Release Notes - Spring Security - Version 2.0.1 - HTML format

Bug

  • [SEC-761] - HttpSessionContextIntegrationFilter.contextObject should be created in afterPropertiesSet(), not the constructor
  • [SEC-771] - Acegi Security - java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.connector)
  • [SEC-772] - Remember me java.lang.IllegalStateException
  • [SEC-773] - global-method-security fails with JPA
  • [SEC-776] - Http Session created for Anonymous request
  • [SEC-780] - Can't replace AuthenticationProcessingFilter with a custom AuthenticationProcessingFilter
  • [SEC-783] - GlobalMethodSecurityBeanDefinitionParser should support AfterInvocationProviders
  • [SEC-784] - LDAP sample dependencies should not be "optional"
  • [SEC-787] - ACL SQL statements have inconsistent use of case (mixed upper and lower).
  • [SEC-788] - x509 authentication does not work properly
  • [SEC-792] - Filters should only be added to the default stack if they are labelled using custom-filter.
  • [SEC-793] - ldap-authentication-provider element parser ignores hash attribute.

New Feature

  • [SEC-751] - Set default security level
  • [SEC-807] - Allow mapping to a standard Ldap UserDetails through the namespace
  • [SEC-811] - Provide a mechanism to allocate and rebuild cryptographically strong, randomised tokens

Task

  • [SEC-806] - Add more specific version information for OSGi dependencies
  • [SEC-808] - Switch namespace schema version to 2.0.1 and update spring.schemas

Improvement

  • [SEC-736] - Documentation error:
  • [SEC-757] - Add validation of redirect URLs on namespace
  • [SEC-775] - CLONE -impossible to specify "observeOncePerRequest" property in the namespace based configuration.
  • [SEC-790] - DefaultLoginPageGeneratingFilter should be a better HTTP citizen
  • [SEC-796] - X509 namespace issue
  • [SEC-797] - Javadoc bug on ConfigAttributeDefinition.getConfigAttributes says it returns an Iterator
  • [SEC-799] - Add better detection of missing server-ref element for <ldap-user-service> and <ldap-authentication-provider />
  • [SEC-805] - Add extra fields to InetOrgPerson

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.