Spring LDAP CHANGELOG ===================== http://www.springframework.org/ldap http://www.ietf.org/rfc/rfc1960.txt http://www.ietf.org/rfc/rfc2251.txt http://www.ietf.org/rfc/rfc2252.txt http://www.ietf.org/rfc/rfc2253.txt http://www.ietf.org/rfc/rfc2254.txt http://www.ietf.org/rfc/rfc2255.txt http://www.ietf.org/rfc/rfc2256.txt http://www.ietf.org/rfc/rfc2696.txt http://www.ietf.org/rfc/rfc2829.txt Changes in version 1.3.1 (November 2010) ------------------------------------------- * Added an object-directory mapping framework (ODM). Contributed by Paul Harvey. * Added an LDIF parsing framework. Contributed by Keith Barlow. * Added an extension to ContextMapperCallbackHandler that can provide the associated mapper with an indication that the response is different for each search result. (LDAP-185) * AbstractTlsDirContextAuthenticationStrategy now provides a setter for customizing SSLSocketFactory used for TLS negotiation. (LDAP-180) * DirContextAdapter.getObjectAttribute now returns null if the attribute exists but with no value. Added method attributeExists for cases where it has to be detected whether it was one or the other. (LDAP-215) * Added LookupAttemptingCallback for performing operation in authenticated context. (LDAP-203) * Added utility methods for converting a Windows security identifier (SID) between a binary format and a slightly more readable string format. http://msdn.microsoft.com/en-us/library/aa379571%28VS.85%29.aspx (LDAP-187) * Added authentication methods that provide a possible authentication exception through an AuthenticationErrorCallback. (LDAP-192) * Authentication methods now treat a search result of more than one user as an error and throw IncorrectResultSizeDataAccessException. (LDAP-170) * Authentication methods now log problems at level INFO rather than ERROR. (LDAP-170) * It's now possible to control the case folding of attribute keys in DistinguishedName by setting the system property DistinguishedName.KEY_CASE_FOLD_PROPERTY to one of "lower", "upper", or "none". (LDAP-188) * DIGEST-MD5 SASL authentication mechanism is now supported, as specified by RFC 2829 (see http://www.ietf.org/rfc/rfc2829.txt, section 4). (LDAP-173) Contributed by Marvin S. Addison. * DefaultDirObjectFactory calls a Java5 version of the IllegalArgumentException constructor. (LDAP 196) * DirContextAdapter JavaDoc now states clearly that several methods are not implemented on purpose. (LDAP-208) * Class-level JavaDoc for OrFilter no longer uses AndFilter in sample code. (LDAP-217) * Upgraded Spring to 2.5.6.SEC02 and 3.0.3.RELEASE. (LDAP-210) * Upgraded Spring to 2.5.6.SEC01. (LDAP-194) * Build is no longer using the default platform encoding, but UTF-8. (LDAP-201) Changes in version 1.3.0 (Jan 2009) ------------------------------------------- * Added methods for simple LDAP 'bind' authentication in LdapOperations and SimpleLdapOperations. The methods will perform a search given a supplied filter, call ContextSource#getContext(dn, password), and optionally callback to a supplied instance to perform an LDAP operation on the context. * Re-used the same fix for LDAP-109 and LDAP-50 that was used in DefaultDirObjectFactory to secure the DirContextAdapter constructors from invalid CompositeNames. * Made sure DirContextOperations#addAttributeValue(String, Object) does not add any duplicate values per default; added alternate method: DirContextOperations#addAttributeValue(String, Object, boolean) to enable behavior other than the default (i.e. allowing duplicates). * Made sure that DirContextAdapter#setDn() throws exception if in update mode (The value is not set anyway, and this was previously silently ignored). * Improved more search methods that take handlers so that they will work with handlers that use ContextMappers, e.g. ContextMapperCallbackHandler. (LDAP-162) * Made sure article sample tests are possible to run without running web application (i.e. tests automatically start internal LDAP server). (LDAP-143) * SortControlDirContextProcessor no longer has hard dependencies to controls in LDAP Booster Pack. (LDAP-159) * Common code