OACC 2.0.0 new alpha 4 release, adds comprehensive pluggable authentication support.

OACC  is a powerful, new Java Application Security Framework (http://oaccframework.org). This release adds comprehensive pluggable authentication provider support. An application using OACC can now provide a custom authentication provider implementation that uses LDAP, biometrics or any other scheme for authentication. OACC ships with a built-in password-based authentication provider.

Summary of changes in this release:

• comprehensive pluggable authentication provider support
• redesigned authentication API calls to use credentials instead of passwords
• new extensible credentials interface to allow arbitrary authentication mechanisms
• built-in authentication provider now uses `char[]` instead of `String` for passwords

AccessControlContext API changes:

• `authenticate` method now takes a `Credentials` instance instead of a password
• new `authenticate` method to support authentication without providing credentials (for authentication provider that support it)
• renames `setResourcePassword()` to `setCredentials()`
• replaces `createAuthenticatableResource()` with overloaded `createResource()` methods

Includes a built-in `AuthenticationProvider` that provides password-based authentication, so that clients have the option to use OACC without having to implement their own authentication mechanism. Note that any passwords handled by the built-in authentication provider now use `char[]` exclusively, instead of `String`.

Bug fixes:

• fixes a bug that caused `AccessControlContext` instances to not be serializable