announcement-0.8.0.txt

acegi构造安全的java系统

The acegi-security-doc team is pleased to announce the Acegi Security System 
for Spring 0.8.0 release! 

http://acegisecurity.org/

Acegi Security System for Spring 

Changes in this version include:

  New Features:

o Added Digest Authentication support (RFC 2617 and RFC 2069) 
o Added pluggable remember-me services 
o Added pluggable mechnism to prevent concurrent login sessions 
o FilterChainProxy added to significantly simplify web.xml configuration of 
  Acegi Security 
o AuthenticationProcessingFilter now provides hook for extra credentials (eg 
  postcodes) 
o New WebAuthenticationDetails class now used by processing filters for 
  Authentication.setDetails() 
o Additional debug-level logging 
o Improved Tapestry support in AbstractProcessingFilter 

  Fixed bugs:

o Correct issue with JdbcDaoImpl default SQL query not using consistent case 
  sensitivity 
o Improve Linux and non-Sun JDK (specifically IBM JDK) compatibility 
o Log4j now included in generated WAR artifacts (fixes issue with Log4j 
  listener) 
o Correct NullPointerException in FilterInvocationDefinitionSource 
  implementations 

  Changes:

o Made ConfigAttributeDefinition and ConfigAttribute Serializable 
o User now accepts blank passwords (null passwords still rejected) 
o FilterToBeanProxy now searches hierarchical bean factories 
o User now accepted blank passwords (null passwords still rejected) 
o ContextHolderAwareRequestWrapper now provides a getUserPrincipal() method 
o HttpSessionIntegrationFilter no longer creates a HttpSession unnecessarily 
o FilterSecurityInterceptor now only executes once per request (improves 
  performance with SiteMesh) 
o JaasAuthenticatinProvider now uses System.property 
  "java.security.auth.login.config" 
o JaasAuthenticationCallbackHandler Authentication is passed to handle method 
  setAuthentication removed 
o Added AuthenticationException to the AutenticationEntryPoint.commence 
  method signature 
o Added AccessDeniedException to the 
  SecurityEncorcementFilter.sendAccessDeniedError method signature 
o FilterToBeanProxy now addresses lifecycle mismatch (IoC container vs 
  servlet container) issue 
o Significantly refactor "well-known location model" to authentication 
  processing mechanism and HttpSessionContextIntegrationFilter model  

Have fun!
-The acegi-security-doc team