changes

这是linux下ssl vpn的实现程序

    o Cannot create a secure proxy replacement setting.
    o Setting proxy type to 'None' causes VPN client launch failure. 
    o Launching native executable as an extension with a working directory set fails. Java
      exec method (on windows) is not searching the working directory for executables, only
      the path.
    o When using the 'Status' page to logoff embedded client sessions, any active
      tunnels were not being closed.

-----------------

SSL-Explorer 0.1.13_03 - September 27, 2005

Bugs 
    o Reverse proxy to HTTP services hosted on IIS often fail due to incorrect <base> tag. Added automatic
      detection of IIS to set "Front-End-Https: on" header, in addition Location headers are converted
      if host is same as SSL-Explorer server and protocol is http://
    o Strict checking does not list Windows 2000 and Windows 98 as supported operating systems, causing 
      client connection failures on those OS.

SSL-Explorer 0.1.13_02 - September 23, 2005

Bugs 
    o Corrected cookie expiry code to only require a cookie when HTTP session has closed, active
      HTTP sessions will still be usable if the browser fails to send the logon cookie with every
      request.
    o Disabling of password expiry was broken.
    o Forcing a password change when creating a user throws exception.

SSL-Explorer 0.1.13_01 - September 22, 2005

Bugs 
    o Global reverse proxy configurations do not work for ordinary users even if they
      have the necersary permissions.
    o Applications fail to launch through a proxy server
    o VPN client fails to register when 'valid hostnames' configuration has been set.
    o Launching an Active DNS reverse proxy will now evaluate the request host header
      and display an error if the browser is connected using a numeric IP address

SSL Explorer 0.1.13 - September 15, 2005

Features 
     o New web forward type "Reverse proxy" added. This behaves in much the 
       same was as the Apache reverse proxy feature. Web forwards are forwarded
       based upon the path element of the URL. For example to forward OWA you would
       forward all paths begining with '/exchange', '/exchweb' and '/public'.
     o Full support for IE OWA interface through the reverse proxy feature.
     o Reverse proxy also supports an 'Active DNS' feature which allows web sites
       running on the root of a web server to be forwarded through the reverse proxy. For
       example under normal conditions you would not be able to forward a site for which
       the entry URL is 'http://www.example.com/" because there are no paths to match with
       reverse proxy rules. This feature requires that a wildcard CNAME DNS record points
       to the SSL-Explorer server.
     o The proxy URL option has been removed and replaced with 5 separate
       fields. Upon upgrade any previous proxy URL will be removed and will
       have to be re-applied manually. Better detection of browser settings
     o Added documentation link to the 3sp.com knowledge base
     o A new option 'Validate external hostnames' has been added to 
       "Admin -> Configuration -> Gemeral Options" that checks the hostname 
       as entered in the browser. If the hostname is not in the list (one host 
       per line), then the browser will be directed to the first in the list (the 
       default).
     o Boolean parameter type in extension.xml now supports typeMeta attribute which 
       enables values other than 'true' or 'false' to be used.
     o Roles and accounts pages are now paged and sorted with the ability to changed 
       the number of items shown on a single page.
     o Active Directory configuration improvements - A standard configuration will now list
       all accounts and roles within unless any number of OU filters are setup. If filters
       exist then only the accounts and roles within or beneath the filtered OUs will be
       shown.
     o AD OU filter will now automatically append the base DN if required, for example if
       you had 'OU=Employees,DC=EXAMPLE,DC=COM' you can now omit 'DC=Example,DC=COM' and enter
       the value 'OU=Employees'

Bugs 
     o IE + Firefox will no longer ask if you want to store a new password
       even when there is no valid logon password on the page.
     o If an exception page is displayed during the logon sequence, the browser
       no longer shows any fields entered (username, password etc) in the 
       address bar upon clicking close.
     o Deleting a profile fails.
     o Changing password allows use of old password.
     o Secure proxy allows URL's to be entered manually. This was a potential security 
       problem as users could navigate to any URL through the secure proxy feature.
     o When attempting to launch the VPN client and a Java runtime is not available, if 
       the user chooses not to download the plugin (or is not given the option to) - 
       there was no way of escaping the launch page.
     o Using the MS JVM for the VPN client now works again (you will no longer be forced 
       to download the Sun JRE). Only If NO Java is installed, you will still be instructed 
       the Sun runtime.
     o Attempting to launch a HTML application before the VPN client is loaded fails.
     o When an existing keystore had an incorrect password, setting the password to the 
       correct value did not load the keystore until the service was restarted. The keystore 
       is now reloaded whenever the password is changed.
     o Setup fails to start with incorrect AD settings. This is actually caused by the server
       closing the main thread down after 30 seconds, the AD database was still attempting to 
       contact the domain server and so initialization was not compelte. The timeout has now 
       been increased.
     o When manually uploading an extension as a default administrator, the upload would fail 
       the first time with 'permission denied ...'.

    
Additional Notes

     o Any web forward favorites will be DELETED upon upgrade. This is due
       to a change in the way these favorites are keyed in the database. 
     o More JSP files have being renamed to the correct .JSPF (JSP Fragment).
       This helps with syntax checking in IDEs.
     o Major re-factoring, and package re-organisation. SSL-Explorer is now
       split up into more jars as well.
     o The system property sslexplorer.useDevConfig previously also enabled the
       TCP/IP database server. This must now be done separately using the
       sslexplorer.hsqldb.tcpipServer property.

