Quick Search
Learn more about
Quick Search
Log In
Access more options
Online Help
About JIRA
Dashboards
Access more options (Alt+D)
Projects
Access more options (Alt+P)
Issues
Access more options (Alt+I)
Agile
Access more options
Planning Board
Task Board
Chart Board
Released Board
Release Notes - Spring Security - Version 1.0.0 - HTML format
Configure Release Notes
Bug
[
SEC-183
] - Avoid unnecessary HttpSession creation when using Anonymous and Remember-Me authentication
[
SEC-188
] - SecurityContextHolder JavaDoc error
[
SEC-190
] - CaptchaSecurityContextImpl needs to override hashcode()
[
SEC-192
] - Concurrent login checking fails with CAS
[
SEC-197
] - ConcurrentSessionController should count non-expired Sessions only
[
SEC-198
] - AccessDeniedException removes role visibility from authz:authorize tags
[
SEC-199
] - Contacts sample throws NestedServletException (500) instead of Access denied! (403) page
[
SEC-200
] - Contacts sample - logging off twice causes IllegalStateException
[
SEC-201
] - LdapProvider should not throw IllegalArgumentException for empty user password
[
SEC-202
] - Failing to set manager password on DefaultInitialDirContextFactory causes NullPointerException
[
SEC-208
] - SessionRegistryImpl giving java.util.ConcurrentModificationException
[
SEC-210
] - TokenBasedRememberMeServices issue with CasProcessingFilter
[
SEC-211
] - AnonymousProcessingFilter causes IllegalStateException after HttpSession invalidation (ie logout)
[
SEC-218
] - RememberMeProcessingFilter adds Authentication token to SecurityContextHolder after AuthenticationException
[
SEC-219
] - FilterInvocationDefinitionSourceEditor tokenizing of URLs
[
SEC-222
] - AbstractAuthenticationToken Hashcode computation
[
SEC-223
] - Performance of hashCode in AbstractAuthenticationToken
[
SEC-228
] - URL encoding issues in CasProcessingFilterEntryPoint
[
SEC-230
] - ExceptionTranslationFilter does not catch AccessDeniedException with Spring MVC M2/M3
[
SEC-233
] - AnonymousProcessingFilter - redundant creation of Authentication object causes IllegalStateException
[
SEC-235
] - HttpSessionContextIntegrationFilter reset the SecurityContext
[
SEC-240
] - Remove log4j.properties from release JARs
[
SEC-243
] - SessionRegistryImpl.getAllSessions(Object) incorrectly includes expired and destroyed sessions
[
SEC-248
] - HttpSessionContextIntegrationFilter doesn't work with HttpInvokerServiceExporter
[
SEC-252
] - AbstractAuthenticationToken NullPointerException
[
SEC-253
] - UserDetails JdbcDaoImpl should check for no auths after calling addCustomAuthorities
[
SEC-254
] - Reference documentation for JBossAcegiLoginModule incorrect
[
SEC-256
] - Contacts Sample does not use AcegiMessageSource
[
SEC-258
] - Use of URI class in LdapUtils is not compatible with JDK 1.3
[
SEC-266
] - ConcurrentSessionControllerImpl doesn't permit unlimited sessions
[
SEC-267
] - NamedEntityObjectIdentity not stripping cglib ehanced class names.
