|
|
@@ -2,16 +2,59 @@
|
|
|
Spring Security
|
|
|
--------------------------------
|
|
|
|
|
|
-What is Spring Security?
|
|
|
+Spring Security
|
|
|
|
|
|
- Formerly the Acegi Security System for Spring (which became an official Spring
|
|
|
- Portfolio project towards the end of 2007), Spring Security provides powerful and
|
|
|
+ Formerly the Acegi Security System for Spring, Spring Security provides powerful and
|
|
|
flexible security solutions for enterprise applications developed using the Spring Framework.
|
|
|
It is a stable and mature product - Acegi Security 1.0.0 was released in May 2006 after more than two and a half
|
|
|
- years of use in large production software projects.
|
|
|
+ years of use in large production software projects and adopted as an official Spring sub-project on its release.
|
|
|
|
|
|
- Spring Security 2.0 builds on Acegi Security's solid foundations, adding new features such as a simplified
|
|
|
- namespace configuration syntax.
|
|
|
-
|
|
|
+ Spring Security 2.0.0 builds on Acegi Security's solid foundations, adding many new features:
|
|
|
+
|
|
|
+ * Simplified namespace-based configuration syntax. Old configurations
|
|
|
+ could require hundreds of lines of XML but our new convention over configuration
|
|
|
+ approach ensures that many deployments will now require less than 10 lines.
|
|
|
+
|
|
|
+ * OpenID integration, which is the web's emerging single sign on
|
|
|
+ standard (supported by Google, IBM, Sun, Yahoo and others)
|
|
|
+
|
|
|
+ * Windows NTLM support, providing easy enterprise-wide single sign on
|
|
|
+ against Windows corporate networks
|
|
|
+
|
|
|
+ * Support for JSR 250 ("EJB 3") security annotations, delivering a
|
|
|
+ standards-based model for authorization metadata
|
|
|
+
|
|
|
+ * AspectJ pointcut expression language support, allowing developers to
|
|
|
+ apply cross-cutting security logic across their Spring managed objects
|
|
|
+
|
|
|
+ * Substantial improvements to the high-performance domain object
|
|
|
+ instance security ("ACL") capabilities
|
|
|
+
|
|
|
+ * Comprehensive support for RESTful web request authorization, which
|
|
|
+ works well with Spring 2.5's @MVC model for building RESTful systems
|
|
|
+
|
|
|
+ * Long-requested support for groups, hierarchical roles and a user
|
|
|
+ management API, which all combine to reduce development time and
|
|
|
+ significantly improve system administration
|
|
|
+
|
|
|
+ * An improved, database-backed "remember me" implementation
|
|
|
+
|
|
|
+ * Support for portlet authentication out-of-the-box
|
|
|
+
|
|
|
+ * Support for additional languages
|
|
|
+
|
|
|
+ * Numerous other general improvements, documentation and new samples
|
|
|
+
|
|
|
+ * New support for web state and flow transition authorization through
|
|
|
+ the Spring Web Flow 2.0 release
|
|
|
+
|
|
|
+ * New support for visualizing secured methods, plus configuration
|
|
|
+ auto-completion support in Spring IDE
|
|
|
+
|
|
|
+ * Enhanced WSS (formerly WS-Security) support through the Spring Web
|
|
|
+ Services 1.5 release
|
|
|
+
|
|
|
+ * Updated support for CAS single sign-on (CAS 3 is now supported).
|
|
|
|
|
|
- ~~ TODO: Expand based on original Acegi page.
|
|
|
+
|
|
|
+ ~~ TODO: Expand based on original Acegi page to supply full feature set.
|
Luke Taylor