| Version | Date | Description |
|---|---|---|
| 1.0.0 | In CVS | |
| 0.9.0 | 2005-11-11 | |
| 0.8.3 | 2005-05-12 | |
| 0.8.1.1 | 2005-07-12 | |
| 0.7.1 | 2005-07-12 | |
| 0.8.2 | 2005-04-20 | |
| 0.8.1 | 2005-03-22 | |
| 0.8.0 | 2005-03-03 | |
| 0.7.0 | 2005-01-16 | |
| 0.6.1 | 2004-09-24 | |
| 0.6 | 2004-08-08 | |
| 0.5.1 | 2004-06-05 | |
| 0.5 | 2004-04-28 | |
| 0.4 | 2004-04-03 | |
| 0.3 | 2004-03-18 | |
| 0.2 | 2004-03-10 | |
| 0.1 | 2004-03-03 |
Get the RSS feed of the last changes
| Type | Changes | By |
|---|---|---|
| All changes are in JIRA at http://opensource2.atlassian.com/projects/spring/secure/ReleaseNote.jspa?projectId=10040 | benalex |
| Type | Changes | By |
|---|---|---|
|
| All changes are in JIRA at http://opensource2.atlassian.com/projects/spring/secure/ReleaseNote.jspa?projectId=10040 | benalex |
| Type | Changes | By |
|---|---|---|
| HttpSessionContextIntegrationFilter elegantly handles IOExceptions and ServletExceptions within filter chain (see http://opensource.atlassian.com/projects/spring/browse/SEC-20) | benalex |
| Type | Changes | By |
|---|---|---|
|
| HttpSessionContextIntegrationFilter elegantly handles IOExceptions and ServletExceptions within filter chain (see http://opensource.atlassian.com/projects/spring/browse/SEC-20) | benalex |
| Type | Changes | By |
|---|---|---|
|
| AbstractIntegrationFilter elegantly handles IOExceptions and ServletExceptions within filter chain (see http://opensource.atlassian.com/projects/spring/browse/SEC-20) | benalex |
| Type | Changes | By |
|---|---|---|
|
| Correct location of AuthenticationSimpleHttpInvokerRequestExecutor in clientContext.xml | benalex |
|
| TokenBasedRememberMeServices changed to use long instead of int for tokenValiditySeconds (SPR-807) | benalex |
|
| Handle null Authentication.getAuthorities() in AuthorizeTag | benalex |
|
| PasswordDaoAuthenticationProvider no longer stores String against Authentication.setDetails() | benalex |
|
| Update commons-codec dependency to 1.3 | benalex |
|
| AbstractProcessingFilter no longer has setters for failures, it uses the exceptionMappings property | raykrueger |
|
| Update to match Spring 1.2-RC2 official JAR dependencies | benalex |
|
| AuthenticationProcessingFilter now provides an obtainUsername method | raykrueger |
|
| Correct PathBasedFilterInvocationDefinitionMap compatibility with Spring 1.2-RC2 | luke_t |
|
| Refactoring to leverage Spring's Assert class and mocks where possible | luke_t |
| Type | Changes | By |
|---|---|---|
| X509 (certificate-based) authentication support | luke_t |
|
| UserDetails now advises locked accounts, with corresponding DaoAuthenticationProvider events and enforcement | benalex |
|
| ContextHolderAwareRequestWrapper methods return null if user is anon ymous | benalex |
|
| AbstractBasicAclEntry improved compatibility with Hibernate | benalex |
|
| User now provides a more useful toString() method | benalex |
|
| Update to match Spring 1.1.5 official JAR dependencies (NB: now using Servlet 2.4 and related JSP/taglib JARs) | benalex |
|
| SecurityEnforcementFilter caused NullPointerException when anonymous authentication used with BasicProcessingFilterEntryPoint | benalex |
|
| FilterChainProxy now supports replacement of ServletRequest and ServetResponse by Filter beans | benalex |
|
| Corrected Authz parsing of whitespace in GrantedAuthoritys | fbos |
|
| TokenBasedRememberMeServices now respects expired users, expired credentials and disabled users | benalex |
|
| HttpSessionContextIntegrationFilter now handles HttpSession invalidation without redirection | benalex |
|
| StringSplitUtils.split() ignored delimiter argument | benalex |
|
| DigestProcessingFilter now provides userCache getter and setter | benalex |
|
| Contacts Sample made to work with UserDetails-based Principal | benalex |
|
| Documentation improvements | benalex |
|
