Monthly Archives: September 2004

Avoid duplicated info in the Spring application context

Posted on by Carlos Sanchez
Reply

Some configuration is shared across many projects and duplication must be avoided, e.g. for hibernate configuration this can be achieved using ArrayList for properties of type List and a custom class HibernateProperties for properties of type Properties.

    
        
            
        
        
            
        
        
            
        
    

    
        
            
                ${hibernate.dialect}
                ${hibernate.show_sql}
                ${hibernate.hbm2ddl.auto}
            
        
    

    
        
            
                net/sf/oness/party/model/party/bo/Party.hbm.xml

This way mappingResources can be overriden in each project for their set of classes and hibernateProperties can also be overriden to get values from JNDI as I do in the ONess project.

Released Acegi Security System for Spring 0.6.1

Posted on by Carlos Sanchez
Reply

Ben Alex has released the 0.6.1 version of the Acegi Security System for Spring.
For those who don’t know the project provides comprehensive security services for The Spring Framework. I think it’s a must if you need security in your applications (who doesn’t need?). It’s easy and powerful.

FEATURES:

* It is ready NOW
* Easy to use and deploy (eg see samples/quick-start directory)
* Enterprise-wide single sign on (via Yale Uni’s CAS project)
* Reuses your Spring expertise
* Domain object instance security
* Non-intrusive setup
* Full (but optional) container integration
* Keeps your objects free of security code
* Secures your HTTP requests (regular expressions, Ant Paths etc)
* Channel security (HTTPS/HTTP auto redirection etc)
* Supports HTTP BASIC authentication (RFC 1945)
* Convenient security taglib
* Application context or attribute-based configuration
* Various authentication backends (including JDBC)
* Event support
* Easy integration with existing databases (no schema changes)
* Caching (now pluggable, with an EHCACHE implementation)
* Pluggable architecture
* Startup-time validation
* Remoting support (demonstrated in sample application)
* Advanced password encoding (SHA, MD5, salts etc)
* Run-as replacement
* Unit tests (Clover coverage is currently 98%)
* Container integration tests
* Supports your own unit tests
* Peer reviewed
* Thorough documentation
* Apache license

CHANGES IN 0.6.1:

* Resolved to use http://apr.apache.org/versioning.html for versioning
* Added additional DaoAuthenticationProvider event when user not found
* Added Authentication.getDetails() to DaoAuthenticationProvider resp
* Added DaoAuthenticationProvider.hideUserNotFoundExceptions
* Added PasswordAuthenticationProvider for password-validating DAOs
* Added FilterToBeanProxy compatibility with ContextLoaderServlet
* Added convenience methods to ConfigAttributeDefinition
* Improved sample applications’ bean reference notation
* Clarified contract for ObjectDefinitionSource.getAttributes(Object)
* Extracted removeUserFromCache(String) to UserCache interface
* Improved ConfigAttributeEditor so it trims spaces
* Refactored UsernamePasswordAuthenticationToken.getDetails() to Object
* Fixed MethodDefinitionAttributes to implement ObjectDefinitionSource
* Fixed EH-CACHE-based caching implementation behaviour if cache exists
* Fixed Ant “release” target not including project.properties
* Fixed GrantedAuthorityEffectiveAclsResolver if null ACLs provided
* Documentation improvements

As per the Apache APR project versioning guidelines (URL above), this is
a patch release. Existing users of release 0.6 should be able to upgrade
by simply replacing the JAR(s) and testing.