Dear Spring Community
I'm pleased to announce the Acegi Security System for Spring release 0.6 is now available from http://acegisecurity.sourceforge.net. The project provides comprehensive security services for The Spring Framework.
FEATURES:
* It is ready NOW * Easy to use and deploy (includes a new samples/quick-start directory) * Enterprise-wide single sign on (via Yale Uni's CAS project) * Reuses your Spring expertise * Domain object instance security * Non-intrusive setup * Full (but optional) container integration * Keeps your objects free of security code * Secures your HTTP requests as well (regular expressions, Ant Paths etc) * Channel security (HTTPS/HTTP auto redirection etc) * Supports HTTP BASIC authentication (RFC 1945) * Convenient security taglib * Application context or attribute-based configuration * Various authentication backends (including JDBC) * Event support * Easy integration with existing databases (no schema changes) * Caching (now pluggable, with an EHCACHE implementation) * Pluggable architecture * Startup-time validation * Remoting support (demonstrated in sample application) * Advanced password encoding (SHA, MD5, salts etc) * Run-as replacement * Unit tests (Clover coverage is currently 98%) * Container integration tests * Supports your own unit tests * Peer reviewed * Thorough documentation * Apache license
CHANGES IN 0.6:
* Added domain object instance access control list (ACL) packages * Added feature so DaoAuthenticationProvider returns User in Authentication * Added AbstractIntegrationFilter.secureContext property for custom contexts * Added stack trace logging to SecurityEnforcementFilter * Added exception-specific target URLs to AbstractProcessingFilter * Added JdbcDaoImpl hook so subclasses can insert custom granted authorities * Added AuthenticationProvider that wraps JAAS login modules * Added support for EL expressions in the authz tag library * Added failed Authentication object to AuthenticationExceptions * Added signed JARs to all official release builds (see readme.txt) * Added remote client authentication validation package * Added protected sendAccessDeniedError method to SecurityEnforcementFilter * Updated Authentication to be serializable (Weblogic support) * Updated JAR to Spring 1.1 RC 1 * Updated to Clover 1.3 * Updated to HSQLDB version 1.7.2 Release Candidate 6D * Refactored User to net.sf.acegisecurity.UserDetails interface * Refactored CAS package to store UserDetails in CasAuthenticationToken * Improved organisation of DaoAuthenticationProvider to facilitate subclassing * Improved test coverage (now 98.3%) * Improved JDBC-based tests to use in-memory database rather than filesystem * Fixed Linux compatibility issues (directory case sensitivity etc) * Fixed AbstractProcessingFilter to handle servlet spec container differences * Fixed AbstractIntegrationFilter to resolve a Weblogic compatibility issue * Fixed CasAuthenticationToken if proxy granting ticket callback not requested * Fixed EH-CACHE handling on web context refresh * Documentation improvements
We recommend that all users upgrade to take advantage of these new features and improvements. An upgrade-05-06.txt file is provided in the distribution ZIPs to assist with this.
Please visit http://acegisecurity.sourceforge.net to access the latest version or read more about the features.
I would also like to take this opportunity to thank the growing team who provide support and improvements to the project.
Best regards Ben
------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