in DirContextProcessor implementations has been pulled up to a base class called AbstractFallbackRequestAndResponseControlDirContextProcessor. (LDAP-161) * PagedResultsRequestControl has been deprecated in favor of PagedResultsDirContextProcessor, which takes advantage of the new AbstractFallbackRequestAndResponseControlDirContextProcessor. (LDAP-160) * Added spring-tx as required dependency (the DataAccessExceptions require this). * Added demo projects to simplify refactoring demonstrations. (LDAP-154) * Added LdapEntryIdentification, a simple bean containing the DNs of an LDAP entry, relative to the base context as well as absolute. Also added special ContextMapper implementation producing these entries; LdapEntryIdentificationContextMapper. (LDAP-149) * Added LdapTemplate#searchForObject(base, filter, mapper) and SimpleLdapTemplate#searchForObject(base, filter, mapper); methods to search for a single object, analogous to JdbcTemplate#queryForObject(). (LDAP-150) * DistinguishedName (LdapRdnComponent really) now correctly calculates the hashCode for names where case differs, and now correctly adheres to the equals/hashCode contract. (LDAP-151) * Various improvements to immutability of DistinguishedNames throughout the framework. DistinguishedName#immutableDistinguishedName now produces a truly immutable copy of the original. Also made sure that it is not possible to accidentally alter the internal state of e.g. DirContextAdapter by modifying its DistinguishedName - copies are now returned in DirContextAdapter#getDn() and DirContextAdapter#getBase(). (LDAP-146) * Added LdapTemplate#rebind(DirContextOperations). (LDAP-144) * Added PresentFilter and NotPresentFilter to simplify searching for presence or absence of an attribute. (LDAP-152) * Added DirContextAdapter constructor that takes its DN as a String. (LDAP-145) Changes in version 1.3.0.RC1 (Oct 2008) ------------------------------------------- * TLS connections are now supported using the DefaultTlsDirContextAuthenticationStrategy and ExternalTlsDirContextAuthenticationStrategy. (LDAP-8) * NameNotFound is no longer silently ignored in searches. It is possible to use the old behavior by setting the ignoreNameNotFoundException property to true in LdapTemplate. (LDAP-134) * Referrals can now be handled by setting the property 'Context.REFERRAL' to 'follow' in the base context supplied to AbstractContextSource, provided that name servers are set up properly. Any DirContextAdapter instances resulting from referrals will provide the URL of the referred server in getReferralUrl(). (LDAP-136, LDAP-9) * The hard dependency on LDAP Booster Pack has now been completely removed, preventing NoClassDefFoundErrors when using Paged Results without that library on the classpath. (LDAP-110, LDAP-118) * The dreaded problem with '\' in Distinguished Names is now resolved. (LDAP-50, LDAP-109) * Added bind method that takes a DirContextOperations instance as parameter, performing the bind using the DN and Attributes from the DirContextOperations instance. (LDAP-140) * DistinguishedName now returns compactly formatted String representations from toString, e.g.: cn=John Doe,ou=Company,c=Sweden rather than cn=John Doe, ou=Company, c=Sweden To keep using the old formatting (for backward compatibility) set the system property org.springframework.ldap.core.spacedDnFormat to true. (LDAP-138, LDAP-112, LDAP-91) * Changed default of 'pooling' flag in AbstractContextSource. This now defaults to false; consider the Spring LDAP PoolingContextSource as the preferred alternative to using the built-in Java Connection Pooling. * Added configuration property to AbstractContextSource to specify referral behavior. Setting this property to 'follow' will enable referrals to be automatically followed, provided that the name server environment is properly set up. * Now using Maven for building internally. (LDAP-80, LDAP-82, LDAP-95) * Added HardcodedFilter class and corresponding PropertyEditor FilterEditor, to allow for easily working with pre-encoded search filters e.g. in configuration files. (LDAP-28) * Added