|
|
@@ -1,185 +0,0 @@
|
|
|
-Changes in version 0.7 (2004-xx-xx)
|
|
|
------------------------------------
|
|
|
-
|
|
|
-* Major CVS repository restructure to support Maven and eliminate libraries
|
|
|
-* Major improvements to Contacts sample application (now demos ACL security)
|
|
|
-* Added AfterInvocationManager to mutate objects return from invocations
|
|
|
-* Added BasicAclEntryAfterInvocationProvider to ACL evaluate returned Object
|
|
|
-* Added BasicAclEntryAfterInvocationCollectionFilteringProvider
|
|
|
-* Added security propagation during RMI invocations (from sandbox)
|
|
|
-* Added security propagation for Spring's HTTP invoker
|
|
|
-* Added BasicAclEntryVoter, which votes based on AclManager permissions
|
|
|
-* Added AspectJ support (especially useful for instance-level security)
|
|
|
-* Added MethodDefinitionSourceAdvisor for performance and autoproxying
|
|
|
-* Added MethodDefinitionMap querying of interfaces defined by secure objects
|
|
|
-* Added AuthenticationProcessingFilter.setDetails for use by subclasses
|
|
|
-* Added 403-causing exception to HttpSession via SecurityEnforcementFilter
|
|
|
-* Added net.sf.acegisecurity.intercept.event package
|
|
|
-* Added BasicAclExtendedDao interface and JdbcExtendedDaoImpl for ACL CRUD
|
|
|
-* Added additional remoting protocol demonstrations to Contacts sample
|
|
|
-* Improved BasicAclProvider to only respond to specified ACL object requests
|
|
|
-* Refactored MethodDefinitionSource to work with Method, not MethodInvocation
|
|
|
-* Refactored AbstractSecurityInterceptor to better support other AOP libraries
|
|
|
-* Fixed AbstractProcessingFilter to use removeAttribute (JRun compatibility)
|
|
|
-* Fixed GrantedAuthorityEffectiveAclResolver support of UserDetails principals
|
|
|
-* Moved MethodSecurityInterceptor to ...intercept.method.aopalliance package
|
|
|
-* Documentation improvements
|
|
|
-
|
|
|
-Changes in version 0.6.1 (2004-09-25)
|
|
|
--------------------------------------
|
|
|
-
|
|
|
-* Resolved to use http://apr.apache.org/versioning.html for future versioning
|
|
|
-* Added additional DaoAuthenticationProvider event when user not found
|
|
|
-* Added Authentication.getDetails() to DaoAuthenticationProvider response
|
|
|
-* Added DaoAuthenticationProvider.hideUserNotFoundExceptions (default=true)
|
|
|
-* Added PasswordAuthenticationProvider for password-validating DAOs (eg LDAP)
|
|
|
-* Added FilterToBeanProxy compatibility with ContextLoaderServlet (lazy inits)
|
|
|
-* Added convenience methods to ConfigAttributeDefinition
|
|
|
-* Improved sample applications' bean reference notation
|
|
|
-* Clarified contract for ObjectDefinitionSource.getAttributes(Object)
|
|
|
-* Extracted removeUserFromCache(String) to UserCache interface
|
|
|
-* Improved ConfigAttributeEditor so it trims preceding and trailing spaces
|
|
|
-* Refactored UsernamePasswordAuthenticationToken.getDetails() to Object
|
|
|
-* Fixed MethodDefinitionAttributes to implement ObjectDefinitionSource change
|
|
|
-* Fixed EH-CACHE-based caching implementation behaviour when cache exists
|
|
|
-* Fixed Ant "release" target not including project.properties
|
|
|
-* Fixed GrantedAuthorityEffectiveAclsResolver if null ACLs provided to method
|
|
|
-* Documentation improvements
|
|
|
-
|
|
|
-Changes in version 0.6 (2004-08-09)
|
|
|
------------------------------------
|
|
|
-
|
|
|
-* Added domain object instance access control list (ACL) packages
|
|
|
-* Added feature so DaoAuthenticationProvider returns User in Authentication
|
|
|
-* Added AbstractIntegrationFilter.secureContext property for custom contexts
|
|
|
-* Added stack trace logging to SecurityEnforcementFilter
|
|
|
-* Added exception-specific target URLs to AbstractProcessingFilter
|
|
|
