root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 21 Packages Projects Releases Wiki Activity
1,993 Commits 47 Branches 367 Tags 124 MiB
Commit Graph

1034 Commits

Author SHA1 Message Date
Luke Taylor 5b7ed79b6a SEC-539: Reformatted "divider" comments (//~ Methods=== etc). Simplified boolean expression in afterPropertiesSet. 2007-08-28 23:19:06 +00:00
Luke Taylor d7cef1ba31 SEC-539: Moved SecurityContextHolder.setContext() call into the try {} block to emphasize that it is only set for the duration of chain.doFilter() and immediately cleared afterwards. Changed the debug messages about setting the context, since it has not strictly taken place when they are logged. 2007-08-28 23:11:58 +00:00
Luke Taylor 47c5a6d43f SEC-539: Renamed extractSecurityContextFromSession to readSecurityContextFromSession to emphasize that it doesn't actually modify anything (the context is still stored in the session). 2007-08-28 22:43:13 +00:00
Luke Taylor f7a6129657 SEC-539: Removed unnecessary check for a null request object. Removed unnecessary catch/rethrow of IOException and ServletException from try/finally around chain.doFilter. 2007-08-28 22:40:56 +00:00
Luke Taylor d1be9f9980 SEC-539: Refactored so that SecurityContextHolder.setContext() is called in exactly one place. Moved setting of httpSession = null to point immediately after its last use. 2007-08-28 22:38:55 +00:00
Luke Taylor 3dd0716611 SEC-539: Altered storeSecurityContextInSession to take the SecurityContext as a parameter rather than calling SecurityContextHolder.getContext(). This allows SecurityContextHolder.clearContext() to be called immediately after reading the context in the finally block of doFilter(). 2007-08-28 21:58:30 +00:00
Luke Taylor fa63d8ecfb SEC-539: Refactored if (httpSession == null) block in storeSecurityContextInSession() 2007-08-28 21:25:17 +00:00
Luke Taylor ce3eb599ed SEC-539: Renamed populateSecurityContextFromSession to extractSecurityContextFromSession and removed the side-effect of setting SecurityContextHolder. It now returns the context found in the session (or null) and SecurityContextHolder.setContext() is called in a single place in doFilter(). 2007-08-28 21:11:48 +00:00
Luke Taylor ba88214d1d SEC-539: Refactored populateSecurityContextFromSession() to reduce nested blocks and clarify logic. 2007-08-28 20:16:19 +00:00
Luke Taylor 27ef2caf45 SEC-539: Removed filterApplied boolean. 2007-08-28 19:56:33 +00:00
Luke Taylor e8d11f28f2 SEC-539: Extracted storeSecurityContextInSession() method. 2007-08-28 19:54:24 +00:00
Luke Taylor bcf69cbe3d SEC-539: Extracted populateSecurityContextFromSession() method. 2007-08-28 19:16:37 +00:00
Luke Taylor 6651a240de Replaced massive if/else with guard clause to reduce nesting. Moved declaration of filterApplied boolean to where it is actually set. It is only used when removing the attribute from the request at the end of the invocation, so should probably not be needed at all. request.removeAttribute() can be called regardless of whether the attribute is set or not. 2007-08-28 18:26:04 +00:00
Luke Taylor 6fe00b3433 SEC-501: Fix. Convert secure url paths to lower case if convertUrlToLowercaseBeforeComparison is true. 
Also removed unnecessary assertions from PathBasedFilterDefinitionMapTests.
