Changes in version 0.5 (2004-xx-xx) ----------------------------------- * Added single sign on support via Yale Central Authentication Service (CAS) * Added full support for HTTP Basic Authentication * Added Burlap and Hessian remoting to Contacts sample application * Added pluggable password encoders including plaintext, SHA and MD5 * Added pluggable salt sources to enhance security of hashed passwords * Added FilterToBeanProxy to obtain filters from Spring application context * Added support for prepending strings to roles created by JdbcDaoImpl * Added support for user definition of SQL statements used by JdbcDaoImpl * Added definable prefixes to avoid expectation of "ROLE_" GrantedAuthoritys * Added pluggable AuthenticationEntryPoints to SecurityEnforcementFilter * Added Apache Ant path syntax support to SecurityEnforcementFilter * Updated JAR to Spring 1.0.1 * Refactored filters to use Spring application context lifecycle support * Fixed FilterInvocation.getRequestUrl() to also include getPathInfo() * Fixed Contacts sample application tags * Established acegisecurity-developer mailing list * Documentation improvements Changes in version 0.4 (2004-04-03) ----------------------------------- * Added HTTP session authentication as an alternative to container adapters * Added HTTP request security interceptor (offers considerable flexibility) * Added security taglib * Added Clover test coverage instrumentation (currently 97.2%) * Added support for Catalina (Tomcat) 4.1.30 to in-container integration tests * Added HTML test and summary reporting to in-container integration tests * Updated JARs to Spring Framework release 1.0, with associated AOP changes * Updated to Apache License version 2.0 * Updated copyright with permission of past contributors * Refactored unit tests to use mock objects and focus on a single class each * Refactored many classes to enable insertion of mock objects during testing * Refactored core classes to ease support of new secure object types * Changed package layout to better describe the role of contained items * Changed the extractor to extract additional classes from JBoss and Catalina * Changed Jetty container adapter configuration (see reference documentation) * Improved AutoIntegrationFilter handling of deployments without JBoss JARs * Fixed case handling support in data access object authentication provider * Documentation improvements Changes in version 0.3 (2004-03-16) ----------------------------------- * Added "in container" unit test system for container adapters and sample app * Added library extractor tool to reduce the "with deps" ZIP release sizes * Added unit test to the attributes sample * Added Jalopy source formatting * Modified all files to use net.sf.acegisecurity namespace * Renamed springsecurity.xml to acegisecurity.xml for consistency * Reduced length of ZIP and JAR filenames * Clarified licenses and sources for all included libraries * Updated documentation to reflect new file and package names * Setup Sourceforge.net project and added to CVS etc Changes in version 0.2 (2004-03-10) ----------------------------------- * Added Commons Attributes support and sample (thanks to Cameron Braid) * Added JBoss container adapter * Added Resin container adapter * Added JDBC DAO authentication provider * Added several filter implementations for container adapter integration * Added SecurityInterceptor startup time validation of ConfigAttributes * Added more unit tests * Refactored ConfigAttribute to interface and added concrete implementation * Enhanced diagnostics information provided by sample application debug.jsp * Modified sample application for wider container portability (Resin, JBoss) * Fixed switch block in voting decision manager implementations * Removed Spring MVC interceptor for container adapter integration * Documentation improvements Changes in version 0.1 (2004-03-03) ----------------------------------- * Initial public release $Id$