diff --git a/doc/xdocs/changes.xml b/doc/xdocs/changes.xml index a647d35de7..5df3c6d482 100644 --- a/doc/xdocs/changes.xml +++ b/doc/xdocs/changes.xml @@ -18,6 +18,11 @@ * limitations under the License. * * ======================================================================== + + + **** THIS FILE SHOULD ONLY BE USED TO POINT TO JIRA FOR EACH RELEASE!!!! (BPA, 4 November 2005) **** + + --> @@ -26,42 +31,7 @@ - Added Contacts (Java 5) sample uses @Transactional and @Secured annotations - SwitchUserProcessingFilter to provide user security context switching - Java 1.5 annotation support - BasicAuthenticationProcessingFilter no longer creates HttpSession via WebAuthenticationDetails call - JdbcDaoImpl modified to support synthetic primary keys - Greatly improve BasicAclEntryAfterInvocationCollectionFilteringProvider performance with large collections (if the principal has access to relatively few collection elements) - Reorder DaoAuthenticationProvider exception logic as per developer list discussion - ContextHolder refactored and replaced by SecurityContextHolder - Made AclEntry Serializable (correct issue with BasicAclEntryCache) - Changed order of credentials verification and expiry checking in DaoAuthenticationProvider. Password must now be successfully verified before expired credentials are reported. - AnonymousProcessingFilter offers protected method to control when it should execute - AbstractAuthenticationToken.getName() now returns username alone if UserDetails present - AuthorityGranter.grant now returns a java.util.Set of role names, instead of a single role name - JavaDoc improvements - Correct synchronization issue with FilterToBeanProxy initialization - Refactor Authentication.isAuthenticated() handling to be more performant - Silently catch NotSerializableException in AbstractProcessingFilter if rootCause is not Serializable - Remove getters and setters from JdbcDaoImpl so IoC container cannot modify MappingSqlQuerys - Refactor DAO authentication failure events under a consistent abstract superclass - JBoss container adapter to use getName() instead to toString() (see http://opensource.atlassian.com/projects/spring/browse/SEC-22) - HttpSessionContextIntegrationFilter elegantly handles IOExceptions and ServletExceptions within filter chain (see http://opensource.atlassian.com/projects/spring/browse/SEC-20) - Form, CAS, X509 and Remember-Me authentication mechanisms now publish an InteractiveAuthenticationSuccessEvent (see http://opensource.atlassian.com/projects/spring/browse/SEC-5) - FilterSecurityInterceptor now has an observeOncePerRequest boolean property, allowing multiple fragments of the HTTP request to be individually authorized (see http://opensource.atlassian.com/projects/spring/browse/SEC-14) - AnonymousProcessingFilter cleans up the Authentication object, avoiding HttpSession creation overhead - SecurityEnforcementFilter now has a createSessionAllowed property, which should be set to false to avoid unnecessary session creation - UserAttributeEditor now removes trailing spaces - SecureContextLoginModule now provides ignoreMissingAuthentication property - SecureContextLoginModuleTests fixes (see http://opensource.atlassian.com/projects/spring/browse/SEC-36) - SiteMinder authentication services (see http://opensource.atlassian.com/projects/spring/browse/SEC-35) - Acegifier sample added (see http://opensource.atlassian.com/projects/spring/browse/SEC-1) - CVS changes to help new Eclipse-based developers get started - AuthorizeTag no longer depends on JDK 1.4. Tested on Websphere 5.0 w/JDK 1.3 (see http://opensource.atlassian.com/projects/spring/browse/SEC-11) - Added debug statement to AbstractTicketValidator to help with Acegi+CAS+SSL setup (thanks Seth Ladd for the patch) (see http://opensource.atlassian.com/projects/spring/browse/SEC-34) - Added package.html files to empty resources dirs so CVS serves them to new developers - Added package.html files to reamining java packages (see http://opensource.atlassian.com/projects/spring/browse/SEC-41) - Relocated JdbcDaoExtendedImpl.convertAclObjectIdentityToString to superclass + All changes are in JIRA at http://opensource2.atlassian.com/projects/spring/secure/ReleaseNote.jspa?projectId=10040&styleName=Html&version=10251 HttpSessionContextIntegrationFilter elegantly handles IOExceptions and ServletExceptions within filter chain (see http://opensource.atlassian.com/projects/spring/browse/SEC-20)