Spring Security 2.0.0 is now available.

Download | Changelog | Announcement | Web Site

After almost two years of development, Spring Security 2.0.0 is now available for download. This significant new release replaces Acegi Security as the official security module for Spring applications. It offers substantially simplified configuration, and countless other new capabilities including OpenID, NTLM, JSR 250 annotations, AspectJ pointcut support, domain ACL enhancements, RESTful URI authorization, groups, hierarchical roles, user management API, database-backed "remember me", portlet authentication, additional languages, Web Flow 2.0 support, Spring IDE visualization and auto-completion, enhanced WSS support via Spring Web Services 1.5 and much more.

Spring Security 2.0.0 RC1 is now available.

Download | Changelog | Announcement

Over 65 issues have been addressed, including OpenID integration, a new "protect-pointcut" for AspectJ expressions, dynamic retrieval of method authorization metadata, support for method authorization on all method types (interface, class, bridge, generic, superclass), restful URI authorization, namespace improvements, dependency updates and much more!

I was cruising the blogosphere today and encountered one of the shortest blogs I've ever read. To quote nearly the entire entry, "Every time you use Acegi, a fairy dies. The sad thing is there really isn't anything better around...".

Between our community forums, developer lists, JIRA, user conference BOFs, training, support, consulting and team blog, we receive a great deal of community feedback. There is little doubt that many people have sought improvements to the Spring Security (formerly Acegi) configuration format, and we've invested a lot of time in making that possible.

As I'll be presenting at next week's Spring Experience conference, Spring Security 2.0.0 M1 features tremendously simplified configuration. You will now be able to add Spring Security to your…

Acegi Security 1.0.4 is now available.

There are over 50 issues addressed in this release. Existing user can upgrade to release 1.0.4 with a simple JAR drop.

Please visit http://tinyurl.com/2qey2l for a detailed changelog.

The project's web site at http://acegisecurity.org provides additional information on Acegi Security's features, access to online documentation, and links to download the latest release.

Please note that the next release of Acegi Security will be known as Spring Security 2.0.0 M1. We anticipate releasing this within the next 7-14 days, and it will offer Spring 2 namespace…

Between Rod's recent blog on the origins of the Interface name, a recent thread querying the renaming of Acegi Security, and a suggestion late last year from my colleague Ben Hale to blog about the origins of the "Acegi" name, I've decided that it's probably time to do so!

First of all, the pronunciation: it's "ah-see-gee". Now that we've got that out of the way, let's go through where it came from:

• Back in the early 1990s, I started a bulletin board system. I still remember using my first 300 baud modem, and actually watching the characters appearing at the same speed as I could read them! Anyway, a BBS required a name, and I quite liked "Midnight BBS" (or was it "Lightning BBS"?). After attempting to register my preferred name with the Australian BBS Registry, I received a phone call to be informed that the name was taken. I searched for another name, found no conflicts, and changed all of my screens (anyone remember Avatar?). I then went to register the BBS with its new name, although someone else had just beaten me to the same name. There were about 800 BBSes in Australia around the time - this was competitive stuff! So, I decided to go with something that was guaranteed to be original: characters 1, 3, 5, 7 and 9 from the English alphabet. Acegi BBS was then born.
• This was the BBS heyday. It had callers from all across Australia, and it was the first BBS in our area code to acquire the seemingly limitless capacity of a CD-ROM. I became the 3:624 network coordinator for Fidonet and helped distributed "echomail" throughout our region. Before long, people started sending cheques payable to "Acegi BBS", as they wanted greater file download limits and access to Fidonet's netmail.
• Because I needed to cash cheques with "Acegi" in the name, in early 1993 we decided to register a business name. Acegi Computer Technology was selected, and people happily made out their cheques accordingly.
• In about 1995, I moved to Sydney with work. Dial-up Internet was just starting to become publicly available in Australia (it still cost around $5 per hour for modem access!). Because a BBS draws most of its users from a particular local area and I was leaving that area, I gave Acegi BBS to a friend to continue running. He too subsequently moved, and passed the BBS to another friend. I lost track after that. I did a Google for "Acegi BBS" and even found an old 1995 record of it.
• By 1996 I needed a company for my IT projects, so Acegi Technology Pty Limited was born. It has remained operational since.
• Sometime around November 2003, I wrote what eventually became Acegi Security. I put it into a ZIP file and shot it across to Rod and Juergen. I proposed the new project be called "Spring Security". However, they didn't have time to fully review it at that stage, so suggested I simply get it out there as "_____ Security System for Spring". As such, I prefixed "Acegi" into the name. As of today there are about 660,000 hits on Google for a search of "Acegi", and nearly all of it relates to the security framework.