| Test coverage improvements | benalex |
| Type | Changes | By |
|---|---|---|
|
| Added Digest Authentication support (RFC 2617 and RFC 2069) | benalex |
|
| Added pluggable remember-me services | benalex |
|
| Added pluggable mechnism to prevent concurrent login sessions | benalex |
|
| FilterChainProxy added to significantly simplify we b.xml configuration of Acegi Security | benalex |
|
| AuthenticationProcessingFilter now provides hook for extra credentials (eg postcodes) | benalex |
|
| New WebAuthenticationDetails class now used by processing filters for Authentication.setDetails() | benalex |
|
| Additional debug-level logging | benalex |
|
| Improved Tapestry support in AbstractProcessingFilter | benalex |
|
| Made ConfigAttributeDefinition and ConfigAttribute Serializable | benalex |
|
| User now accepts blank passwords (null passwords still rejected) | benalex |
|
| FilterToBeanProxy now searches hierarchical bean factories | benalex |
|
| User now accepted blank passwords (null passwords still rejected) | benalex |
|
| ContextHolderAwareRequestWrapper now provides a getUserPrincipal() method | benalex |
|
| HttpSessionIntegrationFilter no longer creates a HttpSession unnecessarily | benalex |
|
| FilterSecurityInterceptor now only executes once per request (improves performance with SiteMesh) | benalex |
|
| JaasAuthenticatinProvider now uses System.property "java.security.auth.login.config" | raykrueger |
|
| JaasAuthenticationCallbackHandler Authentication is passed to handle method setAuthentication removed | raykrueger |
|
| Added AuthenticationException to the AutenticationEntryPoint.commence method signature | raykrueger |
|
| Added AccessDeniedException to the SecurityEncorcementFilter.sendAccessDeniedError method signature | raykrueger |
|
| FilterToBeanProxy now addresses li fecycle mismatch (IoC container vs servlet container) issue | benalex |
|
| Significantly refactor "well-known location model" to authentication processing mechanism and HttpSessionContextIntegrationFilter model | benalex |
|
| Correct issue with JdbcDaoImpl default SQL query not using consistent case sensitivity | benalex |
|
| Improve Linux and non-Sun JDK (specifically IBM JDK) compatibility | benalex |
|
| Log4j now included in generated WAR artifacts (fixes issue with Log4j listener) | benalex |
|
| Correct NullPointerException in FilterInvocationDefinitionSource implementations | benalex |
| Type | Changes | By |
|---|---|---|
|
| Major CVS repository restructure to support Maven and eliminate libraries | carlossg |
|
| Major improvements to Contacts sample application (now demos ACL security) | benalex |
|
| Added AfterInvocationManager to mutate objects return from invocations | benalex |
|
| Added BasicAclEntryAfterInvocationProvider to ACL evaluate returned Object | benalex |
|
| Added BasicAclEntryAfterInvocationCollectionFilteringProvider | benalex |
|
| Added security propagation during RMI invocations (from sandbox) | benalex |
|
| Added security propagation for Spring's HTTP invoker | benalex |
|
| Added BasicAclEntryVoter, which votes based on AclManager permissions | benalex |
|
| Added AspectJ support (especially useful for instance-level security) | benalex |
|
| Added MethodDefinitionSourceAdvisor for performance and autoproxying | benalex |
|
| Added MethodDefinitionMap querying of interfaces defined by secure objects | benalex |
|
| Added AuthenticationProcessingFilter.setDetails for use by subclasses | benalex |
|
| Added 403-causing exception to HttpSession via SecurityEnforcementFilter | benalex |
|
| Added net.sf.acegisecurity.intercept.event package | benalex |
|
| Added BasicAclExtendedDao interface and JdbcExtendedDaoImpl for ACL CRUD | benalex |
|
| Added additional remoting protocol demonstrations to Contacts sample | benalex |
|
| Added AbstractProcessingFilter property to always use defaultTargetUrl | benalex |
