From 55c1dd3a8d5a8b697ecea08175300885ea68811c Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Sat, 20 Nov 2004 21:29:53 +0000 Subject: [PATCH] Move changelog to Maven managed docs. --- changelog.txt | 185 ------------------------------------------ doc/xdocs/changes.xml | 125 ++++++++++++++++++++++++++++ 2 files changed, 125 insertions(+), 185 deletions(-) delete mode 100644 changelog.txt diff --git a/changelog.txt b/changelog.txt deleted file mode 100644 index 246988ae04..0000000000 --- a/changelog.txt +++ /dev/null @@ -1,185 +0,0 @@ -Changes in version 0.7 (2004-xx-xx) ------------------------------------ - -* Major CVS repository restructure to support Maven and eliminate libraries -* Major improvements to Contacts sample application (now demos ACL security) -* Added AfterInvocationManager to mutate objects return from invocations -* Added BasicAclEntryAfterInvocationProvider to ACL evaluate returned Object -* Added BasicAclEntryAfterInvocationCollectionFilteringProvider -* Added security propagation during RMI invocations (from sandbox) -* Added security propagation for Spring's HTTP invoker -* Added BasicAclEntryVoter, which votes based on AclManager permissions -* Added AspectJ support (especially useful for instance-level security) -* Added MethodDefinitionSourceAdvisor for performance and autoproxying -* Added MethodDefinitionMap querying of interfaces defined by secure objects -* Added AuthenticationProcessingFilter.setDetails for use by subclasses -* Added 403-causing exception to HttpSession via SecurityEnforcementFilter -* Added net.sf.acegisecurity.intercept.event package -* Added BasicAclExtendedDao interface and JdbcExtendedDaoImpl for ACL CRUD -* Added additional remoting protocol demonstrations to Contacts sample -* Improved BasicAclProvider to only respond to specified ACL object requests -* Refactored MethodDefinitionSource to work with Method, not MethodInvocation -* Refactored AbstractSecurityInterceptor to better support other AOP libraries -* Fixed AbstractProcessingFilter to use removeAttribute (JRun compatibility) -* Fixed GrantedAuthorityEffectiveAclResolver support of UserDetails principals -* Moved MethodSecurityInterceptor to ...intercept.method.aopalliance package -* Documentation improvements - -Changes in version 0.6.1 (2004-09-25) -------------------------------------- - -* Resolved to use http://apr.apache.org/versioning.html for future versioning -* Added additional DaoAuthenticationProvider event when user not found -* Added Authentication.getDetails() to DaoAuthenticationProvider response -* Added DaoAuthenticationProvider.hideUserNotFoundExceptions (default=true) -* Added PasswordAuthenticationProvider for password-validating DAOs (eg LDAP) -* Added FilterToBeanProxy compatibility with ContextLoaderServlet (lazy inits) -* Added convenience methods to ConfigAttributeDefinition -* Improved sample applications' bean reference notation -* Clarified contract for ObjectDefinitionSource.getAttributes(Object) -* Extracted removeUserFromCache(String) to UserCache interface -* Improved ConfigAttributeEditor so it trims preceding and trailing spaces -* Refactored UsernamePasswordAuthenticationToken.getDetails() to Object -* Fixed MethodDefinitionAttributes to implement ObjectDefinitionSource change -* Fixed EH-CACHE-based caching implementation behaviour when cache exists -* Fixed Ant "release" target not including project.properties -* Fixed GrantedAuthorityEffectiveAclsResolver if null ACLs provided to method -* Documentation improvements - -Changes in version 0.6 (2004-08-09) ------------------------------------ - -* Added domain object instance access control list (ACL) packages -* Added feature so DaoAuthenticationProvider returns User in Authentication -* Added AbstractIntegrationFilter.secureContext property for custom contexts -* Added stack trace logging to SecurityEnforcementFilter -* Added exception-specific target URLs to AbstractProcessingFilter -* Added JdbcDaoImpl hook so subclasses can insert custom granted authorities -* Added AuthenticationProvider that wraps JAAS login modules -* Added support for EL expressions in the authz tag library -* Added failed Authentication object to AuthenticationExceptions -* Added signed JARs to all official release builds (see readme.txt) -* Added remote client authentication validation package -* Added protected sendAccessDeniedError method to SecurityEnforcementFilter -* Updated Authentication to be serializable (Weblogic support) -* Updated JAR to Spring 1.1 RC 1 -* Updated to Clover 1.3 -* Updated to HSQLDB version 1.7.2 Release Candidate 6D -* Refactored User to net.sf.acegisecurity.UserDetails