ContextSourceAndHibernateTransactionManager to enable integration of client-side LDAP Transactions in a Hibernate environment. (LDAP-115) * Added append method to BinaryLogicalFilter allowing client code to use and/or filters from the same code. (LDAP-116) * Introduced DirContextAuthenticationStrategy to AbstractContextSource to enable more flexible context authentication strategies, e.g. TLS and Proxy Auth. (LDAP-124) * Corrected reference doc claiming DataAccessException hierarchy. (LDAP-106) * Probably the most requested feature of all - a plain method for simple authentication is now provided in the ContextSource interface. (LDAP-39, LDAP-103) * The order of multi-valued attributes is now properly preserved by DirContextAdapter#getModificationItems(). (LDAP-96) * ContextSourceTransactionManager now properly throws a CannotCreateTransactionException if anything goes wrong in doBegin(). (LDAP-122) * It is now possible to set the criticality on PagedResultsControl. (LDAP-126) * DirContextAdapter now has a getObjectAttributes method, as stated in reference docs. (LDAP-137) * DirContextAdapter#getStringAttributes, getObjectAttributes, and getAttributeSortedStringSet now all return null if the requested Attribute is not present, and an empty result (array or set) if present but empty. (LDAP-130) * SimpleLdapOperations/SimpleLdapTemplate now has mirrored methods that take Name parameters. (LDAP-139) * Fixed documentation glitch regarding ContextSourceAndDataSourceTransactionManager. (LDAP-99) * Added the possibility to configure the search scope on DefaultDirContextValidator. Changed the default to OBJECT_SCOPE. (LDAP-121) * Fixed DistinguishedName parsing error; \r is now allowed in Distinguished Names, complying with LDAP v3 DN RFC. (LDAP-97) * Moved SingleContextSource from an obscure inner class to a top-level class. This class doesn't close the DirContext, but reuses the same. Useful for scenarios like Paged Results. (LDAP-114) * Removed deprecated method setUserName() in AbstractContextSource. * Added a method DistinguishedName.toCompactString that returns a more compact String representation without blanks. (LDAP-91) * Improved search methods that take handlers so that they will work with handlers that use ContextMappers, eg ContextMapperCallbackHandler. (LDAP-107) * Fixed a problem where the narrowest possible exception subclass was not always found in the exception translation. (LDAP-100) * Made changes required for paged results to work when using Spring LDAP connection pool with a single connection. (LDAP-114) * Removed AcegiAuthenticationSource - use SpringSecurityAuthenticationSource (included with Spring Security) instead. * Upgraded commons-lang to 2.3. * Upgraded Spring to 2.5.6. (LDAP-125) Changes in version 1.2.1 (Dec 2007) ------------------------------------------- * Added pooling library which features flexible connection validation and better configuration than the built-in pooling. (LDAP-85) * Fixed a problem in AbstractContextSource which led to an unnecessary reference to the LDAP Booster Pack (ldapbp). (LDAP-88, LDAP-89) * Added missing package description and updated copyright. (LDAP-92) * Added build instructions. (LDAP-27) * Fixed bug in SimpleLdapTemplate where the wrong target method was being called. (LDAP-93) * Made createContext in AbstractContextSource protected rather than package private. (LDAP-94) Changes in version 1.2 (Oct 2007) ------------------------------------------- A number of API-breaking changes have been made in the 1.2 release compared to version 1.1.2. Consequently this is NOT a drop-in replacement for Spring LDAP 1.1.2, though upgrading should not present all that much work. Please see the supplied upgrade guide for details. * Added getContextSource on LdapTemplate. * The following getters on AbstractContextSource have been added: getContextFactory getDirObjectFactory getAuthenticationSource getUrls (was protected) isPooled isAnonymousReadOnly * Upgraded to Spring 2.0.6 internally. Spring 1.2.x is still supported. * Reviewed all javadoc. * Revised reference manual. * AbstractConnection source now