Spring Security began in late 2003 as "The Acegi Security System for Spring". A question was posed on the Spring Developers' mailing list asking whether there had been any consideration given to a Spring-based security implementation. At the time the Spring community was relatively small (especially compared with the size today!), and indeed Spring itself had only existed as a SourceForge project from early 2003. The response to the question was that it was a worthwhile area, although a lack of time currently prevented its exploration.
Spring Security于2003年底开始作为“Acegi安全系统的春天”。在Spring Developers的邮件列表中提出了一个问题,询问是否对基于Spring的安全实现给予了任何考虑。当时Spring社区相对较小(特别是与今天的大小相比!),而且Spring本身从2003年初开始只作为SourceForge项目存在。对这个问题的回答是,它是一个值得的区域,尽管缺乏时间目前阻止了它的探索。
With that in mind, a simple security implementation was built and not released. A few weeks later another member of the Spring community inquired about security, and at the time this code was offered to them. Several other requests followed, and by January 2004 around twenty people were using the code. These pioneering users were joined by others who suggested a SourceForge project was in order, which was duly established in March 2004.
考虑到这一点,构建了一个简单的安全实现,但未发布。几周后,Spring社区的另一名成员询问了安全性,当时这个代码已经提供给他们。随后还有其他几个请求,到2004年1月,大约有20个人正在使用该代码。这些开拓性的用户加入了其他人,他们建议订购SourceForge项目,该项目于2004年3月正式成立。
In those early days, the project didn’t have any of its own authentication modules. Container Managed Security was relied upon for the authentication process, with Acegi Security instead focusing on authorization. This was suitable at first, but as more and more users requested additional container support, the fundamental limitation of container-specific authentication realm interfaces became clear. There was also a related issue of adding new JARs to the container’s classpath, which was a common source of end user confusion and misconfiguration.
在那些早期,该项目没有任何自己的身份验证模块。容器管理安全性依赖于身份验证过程,而Acegi Security则专注于授权。这在一开始是合适的,但随着越来越多的用户请求额外的容器支持,容器特定的身份验证领域接口的基本限制变得清晰。还有一个相关的问题是将新的JAR添加到容器的类路径中,这是最终用户混淆和配置错误的常见原因。
Acegi Security-specific authentication services were subsequently introduced. Around a year later, Acegi Security became an official Spring Framework subproject. The 1.0.0 final release was published in May 2006 - after more than two and a half years of active use in numerous production software projects and many hundreds of improvements and community contributions.
随后引入了Acegi Security特定的身份验证服务。大约一年后,Acegi Security成为Spring Framework的正式子项目。 1.0.0最终版本于2006年5月发布 - 经过两年半的积极使用,在众多生产软件项目和数百项改进和社区贡献中。
Acegi Security became an official Spring Portfolio project towards the end of 2007 and was rebranded as "Spring Security".
Acegi Security于2007年底成为正式的Spring Portfolio项目,并更名为“Spring Security”。
Today Spring Security enjoys a strong and active open source community. There are thousands of messages about Spring Security on the support forums. There is an active core of developers who work on the code itself and an active community which also regularly share patches and support their peers.
今天,Spring Security拥有一个强大而活跃的开源社区。在支持论坛上有成千上万的关于Spring Security的消息。有一个活跃的开发人员核心,他们致力于代码本身和一个活跃的社区,它也定期共享补丁并支持他们的同行。