interface -* Refactored CAS package to store UserDetails in CasAuthenticationToken -* Improved organisation of DaoAuthenticationProvider to facilitate subclassing -* Improved test coverage (now 98.3%) -* Improved JDBC-based tests to use in-memory database rather than filesystem -* Fixed Linux compatibility issues (directory case sensitivity etc) -* Fixed AbstractProcessingFilter to handle servlet spec container differences -* Fixed AbstractIntegrationFilter to resolve a Weblogic compatibility issue -* Fixed CasAuthenticationToken if proxy granting ticket callback not requested -* Fixed EH-CACHE handling on web context refresh -* Documentation improvements - -Changes in version 0.51 (2004-06-06) ------------------------------------- - -* Added samples/quick-start -* Added NullRunAsManager and made default for AbstractSecurityInterceptor -* Added event notification (see net.sf.acegisecurity.providers.dao.event) -* Updated JAR to Spring 1.0.2 -* Updated JAR to Commons Attributes CVS snapshot from Spring 1.0.2 release -* Updated GrantedAuthorityImpl to be serializable (JBoss support) -* Updated Authentication interface to present extra details for a request -* Updated Authentication interface to subclass java.security.Principal -* Refactored DaoAuthenticationProvider caching (refer to reference docs) -* Improved HttpSessionIntegrationFilter to manage additional attributes -* Improved URL encoding during redirects -* Fixed issue with hot deploy of EhCacheBasedTicketCache (used with CAS) -* Fixed issue with NullPointerExceptions in taglib -* Removed DaoAuthenticationToken and session-based caching -* Documentation improvements -* Upgrade Note: DaoAuthenticationProvider no longer has a "key" property - -Changes in version 0.5 (2004-04-29) ------------------------------------ - -* Added single sign on support via Yale Central Authentication Service (CAS) -* Added full support for HTTP Basic Authentication -* Added caching for DaoAuthenticationProvider successful authentications -* Added Burlap and Hessian remoting to Contacts sample application -* Added pluggable password encoders including plaintext, SHA and MD5 -* Added pluggable salt sources to enhance security of hashed passwords -* Added FilterToBeanProxy to obtain filters from Spring application context -* Added support for prepending strings to roles created by JdbcDaoImpl -* Added support for user definition of SQL statements used by JdbcDaoImpl -* Added definable prefixes to avoid expectation of "ROLE_" GrantedAuthoritys -* Added pluggable AuthenticationEntryPoints to SecurityEnforcementFilter -* Added Apache Ant path syntax support to SecurityEnforcementFilter -* Added filter to automate web channel requirements (eg HTTPS redirection) -* Updated JAR to Spring 1.0.1 -* Updated several classes to use absolute (not relative) redirection URLs -* Refactored filters to use Spring application context lifecycle support -* Improved constructor detection of nulls in User and other key objects -* Fixed FilterInvocation.getRequestUrl() to also include getPathInfo() -* Fixed Contacts sample application tags -* Established acegisecurity-developer mailing list -* Documentation improvements - -Changes in version 0.4 (2004-04-03) ------------------------------------ - -* Added HTTP session authentication as an alternative to container adapters -* Added HTTP request security interceptor (offers considerable flexibility) -* Added security taglib -* Added Clover test coverage instrumentation (currently 97.2%) -* Added support for Catalina (Tomcat) 4.1.30 to in-container integration tests -* Added HTML test and summary reporting to in-container integration tests -* Updated JARs to Spring Framework release 1.0, with associated AOP changes -* Updated to Apache License version 2.0 -* Updated copyright with permission of past contributors -* Refactored unit tests to use mock objects and focus on a single class each -* Refactored many classes to enable insertion of mock objects during testing -* Refactored core classes to ease support of new secure object types -* Changed package layout to better describe the role of contained items -* Changed the extractor to extract additional classes from JBoss and Catalina -* Changed Jetty container adapter configuration (see reference documentation) -* Improved AutoIntegrationFilter handling of deployments without JBoss JARs -* Fixed case handling support in data access object authentication provider -* Documentation improvements - -Changes in version 0.3 (2004-03-16) ------------------------------------ - -* Added "in container" unit test system for container adapters and sample app -* Added library extractor