Announcement Announcement Module
No announcement yet.
Announcement: Acegi Security - new release 0.6.1 Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Announcement: Acegi Security - new release 0.6.1

    Dear Spring Community

    I'm pleased to announce the Acegi Security System for Spring release 0.6.1 is now available from The project provides comprehensive security services for The Spring Framework.


    * It is ready NOW
    * Easy to use and deploy (eg see samples/quick-start directory)
    * Enterprise-wide single sign on (via Yale Uni's CAS project)
    * Reuses your Spring expertise
    * Domain object instance security
    * Non-intrusive setup
    * Full (but optional) container integration
    * Keeps your objects free of security code
    * Secures your HTTP requests (regular expressions, Ant Paths etc)
    * Channel security (HTTPS/HTTP auto redirection etc)
    * Supports HTTP BASIC authentication (RFC 1945)
    * Convenient security taglib
    * Application context or attribute-based configuration
    * Various authentication backends (including JDBC)
    * Event support
    * Easy integration with existing databases (no schema changes)
    * Caching (now pluggable, with an EHCACHE implementation)
    * Pluggable architecture
    * Startup-time validation
    * Remoting support (demonstrated in sample application)
    * Advanced password encoding (SHA, MD5, salts etc)
    * Run-as replacement
    * Unit tests (Clover coverage is currently 98%)
    * Container integration tests
    * Supports your own unit tests
    * Peer reviewed
    * Thorough documentation
    * Apache license

    CHANGES IN 0.6.1:

    * Resolved to use for versioning
    * Added additional DaoAuthenticationProvider event when user not found
    * Added Authentication.getDetails() to DaoAuthenticationProvider resp
    * Added DaoAuthenticationProvider.hideUserNotFoundExceptio ns
    * Added PasswordAuthenticationProvider for password-validating DAOs
    * Added FilterToBeanProxy compatibility with ContextLoaderServlet
    * Added convenience methods to ConfigAttributeDefinition
    * Improved sample applications' bean reference notation
    * Clarified contract for ObjectDefinitionSource.getAttributes(Object)
    * Extracted removeUserFromCache(String) to UserCache interface
    * Improved ConfigAttributeEditor so it trims spaces
    * Refactored UsernamePasswordAuthenticationToken.getDetails() to Object
    * Fixed MethodDefinitionAttributes to implement ObjectDefinitionSource
    * Fixed EH-CACHE-based caching implementation behaviour if cache exists
    * Fixed Ant "release" target not including
    * Fixed GrantedAuthorityEffectiveAclsResolver if null ACLs provided
    * Documentation improvements

    As per the Apache APR project versioning guidelines (URL above), this is a patch release. Existing users of release 0.6 should be able to upgrade by simply replacing the JAR(s) and testing.

    Please visit to access the latest
    release or read more about the features.

    Best regards