|
| Added ContextHolderAwareRequestWrapper to integrate with getRemoteUser() | benalex |
|
| Added attempted username to view if processed by AuthenticationProcessingFilter | benalex |
|
| Added UserDetails account and credentials expiration methods | benalex |
|
| Added exceptions and events to support new UserDetails methods | benalex |
|
| Added new exceptions to JBoss container adapter | benalex |
|
| Improved BasicAclProvider to only respond to specified ACL object requests | benalex |
|
| Refactored MethodDefinitionSource to work with Method, not MethodInvocation | benalex |
|
| Refactored AbstractFilterInvocationDefinitionSource to work with URL Strings alone | benalex |
|
| Refactored AbstractSecurityInterceptor to better support other AOP libraries | benalex |
|
| Improved performance of JBoss container adapter (see reference docs) | benalex |
|
| Made Da oAuthenticationProvider detect null in Authentication.principal | benalex |
|
| Improved JaasAuthenticationProvider startup error detection | benalex |
|
| Refactored EH-CACHE implementations to use Spring IoC defined caches instead | benalex |
|
| AbstractProcessingFilter now has various hook methods to assist subclasses | benalex |
|
| DaoAuthenticationProvider better detects AuthenticationDao interface violations | benalex |
|
| The User class has a new constructor (the old constructor is deprecated) | benalex |
|
| Fixed ambiguous column references in JdbcDaoImpl default query | benalex |
|
| Fixed AbstractProcessingFilter to use removeAttribute (JRun compatibility) | benalex |
|
| Fixed GrantedAuthorityEffectiveAclResolver support of UserDetails principals | benalex |
|
| Fixed HttpSessionIntegrationFilter "cannot commit to container" during logoff | benalex |
|
| Moved MethodSecurityInterceptor to ...intercept.method.aopalliance package | benalex |
|
| Documentation improvements | benalex |
|
| Test coverage improvements | benalex |
| Type | Changes | By |
|---|---|---|
|
| Resolved to use http://apr.apache.org/versioning.html for future versioning | benalex |
|
| Added additional DaoAuthenticationProvider event when user not found | benalex |
|
| Added Authentication.getDetails() to DaoAuthenticationProvider response | benalex |
|
| Added DaoAuthenticationProvider.hideUserNotFoundExceptions (default=true) | benalex |
|
| Added PasswordAuthenticationProvider for password-validating DAOs (eg LDAP) | benalex |
|
| Added FilterToBeanProxy compatibility with ContextLoaderServlet (lazy inits) | benalex |
|
| Added convenience methods to ConfigAttributeDefinition | benalex |
|
| Improved sample applications' bean reference notation | benalex |
|
| Clarified contract for ObjectDefinitionSource.getAttributes(Object) | benalex |
|
| Extracted removeUserFromCache(String) to UserCache interface | benalex |
|
| Improved ConfigAttributeEditor so it trims preceding and trailing spaces | benalex |
|
| Refactored UsernamePasswordAuthenticationToken.getDetails() to Object | benalex |
|
| Fixed MethodDefinitionAttributes to implement ObjectDefinitionSource change | benalex |
|
| Fixed EH-CACHE-based caching implementation behaviour when cache exists | benalex |
|
| Fixed Ant "release" target not including project.properties | benalex |
|
| Fixed GrantedAuthorityEffectiveAclsResolver if null ACLs provided to method | benalex |
|
| Documentation improvements | benalex |
| Type | Changes | By |
|---|---|---|
|
| Added domain object instance access control list (ACL) packages | benalex |
|
| Added feature so DaoAuthenticationProvider returns User in Authentication | benalex |
|
| Added AbstractIntegrationFilter.secureContext property for custom contexts | benalex |
|
| Added stack trace logging to SecurityEnforcementFilter | benalex |
|
| Added exception-specific target URLs to AbstractProcessingFilter | benalex |
|
