 	probably need to review your CVS setup. This varies depending on your CVS client.</p>
  <p>One Windows-based command line CVS-over-SSH-with-auto-login setup that 
 	works very well is to install 
 	<a href="http://www.cvsnt.com/">CVSNT</a> (which has a CVS client console utility)
 	and 
 	<a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/">PuTTY</a> (download
 	<code>putty.zip</code>) together, and use
 	PuTTY's Pageant to automatically authenticate. A resource that describes in detail
 	how to configure WinCVS (which internally uses CVSNT's command line client) with PuTTY 
 	(including automatic SSH authentication) is 
 	<a href="http://sourceforge.net/docman/display_doc.php?docid=766&group_id=1">SourceForge's instructions</a>.
 	One issue with the SourceForge instructions is they forget to mention how to
 	tell the CVS command-line client to use <code>plink.exe</code>, which is PuTTY's SSH command-line
 	version. The solution is to execute 
 	<code>set CVS_RSH=C:\Program Files\putty\plink.exe</code>
 	(or whatever path is appropriate to plink) before running the CVS command line.
 	In fairness, the SourceForge instructions target the Windows front-end to CVS, whilst
 	we need the command-line version to work.</p>
  <p>It is worth noting that as the Maven project uses the anonymous pserver
 	repository for most operations, these setup instructions really only apply if
 	doing something like deploying the site over SSH etc.</p>
 </body>
 </html>
--- a/doc/xdocs/index.html
+++ b/doc/xdocs/index.html
@ -9,10 +9,13 @@
      <CENTER><B>
      <HR>
-      <CENTER>Mission Statement</CENTER></B>
+      <CENTER>What is Acegi Security?</CENTER></B>
      <HR>
-      <BR>To provide comprehensive security services for <A 
+	  <BR>Acegi Security is a powerful, flexible security solution for enterprise software,
-      href="http://www.springframework.org/"><I>The Spring Framework</I></A>. 
+	  with a particular emphasis on applications that use 
 	  <A href="http://www.springframework.org/">Spring</A>. Using Acegi Security provides your
 	  applications with comprehensive authentication, authorization, instance-based access control,
 	  channel security and human user detection capabilities.
      </CENTER><BR><B>
      <HR>
@ -20,16 +23,24 @@
      <HR>
      <BR>
      <UL>
-        <LI><B>It is ready NOW.</B> As explained in the reference guide, the API 
+        <LI><B>Stable and mature.</B> Acegi Security 1.0.0 was released in May 2006 after
-        is now quite stable. We also use the <A 
+        more than two and a half years of use in large production software projects, 70,000+ downloads
        and hundreds of community contributions.
        In terms of release numbering, we also use the <A 
        href="http://apr.apache.org/versioning.html">Apache APR Project 
-        Versioning Guidelines</A> so you can identify backward 
+        Versioning Guidelines</A> so that you can easily identify release
        compatibility.<BR><BR>
        <LI><B>Well documented:</B> All APIs are fully documented using 
        <a href="http://acegisecurity.sourceforge.net/multiproject/acegi-security/apidocs/index.html">JavaDoc</a>,
        with almost 100 pages of
 		<a href="reference.html">Reference Guide</a> documentation providing an easy-to-follow
        introduction. Even more documentation is provided on this web site, as
 		shown in the left hand navigation sidebar.<BR><BR>
        <LI><B>Fast results:</B> View our <a href="suggested.html">suggested steps</a>
        for the fastest way to develop complex, security-compliant applications.<BR><BR>
        <LI><B>Enterprise-wide single sign on:</B> Using JA-SIG's open 
        source <A href="http://www.ja-sig.org/products/cas/">Central Authentication 
-        Service</A> (CAS), the Acegi Security System for Spring can participate 
+        Service</A> (CAS), the Acegi Security can participate 
        in an enterprise-wide single sign on environment. You no longer need 
        every web application to have its own authentication database. Nor are 
        you restricted to single sign on across a single web container. Advanced 
@ -61,7 +72,7 @@
        objects.<BR><BR>
        <LI><B>After invocation security:</B> Acegi Security can not only protect
 		methods from being invoked in the first place, but it can also
-		deal with the Objects returned from the methods. Included implementations 
+		deal with the objects returned from the methods. Included implementations 
 		of after invocation security can throw an exception or mutate the returned
 		object based on ACLs.<BR><BR>
        <LI><B>Secures your HTTP requests as well:</B> In addition to securing 
@ -70,13 +81,14 @@
        HTTP requests can now be secured by your choice of regular expressions 
        or Apache Ant paths, along with pluggable authentication, authorization 
        and run-as replacement managers.<BR><BR>
-        <LI><B>Channel security:</B> The Acegi Security System for Spring can 
+        <LI><B>Channel security:</B> Acegi Security can 
        automatically redirect requests across an appropriate transport channel. 
