Released Acegi Security System for Spring 0.6.1

Ben Alex has released the 0.6.1 version of the Acegi Security System for Spring.
For those who don’t know the project provides comprehensive security services for The Spring Framework. I think it’s a must if you need security in your applications (who doesn’t need?). It’s easy and powerful.


* It is ready NOW
* Easy to use and deploy (eg see samples/quick-start directory)
* Enterprise-wide single sign on (via Yale Uni’s CAS project)
* Reuses your Spring expertise
* Domain object instance security
* Non-intrusive setup
* Full (but optional) container integration
* Keeps your objects free of security code
* Secures your HTTP requests (regular expressions, Ant Paths etc)
* Channel security (HTTPS/HTTP auto redirection etc)
* Supports HTTP BASIC authentication (RFC 1945)
* Convenient security taglib
* Application context or attribute-based configuration
* Various authentication backends (including JDBC)
* Event support
* Easy integration with existing databases (no schema changes)
* Caching (now pluggable, with an EHCACHE implementation)
* Pluggable architecture
* Startup-time validation
* Remoting support (demonstrated in sample application)
* Advanced password encoding (SHA, MD5, salts etc)
* Run-as replacement
* Unit tests (Clover coverage is currently 98%)
* Container integration tests
* Supports your own unit tests
* Peer reviewed
* Thorough documentation
* Apache license


* Resolved to use for versioning
* Added additional DaoAuthenticationProvider event when user not found
* Added Authentication.getDetails() to DaoAuthenticationProvider resp
* Added DaoAuthenticationProvider.hideUserNotFoundExceptions
* Added PasswordAuthenticationProvider for password-validating DAOs
* Added FilterToBeanProxy compatibility with ContextLoaderServlet
* Added convenience methods to ConfigAttributeDefinition
* Improved sample applications’ bean reference notation
* Clarified contract for ObjectDefinitionSource.getAttributes(Object)
* Extracted removeUserFromCache(String) to UserCache interface
* Improved ConfigAttributeEditor so it trims spaces
* Refactored UsernamePasswordAuthenticationToken.getDetails() to Object
* Fixed MethodDefinitionAttributes to implement ObjectDefinitionSource
* Fixed EH-CACHE-based caching implementation behaviour if cache exists
* Fixed Ant “release” target not including
* Fixed GrantedAuthorityEffectiveAclsResolver if null ACLs provided
* Documentation improvements

As per the Apache APR project versioning guidelines (URL above), this is
a patch release. Existing users of release 0.6 should be able to upgrade
by simply replacing the JAR(s) and testing.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s