| Added JdbcDaoImpl hook so subclasses can insert custom granted authorities | benalex |
|
| Added AuthenticationProvider that wraps JAAS login modules | raykrueger |
|
| Added support for EL expressions in the authz tag library | fbos |
|
| Added failed Authentication object to AuthenticationExceptions | benalex |
|
| Added signed JARs to all official release builds (see readme.txt) | benalex |
|
| Added remote client authentication validation package | benalex |
|
| Added protected sendAccessDeniedError method to SecurityEnforcementFilter | benalex |
|
| Updated Authentication to be serializable (Weblogic support) | benalex |
|
| Updated JAR to Spring 1.1 RC 1 | benalex |
|
| Updated to Clover 1.3 | benalex |
|
| Updated to HSQLDB version 1.7.2 Release Candidate 6D | benalex |
|
| Refactored User to net.sf.acegisecurity.UserDetails interface | benalex |
|
| Refactored CAS package to store UserDetails in CasAuthenticationToken | benalex |
|
| Improved organisation of DaoAuthenticationProvider to facilitate subclassing | benalex |
|
| Improved test coverage (now 98.3%) | benalex |
|
| Improved JDBC-based tests to use in-memory database rather than filesystem | benalex |
|
| Fixed Linux compatibility issues (directory case sensitivity etc) | benalex |
|
| Fixed AbstractProcessingFilter to handle servlet spec container di fferences | benalex |
|
| Fixed AbstractIntegrationFilter to resolve a Weblogic compatibility issue | benalex |
|
| Fixed CasAuthenticationToken if proxy granting ticket callback not requested | benalex |
|
| Fixed EH-CACHE handling on web context refresh | benalex |
|
| Documentation improvements | benalex |
| Type | Changes | By |
|---|---|---|
|
| Added samples/quick-start | benalex |
|
| Added NullRunAsManager and made default for AbstractSecurityInterceptor | benalex |
|
| Added event notification (see net.sf.acegisecurity.providers.dao.event) | benalex |
|
| Updated JAR to Spring 1.0.2 | benalex |
|
| Updated JAR to Commons Attributes CVS snapshot from Spring 1.0.2 release | benalex |
|
| Updated GrantedAuthorityImpl to be serializable (JBoss support) | benalex |
|
| Updated Authentication interface to present extra details for a request | benalex |
|
| Updated Authentication interface to subclass java.security.Principal | benalex |
|
| Refactored DaoAuthenticationProvider caching (refer to reference docs) | benalex |
|
| Improved HttpSessionIntegrationFilter to manage additional attributes | benalex |
|
| Improved URL encoding during redirects | benalex |
|
| Fixed issue with hot deploy of EhCacheBasedTicketCache (used with CAS) | benalex |
|
| Fixed issue with NullPointerExceptions in taglib | fbos |
|
| Removed DaoAuthenticationToken and session-based caching | benalex |
|
| Documentation improvements | benalex |
|
| Upgrade Note: DaoAuthenticationProvider no longer has a "key" property | benalex |
| Type | Changes | By |
|---|---|---|
|
| Added single sign on support via Yale Central Authentication Service (CAS) | benalex |
|
| Added full support for HTTP Basic Authentication | benalex |
|
| Added caching for DaoAuthenticationProvider successful authentications | benalex |
|
| Added Burlap and Hessian remoting to Contacts sample application | benalex |
|
| Added pluggable password encoders including plaintext, SHA and MD5 | colins |
|
| Added pluggable salt sources to enhance security of hashed passwords | benalex |
|
| Added FilterToBeanProxy to obtain filters from Spring application context | benalex |
|
| Added support for prepending strings to roles created by JdbcDaoImpl | colins |
|
| Added support for user definition of SQL statements used by JdbcDaoImpl | colins |
|
| Added definable prefixes to avoid expectation of "ROLE_" GrantedAuthoritys | colins |
|
| Added pluggable AuthenticationEntryPoints to SecurityEnforcementFilter | benalex |
|