 2007-08-28 16:53:05 +00:00
Luke Taylor 4ba77fa736 SEC-450: Added group subtree to LDAP test server and extra tests for DefaultLdapAuthoritiesPopulator to make sure searchSubtree parameter works as expected. 2007-08-28 15:26:59 +00:00
Luke Taylor e189bc685f SEC-408: Fix. Provide getter for filterProcessesUrl. 2007-08-28 11:37:05 +00:00
Luke Taylor c8077c5e87 SEC-506: Fix as suggested by reporter. Split the disgest header string ignoring separating commas which occur between quotes. 2007-08-28 00:31:30 +00:00
Luke Taylor 3f123e1478 SEC-518: Fix. "Cache" in EhCache is a class, so change the APIs to use the interface it implements (Ehcache). 2007-08-27 23:41:59 +00:00
Luke Taylor 87d6b8dedd SEC-412: Fix. Added extra constructor to UsernameNotFoundException allow use of extraInformation property of parent class. 2007-08-27 23:22:48 +00:00
Luke Taylor dda88e3931 SEC-502: Fix. Use a Map instead of HashMap in the API. Also some minor tidying of test class. 2007-08-27 17:21:16 +00:00
Luke Taylor 57f3d268a1 SEC-519: Fix. Changed notNull() assertion for "key" parameter to hasText() to prevent the use of empty keys. 2007-08-27 17:17:25 +00:00
Luke Taylor 1c72b7989e Fix for SEC-522. Strip query parameters from logout URL before doing comparison with filterProcessesUrl. 2007-08-27 17:14:23 +00:00
Luke Taylor 82599a72ba Reformatted LogoutFilter. 2007-08-27 16:56:33 +00:00
Luke Taylor f8689b18b2 SEC-526: Fixed. Support for different case prefixes ({SHA}, {sha} etc). 2007-08-27 16:23:14 +00:00
Luke Taylor 0425d3b638 Rolled back unnecessary changes (whitespace, imports etc) for SEC-398 to make actual change from revision 1858 clearer. 2007-08-27 13:29:39 +00:00
Ben Alex db3024f9a4 SEC-271: Revert Ordered and ApplicationContextAware usage at this time, due to release of 1.0.. 2007-08-25 00:15:30 +00:00
Vishal Puri 2b4d8a6378 Removed print statement 2007-08-22 04:48:04 +00:00
Luke Taylor 3fbc7beb88 SEC-251: Document use of {1} parameter in javadoc for DefaultLdapAuthoritiesPopulator. 2007-08-17 15:45:57 +00:00
Vishal Puri bc30b903f8 SEC-398: Lazy update of 'filterApplied' to true 2007-07-25 05:34:40 +00:00
Luke Taylor a499e74102 SEC-449: Add spring-ldap dependency to pom.xml. 2007-07-24 17:23:47 +00:00
Luke Taylor b646a06443 Fix for SEC-512. Removed unnecessary context creation. 2007-07-24 17:01:36 +00:00
Luke Taylor aea1148ffb Fix broken test caused by null application context in AbtractAccessDecisionManager when auto-detection of voters is called. 2007-07-24 16:48:49 +00:00
Vishal Puri c5cc42e16c made two instance variables protected for RBA solution 2007-07-23 07:59:28 +00:00
Vishal Puri 5ea8232f84 SEC-484: fixed concurrency issue 2007-07-23 07:58:31 +00:00
Vishal Puri 0e46e5307c SEC-271: added Ordered interface to AcessDecisionVoters 2007-07-06 13:34:43 +00:00
Vishal Puri ef38844a6d Improved comments and made TokenBasedRememberMeServices modular to support subclasses 2007-06-27 08:33:37 +00:00
Ray Krueger 0159b617cf Refactored the failureUrl lookup into a protected method to allow customization 2007-06-19 13:09:57 +00:00
Vishal Puri b2c30277f4 SEC-271: work on security:autoconfig 2007-06-19 04:08:19 +00:00
Carlos Sanchez 165d2c0122 [maven-release-plugin] prepare for next development iteration 2007-06-02 21:28:53 +00:00
Carlos Sanchez 942b5d7345 [maven-release-plugin] prepare release acegi-security-1.0.4-maven2 2007-06-02 21:21:51 +00:00
Ben Alex 4561c3a1f1 Remove unused imports that were causing warnings. 2007-05-25 05:33:06 +00:00
Ben Alex e252f4a497 Make compatible with Assert static class in Spring 1.2.9. 2007-05-25 05:32:32 +00:00