actively removes pooling flag from context environment if pooling is set to 'false'. (LDAP-83) * AcegiAuthenticationSource now supports anonymous authentication. (LDAP-67) * Added BaseLdapPathSource, BaseLdapPathAware and BaseLdapNameBeanPostProcessor to be used if the ContextSource base path is needed by beans. There is now also a DistinguishedNameEditor available for directly injecting DistinguishedName instances to beans. (LDAP-86) * Added immutableDistinguishedName() method in DistinguishedName to get an immutable copy of the instance. (LDAP-87) * Added easier access methods for RDN attributes and values. (LDAP-71) * Added lookupContext() and alternate modifyAttributes() in LdapOperations/LdapTemplate to simplify updates. (LDAP-78) * Modified append() method in DistinguishedName. This method now returns the instance, to enable more fluent building of DistinguishedNames. (LDAP-74) * Added SimpleLdapTemplate providing Java 5 generics support. (LDAP-72) * Added AbstractContextMapper implementation. (LDAP-76) Changes in version 1.2-RC1 (5.12.2007) ------------------------------------------- A number of API-breaking changes have been made in this release, mainly package restructuring stuff (LDAP-33). Consequently this is NOT a drop-in replacement for Spring LDAP 1.1.2, though upgrading should not present all that much work. Please see the supplied upgrade guide for details. * Restructured packages (LDAP-33): - Moved the core classes into the package ldap.core. - Moved subpackages of ldap.support to top level. - Moved most classes in ldap.support to ldap.core or ldap.core.support. - Moved classes in ldap.utils to ldap.support and removed ldap.utils. * Changed the exception hierarchy to be an unchecked mirror of the JNDI NamingException hierarchy (LDAP-4). * Deprecated the userName property in AbstractContextSource and changed it to the more correct userDn (LDAP-18). * Fixed bug causing PagedResultsRequestControl processing to fail against AD in the case of a PartialResultsException (LDAP-32). * Fixed bug causing NullPointerException in some environments when performing PagedResultsRequestControl search (LDAP-37). * Implemented client-side transaction support for Spring LDAP. See reference documentation for further information (LDAP-29). * DirContextAdapter.setAttribute() now properly updates updatedAttrs in update mode (resulting in ModificationItems if applicable) (LDAP-15). * Exceptions thrown by Spring LDAP are now always Serializable, regardless of whether the wrapped NamingException is (which is not always the case) (LDAP-14). * LdapRdnComponent now implements Serializable (LDAP-45). * Rewrote LdapEncoder.nameDecode() to solve problem with national characters and remove regular expression used in parsing, drastically improving Distinguished Name parsing performance as a bonus (LDAP-30). * The DefaultDirObjectFactory.JNDI_ENV_BASE_PATH_KEY has been deprecated. If the base property needs to be accessed from a subclass to AbstractContextSource, use the new protected method getBase (LDAP-55). * LdapContextSource.getAnonymousEnv no longer sets a broken ResponseControlFactory in the environment (LDAP-64). * Upgraded ApacheDS to 1.0.0 (LDAP-32). * Upgraded to Acegi Security 1.0.3 (LDAP-61). * Upgraded to ApacheDS 1.0.0 (LDAP-32). * Upgraded to Spring 2.0.4 internally. Spring 1.2.x is still supported (LDAP-35, LDAP-51). * Upgraded to Spring WebFlow 1.0.2 in the Person sample (LDAP-60). * Fixed a number of documentation errors and typos (LDAP-41, LDAP-40, LDAP-47, LDAP-48). * Extracted useful inner classes from LdapTemplate to top-level classes (LDAP-42). * Implemented addAttributeValue and removeAttributeValue in DirContextAdapter (LDAP-5). * Modified DirContextOperations interface so that getNameInNamespace doesn't throw NamingException. * Fixed NullPointerException when getting PagedResultsRequestControl response (LDAP-66). * Rewrote logic i DirContextAdapter.getModificationItems(). The JNDI provider's Attribute comparison logic is now used internally. Also, REMOVE_ATTRIBUTE items are placed first in the ModificationItem array, in order to