|
|
|
|
@ -2,16 +2,59 @@
@@ -2,16 +2,59 @@
|
|
|
|
|
Spring Security |
|
|
|
|
-------------------------------- |
|
|
|
|
|
|
|
|
|
What is Spring Security? |
|
|
|
|
Spring Security |
|
|
|
|
|
|
|
|
|
Formerly the Acegi Security System for Spring (which became an official Spring |
|
|
|
|
Portfolio project towards the end of 2007), Spring Security provides powerful and |
|
|
|
|
Formerly the Acegi Security System for Spring, Spring Security provides powerful and |
|
|
|
|
flexible security solutions for enterprise applications developed using the Spring Framework. |
|
|
|
|
It is a stable and mature product - Acegi Security 1.0.0 was released in May 2006 after more than two and a half |
|
|
|
|
years of use in large production software projects. |
|
|
|
|
years of use in large production software projects and adopted as an official Spring sub-project on its release. |
|
|
|
|
|
|
|
|
|
Spring Security 2.0 builds on Acegi Security's solid foundations, adding new features such as a simplified |
|
|
|
|
namespace configuration syntax. |
|
|
|
|
|
|
|
|
|
Spring Security 2.0.0 builds on Acegi Security's solid foundations, adding many new features: |
|
|
|
|
|
|
|
|
|
* Simplified namespace-based configuration syntax. Old configurations |
|
|
|
|
could require hundreds of lines of XML but our new convention over configuration |
|
|
|
|
approach ensures that many deployments will now require less than 10 lines. |
|
|
|
|
|
|
|
|
|
* OpenID integration, which is the web's emerging single sign on |
|
|
|
|
standard (supported by Google, IBM, Sun, Yahoo and others) |
|
|
|
|
|
|
|
|
|
* Windows NTLM support, providing easy enterprise-wide single sign on |
|
|
|
|
against Windows corporate networks |
|
|
|
|
|
|
|
|
|
* Support for JSR 250 ("EJB 3") security annotations, delivering a |
|
|
|
|
standards-based model for authorization metadata |
|
|
|
|
|
|
|
|
|
* AspectJ pointcut expression language support, allowing developers to |
|
|
|
|
apply cross-cutting security logic across their Spring managed objects |
|
|
|
|
|
|
|
|
|
* Substantial improvements to the high-performance domain object |
|
|
|
|
instance security ("ACL") capabilities |
|
|
|
|
|
|
|
|
|
* Comprehensive support for RESTful web request authorization, which |
|
|
|
|
works well with Spring 2.5's @MVC model for building RESTful systems |
|
|
|
|
|
|
|
|
|
* Long-requested support for groups, hierarchical roles and a user |
|
|
|
|
management API, which all combine to reduce development time and |
|
|
|
|
significantly improve system administration |
|
|
|
|
|
|
|
|
|
* An improved, database-backed "remember me" implementation |
|
|
|
|
|
|
|
|
|
* Support for portlet authentication out-of-the-box |
|
|
|
|
|
|
|
|
|
* Support for additional languages |
|
|
|
|
|
|
|
|
|
* Numerous other general improvements, documentation and new samples |
|
|
|
|
|
|
|
|
|
* New support for web state and flow transition authorization through |
|
|
|
|
the Spring Web Flow 2.0 release |
|
|
|
|
|
|
|
|
|
* New support for visualizing secured methods, plus configuration |
|
|
|
|
auto-completion support in Spring IDE |
|
|
|
|
|
|
|
|
|
* Enhanced WSS (formerly WS-Security) support through the Spring Web |
|
|
|
|
Services 1.5 release |
|
|
|
|
|
|
|
|
|
* Updated support for CAS single sign-on (CAS 3 is now supported). |
|
|
|
|
|
|
|
|
|
~~ TODO: Expand based on original Acegi page. |
|
|
|
|
|
|
|
|
|
~~ TODO: Expand based on original Acegi page to supply full feature set. |
Luke Taylor
18 years ago