Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-01 19:09:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updates for release 0.6.1.

Browse Source
This commit is contained in:
Ben Alex 2004-09-25 02:23:10 +00:00
parent 6b54784915
commit c8a7c18814
3 changed files with 78 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
changelog.txt
View File

@ -1,6 +1,7 @@
Changes in version 0.x (2004-xx-xx) Changes in version 0.6.1 (2004-09-25)
----------------------------------- -------------------------------------
* Resolved to use http://apr.apache.org/versioning.html for future versioning
* Added additional DaoAuthenticationProvider event when user not found * Added additional DaoAuthenticationProvider event when user not found
* Added Authentication.getDetails() to DaoAuthenticationProvider response * Added Authentication.getDetails() to DaoAuthenticationProvider response
* Added DaoAuthenticationProvider.hideUserNotFoundExceptions (default=true) * Added DaoAuthenticationProvider.hideUserNotFoundExceptions (default=true)

94
docs/reference/src/index.xml
View File

@ -7,7 +7,7 @@
<subtitle>Reference Documentation</subtitle> <subtitle>Reference Documentation</subtitle>
<releaseinfo>0.6</releaseinfo> <releaseinfo>0.6.1</releaseinfo>
<authorgroup> <authorgroup>
<author> <author>
@ -74,6 +74,61 @@
The security architecture does not have a notion of roles or groups, The security architecture does not have a notion of roles or groups,
which you may be familiar with from other security which you may be familiar with from other security
implementations.</para> implementations.</para>
<sect2 id="security-introduction-status">
<title>Current Status</title>
<para>The Acegi Security System for Spring is widely used by members
of the Spring Community. The APIs are considered stable and only minor
changes are expected. Having said that, like many other projects we
need to strike a balance between backward compatibility and
improvement. Effective version 0.6.1, Acegi Security uses the Apache
Portable Runtime Project versioning guidelines, available from
<literal>http://apr.apache.org/versioning.html</literal>.</para>
<para>Some improvements are currently intended prior to the 1.0.0
release. These are:</para>
<itemizedlist spacing="compact">
<listitem>
<para>Replacing the Ant build with a Maven build. When this
happens the <literal>lib</literal> directory will no longer be
distributed in ZIP releases or hosted in CVS.</para>
</listitem>
<listitem>
<para>"Remember me" functionality. Some discussion on this can be
found at
<literal>http://sourceforge.net/mailarchive/forum.php?thread_id=5177499&amp;forum_id=40659</literal>.</para>
</listitem>
<listitem>
<para>A sample web application which demonstrates the access
control list package.</para>
</listitem>
<listitem>
<para>Implementation of an
<literal>ObjectDefinitionSource</literal> that retrieves its
details from a database.</para>
</listitem>
<listitem>
<para>Deprecation of Acegi Security's various EH-CACHE-based cache
implementations. Instead Acegi Security will provide new cache
implementations which use Spring Framework's new (currently in
CVS) <literal>EhCacheManagerFactoryBean</literal> factory. The
deprecated classes may be removed from the 1.0.0 release.</para>
</listitem>
</itemizedlist>
<para>Whilst this list is subject to change and not in any particular
order, none of the above improvements are likely to result in changes
to the API. The improvements are also relatively minor to implement.
Users of Acegi Security System for Spring should therefore be
comfortable depending on the current version of the project in their
applications.</para>
</sect2>
</sect1> </sect1>
<sect1 id="security-high-level-design"> <sect1 id="security-high-level-design">
@ -1596,9 +1651,10 @@ public boolean supports(Class clazz);</programlisting></para>
<literal>ifNotGranted="ROLE_SUPERVISOR"</literal>, or you'll be <literal>ifNotGranted="ROLE_SUPERVISOR"</literal>, or you'll be
surprised to never see the tag's body.</para> surprised to never see the tag's body.</para>
<para>By requiring all attributes to return true, the authorize tag allows you to <para>By requiring all attributes to return true, the authorize tag
create more complex authorization scenarios. For example, you could allows you to create more complex authorization scenarios. For
declare an <literal>ifAllGranted="ROLE_SUPERVISOR"</literal> and an example, you could declare an
<literal>ifAllGranted="ROLE_SUPERVISOR"</literal> and an
<literal>ifNotGranted="ROLE_NEWBIE_SUPERVISOR"</literal> in the same <literal>ifNotGranted="ROLE_NEWBIE_SUPERVISOR"</literal> in the same
tag, in order to prevent new supervisors from seeing the tag body. tag, in order to prevent new supervisors from seeing the tag body.