[
SEC-268
] - Uninitialized app context problem in HttpSessionEventPublisher
[
SEC-269
] - LdapAuthenticationProvider returns null userName after authentication
[
SEC-270
] - Saved Request is not serializable
[
SEC-275
] - Add missing dependency to acegi's maven2 pom.xml
[
SEC-277
] - maven2 doesn't working with acegi because acegi-security-parent-1.0.0-RC2.pom contains non ISO-8859-1
Improvement
[
SEC-29
] - Save POST request parameters before redirect
[
SEC-40
] - HibernateDao.scroll() performance
[
SEC-92
] - Hibernate ACL implementation
[
SEC-97
] - Format Acegi's source code for readability
[
SEC-119
] - Possible contribution: TemplateAuthenticationProvider and AuthenticationConditions
[
SEC-147
] - BasicAclEntryAfterInvocationProvider should support processDomainObjectClass
[
SEC-166
] - Add Oracle ACL 'create tables' script to documentation
[
SEC-172
] - Allow SimpleAclEntry to take 'null' as recipient constructor argument
[
SEC-173
] - Improve BasicAclDao.getAcls documentation
[
SEC-182
] - TokenBasedRememberMeServices should return an Authentication that can be used by concurrent session services
[
SEC-184
] - RunAsManager reference documentation refers to obsolete classes
[
SEC-185
] - Change LdapUserSearch to allow attributes to be specified
[
SEC-186
] - ExceptionTranslationFilter missing in reference documentation
[
SEC-187
] - inHttp & inHttps not fully utilized in AuthenticationProcessingFilterEntryPoint
[
SEC-189
] - Add accessor for InitialDirContextFactory field in DefaultLdapAuthoritiesPopulator
[
SEC-191
] - AclTag class should use the BeanFactoryUtils.beanNamesForTypeIncludingAncestors method to search for the AclManager
[
SEC-193
] - Duplicate code in SiteminderAuthenticationProcessingFilter
[
SEC-194
] - RememberMeServices should be available when using BasicAuth logins
[
SEC-195
] - Create Acegi-backed CAS3 AuthenticationHandler
[
SEC-196
] - Update web site and documentation to reference JA-SIG CAS
[
SEC-203
] - Allow setting the AuthenticationManager onto the ConcurrentSessionController for inverted dependency
[
SEC-204
] - Better detection of malformed text in FilterInvocationDefinitionSourceEditor
[
SEC-205
] - Allow multiple URLs in DefaultInitialDirContextFactory
[
SEC-206
] - TokenBasedRememberMeServices using context root when setting cookie paths (inc code)
[
SEC-207
] - Implement countermeasures against session attacks
[
SEC-209
] - Make AbstractProcessingFilter.eventPublisher field protected
[
SEC-217
] - Improve Siteminder Filter
[
SEC-220
] - Allow ExceptionTranslationFilter to not catch exceptions
[
SEC-221
] - AbstractProcessingFilter.onPreAuthentication exceptions should be caught
[
SEC-224
] - Make Authentication.getPrincipal() for CAS return the UserDetails
[
SEC-229
] - Allow redirects to external URLs in AbstractProcessingFilter
[
SEC-231
] - Add another DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles
[
SEC-234
] - Allow WebAuthenticationDetails pluggable implementations
[
SEC-236
] - JbossAcegiLoginModule to use ApplicationContext interface
[
SEC-238
] - Add AuthenticationException to AbstractProcessingFilter.onUnsuccessfulAuthentication method signature
[
SEC-242
] - Logger in AbstractProcessingFilter
[
SEC-244
] - Column names instead of indexes for org.acegisecurity.userdetails.jdbc.JdbcDaoImpl
[
SEC-246
] - Enable late-binding of UserDetailsService on DaoAuthenticationProvider
[
SEC-247
] - Allow to specify resources that shouldn't be filtered in FilterChainProxy
[
SEC-251
] - DefaultLdapAuthoritiesPopulator: Add filter argument {1} for username as in Tomcat JNDIRealm
[
SEC-255
] - Reorder AuthenticationProcessingFilter to create HttpSession before delegating to AuthenticationDetailsSource
[
SEC-257
] - ExceptionTranslationFilter to use strategy interface for AccessDeniedException handling
[
SEC-259
] - AccessDecisionVoter: typo in JavaDoc
[
SEC-260
] - AbstractAccessDecisionManager and loggers
[
SEC-262
] - AbstractAccessDecisionManager needs standard handling ifAllAbstainDecisions
[
SEC-264
] - Introduction of LdapUserDetails and changes to LdapAuthenticator and LdapAuthoritiesPopulator interfaces
[
SEC-276
] - Restructure reference guide
New Feature
[
SEC-152
] - SecurityContextHolder to support strategy pattern
[
SEC-249
] - Add simple logout support by supplying a LogoutFilter
[
SEC-278
] - Create a tutorial sample application
Edit/Copy Release Notes
The text area below allows the project release notes to be edited and copied to another document.