For those of you who haven't heard of the Spring portfolio, you'll be hearing more about it over the coming months. Spring is really a family of related products with comparable technical and cultural dimensions. Every product in the Spring portfolio shares a consistent quality of architecture, key design patterns, codebase, documentation, test coverage, friendly community, open source licensing, integrated samples, release roadmap and availability of commercial services (such as in-depth training and support) from Interface21…

For some time I have been interested in client-centric, web-based user interfaces. These Generation IV frameworks are characterised by their component-based, event-driven programming model, and focus on the presentation logic residing entirely on the client. Targeting a web browser in this manner typically necessitates the use of JavaScript or Flash, which in itself imposes a number of unique challenges.

It is possible to address many of these challenges if we can program in Java and automatically produce a JavaScript or Flash runtime module. Two well-known products for achieving this today are Google Web Toolkit (GWT) and Open Laszlo respectively. Both are available under OSI-approved licenses and have active communities, together with their own unique complexity. One consideration is to what extent they fulfil an objective of providing a transparent Java-based development environment that targets web browser deployment. This consideration has several facets, including IDE support, debugging integration, reflective capabilities, runtime widget binding and alike. All of…

Last month Rod Johnson presented at three Australian Spring User Group meetings a session entitled, "What's New and Cool in Spring 2.0". Rod mentioned during those meetings that I'd make his presentation available, so here it is.

There are some other recent presentations that people have also been emailing me about. In no particular order, here is the latest:

• If you're looking for Rod's other session, "Simplifying Enterprise Applications with AOP", you can download it directly from the Sydney Java User Group web site.
• The Real Object Oriented (ROO) presentation I gave at two Enterprise Java Australia meetings will not be published. These slides have been superseded by the more recent and detailed session I gave at The Spring Experience.
• My "Fast Hop into Real Object Oriented (ROO) Applications" session from The Spring Experience will be published on this blog shortly. I'm currently working on a video to go along with it.
• Coverage of Acegi Security 1.0.3's new ACL capability in my "Beyond Low-Hanging Fruit: Domain Access Control List" session will also be published here shortly. In the meantime, Acegi Security SVN now contains the sample application (SEC-415).

If you're reading this blog, chances are that you already know Spring is a pretty popular framework. Most J2EE developers who've ever used it simply love it, as illustrated by 12+ books, 1,000,000+ downloads, 14,000+ forum members etc. Still, even I was surprised when my Australian Spring user group announcement a little over a week ago generated this much interest... As of today, we've had over five hundred registrations to attend these three meetings. Indeed, we've needed to move the Sydney meeting to larger premises, with the Brisbane and Melbourne meetings almost booked out. If you're…

After more than two and a half years of development, I am delighted to announce that Acegi Security 1.0.0 is now officially released.

Download | Documentation | Changelog 

In addition to more than 80 improvements and fixes since 1.0.0 RC2, this new release includes several changes to help new users. This entails a significant restructure and expansion of the reference guide (now at more than 90 pages) and a new "bare bones" tutorial sample application.

Furthermore, many of the frequently-identified problems experienced by new users have been addressed, such as:

• custom 403 messages (as opposed to using the Servlet Container's error handler)
• detecting corrupt property input following the reformatting of XML files
• a new logout filter. 

We've also refactored our LDAP services, made the SecurityContextHolder a pluggable strategy (especially useful for rich clients who wish to avoid ThreadLocal), and improved CAS support.

Please visit here for a detailed changelog. As always, detailed upgrade instructions are included in the release ZIP file.

The project's web site at http://acegisecurity.org provides additional information on Acegi Security's features, access to online documentation, and links to download the latest release. I will also be providing a presentation on Acegi Security at SpringOne next month, so I hope to see you there.