-* Added JdbcDaoImpl hook so subclasses can insert custom granted authorities
|
|
|
-* Added AuthenticationProvider that wraps JAAS login modules
|
|
|
-* Added support for EL expressions in the authz tag library
|
|
|
-* Added failed Authentication object to AuthenticationExceptions
|
|
|
-* Added signed JARs to all official release builds (see readme.txt)
|
|
|
-* Added remote client authentication validation package
|
|
|
-* Added protected sendAccessDeniedError method to SecurityEnforcementFilter
|
|
|
-* Updated Authentication to be serializable (Weblogic support)
|
|
|
-* Updated JAR to Spring 1.1 RC 1
|
|
|
-* Updated to Clover 1.3
|
|
|
-* Updated to HSQLDB version 1.7.2 Release Candidate 6D
|
|
|
-* Refactored User to net.sf.acegisecurity.UserDetails interface
|
|
|
-* Refactored CAS package to store UserDetails in CasAuthenticationToken
|
|
|
-* Improved organisation of DaoAuthenticationProvider to facilitate subclassing
|
|
|
-* Improved test coverage (now 98.3%)
|
|
|
-* Improved JDBC-based tests to use in-memory database rather than filesystem
|
|
|
-* Fixed Linux compatibility issues (directory case sensitivity etc)
|
|
|
-* Fixed AbstractProcessingFilter to handle servlet spec container differences
|
|
|
-* Fixed AbstractIntegrationFilter to resolve a Weblogic compatibility issue
|
|
|
-* Fixed CasAuthenticationToken if proxy granting ticket callback not requested
|
|
|
-* Fixed EH-CACHE handling on web context refresh
|
|
|
-* Documentation improvements
|
|
|
-
|
|
|
-Changes in version 0.51 (2004-06-06)
|
|
|
-------------------------------------
|
|
|
-
|
|
|
-* Added samples/quick-start
|
|
|
-* Added NullRunAsManager and made default for AbstractSecurityInterceptor
|
|
|
-* Added event notification (see net.sf.acegisecurity.providers.dao.event)
|
|
|
-* Updated JAR to Spring 1.0.2
|
|
|
-* Updated JAR to Commons Attributes CVS snapshot from Spring 1.0.2 release
|
|
|
-* Updated GrantedAuthorityImpl to be serializable (JBoss support)
|
|
|
-* Updated Authentication interface to present extra details for a request
|
|
|
-* Updated Authentication interface to subclass java.security.Principal
|
|
|
-* Refactored DaoAuthenticationProvider caching (refer to reference docs)
|
|
|
-* Improved HttpSessionIntegrationFilter to manage additional attributes
|
|
|
-* Improved URL encoding during redirects
|
|
|
-* Fixed issue with hot deploy of EhCacheBasedTicketCache (used with CAS)
|
|
|
-* Fixed issue with NullPointerExceptions in taglib
|
|
|
-* Removed DaoAuthenticationToken and session-based caching
|
|
|
-* Documentation improvements
|
|
|
-* Upgrade Note: DaoAuthenticationProvider no longer has a "key" property
|
|
|
-
|
|
|
-Changes in version 0.5 (2004-04-29)
|
|
|
------------------------------------
|
|
|
-
|
|
|
-* Added single sign on support via Yale Central Authentication Service (CAS)
|
|
|
-* Added full support for HTTP Basic Authentication
|
|
|
-* Added caching for DaoAuthenticationProvider successful authentications
|
|
|
-* Added Burlap and Hessian remoting to Contacts sample application
|
|
|
-* Added pluggable password encoders including plaintext, SHA and MD5
|
|
|
-* Added pluggable salt sources to enhance security of hashed passwords
|
|
|
-* Added FilterToBeanProxy to obtain filters from Spring application context
|
|
|
-* Added support for prepending strings to roles created by JdbcDaoImpl
|
|
|
-* Added support for user definition of SQL statements used by JdbcDaoImpl
|
|
|
-* Added definable prefixes to avoid expectation of "ROLE_" GrantedAuthoritys
|
|
|
-* Added pluggable AuthenticationEntryPoints to SecurityEnforcementFilter
|
|
|
-* Added Apache Ant path syntax support to SecurityEnforcementFilter
|
|
|
-* Added filter to automate web channel requirements (eg HTTPS redirection)
