Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-01 10:59:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updates for release 0.6.1.

Browse Source
This commit is contained in:
Ben Alex 2004-09-25 02:23:10 +00:00
parent 6b54784915
commit c8a7c18814
3 changed files with 78 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
changelog.txt
View File

@ -1,6 +1,7 @@
Changes in version 0.x (2004-xx-xx)
-----------------------------------
Changes in version 0.6.1 (2004-09-25)
-------------------------------------
* Resolved to use http://apr.apache.org/versioning.html for future versioning
* Added additional DaoAuthenticationProvider event when user not found
* Added Authentication.getDetails() to DaoAuthenticationProvider response
* Added DaoAuthenticationProvider.hideUserNotFoundExceptions (default=true)

94
docs/reference/src/index.xml
View File

@ -7,7 +7,7 @@
<subtitle>Reference Documentation</subtitle>
<releaseinfo>0.6</releaseinfo>
<releaseinfo>0.6.1</releaseinfo>
<authorgroup>
<author>
@ -74,6 +74,61 @@
The security architecture does not have a notion of roles or groups,
which you may be familiar with from other security
implementations.</para>
<sect2 id="security-introduction-status">
<title>Current Status</title>
<para>The Acegi Security System for Spring is widely used by members
of the Spring Community. The APIs are considered stable and only minor
changes are expected. Having said that, like many other projects we
need to strike a balance between backward compatibility and
improvement. Effective version 0.6.1, Acegi Security uses the Apache
Portable Runtime Project versioning guidelines, available from
<literal>http://apr.apache.org/versioning.html</literal>.</para>
<para>Some improvements are currently intended prior to the 1.0.0
release. These are:</para>
<itemizedlist spacing="compact">
<listitem>
<para>Replacing the Ant build with a Maven build. When this
happens the <literal>lib</literal> directory will no longer be
distributed in ZIP releases or hosted in CVS.</para>
</listitem>
<listitem>
<para>"Remember me" functionality. Some discussion on this can be
found at
<literal>http://sourceforge.net/mailarchive/forum.php?thread_id=5177499&amp;forum_id=40659</literal>.</para>
</listitem>
<listitem>
<para>A sample web application which demonstrates the access
control list package.</para>
</listitem>
<listitem>
<para>Implementation of an
<literal>ObjectDefinitionSource</literal> that retrieves its
details from a database.</para>
</listitem>
<listitem>
<para>Deprecation of Acegi Security's various EH-CACHE-based cache
implementations. Instead Acegi Security will provide new cache
implementations which use Spring Framework's new (currently in
CVS) <literal>EhCacheManagerFactoryBean</literal> factory. The
deprecated classes may be removed from the 1.0.0 release.</para>
</listitem>
</itemizedlist>
<para>Whilst this list is subject to change and not in any particular
order, none of the above improvements are likely to result in changes
to the API. The improvements are also relatively minor to implement.
Users of Acegi Security System for Spring should therefore be
comfortable depending on the current version of the project in their
applications.</para>
</sect2>
</sect1>
<sect1 id="security-high-level-design">
@ -1596,9 +1651,10 @@ public boolean supports(Class clazz);</programlisting></para>
<literal>ifNotGranted="ROLE_SUPERVISOR"</literal>, or you'll be
surprised to never see the tag's body.</para>
<para>By requiring all attributes to return true, the authorize tag allows you to
create more complex authorization scenarios. For example, you could
declare an <literal>ifAllGranted="ROLE_SUPERVISOR"</literal> and an
<para>By requiring all attributes to return true, the authorize tag
allows you to create more complex authorization scenarios. For
example, you could declare an
<literal>ifAllGranted="ROLE_SUPERVISOR"</literal> and an
<literal>ifNotGranted="ROLE_NEWBIE_SUPERVISOR"</literal> in the same
tag, in order to prevent new supervisors from seeing the tag body.
However it would no doubt be simpler to use
@ -1632,12 +1688,12 @@ public boolean supports(Class clazz);</programlisting></para>
</listitem>
<listitem>
<para>Writing an <literal>AccessDecisionVoter</literal> implementation
and using either <literal>ConsensusBased</literal>,
<para>Writing an <literal>AccessDecisionVoter</literal>
implementation and using either <literal>ConsensusBased</literal>,
<literal>AffirmativeBased</literal> or
<literal>UnanimousBased</literal> as the
<literal>AccessDecisionManager</literal> may be the best approach to
implementing your custom access decision rules.</para>
<literal>AccessDecisionManager</literal> may be the best approach
to implementing your custom access decision rules.</para>
</listitem>
</itemizedlist>
</sect2>
@ -1755,8 +1811,8 @@ public boolean supports(Class clazz);</programlisting></para>
objects at runtime. However, several classes have been provided to
make this process transparent in many situations.</para>
<para>The <literal>net.sf.acegisecurity.ui</literal> package is designed
to make interfacing web application user interfaces with the
<para>The <literal>net.sf.acegisecurity.ui</literal> package is
designed to make interfacing web application user interfaces with the
<literal>ContextHolder</literal> as simple as possible. There are two
major steps in doing this:</para>
@ -2453,10 +2509,9 @@ $CATALINA_HOME/bin/startup.sh</programlisting></para>
into some type of backend authentication repository, such as an LDAP
server or database.</para>
<para>If you are already running an existing CAS server instance,
you will have already
established a <literal>PasswordHandler</literal>. If you do not
already have a <literal>PasswordHandler</literal>, you
<para>If you are already running an existing CAS server instance, you
will have already established a <literal>PasswordHandler</literal>. If
you do not already have a <literal>PasswordHandler</literal>, you
might prefer to use the Acegi Security System for Spring
<literal>CasPasswordHandler</literal> class. This class delegates
through to the standard Acegi Security
@ -2922,8 +2977,6 @@ $CATALINA_HOME/bin/startup.sh</programlisting></para>
<sect2 id="security-cas-advanced-usage">
<title>Advanced CAS Usage</title>
<para>[DRAFT - COMMENTS WELCOME]</para>
<para>The <literal>CasAuthenticationProvider</literal> distinguishes
between stateful and stateless clients. A stateful client is
considered any that originates via the
@ -3817,10 +3870,11 @@ INSERT INTO acl_permission VALUES (null, 6, 'scott', 1);</programlisting></para>
<title>Further Information</title>
<para>Questions and comments on the Acegi Security System for Spring are
welcome. Please direct comments to the Spring Users mailing list. You're
also welcome to join the acegisecurity-developer mailing list. Our
project home page (where you can obtain the latest release of the
project and access to CVS, mailing lists etc) is at
welcome. Please use the Spring Community Forum web site at
<literal>http://forum.springframework.org</literal>. You're also welcome
to join the acegisecurity-developer mailing list. Our project home page
(where you can obtain the latest release of the project and access to
CVS, mailing lists, forums etc) is at
<literal>http://acegisecurity.sourceforge.net</literal>.</para>
</sect1>
</chapter>

2
project.properties
View File

@ -6,7 +6,7 @@
# $Id$
# Project version
acegi-security-version=0.6
acegi-security-version=0.6.1
# Project name
name=acegi-security-system-for-spring