Acegi security changes
  
  
    
      Major CVS repository restructure to support Maven and eliminate libraries
      Major improvements to Contacts sample application (now demos ACL security)
      Added AfterInvocationManager to mutate objects return from invocations
      Added BasicAclEntryAfterInvocationProvider to ACL evaluate returned Object
      Added BasicAclEntryAfterInvocationCollectionFilteringProvider
      Added security propagation during RMI invocations (from sandbox)
      Added security propagation for Spring's HTTP invoker
      Added BasicAclEntryVoter, which votes based on AclManager permissions
      Added AspectJ support (especially useful for instance-level security)
      Added MethodDefinitionSourceAdvisor for performance and autoproxying
      Added MethodDefinitionMap querying of interfaces defined by secure objects
      Added AuthenticationProcessingFilter.setDetails for use by subclasses
      Added 403-causing exception to HttpSession via SecurityEnforcementFilter
      Added net.sf.acegisecurity.intercept.event package
      Added BasicAclExtendedDao interface and JdbcExtendedDaoImpl for ACL CRUD
      Added additional remoting protocol demonstrations to Contacts sample
      Added AbstractProcessingFilter property to always use defaultTargetUrl
      Added ContextHolderAwareRequestWrapper to integrate with getRemoteUser()
      Improved BasicAclProvider to only respond to specified ACL object requests
      Refactored MethodDefinitionSource to work with Method, not MethodInvocation
      Refactored AbstractFilterInvocationDefinitionSource to work with URL Strings alone
      Refactored AbstractSecurityInterceptor to better support other AOP libraries
      Improved performance of JBoss container adapter (see reference docs)
      Made DaoAuthenticationProvider detect null in Authentication.principal
      Improved JaasAuthenticationProvider startup error detection
      Refactored EH-CACHE implementations to use Spring IoC defined caches instead
      AbstractProcessingFilter now has various hook methods to assist subclasses
      Fixed ambiguous column references in JdbcDaoImpl default query
      Fixed AbstractProcessingFilter to use removeAttribute (JRun compatibility)
      Fixed GrantedAuthorityEffectiveAclResolver support of UserDetails principals
      Fixed HttpSessionIntegrationFilter "cannot commit to container" during logoff
      Moved MethodSecurityInterceptor to ...intercept.method.aopalliance package
      Documentation improvements
      Test coverage improvements
    
    
      Resolved to use http://apr.apache.org/versioning.html for future versioning
      Added additional DaoAuthenticationProvider event when user not found
      Added Authentication.getDetails() to DaoAuthenticationProvider response
      Added DaoAuthenticationProvider.hideUserNotFoundExceptions (default=true)
      Added PasswordAuthenticationProvider for password-validating DAOs (eg LDAP)
      Added FilterToBeanProxy compatibility with ContextLoaderServlet (lazy inits)
      Added convenience methods to ConfigAttributeDefinition
      Improved sample applications' bean reference notation
      Clarified contract for ObjectDefinitionSource.getAttributes(Object)
      Extracted removeUserFromCache(String) to UserCache interface
      Improved ConfigAttributeEditor so it trims preceding and trailing spaces
      Refactored UsernamePasswordAuthenticationToken.getDetails() to Object
      Fixed MethodDefinitionAttributes to implement ObjectDefinitionSource change
      Fixed EH-CACHE-based caching implementation behaviour when cache exists
      Fixed Ant "release" target not including project.properties
      Fixed GrantedAuthorityEffectiveAclsResolver if null ACLs provided to method
      Documentation improvements
    
    
      Added domain object instance access control list (ACL) packages
      Added feature so DaoAuthenticationProvider returns User in Authentication
      Added AbstractIntegrationFilter.secureContext property for custom contexts
      Added stack trace logging to SecurityEnforcementFilter
      Added exception-specific target URLs to AbstractProcessingFilter
      Added JdbcDaoImpl hook so subclasses can insert custom granted authorities
      Added AuthenticationProvider that wraps JAAS login modules
      Added support for EL expressions in the authz tag library
      Added failed Authentication object to AuthenticationExceptions
      Added signed JARs to all official release builds (see readme.txt)
      Added remote client authentication validation package
      Added protected sendAccessDeniedError method to SecurityEnforcementFilter
      Updated Authentication to be serializable (Weblogic support)
      Updated JAR to Spring 1.1 RC 1
      Updated to Clover 1.3
      Updated to HSQLDB version 1.7.2 Release Candidate 6D
      Refactored User to net.sf.acegisecurity.UserDetails interface
      Refactored CAS package to store UserDetails in CasAuthenticationToken
      Improved organisation of DaoAuthenticationProvider to facilitate subclassing
      Improved test coverage (now 98.3%)
      Improved JDBC-based tests to use in-memory database rather than filesystem
      Fixed Linux compatibility issues (directory case sensitivity etc)
      Fixed AbstractProcessingFilter to handle servlet spec container differences
      Fixed AbstractIntegrationFilter to resolve a Weblogic compatibility issue
      Fixed CasAuthenticationToken if proxy granting ticket callback not requested
      Fixed EH-CACHE handling on web context refresh
      Documentation improvements
    