        Whilst flexible enough to support any of your "channel" requirements (eg 
        the remote user is a human, not a robot), a common channel security 
        feature is to ensure your secure pages will only be available over 
        HTTPS, and your public pages only over HTTP. Acegi Security also 
-        supports unusual port combinations and pluggable transport decision 
+        supports unusual port combinations (including if accessed via an
        intermediate server like Apache) and pluggable transport decision 
        managers.<BR><BR>
        <LI><B>Supports HTTP BASIC authentication:</B> Perfect for remoting 
        protocols or those web applications that prefer a simple browser pop-up 
@ -87,18 +99,29 @@
        (which never sends the user's password across the wire). Digest Authentication
        is widely supported by modern browsers. Acegi Security's implementation complies
        with both RFC 2617 and RFC 2069.<BR><BR>
-        <LI><B>Convenient security taglib:</B> Your JSP files can use our taglib 
+        <LI><B>Computer Associates Siteminder support:</B> Authentication can be
        delegated through to CA's Siteminder solution, which is common in large
        corporate environments.<BR><BR>
        <LI><B>X509 (Certificate) support:</B> Acegi Security can easily read
        client-side X509 certificates for authenticating users.<BR><BR>
        <LI><B>LDAP Support:</B> Do you have an LDAP directory? Acegi Security can
        happily authenticate against it.<BR><BR>
        <LI><B>Tag library support:</B> Your JSP files can use our taglib 
        to ensure that protected content like links and messages are only 
        displayed to users holding the appropriate granted authorities. The taglib
-		also fully integrates with Acegi Security's ACL services.<BR><BR>
+		also fully integrates with Acegi Security's ACL services, and
-        <LI><B>Application context or attribute-based configuration:</B> You 
+		obtaining extra information about the logged-in principal.<BR><BR>
        <LI><B>Configuration via IoC XML, Commons Attributes, or JDK 5 Annotations:</B> You 
        select the method used to configure your security environment. The 
-        project supports configuration via Spring application contexts as well 
+        project supports configuration via Spring application contexts, as well 
-        as Jakarta Commons Attributes.<BR><BR>
+        as Jakarta Commons Attributes and Java 5's annotations feature. Some users
        (such as those building content management systems) pull configuration data
        from a database, which exemplifies Acegi Security's flexible configuration
        metadata system.<BR><BR>
        <LI><B>Various authentication backends:</B> We include the ability to 
-        retrieve your user and granted authority definitions from either an XML 
+        retrieve your user and granted authority definitions from an XML 
-        file or JDBC datasource. Alternatively, you can implement the 
+        file, JDBC datasource or Properties file. Alternatively, you can implement the 
-        single-method DAO interface and obtain authentication details from 
+        single-method UserDetailsService interface and obtain authentication details from 
        anywhere you like.<BR><BR>
        <LI><B>Event support:</B> Building upon Spring's 
        <CODE>ApplicationEvent</CODE> services, you can write your own listeners 
@ -126,23 +149,27 @@
        problem. Acegi Security integrates with standard Spring remoting 
        protocols, because it automatically processes the HTTP BASIC 
        authentication headers they present. Add our BASIC authentication filter 
-        to your web.xml and you're done.<BR><BR>
+        to your web.xml and you're done. You can also easily use RMI or Digest
        authentication for your rich clients with a simple configuration statement.<BR><BR>
        <LI><B>Advanced password encoding:</B> Of course, passwords in your 
        authentication repository need not be in plain text. We support both SHA 
        and MD5 encoding, and also pluggable "salt" providers to maximise 
-        password security.<BR><BR>
+        password security. Acegi Security doesn't even need to see the password
-        <LI><B>Run-as replacement:</B> The security system fully supports 
