Release Notes - Spring Security - Version 2.0.0 M1 - HTML format

Bug

  • [SEC-554] - acegi-security-samples-tutorial-1.0.5.war missing files
  • [SEC-557] - NullPointerException in ExceptionTranslationFilter: accessDeniedHandler is null
  • [SEC-584] - ConcurrentSessionControllerImpl shouldn't have a default sessionRegistry set internally
  • [SEC-609] - Security hole if using NTLM and Remoting
  • [SEC-618] - Authentication details object should be copied to successful Authentication before ConcurrentSessionController.checkAuthenticationAllowed is called

New Feature

  • [SEC-8] - Windows NT Domain AuthenticationProvider
  • [SEC-24] - Add JOSSO to Acegi Security
  • [SEC-133] - Review portlet support
  • [SEC-271] - Spring 2-based configuration simplification of Acegi Security
  • [SEC-302] - Add rolePrefix property to SecurityContextHolderAwareRequestFilter
  • [SEC-399] - Add support in AbstractProcessingFilter for session invalidation on successful authentication
  • [SEC-413] - Non-context path relative LogoutFilter
  • [SEC-448] - New MD4 PasswordEncoder implementation
  • [SEC-496] - <security:annotation-driven/>
  • [SEC-513] - Create extended user management facility with UserDetailsManager interface.
  • [SEC-520] - Add parameter to CasProcessingFilterEntryPoint class.
  • [SEC-582] - Namespace Configuration for RememberMe Services
  • [SEC-583] - Concurrent Session Namespace Configuration
  • [SEC-586] - Secure Channel Namespace Configuration
  • [SEC-588] - Improved RememberMeServices (Persistent login) implementation
  • [SEC-600] - Jdbc implementation of UserDetailsManager
  • [SEC-619] - Implement LdapUserDetailsService
  • [SEC-620] - Create Spring LDAP AuthenticationSource implementation for use with 2.0 version

Task

  • [SEC-449] - Refactor LDAP provider to make use of Spring LDAP
  • [SEC-550] - Upgrade project to use Spring 2.0 and JDK 1.4
  • [SEC-562] - Acegi -> Spring Security rebranding and package name changes
  • [SEC-611] - List third-party authentication supporting projects in reference guides

Improvement

  • [SEC-232] - Support hierarchical roles
  • [SEC-299] - ConcurrentSessionFilter to support removal of remember-me cookies
  • [SEC-369] - Fix optional dependencies in M2 pom.xml's
  • [SEC-417] - Remove Hard Coded Messages in JdbcDaoImpl to allow i18n (was "Portuguese i18n").
  • [SEC-435] - OSCacheBasedUserCache UserCache implementation
  • [SEC-455] - [docs] Tag Library Documentations doesn't explicitly state how to get it working
  • [SEC-458] - PrincipalSid and GrantedAuthoritySid implement equals() but not hashCode()
  • [SEC-471] - make org.acegisecurity.ui.webapp.AuthenticationProcessingFilter can customize username and password parameter name
  • [SEC-485] - org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices cannot customize tokenExpiryTime for each login
  • [SEC-490] - Allow objectDefinitionSource of FilterSecurityInterceptor to be defined in a properties file
  • [SEC-517] - TokenBasedRememberMeServices to support refreshing of cookie expiration time
  • [SEC-545] - Provide utility class for accessing GrantedAuthoritys in a more convenient way
  • [SEC-551] - Use JDK 1.4 for regular expressions
  • [SEC-558] - Refactor LDAP UserDetails mapping strategy
  • [SEC-559] - Should log ERROR when trustStore file does not exist
  • [SEC-560] - Remove local password comparison behaviour from LDAP PasswordComparisonAuthenticator
  • [SEC-561] - Remove response buffering from AbstractProcessingFilter
  • [SEC-564] - Add information on specific branches/tags to SVN page
  • [SEC-565] - Refactor TokenBasedRememberMeServices to use AbstractRememberMeServices
  • [SEC-578] - Refactor FilterChainProxy to allow it to be used without config attributes
  • [SEC-585] - Make expiredUrl optional in ConcurrentSessionFilter
  • [SEC-591] - Remove default NullRemberMeServices in RememberMeProcessingFilter
  • [SEC-592] - Provide NullStatelessTicketCache implementation
  • [SEC-595] - Allow for usage of passed user credentials for LDAP role lookup
  • [SEC-607] - Migrate LDAP classes to use ContextSource implementation instead of InitialDirContextFactory
  • [SEC-610] - BasicProcessingFilter observe authentication request header even when AnonymousAuthenticationToken present
  • [SEC-613] - Tag libraries require rename
  • [SEC-614] - Make samples use DelegatingFilterProxy instead of FilterToBeanProxy
  • [SEC-615] - DefaultLoginPageGeneratingFilter and samples to automatically focus on login name input control
  • [SEC-617] - Refactor LDAP Authentication Provider to standalone class

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.