tool to reduce the "with deps" ZIP release sizes -* Added unit test to the attributes sample -* Added Jalopy source formatting -* Modified all files to use net.sf.acegisecurity namespace -* Renamed springsecurity.xml to acegisecurity.xml for consistency -* Reduced length of ZIP and JAR filenames -* Clarified licenses and sources for all included libraries -* Updated documentation to reflect new file and package names -* Setup Sourceforge.net project and added to CVS etc - -Changes in version 0.2 (2004-03-10) ------------------------------------ - -* Added Commons Attributes support and sample (thanks to Cameron Braid) -* Added JBoss container adapter -* Added Resin container adapter -* Added JDBC DAO authentication provider -* Added several filter implementations for container adapter integration -* Added SecurityInterceptor startup time validation of ConfigAttributes -* Added more unit tests -* Refactored ConfigAttribute to interface and added concrete implementation -* Enhanced diagnostics information provided by sample application debug.jsp -* Modified sample application for wider container portability (Resin, JBoss) -* Fixed switch block in voting decision manager implementations -* Removed Spring MVC interceptor for container adapter integration -* Documentation improvements - -Changes in version 0.1 (2004-03-03) ------------------------------------ - -* Initial public release - - - -$Id$ diff --git a/doc/xdocs/changes.xml b/doc/xdocs/changes.xml index d43e1d12b4..6c36e9e358 100644 --- a/doc/xdocs/changes.xml +++ b/doc/xdocs/changes.xml @@ -51,10 +51,135 @@ Documentation improvements + Resolved to use http://apr.apache.org/versioning.html for future versioning + Added additional DaoAuthenticationProvider event when user not found + Added Authentication.getDetails() to DaoAuthenticationProvider response + Added DaoAuthenticationProvider.hideUserNotFoundExceptions (default=true) + Added PasswordAuthenticationProvider for password-validating DAOs (eg LDAP) + Added FilterToBeanProxy compatibility with ContextLoaderServlet (lazy inits) + Added convenience methods to ConfigAttributeDefinition + Improved sample applications' bean reference notation + Clarified contract for ObjectDefinitionSource.getAttributes(Object) + Extracted removeUserFromCache(String) to UserCache interface + Improved ConfigAttributeEditor so it trims preceding and trailing spaces + Refactored UsernamePasswordAuthenticationToken.getDetails() to Object + Fixed MethodDefinitionAttributes to implement ObjectDefinitionSource change + Fixed EH-CACHE-based caching implementation behaviour when cache exists + Fixed Ant "release" target not including project.properties + Fixed GrantedAuthorityEffectiveAclsResolver if null ACLs provided to method + Documentation improvements + Added domain object instance access control list (ACL) packages + Added feature so DaoAuthenticationProvider returns User in Authentication + Added AbstractIntegrationFilter.secureContext property for custom contexts + Added stack trace logging to SecurityEnforcementFilter + Added exception-specific target URLs to AbstractProcessingFilter + Added JdbcDaoImpl hook so subclasses can insert custom granted authorities + Added AuthenticationProvider that wraps JAAS login modules + Added support for EL expressions in the authz tag library + Added failed Authentication object to AuthenticationExceptions + Added signed JARs to all official release builds (see readme.txt) + Added remote client authentication validation package + Added protected sendAccessDeniedError method to SecurityEnforcementFilter + Updated Authentication to be serializable (Weblogic support) + Updated JAR to Spring 1.1 RC 1 + Updated to Clover 1.3 + Updated to HSQLDB version 1.7.2 Release Candidate 6D + Refactored User to net.sf.acegisecurity.UserDetails interface + Refactored CAS package to store UserDetails in CasAuthenticationToken + Improved organisation of DaoAuthenticationProvider to facilitate subclassing + Improved test coverage (now 98.3%) + Improved JDBC-based tests to use in-memory database rather than filesystem + Fixed Linux compatibility issues (directory case sensitivity etc) + Fixed AbstractProcessingFilter to handle servlet spec container differences + Fixed AbstractIntegrationFilter to resolve a Weblogic compatibility issue + Fixed CasAuthenticationToken if proxy granting ticket callback not requested + Fixed EH-CACHE handling on web context refresh + Documentation improvements + Added samples/quick-start + Added NullRunAsManager and made default for AbstractSecurityInterceptor + Added event notification (see net.sf.acegisecurity.providers.dao.event) + Updated JAR to