Vishal Puri 5b97b3458c utility class added required to copy ordering information from one object to another 2007-05-25 03:25:28 +00:00
Ben Alex 10bf40fc03 SEC-472: Provide support for subclasses to select the login form URL to use for a given request. 2007-05-25 03:21:17 +00:00
Vishal Puri b30162191e SEC-271: Moved spring security namespaces cnfig code to sandbox 2007-05-25 03:17:12 +00:00
Ben Alex a8b402462e SEC-470: Provide flexibility to customize cookie name. 2007-05-25 03:12:49 +00:00
Ben Alex 24b31c0c57 SEC-443: Provide useRelativeContext property. 2007-05-25 02:55:25 +00:00
Ben Alex c8d5374602 SEC-436: Add hashCode() methods. 2007-05-25 02:28:40 +00:00
Ben Alex 95735017e6 SEC-421: MutableAcl.setParent(MutableAcl) method to accept Acl parameter, not MutableAcl. 2007-05-25 02:22:18 +00:00
Ben Alex d0d645788a SEC-405: Extract out target URL determination method. 2007-05-25 02:07:44 +00:00
Ben Alex 998fc938df SEC-403: Add support for Chinese. 2007-05-25 02:04:44 +00:00
Ben Alex 296d235135 SEC-343: Make obtainAllDefinedFilters() protected. 2007-05-25 02:03:12 +00:00
Ben Alex 1fa89e99c4 SEC-307: Preserve result of AuthenticationManager.authenticate(Authentication). 2007-05-25 02:00:37 +00:00
Ben Alex 3b9a8dc53e SEC-444: Handle synchronization issues if multiple authentications taking place for same session ID concurrently. 2007-05-25 01:38:42 +00:00
Ben Alex 4f13db5552 SEC-398: Delay sending of redirect until after HttpSession updated with revised SecurityContextHolder contents. 2007-05-25 01:24:07 +00:00
Vishal Puri 4c6d132ead SEC-411: fixed broken unit tests as a consequence of adding anoter constructor argument 2007-05-24 23:35:01 +00:00
Vishal Puri 220ba29fc6 SEC-411: another constructor argument added as required in SecurityContextHolderAwareRequestWrapper 2007-05-24 23:20:40 +00:00
Ben Alex 0736f4ffa0 SEC-305: Retain SecurityContext when rendering error pages. 2007-05-24 02:04:47 +00:00
Ben Alex 6ea8899134 2007-05-24 00:47:12 +00:00
Ben Alex 5b3c633790 SEC-451: Correctly handle an empty context path. 2007-05-24 00:18:09 +00:00
Ben Alex c8c37c8935 SEC-439: Do not modify the object (ie replace it with null) unless the provider is supposed to fire according to the processDomainObjectClass property. 2007-05-23 07:04:22 +00:00
Ben Alex a3c992113e SEC-459: Provide local argument to the message source accessor. 2007-05-23 06:57:07 +00:00
Ben Alex a18bd9100c SEC-474: Gracefully abort if username and password non-retrievable. 2007-05-23 06:48:42 +00:00
Ben Alex f45c0944ef SEC-478: Handle incorrect Base64 cookie encoding. 2007-05-23 06:45:45 +00:00
Ben Alex 5b8898c750 SEC-298: Ensure returned cookies have a maximum age equal to the TokenBasedRememberMeServices.tokenValiditySeconds property. 2007-05-23 06:43:47 +00:00
Ben Alex ac3b142e4f SEC-438: Made afterPropertiesSet() use instance variable instead of static variable. 2007-05-23 06:35:03 +00:00
Ben Alex 72a7d06ad1 SEC-476: Provide support for not logging interactive authentication events. 2007-05-23 06:31:32 +00:00
Ben Alex f7e714b9da Maven 2 polishing. 2007-05-23 04:20:54 +00:00
Vishal Puri 3f7e00c796 SEC-271: removed autowiring by type and explicity introspected the applicationContext to detect the required dependencies of userDetailsService 2007-05-18 03:21:21 +00:00
Vishal Puri e3435da9ae SEC-271: removed autowiring by type and explicity introspected the applicationContext to detect the required dependencies of userDetailsService 2007-05-18 03:20:28 +00:00
Vishal Puri a934f82af4 SEC-271: Fixed IllegalStateException being thrown by LogoutHandlerOrdereResolver and add an assert statement in the unit test 2007-05-17 13:42:51 +00:00
