[SEC-183] - Avoid unnecessary HttpSession creation when using Anonymous and Remember-Me authentication
以前如果使用HttpSessionContextIntegrationFilter的话,不管你是否需要创建session,他都会给你创建。这在一些Base验证的时候是多余的。现在加上了forceEagerSessionCreation,在创建session的时候做了控制。
[SEC-29] - Save POST request parameters before redirect
在前几个版本出现这个问题,如果实现了登陆自动跳转,acegi仅仅是简单记录了URL,没有深入的纪录信息。新版本中acegi不仅仅是保持POST中的数据不会丢失,request里面的东西几乎全都序列化保存下来了,实现可以看看SavedRequest。
[SEC-40] - HibernateDao.scroll() performance
[SEC-92] - Hibernate ACL implementation
这个比较激动的改进在1.0的源码中没有找到,看alex的意思好像是仅仅提供各演示,目的是为了生成数据脚本方便点。(其实这个还真的没法做成特别通用的,毕竟每个人的ACL实现都有可能不同)
[SEC-147] - BasicAclEntryAfterInvocationProvider should support processDomainObjectClass
对List进行ACL交验的时候,会把第一个元素取出,看看是否AssignableFrom这个processDomainObjectClass ,算是做一下安全检查吧。
[SEC-172] - Allow SimpleAclEntry to take \'null\' as recipient constructor argument
其实应该是不允许recipient 为空。
[SEC-187] - inHttp inHttps not fully utilized in AuthenticationProcessingFilterEntryPoint
[SEC-191] - AclTag class should use the BeanFactoryUtils.beanNamesForTypeIncludingAncestors method to search for the AclManager
AclTag在寻找AclManager 时候会更加灵活了,得益于spring的强大。
明天继续吧。。。。
[SEC-194] - RememberMeServices should be available when using BasicAuth logins
[SEC-195] - Create Acegi-backed CAS3 AuthenticationHandler
[SEC-196] - Update web site and documentation to reference JA-SIG CAS
[SEC-203] - Allow setting the AuthenticationManager onto the ConcurrentSessionController for inverted dependency
[SEC-204] - Better detection of malformed text in FilterInvocationDefinitionSourceEditor
[SEC-205] - Allow multiple URLs in DefaultInitialDirContextFactory
[SEC-206] - TokenBasedRememberMeServices using context root when setting cookie paths (inc code)
[SEC-207] - Implement countermeasures against session attacks
[SEC-209] - Make AbstractProcessingFilter.eventPublisher field protected
[SEC-217] - Improve Siteminder Filter
[SEC-220] - Allow ExceptionTranslationFilter to not catch exceptions
[SEC-221] - AbstractProcessingFilter.onPreAuthentication exceptions should be caught
[SEC-224] - Make Authentication.getPrincipal() for CAS return the UserDetails
[SEC-229] - Allow redirects to external URLs in AbstractProcessingFilter
[SEC-231] - Add another DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles
[SEC-234] - Allow WebAuthenticationDetails pluggable implementations
[SEC-236] - JbossAcegiLoginModule to use ApplicationContext interface
[SEC-238] - Add AuthenticationException to AbstractProcessingFilter.onUnsuccessfulAuthentication method signature
[SEC-242] - Logger in AbstractProcessingFilter
[SEC-244] - Column names instead of indexes for org.acegisecurity.userdetails.jdbc.JdbcDaoImpl
[SEC-246] - Enable late-binding of UserDetailsService on DaoAuthenticationProvider
[SEC-247] - Allow to specify resources that shouldn\'t be filtered in FilterChainProxy
[SEC-251] - DefaultLdapAuthoritiesPopulator: Add filter argument {1} for username as in Tomcat JNDIRealm
[SEC-255] - Reorder AuthenticationProcessingFilter to create HttpSession before delegating to AuthenticationDetailsSource
[SEC-257] - ExceptionTranslationFilter to use strategy interface for AccessDeniedException handling
[SEC-259] - AccessDecisionVoter: typo in JavaDoc
[SEC-260] - AbstractAccessDecisionManager and loggers
[SEC-262] - AbstractAccessDecisionManager needs standard handling ifAllAbstainDecisions
[SEC-264] - Introduction of LdapUserDetails and changes to LdapAuthenticator and LdapAuthoritiesPopulator interfaces
[SEC-276] - Restructure reference guide
posted on 2006-06-01 23:05 差沙 阅读(507) 评论(0) 编辑 收藏本文链接: http://acegi0.immuno-online.com/view-724494.html