差沙的密码 -- SSHWSFC's code
阅读本Blog请自备塑料袋一只
posts - 14,  comments - 59,  trackbacks - 0
acegi1.0发布,其实有点出乎意料,因为我一向认为acegi的代码已经相当稳定了,但是acegi力求精益求精,从新版还是能看到不少实用的改动和升级。这里简单分析一下。

[SEC-183] - Avoid unnecessary HttpSession creation when using Anonymous and Remember-Me authentication

以前如果使用HttpSessionContextIntegrationFilter的话,不管你是否需要创建session,他都会给你创建。这在一些Base验证的时候是多余的。现在加上了forceEagerSessionCreation,在创建session的时候做了控制。

[SEC-29] - Save POST request parameters before redirect

在前几个版本出现这个问题,如果实现了登陆自动跳转,acegi仅仅是简单记录了URL,没有深入的纪录信息。新版本中acegi不仅仅是保持POST中的数据不会丢失,request里面的东西几乎全都序列化保存下来了,实现可以看看SavedRequest。

[SEC-40] - HibernateDao.scroll() performance

[SEC-92] - Hibernate ACL implementation

这个比较激动的改进在1.0的源码中没有找到,看alex的意思好像是仅仅提供各演示,目的是为了生成数据脚本方便点。(其实这个还真的没法做成特别通用的,毕竟每个人的ACL实现都有可能不同)

[SEC-147] - BasicAclEntryAfterInvocationProvider should support processDomainObjectClass

对List进行ACL交验的时候,会把第一个元素取出,看看是否AssignableFrom这个processDomainObjectClass ,算是做一下安全检查吧。

[SEC-172] - Allow SimpleAclEntry to take 'null' as recipient constructor argument

其实应该是不允许recipient 为空。

[SEC-187] - inHttp & inHttps not fully utilized in AuthenticationProcessingFilterEntryPoint

[SEC-191] - AclTag class should use the BeanFactoryUtils.beanNamesForTypeIncludingAncestors method to search for the AclManager

AclTag在寻找AclManager 时候会更加灵活了,得益于spring的强大。

<明天继续吧。。。。>

[SEC-194] - RememberMeServices should be available when using BasicAuth logins

[SEC-195] - Create Acegi-backed CAS3 AuthenticationHandler

[SEC-196] - Update web site and documentation to reference JA-SIG CAS

[SEC-203] - Allow setting the AuthenticationManager onto the ConcurrentSessionController for inverted dependency

[SEC-204] - Better detection of malformed text in FilterInvocationDefinitionSourceEditor

[SEC-205] - Allow multiple URLs in DefaultInitialDirContextFactory

[SEC-206] - TokenBasedRememberMeServices using context root when setting cookie paths (inc code)

[SEC-207] - Implement countermeasures against session attacks

[SEC-209] - Make AbstractProcessingFilter.eventPublisher field protected

[SEC-217] - Improve Siteminder Filter

[SEC-220] - Allow ExceptionTranslationFilter to not catch exceptions

[SEC-221] - AbstractProcessingFilter.onPreAuthentication exceptions should be caught

[SEC-224] - Make Authentication.getPrincipal() for CAS return the UserDetails

[SEC-229] - Allow redirects to external URLs in AbstractProcessingFilter

[SEC-231] - Add another DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles

[SEC-234] - Allow WebAuthenticationDetails pluggable implementations

[SEC-236] - JbossAcegiLoginModule to use ApplicationContext interface

[SEC-238] - Add AuthenticationException to AbstractProcessingFilter.onUnsuccessfulAuthentication method signature

[SEC-242] - Logger in AbstractProcessingFilter

[SEC-244] - Column names instead of indexes for org.acegisecurity.userdetails.jdbc.JdbcDaoImpl

[SEC-246] - Enable late-binding of UserDetailsService on DaoAuthenticationProvider

[SEC-247] - Allow to specify resources that shouldn't be filtered in FilterChainProxy

[SEC-251] - DefaultLdapAuthoritiesPopulator: Add filter argument {1} for username as in Tomcat JNDIRealm

[SEC-255] - Reorder AuthenticationProcessingFilter to create HttpSession before delegating to AuthenticationDetailsSource

[SEC-257] - ExceptionTranslationFilter to use strategy interface for AccessDeniedException handling

[SEC-259] - AccessDecisionVoter: typo in JavaDoc

[SEC-260] - AbstractAccessDecisionManager and loggers

[SEC-262] - AbstractAccessDecisionManager needs standard handling ifAllAbstainDecisions

[SEC-264] - Introduction of LdapUserDetails and changes to LdapAuthenticator and LdapAuthoritiesPopulator interfaces

[SEC-276] - Restructure reference guide

posted on 2006-06-01 23:05 差沙 阅读(544) 评论(0)  编辑  收藏

只有注册用户登录后才能发表评论。


网站导航:
 
这家伙很懒,但起码还是写了一句话。

<2006年6月>
28293031123
45678910
11121314151617
18192021222324
2526272829301
2345678

常用链接

留言簿(8)

随笔分类

随笔档案

文章分类

搜索

  •  

最新评论

阅读排行榜

评论排行榜