    
      Added samples/quick-start
      Added NullRunAsManager and made default for AbstractSecurityInterceptor
      Added event notification (see net.sf.acegisecurity.providers.dao.event)
      Updated JAR to Spring 1.0.2
      Updated JAR to Commons Attributes CVS snapshot from Spring 1.0.2 release
      Updated GrantedAuthorityImpl to be serializable (JBoss support)
      Updated Authentication interface to present extra details for a request
      Updated Authentication interface to subclass java.security.Principal
      Refactored DaoAuthenticationProvider caching (refer to reference docs)
      Improved HttpSessionIntegrationFilter to manage additional attributes
      Improved URL encoding during redirects
      Fixed issue with hot deploy of EhCacheBasedTicketCache (used with CAS)
      Fixed issue with NullPointerExceptions in taglib
      Removed DaoAuthenticationToken and session-based caching
      Documentation improvements
      Upgrade Note: DaoAuthenticationProvider no longer has a "key" property
    
    
      Added single sign on support via Yale Central Authentication Service (CAS)
      Added full support for HTTP Basic Authentication
      Added caching for DaoAuthenticationProvider successful authentications
      Added Burlap and Hessian remoting to Contacts sample application
      Added pluggable password encoders including plaintext, SHA and MD5
      Added pluggable salt sources to enhance security of hashed passwords
      Added FilterToBeanProxy to obtain filters from Spring application context
      Added support for prepending strings to roles created by JdbcDaoImpl
      Added support for user definition of SQL statements used by JdbcDaoImpl
      Added definable prefixes to avoid expectation of "ROLE_" GrantedAuthoritys
      Added pluggable AuthenticationEntryPoints to SecurityEnforcementFilter
      Added Apache Ant path syntax support to SecurityEnforcementFilter
      Added filter to automate web channel requirements (eg HTTPS redirection)
      Updated JAR to Spring 1.0.1
      Updated several classes to use absolute (not relative) redirection URLs
      Refactored filters to use Spring application context lifecycle support
      Improved constructor detection of nulls in User and other key objects
      Fixed FilterInvocation.getRequestUrl() to also include getPathInfo()
      Fixed Contacts sample application  tags
      Established acegisecurity-developer mailing list
      Documentation improvements
    
    
      Added HTTP session authentication as an alternative to container adapters
      Added HTTP request security interceptor (offers considerable flexibility)
      Added security taglib
      Added Clover test coverage instrumentation (currently 97.2%)
      Added support for Catalina (Tomcat) 4.1.30 to in-container integration tests
      Added HTML test and summary reporting to in-container integration tests
      Updated JARs to Spring Framework release 1.0, with associated AOP changes
      Updated to Apache License version 2.0
      Updated copyright with permission of past contributors
      Refactored unit tests to use mock objects and focus on a single class each
      Refactored many classes to enable insertion of mock objects during testing
      Refactored core classes to ease support of new secure object types
      Changed package layout to better describe the role of contained items
      Changed the extractor to extract additional classes from JBoss and Catalina
      Changed Jetty container adapter configuration (see reference documentation)
      Improved AutoIntegrationFilter handling of deployments without JBoss JARs
      Fixed case handling support in data access object authentication provider
      Documentation improvements
    
    
      Added "in container" unit test system for container adapters and sample app
      Added library extractor tool to reduce the "with deps" ZIP release sizes
      Added unit test to the attributes sample
      Added Jalopy source formatting
      Modified all files to use net.sf.acegisecurity namespace
      Renamed springsecurity.xml to acegisecurity.xml for consistency
      Reduced length of ZIP and JAR filenames
      Clarified licenses and sources for all included libraries
      Updated documentation to reflect new file and package names
      Setup Sourceforge.net project and added to CVS etc
    
    
      Added Commons Attributes support and sample (thanks to Cameron Braid)
      Added JBoss container adapter
      Added Resin container adapter
      Added JDBC DAO authentication provider
      Added several filter implementations for container adapter integration
      Added SecurityInterceptor startup time validation of ConfigAttributes
      Added more unit tests
      Refactored ConfigAttribute to interface and added concrete implementation
      Enhanced diagnostics information provided by sample application debug.jsp
      Modified sample application for wider container portability (Resin, JBoss)
      Fixed switch block in voting decision manager implementations
      Removed Spring MVC interceptor for container adapter integration
      Documentation improvements
    
    
      Initial public release