Major CVS repository restructure to support Maven and eliminate libraries Major improvements to Contacts sample application (now demos ACL security) Added AfterInvocationManager to mutate objects return from invocations Added BasicAclEntryAfterInvocationProvider to ACL evaluate returned Object Added BasicAclEntryAfterInvocationCollectionFilteringProvider Added security propagation during RMI invocations (from sandbox) Added security propagation for Spring's HTTP invoker Added BasicAclEntryVoter, which votes based on AclManager permissions Added AspectJ support (especially useful for instance-level security) Added MethodDefinitionSourceAdvisor for performance and autoproxying Added MethodDefinitionMap querying of interfaces defined by secure objects Added AuthenticationProcessingFilter.setDetails for use by subclasses Added 403-causing exception to HttpSession via SecurityEnforcementFilter Added net.sf.acegisecurity.intercept.event package Added BasicAclExtendedDao interface and JdbcExtendedDaoImpl for ACL CRUD Added additional remoting protocol demonstrations to Contacts sample Added AbstractProcessingFilter property to always use defaultTargetUrl Improved BasicAclProvider to only respond to specified ACL object requests Refactored MethodDefinitionSource to work with Method, not MethodInvocation Refactored AbstractSecurityInterceptor to better support other AOP libraries Improved performance of JBoss container adapter (see reference docs) Made DaoAuthenticationProvider detect null in Authentication.principal Improved JaasAuthenticationProvider startup error detection Refactored EH-CACHE implementations to use Spring IoC defined caches instead Fixed AbstractProcessingFilter to use removeAttribute (JRun compatibility) Fixed GrantedAuthorityEffectiveAclResolver support of UserDetails principals Moved MethodSecurityInterceptor to ...intercept.method.aopalliance package Documentation improvements Test coverage improvements Resolved to use http://apr.apache.org/versioning.html for future versioning Added additional DaoAuthenticationProvider event when user not found Added Authentication.getDetails() to DaoAuthenticationProvider response Added DaoAuthenticationProvider.hideUserNotFoundExceptions (default=true) Added PasswordAuthenticationProvider for password-validating DAOs (eg LDAP) Added FilterToBeanProxy compatibility with ContextLoaderServlet (lazy inits) Added convenience methods to ConfigAttributeDefinition Improved sample applications' bean reference notation Clarified contract for ObjectDefinitionSource.getAttributes(Object) Extracted removeUserFromCache(String) to UserCache interface Improved ConfigAttributeEditor so it trims preceding and trailing spaces Refactored UsernamePasswordAuthenticationToken.getDetails() to Object Fixed MethodDefinitionAttributes to implement ObjectDefinitionSource change Fixed EH-CACHE-based caching implementation behaviour when cache exists Fixed Ant "release" target not including project.properties Fixed GrantedAuthorityEffectiveAclsResolver if null ACLs provided to method Documentation improvements Added domain object instance access control list (ACL) packages Added feature so DaoAuthenticationProvider returns User in Authentication Added AbstractIntegrationFilter.secureContext property for custom contexts Added stack trace logging to SecurityEnforcementFilter Added exception-specific target URLs to AbstractProcessingFilter Added JdbcDaoImpl hook so subclasses can insert custom granted authorities Added AuthenticationProvider that wraps JAAS login modules Added support for EL expressions in the authz tag library Added failed Authentication object to AuthenticationExceptions Added signed JARs to all official release builds (see readme.txt) Added remote client authentication validation package Added protected sendAccessDeniedError method to SecurityEnforcementFilter Updated Authentication to be serializable (Weblogic support) Updated JAR to Spring 1.1 RC 1 Updated to Clover 1.3 Updated to HSQLDB version 1.7.2 Release Candidate 6D Refactored User to net.sf.acegisecurity.UserDetails interface Refactored CAS package to store UserDetails in CasAuthenticationToken Improved organisation of DaoAuthenticationProvider to facilitate subclassing Improved test coverage (now 98.3%) Improved JDBC-based tests to use in-memory database rather than filesystem Fixed Linux compatibility issues (directory case sensitivity etc) Fixed AbstractProcessingFilter to handle servlet spec container differences Fixed AbstractIntegrationFilter to resolve a Weblogic compatibility issue Fixed CasAuthenticationToken if proxy granting ticket callback not requested Fixed EH-CACHE handling on web context refresh Documentation