prevent ATTRIBUTE_ALREADY_EXIST errors (LDAP-13, LDAP-46). * In internal integration tests, each test now runs on a clean LDAP database (LDAP-43). * DirContextProcessor#postProcess() is now called in searches regardless of whether an exception is thrown (LDAP-26). * Moved SortControlDirContextProcessor to spring-ldap from sandbox (LDAP-68). Changes in version 1.1.2 (1.12.2006) ------------------------------------------- * Fixed problem with DirContextAdapter.getNameInNameSpace. Now it really returns the full DN. * There is now a wrapper class called PagedResult, which can be used to wrap the resulting list and the PagedResultsCookie after using PagedResultsRequestControl. * The actual cookie in PagedResultsCookie is now immutable. * The person sample is now a Spring WebFlow application, where the user can manage persons and standard LDAP access groups. * Improved javadoc for DefaultDirObjectFactory and DistinguishedName. * Upgraded Spring to 2.0.1 internally. Spring 1.2.8 is still supported. Changes in version 1.1.1 (18.11.2006) ------------------------------------------- * Added capability to use server-side controls in search by leveraging DirContextProcessor. * Added generic DirContextProcessor that is run before and after a search. * Added paged search result functionality in PagedResultsRequestControl, which is an implementation of DirContextProcessor. * Fixed problem with DirContextAdapter, where the wrong change was applied when a change was followed by a reset to the original values. * DirContextAdapter.getNameInNamespace() now returns the full DN, as per the documentation for javax.naming.Context. * The parsing of DistinguishedName has been changed from using regexp to a JavaCC parser, which means improved performance (5-6 times faster) and better error messages. * DistinguishedName now supports multi-valued RDNs separated by a '+' sign, like "cn=Rod+sn=Johnson", for example. All according to spec 2253. * LdapRdn is now Serializable. * Added lookup methods that take an array of return attribute names. * Made DistinguishedName.EMPTY_NAME an immutable DistinguishedName instance. * Separated integration tests that require OpenLDAP from the other integration tests that run the in-JVM Apache DS server. * Changed the spring-ldap-person sample application to authenticate and authorize against groups rather than role attributes. * Upgraded Spring to 2.0 internally. Spring 1.2.8 is still supported. Changes in version 1.1 (28.8.2006) ------------------------------------------- * Changed base package from net.sf.ldaptemplate to org.springframework.ldap * Changed package ...support.acegi to ...support.authentication * Replaced SearchResultCallbackHandler with NameClassCallbackHandler to enable its use in all search operations (search, list, listBindings). Changed all references and implementing classes accordingly, including name changes where applicable: ** CollectingSearchResultCallbackHandler was replaced by CollectingNameClassPairCallbackHandler. ** CountSearchResultCallbackHandler was replaced by CountNameClassPairCallbackHandler * Added NameClassPairMapper for use with list operations * Added DefaultNameClassPairCallbackHandler. * Added DefaultValuesAuthenticationSourceDecorator to enable default authentication information when AuthenticationSource returns empty values. * ContextSource implementations now creates authenticated Contexts by default, since the previous behaviour has proven to be confusing. The authenticatedReadOnly flag was replaced by an anonymousReadOnly flag. * AbstractContextSource now defaults the dirObjectFactory property to DefaultDirObjectFactory. * Added search methods to LdapTemplate for specifying return attributes. * Added list and listBindings methods to LdapTemplate. * Fixed bug in AbstractContextSource regarding java version number and base path. * Improved javadocs. * Upgraded Spring to 2.0-rc3. * Added full reference documentation. Changes in version 1.0.2 (LdapTemplate) (26.6.2006) ------------------------------------ * Added methods in LdapTemplate to unbind recursively. * Added rename() method to