Spring 1.0.2 + Updated JAR to Commons Attributes CVS snapshot from Spring 1.0.2 release + Updated GrantedAuthorityImpl to be serializable (JBoss support) + Updated Authentication interface to present extra details for a request + Updated Authentication interface to subclass java.security.Principal + Refactored DaoAuthenticationProvider caching (refer to reference docs) + Improved HttpSessionIntegrationFilter to manage additional attributes + Improved URL encoding during redirects + Fixed issue with hot deploy of EhCacheBasedTicketCache (used with CAS) + Fixed issue with NullPointerExceptions in taglib + Removed DaoAuthenticationToken and session-based caching + Documentation improvements + Upgrade Note: DaoAuthenticationProvider no longer has a "key" property + Added single sign on support via Yale Central Authentication Service (CAS) + Added full support for HTTP Basic Authentication + Added caching for DaoAuthenticationProvider successful authentications + Added Burlap and Hessian remoting to Contacts sample application + Added pluggable password encoders including plaintext, SHA and MD5 + Added pluggable salt sources to enhance security of hashed passwords + Added FilterToBeanProxy to obtain filters from Spring application context + Added support for prepending strings to roles created by JdbcDaoImpl + Added support for user definition of SQL statements used by JdbcDaoImpl + Added definable prefixes to avoid expectation of "ROLE_" GrantedAuthoritys + Added pluggable AuthenticationEntryPoints to SecurityEnforcementFilter + Added Apache Ant path syntax support to SecurityEnforcementFilter + Added filter to automate web channel requirements (eg HTTPS redirection) + Updated JAR to Spring 1.0.1 + Updated several classes to use absolute (not relative) redirection URLs + Refactored filters to use Spring application context lifecycle support + Improved constructor detection of nulls in User and other key objects + Fixed FilterInvocation.getRequestUrl() to also include getPathInfo() + Fixed Contacts sample application tags + Established acegisecurity-developer mailing list + Documentation improvements + Added HTTP session authentication as an alternative to container adapters + Added HTTP request security interceptor (offers considerable flexibility) + Added security taglib + Added Clover test coverage instrumentation (currently 97.2%) + Added support for Catalina (Tomcat) 4.1.30 to in-container integration tests + Added HTML test and summary reporting to in-container integration tests + Updated JARs to Spring Framework release 1.0, with associated AOP changes + Updated to Apache License version 2.0 + Updated copyright with permission of past contributors + Refactored unit tests to use mock objects and focus on a single class each + Refactored many classes to enable insertion of mock objects during testing + Refactored core classes to ease support of new secure object types + Changed package layout to better describe the role of contained items + Changed the extractor to extract additional classes from JBoss and Catalina + Changed Jetty container adapter configuration (see reference documentation) + Improved AutoIntegrationFilter handling of deployments without JBoss JARs + Fixed case handling support in data access object authentication provider + Documentation improvements + Added "in container" unit test system for container adapters and sample app + Added library extractor tool to reduce the "with deps" ZIP release sizes + Added unit test to the attributes sample + Added Jalopy source formatting + Modified all files to use net.sf.acegisecurity namespace + Renamed springsecurity.xml to acegisecurity.xml for consistency + Reduced length of ZIP and JAR filenames + Clarified licenses and sources for all included libraries + Updated documentation to reflect new file and package names + Setup Sourceforge.net project and added to CVS etc + + Added Commons Attributes support and sample (thanks to Cameron Braid) + Added JBoss container adapter + Added Resin container adapter + Added JDBC DAO authentication provider + Added several filter implementations for container adapter integration + Added SecurityInterceptor startup time validation of ConfigAttributes + Added more unit tests + Refactored ConfigAttribute to interface and added concrete implementation + Enhanced diagnostics information provided by sample application debug.jsp + Modified sample application for wider container portability (Resin, JBoss) + Fixed switch block in voting decision manager implementations + Removed Spring MVC interceptor for container adapter integration + Documentation improvements + + Initial public release