Correct <A HREF> tags to use proper URL encoding.

changelog.txt

@@ -1,13 +1,22 @@
 Changes in version 0.5 (2004-xx-xx)
 -----------------------------------
 
-* Added support for HTTP Basic Authentication
+* Added single sign on support via Yale Central Authentication Service (CAS)
+* Added full support for HTTP Basic Authentication
 * Added Burlap and Hessian remoting to Contacts sample application
-* AuthenticationProcessingFilter by default finds configuration context using Spring's WebApplicationContextUtils.getWebApplicationContext()
-* AuthenticationProcessingFilter context may optionally be specified with 'contextConfigLocation' param (was previously 'appContextLocation')
-* SecurityEnforcementFilter by default finds configuration context using Spring's WebApplicationContextUtils.getWebApplicationContext()
-* SecurityEnforcementFilter context may optionally be specified with 'contextConfigLocation' param (was previously 'appContextLocation')
-* SecurityEnforcementFilter now supports URL definitions using the Apache Ant path syntax in addition to regular expressions
+* Added pluggable password encoders including plaintext, SHA and MD5
+* Added pluggable salt sources to enhance security of hashed passwords
+* Added FilterToBeanProxy to obtain filters from Spring application context
+* Added support for prepending strings to roles created by JdbcDaoImpl
+* Added support for user definition of SQL statements used by JdbcDaoImpl
+* Added definable prefixes to avoid expectation of "ROLE_" GrantedAuthoritys
+* Added pluggable AuthenticationEntryPoints to SecurityEnforcementFilter
+* Added Apache Ant path syntax support to SecurityEnforcementFilter
+* Updated JAR to Spring 1.0.1
+* Refactored filters to use Spring application context lifecycle support
+* Fixed FilterInvocation.getRequestUrl() to also include getPathInfo()
+* Fixed Contacts sample application <A></A> tags
+* Established acegisecurity-developer mailing list
 * Documentation improvements
 
 Changes in version 0.4 (2004-04-03)

readme.txt

@@ -32,8 +32,14 @@ directory. In addition, JavaDocs are located in the docs/api directory.
 OBTAINING SUPPORT
 -------------------------------------------------------------------------------
 
-If you need any help, please post a question on the Spring Users mailing list
-or email ben.alex@acegi.com.au.
+If you need any help, please post a question on the Spring Users mailing list.
+
+If you start using Acegi Security in your project, please consider joining
+the acegisecurity-developer mailing list. This is currently the best way to
+keep informed about the project's status and provide feedback in design 
+discussions. You can join at:
+
+  https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer.
 
 
 $Id$

samples/contacts/war/WEB-INF/jsp/add.jsp

@@ -35,6 +35,6 @@
   <br><br>
   <input name="execute" type="submit" alignment="center" value="Execute">
 </form>
-<a href="<c:url value="hello.htm"/>">Home</a>
+<a href="<c:url value="../hello.htm"/>">Home</a>
 </body>
 </html>

samples/contacts/war/WEB-INF/jsp/deleted.jsp

@@ -8,6 +8,6 @@
 <code>
 <c:out value="${contact}"/>
 </code>
-<p><A HREF="index.htm">Manage</a>
+<p><a href="<c:url value="index.htm"/>">Manage</a>
 </body>
 </html>

samples/contacts/war/WEB-INF/jsp/hello.jsp

@@ -19,6 +19,7 @@ the random contact that is shown below:
 <c:out value="${contact}"/>
 </code>
 <p>
-<p><A HREF="secure/index.htm">Manage</a> <A HREF="secure/debug.jsp">Debug</a>
+<p><A HREF="<c:url value="secure/index.htm"/>">Manage</a>
+<A HREF="<c:url value="secure/debug.jsp"/>">Debug</a>
 </body>
 </html>

samples/contacts/war/WEB-INF/jsp/index.jsp

@@ -19,11 +19,11 @@
       <c:out value="${contact.email}"/>
   </td>
   <authz:authorize ifAllGranted="ROLE_SUPERVISOR">
-    <td><A HREF="del.htm?id=<c:out value="${contact.id}"/>">Del</A></td>
+    <td><A HREF="<c:url value="del.htm"><c:param name="id" value="${contact.id}"/></c:url>">Del</A></td>
   </authz:authorize>
   </tr>
 </c:forEach>
 </table>
-<p><A HREF="add.htm">Add</a>   <A HREF="../logoff.jsp">Logoff</A>
+<p><a href="<c:url value="add.htm"/>">Add</a>   <p><a href="<c:url value="../logoff.jsp"/>">Logoff</a>
 </body>
 </html>

upgrade-04-05.txt

@@ -5,21 +5,39 @@
 The following should help most casual users of the project update their
 applications:
 
-- By default, AuthenticationProcessingFilter and SecurityEnforcementFilter now
-  use Spring's WebApplicationContextUtils.getApplicationContext to load the 
-  ApplicationContext in which their respective configs may be found. Ideally,
-  move your configuration for these filters from the separate contexts you were
-  using before, to the main context used by your webapp. Alternately, the old
-  mechanism of having the filter load its own specific context is still
-  supported, but the param specifying the location of this context has been
-  changed to match the equivalent param as used by Spring's ContextLoader class.
-  If you do still want to use this approach, just rename your param from 
-  'appContextLocation' to 'contextConfigLocation'.
+- All filters are now loaded via FilterToBeanProxy. The FilterToBeanProxy
+  obtains the filter from a Spring application context via the
+  WebApplicationContextUtils.getApplicationContext() method. Refer to the
+  reference documentation to see the new configuration of filters.
+
+- SecurityEnforcementFilter now requires an AuthenticationEntryPoint.
+  Refer to the reference documentation to see the alternatives available.
+
+- Any of your login or login failure pages that previously referred to
+  AuthenticationProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY
+  should now use
+  net.sf.acegisecurity.ui.AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY
+
+- DaoAuthenticationProvider no longer provides setters for case sensitivity
+  handling. The respective AuthenticationDao implementations should decide
+  whether or not to return User instances reflecting the exact case of the
+  requested username. The new PlaintextPasswordEncoder offers a setter for
+  ignoring the password case (defaults to require exact case matches).
 
 - If you're using container adapters, please refer to the reference
   documentation as additional JARs are now required in your container
   classloader.
 
-We hope you find the new features useful in your projects.
+- Whilst not really a change needed to your program, if you're using
+  Acegi Security please consider joining the acegisecurity-developer mailing
+  list. This is currently the best way to keep informed about the project's
+  status and provide feedback in design discussions. You can join at 
+  https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer.
+  Please continue using the Spring Users mailing list for general support.
+
+There are also lots of new features you might wish to consider for your
+projects. These include CAS integration, pluggable password encoders
+(such as MD5 and SHA), along with pluggable salt sources. We hope you find
+the new features useful in your projects.
 
 $Id$