LdapTemplate. * Fixed bug in getPrefix() of DistinguishedName. * Fixed bug in getModificationItems() of DirContextAdapter. The method now correctly handles changes of individual vales in multi-value attributes. * Introduced AbstractContextSource, moved the code from LdapContextSource there and made LdapContextSource and DirContextSource inherit from this. * Upgraded to Acegi 1.0.0. Removed classes no longer needed: LdapTemplateLdapAuthenticationProvider LdapTemplateUserDetails *NOTE*: This means that configuration needs to be changed if using Acegi, since the API and package structure has changed in Acegi between versions 1.0.0-RC2 and 1.0.0 final. Changes in version 1.0.1 (LdapTemplate) (5.5.2006) ----------------------------------- * Now checking whether the first argument to getObjectInstance in DefaultDirObjectFactory is a Context, and if so, closing it properly. * Fixed reference to non-existent ContextSourceImpl in ldaptemplate-person. * Upgraded Spring to 2.0-m4. * Upgraded DDSteps to 1.1-rc1 and EasyMock to 1.2. Changes in version 1.0 (LdapTemplate) (24.4.2006) ---------------------------------- * Introduced the AuthenticationSource interface to enable other strategies for retrieving principal and credentials than a hard-coded username/password. * Added the AcegiAuthenticationSource implementation for retrieving a previously authenticated principal and credentials using Acegi. * Added a 'cacheEnvironmentProperties' property that enables the user to choose whether to cache the environment HashMap or to re-create it each time a new Context is created. * Added an ignorePartialResultException to LdapTemplate which causes all PartialResultExceptions to be ignored during searches, for use when working against Active Directory, which cannot handle referrals correctly. * Added search methods in LdapOperations (and LdapTemplate) that take a parameter for SearchControls. * The methods getNamesOfModifiedAttributes, update, and getAttributeSortedStringSet in DirContextOperations (and DirContextAdapter) no longer throw NamingException. Instead, they throw unchecked DataAccessExceptions. * The method getModificationItems in AttributeModificationsAware no longer throws NamingException. Instead, it throws unchecked DataAccessExceptions. * Removed the (unused) 'task' parameter to NamingExceptionTranslator.translate. * Removed the deprecated ContextSourceImpl class. * Integration tests now run using an in-memory version of Apache Directory Server, rather than requiring a working installation of a directory server. * Integration tests now run together with pure unit tests under the 'tests' Ant target. * The ldaptemplate-person sample web application now uses an in-memory version of Apache Directory Server, rather than requiring a working installation of a directory server. * Upgraded Spring to 2.0-m3. * The build now uses Ivy 1.3.1. Changes in version 1.0-RC2 (LdapTemplate) (22.2.2006) -------------------------------------- * LdapV2 is now supported. ContextSourceImpl has been deprecated. In stead the new LdapContextSource should be used for LdapV3 and a DirContextSource has been added for LdapV2 compatibility. * Ability has been added in LdapContextSource and DirContextSource to specify that an authenticated context should be used for read-only operations as well. Use property 'authenticatedReadOnly' in LdapContextSource/DirContextSource. * The Filter classes have been cleaned up. * DirContextAdapter has been cleaned up. Most important to note is that in this operation the 'setStringAttribute/setStringAttributes' methods have been removed and replaced by 'setAttributeValue/setAttributeValues'. * Base DNs are now correctly URL encoded when building the connection String. This means that spaces and other 'unsafe' characters in base DNs should no longer be manually URL encoded. * An AttributesIntegrityViolationException has been added and is thrown when an InvalidAttributesException is encountered. * More unit tests have been added. Changes in version 1.0-RC1 (LdapTemplate) (27.1.2006) -------------------------------------- * First public release candidate.