| Added Apache Ant path syntax support to SecurityEnforcementFilter | benalex |
|
| Added filter to automate web channel requirements (eg HTTPS redirection) | benalex |
|
| Updated JAR to Spring 1.0.1 | benalex |
|
| Updated several classes to use absolute (not relative) redirection URLs | benalex |
|
| Refactored filters to use Spring application context lifecycle support | benalex |
|
| Improved constructor detection of nulls in User and other key objects | benalex |
|
| Fixed FilterInvocation.getRequestUrl() to also include getPathInfo() | benalex |
|
| Fixed Contacts sample application tags | benalex |
|
| Established acegisecurity-developer mailing list | benalex |
|
| Documentation improvements | benalex |
| Type | Changes | By |
|---|---|---|
|
| Added HTTP session authentication as an alternative to container adapters | benalex |
|
| Added HTTP request security interceptor (offers considerable flexibility) | benalex |
|
| Added security taglib | fbos |
|
| Added Clover test coverage instrumentation (currently 97.2%) | benalex |
|
| Added support for Catalina (Tomcat) 4.1.30 to in-container integration tests | benalex |
|
| Added HTML test and summary reporting to in-container integration tests | benalex |
|
| Updated JARs to Spring Framework release 1.0, with associated AOP changes | benalex |
|
| Updated to Apache License version 2.0 | benalex |
|
| Updated copyright with permission of past contributors | benalex |
|
| Refactored unit tests to use mock objects and focus on a single class each | benalex |
|
| Refactored many classes to enable insertion of mock objects during testing | benalex |
|
| Refactored core classes to ease support of new secure object types | benalex |
|
| Changed package layout to better describe the role of contained items | benalex |
|
| Changed the extractor to extract additional classes from JBoss and Catalina | benalex |
|
| Changed Jetty container adapter configuration (see reference documentation) | benalex |
|
| Improved AutoIntegrationFilter handling of deployments without JBoss JARs | benalex |
|
| Fixed case handling support in data access object authentication provider | benalex |
|
| Documentation improvements | benalex |
| Type | Changes | By |
|---|---|---|
|
| Added "in container" unit test system for container adapters and sample app | benalex |
|
| Added library extractor tool to reduce the "with deps" ZIP release sizes | benalex |
|
| Added unit test to the attributes sample | benalex |
|
| Added Jalopy source formatting | benalex |
|
| Modified all files to use net.sf.acegisecurity namespace | benalex |
|
| Renamed springsecurity.xml to acegisecurity.xml for consistency | benalex |
|
| Reduced length of ZIP and JAR filenames | benalex |
|
| Clarified licenses and sources for all included libraries | benalex |
|
| Updated documentation to reflect new file and package names | benalex |
|
| Setup Sourceforge.net project and added to CVS etc | benalex |
| Type | Changes | By |
|---|---|---|
|
| Added Commons Attributes support and sample (thanks to Cameron Braid) | benalex |
|
| Added JBoss cont ainer adapter | benalex |
|
| Added Resin container adapter | benalex |
|
| Added JDBC DAO authentication provider | benalex |
|
| Added several filter implementations for container adapter integration | benalex |
|
| Added SecurityInterceptor startup time validation of ConfigAttributes | benalex |
|
| Added more unit tests | benalex |
|
| Refactored ConfigAttribute to interface and added concrete implementation | benalex |
|
| Enhanced diagnostics information provided by sample application debug.jsp | benalex |
|
| Modified sample application for wider container portability (Resin, JBoss) | benalex |
|
| Fixed switch block in voting decision manager implementations | benalex |
|
| Removed Spring MVC interceptor for container adapter integration | benalex |
|
| Documentation improvements | benalex |