|
|
|
-* Updated JAR to Spring 1.0.1
|
|
|
-* Updated several classes to use absolute (not relative) redirection URLs
|
|
|
-* Refactored filters to use Spring application context lifecycle support
|
|
|
-* Improved constructor detection of nulls in User and other key objects
|
|
|
-* Fixed FilterInvocation.getRequestUrl() to also include getPathInfo()
|
|
|
-* Fixed Contacts sample application <A></A> tags
|
|
|
-* Established acegisecurity-developer mailing list
|
|
|
-* Documentation improvements
|
|
|
-
|
|
|
-Changes in version 0.4 (2004-04-03)
|
|
|
------------------------------------
|
|
|
-
|
|
|
-* Added HTTP session authentication as an alternative to container adapters
|
|
|
-* Added HTTP request security interceptor (offers considerable flexibility)
|
|
|
-* Added security taglib
|
|
|
-* Added Clover test coverage instrumentation (currently 97.2%)
|
|
|
-* Added support for Catalina (Tomcat) 4.1.30 to in-container integration tests
|
|
|
-* Added HTML test and summary reporting to in-container integration tests
|
|
|
-* Updated JARs to Spring Framework release 1.0, with associated AOP changes
|
|
|
-* Updated to Apache License version 2.0
|
|
|
-* Updated copyright with permission of past contributors
|
|
|
-* Refactored unit tests to use mock objects and focus on a single class each
|
|
|
-* Refactored many classes to enable insertion of mock objects during testing
|
|
|
-* Refactored core classes to ease support of new secure object types
|
|
|
-* Changed package layout to better describe the role of contained items
|
|
|
-* Changed the extractor to extract additional classes from JBoss and Catalina
|
|
|
-* Changed Jetty container adapter configuration (see reference documentation)
|
|
|
-* Improved AutoIntegrationFilter handling of deployments without JBoss JARs
|
|
|
-* Fixed case handling support in data access object authentication provider
|
|
|
-* Documentation improvements
|
|
|
-
|
|
|
-Changes in version 0.3 (2004-03-16)
|
|
|
------------------------------------
|
|
|
-
|
|
|
-* Added "in container" unit test system for container adapters and sample app
|
|
|
-* Added library extractor tool to reduce the "with deps" ZIP release sizes
|
|
|
-* Added unit test to the attributes sample
|
|
|
-* Added Jalopy source formatting
|
|
|
-* Modified all files to use net.sf.acegisecurity namespace
|
|
|
-* Renamed springsecurity.xml to acegisecurity.xml for consistency
|
|
|
-* Reduced length of ZIP and JAR filenames
|
|
|
-* Clarified licenses and sources for all included libraries
|
|
|
-* Updated documentation to reflect new file and package names
|
|
|
-* Setup Sourceforge.net project and added to CVS etc
|
|
|
-
|
|
|
-Changes in version 0.2 (2004-03-10)
|
|
|
------------------------------------
|
|
|
-
|
|
|
-* Added Commons Attributes support and sample (thanks to Cameron Braid)
|
|
|
-* Added JBoss container adapter
|
|
|
-* Added Resin container adapter
|
|
|
-* Added JDBC DAO authentication provider
|
|
|
-* Added several filter implementations for container adapter integration
|
|
|
-* Added SecurityInterceptor startup time validation of ConfigAttributes
|
|
|
-* Added more unit tests
|
|
|
-* Refactored ConfigAttribute to interface and added concrete implementation
|
|
|
-* Enhanced diagnostics information provided by sample application debug.jsp
|
|
|
-* Modified sample application for wider container portability (Resin, JBoss)
|
|
|
-* Fixed switch block in voting decision manager implementations
|
|
|
-* Removed Spring MVC interceptor for container adapter integration
|
|
|
-* Documentation improvements
|
|
|
-
|
|
|
-Changes in version 0.1 (2004-03-03)
|
|
|
------------------------------------
|
|
|
-
|
|
|
-* Initial public release
|
|
|
-
|
|
|
-
|
|
|
-
|
|
|
-$Id$
|
Ben Alex