Vishal Puri a01bb3bbee Added more bean definition parsers 2007-05-17 12:57:16 +00:00
Vishal Puri 1a06723404 fixed broken test in build 47 2007-05-17 12:49:58 +00:00
Vishal Puri 3eb9870162 SEC-271: Added more security elements 2007-05-17 12:30:36 +00:00
Vishal Puri 26b0d4d1cb SEC-271: uncommented copy of resources in META-INF directory 2007-05-17 12:23:07 +00:00
Vishal Puri e43439ba44 implemented Ordered interface 2007-05-17 12:21:02 +00:00
Vishal Puri 001dc0b1d9 SEC-271: implemented Orderd interface in all the entrypoints 2007-05-17 12:20:16 +00:00
Ray Krueger 8b1cc05518 Updated Assertion message 2007-05-17 03:18:35 +00:00
Vishal Puri 84a3c87ea4 SEC-271: Replaced Java 5 specific code with pre Java 5 2007-05-17 03:04:07 +00:00
Vishal Puri e67bff61a0 Explicity specified version 2.3 for surefire-plugin 2007-05-17 01:14:07 +00:00
Vishal Puri 74123cd234 Replace resource property with location for PropertyFactoryBean 2007-05-16 00:31:31 +00:00
Vishal Puri ee2eac5a51 SEC-271: added LogoutFilterBeanDefinitionParserTests 2007-05-15 13:54:43 +00:00
Vishal Puri 1203e9858a SEC-271: Added BeanDefitnitionParser for principal-repository, extended security schema and added unit tests 2007-05-15 13:32:06 +00:00
Vishal Puri 51f306a19a SEC-271: Added more BeanDefinitionParsers and extend spring-security.xsd to have more elements 2007-05-15 13:26:05 +00:00
Vishal Puri ced5cb4f85 added new security element in the spring-security schema and wrote a parser for the element 2007-05-13 13:33:33 +00:00
Vishal Puri e73421d7b2 Spring version upgrade to 2.0.4, changed svn urls in project.xml and poms 2007-05-13 12:30:53 +00:00
Vishal Puri 9794c518d6 SEC-271: Spring 2-based configuration simplification of Acegi Security 2007-05-11 00:09:56 +00:00
Vishal Puri 566314dae5 SEC-271: Spring 2-based configuration simplification of Acegi Security 2007-05-10 02:32:30 +00:00
Vishal Puri 09fd79bc64 SEC-419: Added the right logger class in CollectionFilterer 2007-05-10 02:25:15 +00:00
Vishal Puri 82f215700b changed svn url to https://acegisecurity.svn..... 2007-05-10 02:11:54 +00:00
Vishal Puri 62c832e366 SEC-423: Fixed IllegalArguemntException being thrown by checking for null contextFromSessionObject 2007-04-27 07:35:11 +00:00
Vishal Puri c2d1405f44 SEC-357: Added testIfSwitchUserWithNullUsernameThrowsException 2007-04-24 06:35:15 +00:00
Ray Krueger fe0c99c816 Fixed http://opensource.atlassian.com/projects/spring/browse/SEC-445 
Import servlet-api 2.4 in order to bring in the correct PageContext class
 2007-04-23 18:25:01 +00:00
Luke Taylor 6bfff55da3 Corrected Javadoc for setRejectPublicInvocations (s/true/false) and tidied up code for validation of attributes 2007-03-30 18:27:19 +00:00
Luke Taylor 993f7e4af0 Refactored to pull "public invocation" behaviour (attr==null) into a single guard clause. 2007-03-30 18:02:08 +00:00
Luke Taylor 6e5f5e15ad Refactored to introduce constants for number of ops and number of threads for tuning. 2007-03-10 21:34:53 +00:00
Luke Taylor fabca162a7 Added a customized checkstyle configuration file to tame the Maven 2 checkstyle report to the extent that it gives some useful infomation. Tidied up comments, excessively long lines, use of tabs etc. to match. 2007-02-24 21:00:24 +00:00
Luke Taylor bd2d4b013a Extracted a method to evaluate the conditions for whether basic authentication is required. 2007-02-23 19:21:44 +00:00
Luke Taylor a1886bd1e0 Made string constant RECIPIENT_FOR_CACHE_EMPTY final. 2007-02-22 23:57:49 +00:00
Luke Taylor b8a0f97fde Removed irrelevant CAS stuff from equalsWhenEqual test. 2007-02-22 23:29:01 +00:00