-----------------

SSL Explorer 0.1.12 - June 30, 2005

Features
     o Installation of service scripts should now work correctly on Debian based systems
       (tested on Ubuntu 5.04).
     o The improved menus from the SSL-Explorer Xtra Extension has been moved 
       into the GPL core. The menus have also been re-organised.
     o Improvements to VPN client launching. It may now be launched or shutdown 
       by clicking on the ONLINE / OFFLINE status at the top of the page. The launching 
       itself is now done on a separate page which then redirects back to the previous page 
       when complete.
     o SSL-Explorer now has a much more flexible Authentication Module features. The user 
       may define their own 'Authentication Schemes'. Each scheme may then be customised 
       to consist of any available 'Authentication Modules' (with one scheme being flagged 
       as the Default). When logging on, the user may then choose which scheme to use and 
       they will be presented with each module one by one until completely logged on. 
     o Personal Information authentication scheme added to provide a second level of authentication
     o When using Active Directory, SSL-Explorer now requires a 'Service Account Username' 
       and 'Service Account Password'. These should be the logon details of a dedicated account 
       that you must set up in your Active Directory. Once this has been configured, you will 
       be able to view roles and accounts (including in setup mode).
     o It is no longer necessary to restart the server when you change the Active Directory 
       configuration. 

Bugs
     o An 'Exit' button is now available when the browser is restarted and session locking
       is turned on. This allows you to logoff.
     o Embedded VPN client failed to authenticate to 0.1.11. 
     o Embedded client disconnect method fails to stop any listening sockets that have been opened.        

Additional Notes

     o Many JSP files are gradually being renamed to the correct JSPF (JSP Fragment).
       This helps with syntax checking in IDEs.

=================
=    HISTORY    =
=================

SSL Explorer 0.1.11 - May 27, 2005

Features
     o Status page is now available which shows the currently logged on users and their
       remote ip providing the administrator with the ability to logoff sessions.
     o SSL-Explorer can now check whether there are any updates to the core
       available, or if there any extensions installed that have updates. These
       features will be automatically enabled if you accept the agreement to 
       connect to the 3SP Extension Store. You may also enable this manually
       in Setup -> General Configuration -> Automatic Updates.
     o Documentation can now be reached from the new 'Help' menu. The Guides 
       have been moved out of the installer archives and into the webapp/doc.

Bugs
     o 'Shutdown' button on shutdown page renamed to 'Ok'. 
     o VPN client sessions will now correctly be timed out if the VPN client
       dies unexpectedly. 
     o VPN client launcher uses java system property "user.home" to determine where to install
       downloaded applications. Under the Microsoft VM this property is set to "C:\Windows\Java"
       yet under Sun VM it points to the users profile directory. An attempt is now made to determine
       the users profile directory and use it under the Microsoft VM. 
       
SSL Explorer 0.1.10 - May 13, 2005

Features
     o Experimental service support for SuSE Linux. Thanks jooa.
     o New 'About' page and SSL-Explorer logo
     o Administrative warnings - New global warnings features that is used to provided administrative 
       warnings when certain configuration changes occur. A message requesting a restart is displayed 
       under the following conditions:-

             1. Key store / certificates change.
             2. User database changes.
             3. Default administrators changes.
             4. Active Directory configuration changes
             5. CIFS configuration changes

     o Shutdown warning when other users are logged on - Message is now displayed telling the admin 
       how many users are currently logged on when either Shutting down / Restarting using the web interface.
     o Application shortcuts cancel button required has been added to most forms where appropriate. You will
       be taken back to the previous page.
     o Minor Enhanchment to Prompt Profile at Login - If 'Prompt for profile at logon' is enabled, the profile 
       is no longer prompted for if the user only has one available.
     o A Warning is now displayed on the logon page if cookies are not enabled on a users browser. SSL-Explorer 
       relies on cookies and will act very strangely if they are not available.
     o Global profiles are now uneditable

Bug Fixes
     o Blank page displays after completing form input - This is caused by the browser failing to redirect from
       the VPN client to the SSL-Explorer server. The redirected link is now displayed so that the user can 
       navigate to the correct location instead of using the browsers back button.
     o Opening documents in network places HTML directory browser now spawns a new window.
     o Manually uploading new extension (application) bundles failed when using IE.
     o Refresh now works correctly in the network places HTML file browser when using Internet Explorer.
     o Active Directory users with no roles are no longer displayed in the account list.
     o Fixed bug where it was possible for a user to edit a few global properties in the 'Options' page of the 
       HTML network places browser. 'Options' will now no longer be available if the current profile is a global one.
     o Users that were part of a revoked role that had adminstrator permission were still able to logon. Also, it was
       possible to grant / revoke default administrator roles. This had no meaning as all default administrator users
       and roles are granted access.
     o OWA doesn't like percentage characters - This was part of a larger form encoding problem when the form in 
       question is sent as a GET request and was being decoded twice.
     o Network places not responding - More friendly error message displayed if SSL-Explorer (jCIFS) cannot locate 
       the windows master browser.
     o Fixed possible NPE with some Active Directory configurations.
     o Java RDP not using specified username - Java RDP application was not using the specified username / password.
     o Fixed problem where IE would not always show that the VPN client had successfully been started (it was showing
       the 'Launch' button).
     o Fixed bug where replacement type could not be changed (e.g. from 'Received Content' to 'Sent Header'
     o Fixed more encoding problems in Secure Proxy Web Forwards.
     o Fixed incorrect warning text for profile deletion.

-----------------

SSL Explorer 0.1.9 - April 5, 2005

Features