+        if your backend can use a bind-based strategy for authentication (such as
-        temporarily replacing the authenticated user for the duration of the web 
+        an LDAP directory, or a database login).<BR><BR>
        <LI><B>Run-as replacement:</B> The system fully supports 
        temporarily replacing the authenticated principal for the duration of the web 
        request or bean invocation. This enables you to build public-facing 
        object tiers with different security configurations than your backend 
        objects.<BR><BR>
        <LI><B>Transparent security propagation:</B> Acegi Security can automatically
 		transfer its core authentication information from one machine to another,
 		using a variety of protocols including RMI and Spring's HttpInvoker.<BR><BR>
-        <LI><B>Compatible with HttpServletRequest.getRemoteUser():</B> Even though
+        <LI><B>Compatible with HttpServletRequest's security methods:</B> Even though
 		Acegi Security can deliver authentication using a range of pluggable mechanisms
 		(most of which require no web container configuration), we allow you to access
-		the resulting Authentication object via the getRemoteUser() method.<BR><BR>
+		the resulting Authentication object via the getRemoteUser() and other
 		security methods on HttpServletRequest.<BR><BR>
        <LI><B>Unit tests:</B> A must-have of any quality security project, unit 
        tests are included. Our unit test coverage is very high, as shown in the
 		<a href="multiproject/acegi-security/clover/index.html">coverage report</a>.<BR><BR>
@ -155,19 +182,18 @@
        <LI><B>Peer reviewed:</B> Whilst nothing is ever completely secure, 
        using an open source security package leverages the continuous design 
        and code quality improvements that emerge from peer review.<BR><BR>
-        <LI><B>Thorough documentation:</B> All APIs are fully documented using 
+        <LI><B>Community:</B> Well-known for its supportive community, Acegi Security
-        <a href="http://acegisecurity.sourceforge.net/multiproject/acegi-security/apidocs/index.html">JavaDoc</a>, with a 40+ page 
+        has an active group of developers and users. Visit our project resources (below)
-		<a href="reference.html">Reference Guide</a> providing an easy-to-follow 
+        to access these services.<BR><BR>
-        introduction. More documentation is provided on this web site, as
+        <LI><B>Apache license.</B> You can confidently use Acegi Security in your project.<BR><BR></LI></UL><BR><B>
 		shown in the left hand navigation sidebar.<BR><BR>
        <LI><B>Apache license.</B><BR><BR></LI></UL><BR><B>
      <HR>
      <CENTER>Project Resources</CENTER></B>
      <HR>
      <BR>
-      <CENTER><A href="http://forum.springframework.org/"><B>Support 
+      <CENTER>
-      Forums</B></A><BR><BR><A 
+      <A href="http://forum.springframework.org/"><B>Support Forums</B></A><BR><BR>
-      href="http://sourceforge.net/project/showfiles.php?group_id=104215"><B>Downloads</B></A>
+      <A href="mail-lists.html"><B>Developer Mailing List</B></A><BR><BR>
      <A href="downloads.html"><B>Downloads</B></A>
      </CENTER></FONT>
 </BODY></HTML>
--- a/project.properties
+++ b/project.properties
@ -16,7 +16,7 @@ maven.compile.source=1.3
 #signature.storepass=
 #signature.keystore=
-maven.javadoc.links=http://java.sun.com/j2se/1.4.2/docs/api/,http://www.springframework.org/docs/api/
+maven.javadoc.links=http://java.sun.com/j2se/1.5.0/docs/api/,http://www.springframework.org/docs/api/,http://jakarta.apache.org/commons/lang/api/index.html,http://developer.ja-sig.org/projects/cas/multiproject/cas-server/apidocs/index.html,http://jakarta.apache.org/commons/codec/apidocs/index.html,http://jakarta.apache.org/commons/collections/api/,http://jakarta.apache.org/commons/logging/apidocs/index.html,http://tomcat.apache.org/tomcat-5.0-doc/servletapi/index.html
 maven.repo.remote=http://www.ibiblio.org/maven,http://acegisecurity.sourceforge.net/maven,http://svn.apache.org/repository/
--- a/project.xml
+++ b/project.xml
@ -479,7 +479,7 @@
  </build>
  <reports>
    <!-- report>maven-changelog-plugin</report -->
-    <report>maven-checkstyle-plugin</report>
+    <!-- report>maven-checkstyle-plugin</report -->
    <report>maven-clover-plugin</report>
    <report>maven-javadoc-plugin</report>
    <report>maven-jdepend-plugin</report>