improvements Added samples/quick-start Added NullRunAsManager and made default for AbstractSecurityInterceptor Added event notification (see net.sf.acegisecurity.providers.dao.event) Updated JAR to Spring 1.0.2 Updated JAR to Commons Attributes CVS snapshot from Spring 1.0.2 release Updated GrantedAuthorityImpl to be serializable (JBoss support) Updated Authentication interface to present extra details for a request Updated Authentication interface to subclass java.security.Principal Refactored DaoAuthenticationProvider caching (refer to reference docs) Improved HttpSessionIntegrationFilter to manage additional attributes Improved URL encoding during redirects Fixed issue with hot deploy of EhCacheBasedTicketCache (used with CAS) Fixed issue with NullPointerExceptions in taglib Removed DaoAuthenticationToken and session-based caching Documentation improvements Upgrade Note: DaoAuthenticationProvider no longer has a "key" property Added single sign on support via Yale Central Authentication Service (CAS) Added full support for HTTP Basic Authentication Added caching for DaoAuthenticationProvider successful authentications Added Burlap and Hessian remoting to Contacts sample application Added pluggable password encoders including plaintext, SHA and MD5 Added pluggable salt sources to enhance security of hashed passwords Added FilterToBeanProxy to obtain filters from Spring application context Added support for prepending strings to roles created by JdbcDaoImpl Added support for user definition of SQL statements used by JdbcDaoImpl Added definable prefixes to avoid expectation of "ROLE_" GrantedAuthoritys Added pluggable AuthenticationEntryPoints to SecurityEnforcementFilter Added Apache Ant path syntax support to SecurityEnforcementFilter Added filter to automate web channel requirements (eg HTTPS redirection) Updated JAR to Spring 1.0.1 Updated several classes to use absolute (not relative) redirection URLs Refactored filters to use Spring application context lifecycle support Improved constructor detection of nulls in User and other key objects Fixed FilterInvocation.getRequestUrl() to also include getPathInfo() Fixed Contacts sample application tags Established acegisecurity-developer mailing list Documentation improvements Added HTTP session authentication as an alternative to container adapters Added HTTP request security interceptor (offers considerable flexibility) Added security taglib Added Clover test coverage instrumentation (currently 97.2%) Added support for Catalina (Tomcat) 4.1.30 to in-container integration tests Added HTML test and summary reporting to in-container integration tests Updated JARs to Spring Framework release 1.0, with associated AOP changes Updated to Apache License version 2.0 Updated copyright with permission of past contributors Refactored unit tests to use mock objects and focus on a single class each Refactored many classes to enable insertion of mock objects during testing Refactored core classes to ease support of new secure object types Changed package layout to better describe the role of contained items Changed the extractor to extract additional classes from JBoss and Catalina Changed Jetty container adapter configuration (see reference documentation) Improved AutoIntegrationFilter handling of deployments without JBoss JARs Fixed case handling support in data access object authentication provider Documentation improvements Added "in container" unit test system for container adapters and sample app Added library extractor tool to reduce the "with deps" ZIP release sizes Added unit test to the attributes sample Added Jalopy source formatting Modified all files to use net.sf.acegisecurity namespace Renamed springsecurity.xml to acegisecurity.xml for consistency Reduced length of ZIP and JAR filenames Clarified licenses and sources for all included libraries Updated documentation to reflect new file and package names Setup Sourceforge.net project and added to CVS etc Added Commons Attributes support and sample (thanks to Cameron Braid) Added JBoss container adapter Added Resin container adapter Added JDBC DAO authentication provider Added several filter implementations for container adapter integration Added SecurityInterceptor startup time validation of ConfigAttributes Added more unit tests Refactored ConfigAttribute to interface and added concrete implementation Enhanced diagnostics information provided by sample application debug.jsp Modified sample application for wider container portability (Resin, JBoss) Fixed switch block in voting decision manager implementations Removed Spring MVC interceptor for container adapter integration Documentation improvements Initial public release