Release Notes - Spring Security - Version 1.0.0 <h2> Bug </h2> <ul> <li>[<a href='https://jira.springsource.org/browse/SEC-183'>SEC-183</a>] - Avoid unnecessary HttpSession creation when using Anonymous and Remember-Me authentication </li> <li>[<a href='https://jira.springsource.org/browse/SEC-188'>SEC-188</a>] - SecurityContextHolder JavaDoc error </li> <li>[<a href='https://jira.springsource.org/browse/SEC-190'>SEC-190</a>] - CaptchaSecurityContextImpl needs to override hashcode() </li> <li>[<a href='https://jira.springsource.org/browse/SEC-192'>SEC-192</a>] - Concurrent login checking fails with CAS </li> <li>[<a href='https://jira.springsource.org/browse/SEC-197'>SEC-197</a>] - ConcurrentSessionController should count non-expired Sessions only </li> <li>[<a href='https://jira.springsource.org/browse/SEC-198'>SEC-198</a>] - AccessDeniedException removes role visibility from authz:authorize tags </li> <li>[<a href='https://jira.springsource.org/browse/SEC-199'>SEC-199</a>] - Contacts sample throws NestedServletException (500) instead of Access denied! (403) page </li> <li>[<a href='https://jira.springsource.org/browse/SEC-200'>SEC-200</a>] - Contacts sample - logging off twice causes IllegalStateException </li> <li>[<a href='https://jira.springsource.org/browse/SEC-201'>SEC-201</a>] - LdapProvider should not throw IllegalArgumentException for empty user password </li> <li>[<a href='https://jira.springsource.org/browse/SEC-202'>SEC-202</a>] - Failing to set manager password on DefaultInitialDirContextFactory causes NullPointerException </li> <li>[<a href='https://jira.springsource.org/browse/SEC-208'>SEC-208</a>] - SessionRegistryImpl giving java.util.ConcurrentModificationException </li> <li>[<a href='https://jira.springsource.org/browse/SEC-210'>SEC-210</a>] - TokenBasedRememberMeServices issue with CasProcessingFilter </li> <li>[<a href='https://jira.springsource.org/browse/SEC-211'>SEC-211</a>] - AnonymousProcessingFilter causes IllegalStateException after HttpSession invalidation (ie logout) </li> <li>[<a href='https://jira.springsource.org/browse/SEC-218'>SEC-218</a>] - RememberMeProcessingFilter adds Authentication token to SecurityContextHolder after AuthenticationException </li> <li>[<a href='https://jira.springsource.org/browse/SEC-219'>SEC-219</a>] - FilterInvocationDefinitionSourceEditor tokenizing of URLs </li> <li>[<a href='https://jira.springsource.org/browse/SEC-222'>SEC-222</a>] - AbstractAuthenticationToken Hashcode computation </li> <li>[<a href='https://jira.springsource.org/browse/SEC-223'>SEC-223</a>] - Performance of hashCode in AbstractAuthenticationToken </li> <li>[<a href='https://jira.springsource.org/browse/SEC-228'>SEC-228</a>] - URL encoding issues in CasProcessingFilterEntryPoint </li> <li>[<a href='https://jira.springsource.org/browse/SEC-230'>SEC-230</a>] - ExceptionTranslationFilter does not catch AccessDeniedException with Spring MVC M2/M3 </li> <li>[<a href='https://jira.springsource.org/browse/SEC-233'>SEC-233</a>] - AnonymousProcessingFilter - redundant creation of Authentication object causes IllegalStateException </li> <li>[<a href='https://jira.springsource.org/browse/SEC-235'>SEC-235</a>] - HttpSessionContextIntegrationFilter reset the SecurityContext </li> <li>[<a href='https://jira.springsource.org/browse/SEC-240'>SEC-240</a>] - Remove log4j.properties from release JARs </li> <li>[<a href='https://jira.springsource.org/browse/SEC-243'>SEC-243</a>] - SessionRegistryImpl.getAllSessions(Object) incorrectly includes expired and destroyed sessions </li> <li>[<a href='https://jira.springsource.org/browse/SEC-248'>SEC-248</a>] - HttpSessionContextIntegrationFilter doesn't work with HttpInvokerServiceExporter </li> <li>[<a href='https://jira.springsource.org/browse/SEC-252'>SEC-252</a>] - AbstractAuthenticationToken NullPointerException </li> <li>[<a href='https://jira.springsource.org/browse/SEC-253'>SEC-253</a>] - UserDetails JdbcDaoImpl should check for no auths after calling addCustomAuthorities </li> <li>[<a href='https://jira.springsource.org/browse/SEC-254'>SEC-254</a>] - Reference documentation for JBossAcegiLoginModule incorrect </li> <li>[<a href='https://jira.springsource.org/browse/SEC-256'>SEC-256</a>] - Contacts Sample does not use AcegiMessageSource </li> <li>[<a href='https://jira.springsource.org/browse/SEC-258'>SEC-258</a>] - Use of URI class in LdapUtils is not compatible with JDK 1.3 </li> <li>[<a href='https://jira.springsource.org/browse/SEC-266'>SEC-266</a>] - ConcurrentSessionControllerImpl doesn't permit unlimited sessions </li> <li>[<a href='https://jira.springsource.org/browse/SEC-267'>SEC-267</a>] - NamedEntityObjectIdentity not stripping cglib ehanced class names. </li> <li>[<a href='https://jira.springsource.org/browse/SEC-268'>SEC-268</a>] - Uninitialized app context problem in HttpSessionEventPublisher </li> <li>[<a href='https://jira.springsource.org/browse/SEC-269'>SEC-269</a>] - LdapAuthenticationProvider returns null userName after authentication </li> <li>[<a href='https://jira.springsource.org/browse/SEC-270'>SEC-270</a>] - Saved Request is not serializable </li> <li>[<a href='https://jira.springsource.org/browse/SEC-275'>SEC-275</a>] - Add missing dependency to acegi's maven2 pom.xml </li> <li>[<a href='https://jira.springsource.org/browse/SEC-277'>SEC-277</a>] - maven2 doesn't working with acegi because acegi-security-parent-1.0.0-RC2.pom contains non ISO-8859-1 </li> </ul> <h2> Improvement </h2> <ul> <li>[<a href='https://jira.springsource.org/browse/SEC-29'>SEC-29</a>] - Save POST request parameters before redirect </li> <li>[<a href='https://jira.springsource.org/browse/SEC-40'>SEC-40</a>] - HibernateDao.scroll() performance </li> <li>[<a href='https://jira.springsource.org/browse/SEC-92'>SEC-92</a>] - Hibernate ACL implementation </li> <li>[<a href='https://jira.springsource.org/browse/SEC-97'>SEC-97</a>] - Format Acegi's source code for readability </li> <li>[<a href='https://jira.springsource.org/browse/SEC-119'>SEC-119</a>] - Possible contribution: TemplateAuthenticationProvider and AuthenticationConditions </li> <li>[<a href='https://jira.springsource.org/browse/SEC-147'>SEC-147</a>] - BasicAclEntryAfterInvocationProvider should support processDomainObjectClass </li> <li>[<a href='https://jira.springsource.org/browse/SEC-166'>SEC-166</a>] - Add Oracle ACL 'create tables' script to documentation </li> <li>[<a href='https://jira.springsource.org/browse/SEC-172'>SEC-172</a>] - Allow SimpleAclEntry to take 'null' as recipient constructor argument </li> <li>[<a href='https://jira.springsource.org/browse/SEC-173'>SEC-173</a>] - Improve BasicAclDao.getAcls documentation </li> <li>[<a href='https://jira.springsource.org/browse/SEC-182'>SEC-182</a>] - TokenBasedRememberMeServices should return an Authentication that can be used by concurrent session services </li> <li>[<a href='https://jira.springsource.org/browse/SEC-184'>SEC-184</a>] - RunAsManager reference documentation refers to obsolete classes </li> <li>[<a href='https://jira.springsource.org/browse/SEC-185'>SEC-185</a>] - Change LdapUserSearch to allow attributes to be specified </li> <li>[<a href='https://jira.springsource.org/browse/SEC-186'>SEC-186</a>] - ExceptionTranslationFilter missing in reference documentation </li> <li>[<a href='https://jira.springsource.org/browse/SEC-187'>SEC-187</a>] - inHttp & inHttps not fully utilized in AuthenticationProcessingFilterEntryPoint </li> <li>[<a href='https://jira.springsource.org/browse/SEC-189'>SEC-189</a>] - Add accessor for InitialDirContextFactory field in DefaultLdapAuthoritiesPopulator </li> <li>[<a href='https://jira.springsource.org/browse/SEC-191'>SEC-191</a>] - AclTag class should use the BeanFactoryUtils.beanNamesForTypeIncludingAncestors method to search for the AclManager </li> <li>[<a href='https://jira.springsource.org/browse/SEC-193'>SEC-193</a>] - Duplicate code in SiteminderAuthenticationProcessingFilter </li> <li>[<a href='https://jira.springsource.org/browse/SEC-194'>SEC-194</a>] - RememberMeServices should be available when using BasicAuth logins </li> <li>[<a href='https://jira.springsource.org/browse/SEC-195'>SEC-195</a>] - Create Acegi-backed CAS3 AuthenticationHandler </li> <li>[<a href='https://jira.springsource.org/browse/SEC-196'>SEC-196</a>] - Update web site and documentation to reference JA-SIG CAS </li> <li>[<a href='https://jira.springsource.org/browse/SEC-203'>SEC-203</a>] - Allow setting the AuthenticationManager onto the ConcurrentSessionController for inverted dependency </li> <li>[<a href='https://jira.springsource.org/browse/SEC-204'>SEC-204</a>] - Better detection of malformed text in FilterInvocationDefinitionSourceEditor </li> <li>[<a href='https://jira.springsource.org/browse/SEC-205'>SEC-205</a>] - Allow multiple URLs in DefaultInitialDirContextFactory </li> <li>[<a href='https://jira.springsource.org/browse/SEC-206'>SEC-206</a>] - TokenBasedRememberMeServices using context root when setting cookie paths (inc code) </li> <li>[<a href='https://jira.springsource.org/browse/SEC-207'>SEC-207</a>] - Implement countermeasures against session attacks </li> <li>[<a href='https://jira.springsource.org/browse/SEC-209'>SEC-209</a>] - Make AbstractProcessingFilter.eventPublisher field protected </li> <li>[<a href='https://jira.springsource.org/browse/SEC-217'>SEC-217</a>] - Improve Siteminder Filter </li> <li>[<a href='https://jira.springsource.org/browse/SEC-220'>SEC-220</a>] - Allow ExceptionTranslationFilter to not catch exceptions </li> <li>[<a href='https://jira.springsource.org/browse/SEC-221'>SEC-221</a>] - AbstractProcessingFilter.onPreAuthentication exceptions should be caught </li> <li>[<a href='https://jira.springsource.org/browse/SEC-224'>SEC-224</a>] - Make Authentication.getPrincipal() for CAS return the UserDetails </li> <li>[<a href='https://jira.springsource.org/browse/SEC-229'>SEC-229</a>] - Allow redirects to external URLs in AbstractProcessingFilter </li> <li>[<a href='https://jira.springsource.org/browse/SEC-231'>SEC-231</a>] - Add another DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles </li> <li>[<a href='https://jira.springsource.org/browse/SEC-234'>SEC-234</a>] - Allow WebAuthenticationDetails pluggable implementations </li> <li>[<a href='https://jira.springsource.org/browse/SEC-236'>SEC-236</a>] - JbossAcegiLoginModule to use ApplicationContext interface </li> <li>[<a href='https://jira.springsource.org/browse/SEC-238'>SEC-238</a>] - Add AuthenticationException to AbstractProcessingFilter.onUnsuccessfulAuthentication method signature </li> <li>[<a href='https://jira.springsource.org/browse/SEC-242'>SEC-242</a>] - Logger in AbstractProcessingFilter </li> <li>[<a href='https://jira.springsource.org/browse/SEC-244'>SEC-244</a>] - Column names instead of indexes for org.acegisecurity.userdetails.jdbc.JdbcDaoImpl </li> <li>[<a href='https://jira.springsource.org/browse/SEC-246'>SEC-246</a>] - Enable late-binding of UserDetailsService on DaoAuthenticationProvider </li> <li>[<a href='https://jira.springsource.org/browse/SEC-247'>SEC-247</a>] - Allow to specify resources that shouldn't be filtered in FilterChainProxy </li> <li>[<a href='https://jira.springsource.org/browse/SEC-251'>SEC-251</a>] - DefaultLdapAuthoritiesPopulator: Add filter argument {1} for username as in Tomcat JNDIRealm </li> <li>[<a href='https://jira.springsource.org/browse/SEC-255'>SEC-255</a>] - Reorder AuthenticationProcessingFilter to create HttpSession before delegating to AuthenticationDetailsSource </li> <li>[<a href='https://jira.springsource.org/browse/SEC-257'>SEC-257</a>] - ExceptionTranslationFilter to use strategy interface for AccessDeniedException handling </li> <li>[<a href='https://jira.springsource.org/browse/SEC-259'>SEC-259</a>] - AccessDecisionVoter: typo in JavaDoc </li> <li>[<a href='https://jira.springsource.org/browse/SEC-260'>SEC-260</a>] - AbstractAccessDecisionManager and loggers </li> <li>[<a href='https://jira.springsource.org/browse/SEC-262'>SEC-262</a>] - AbstractAccessDecisionManager needs standard handling ifAllAbstainDecisions </li> <li>[<a href='https://jira.springsource.org/browse/SEC-264'>SEC-264</a>] - Introduction of LdapUserDetails and changes to LdapAuthenticator and LdapAuthoritiesPopulator interfaces </li> <li>[<a href='https://jira.springsource.org/browse/SEC-276'>SEC-276</a>] - Restructure reference guide </li> </ul> <h2> New Feature </h2> <ul> <li>[<a href='https://jira.springsource.org/browse/SEC-152'>SEC-152</a>] - SecurityContextHolder to support strategy pattern </li> <li>[<a href='https://jira.springsource.org/browse/SEC-249'>SEC-249</a>] - Add simple logout support by supplying a LogoutFilter </li> <li>[<a href='https://jira.springsource.org/browse/SEC-278'>SEC-278</a>] - Create a tutorial sample application </li> </ul>