However it would no doubt be simpler to use However it would no doubt be simpler to use
@ -1632,12 +1688,12 @@ public boolean supports(Class clazz);</programlisting></para>
</listitem> </listitem>
<listitem> <listitem>
<para>Writing an <literal>AccessDecisionVoter</literal> implementation <para>Writing an <literal>AccessDecisionVoter</literal>
and using either <literal>ConsensusBased</literal>, implementation and using either <literal>ConsensusBased</literal>,
<literal>AffirmativeBased</literal> or <literal>AffirmativeBased</literal> or
<literal>UnanimousBased</literal> as the <literal>UnanimousBased</literal> as the
<literal>AccessDecisionManager</literal> may be the best approach to <literal>AccessDecisionManager</literal> may be the best approach
implementing your custom access decision rules.</para> to implementing your custom access decision rules.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</sect2> </sect2>
@ -1755,8 +1811,8 @@ public boolean supports(Class clazz);</programlisting></para>
objects at runtime. However, several classes have been provided to objects at runtime. However, several classes have been provided to
make this process transparent in many situations.</para> make this process transparent in many situations.</para>
<para>The <literal>net.sf.acegisecurity.ui</literal> package is designed <para>The <literal>net.sf.acegisecurity.ui</literal> package is
to make interfacing web application user interfaces with the designed to make interfacing web application user interfaces with the
<literal>ContextHolder</literal> as simple as possible. There are two <literal>ContextHolder</literal> as simple as possible. There are two
major steps in doing this:</para> major steps in doing this:</para>
@ -2453,10 +2509,9 @@ $CATALINA_HOME/bin/startup.sh</programlisting></para>
into some type of backend authentication repository, such as an LDAP into some type of backend authentication repository, such as an LDAP
server or database.</para> server or database.</para>
<para>If you are already running an existing CAS server instance, <para>If you are already running an existing CAS server instance, you
you will have already will have already established a <literal>PasswordHandler</literal>. If
established a <literal>PasswordHandler</literal>. If you do not you do not already have a <literal>PasswordHandler</literal>, you
already have a <literal>PasswordHandler</literal>, you
might prefer to use the Acegi Security System for Spring might prefer to use the Acegi Security System for Spring
<literal>CasPasswordHandler</literal> class. This class delegates <literal>CasPasswordHandler</literal> class. This class delegates
through to the standard Acegi Security through to the standard Acegi Security
@ -2922,8 +2977,6 @@ $CATALINA_HOME/bin/startup.sh</programlisting></para>
<sect2 id="security-cas-advanced-usage"> <sect2 id="security-cas-advanced-usage">
<title>Advanced CAS Usage</title> <title>Advanced CAS Usage</title>
<para>[DRAFT - COMMENTS WELCOME]</para>
<para>The <literal>CasAuthenticationProvider</literal> distinguishes <para>The <literal>CasAuthenticationProvider</literal> distinguishes
between stateful and stateless clients. A stateful client is between stateful and stateless clients. A stateful client is
considered any that originates via the considered any that originates via the
@ -3817,10 +3870,11 @@ INSERT INTO acl_permission VALUES (null, 6, 'scott', 1);</programlisting></para>
<title>Further Information</title> <title>Further Information</title>
<para>Questions and comments on the Acegi Security System for Spring are <para>Questions and comments on the Acegi Security System for Spring are
welcome. Please direct comments to the Spring Users mailing list. You're welcome. Please use the Spring Community Forum web site at
also welcome to join the acegisecurity-developer mailing list. Our <literal>http://forum.springframework.org</literal>. You're also welcome
project home page (where you can obtain the latest release of the to join the acegisecurity-developer mailing list. Our project home page
project and access to CVS, mailing lists etc) is at (where you can obtain the latest release of the project and access to
CVS, mailing lists, forums etc) is at
<literal>http://acegisecurity.sourceforge.net</literal>.</para> <literal>http://acegisecurity.sourceforge.net</literal>.</para>
</sect1> </sect1>
</chapter> </chapter>

2
project.properties
View File

@ -6,7 +6,7 @@
# $Id$ # $Id$
# Project version # Project version
acegi-security-version=0.6 acegi-security-version=0.6.1
# Project name # Project name
name=acegi-security-system-for-spring name=acegi-security-system-for-spring