9eaa1cbbdd
OPEN - issue SEC-789: Add support for optional role-prefix attribute to namespace
...
http://jira.springframework.org/browse/SEC-789 . Added role-prefix attribute to ldap provider and jdbc/ldap user-service elements.
2008-04-21 18:29:54 +00:00
aba5a22b6c
SEC-789: Add support for optional role-prefix attribute to namespace
...
http://jira.springframework.org/browse/SEC-789 . Added support for role-prefix to jdbc-user-service element.
2008-04-21 17:44:32 +00:00
1a4130528a
SEC-782: Incorrect UrlMatcher initialization in FilterChainProxy results in wrong lowercase/uppercase matching
...
http://jira.springframework.org/browse/SEC-782 . I've updated FilterChainProxy to make sure the same UrlMatcher is used throughout when converting a legacy configuration.
2008-04-21 16:51:06 +00:00
5bb558bd6a
SEC-777: The disabled status cannot be set in <user-service>
...
http://jira.springframework.org/browse/SEC-777 . Added the disabled flag to the relax grammar file.
2008-04-21 15:59:08 +00:00
993fdd7a32
Added better toString() method to OrderedFilterDecorator to make it report the delegate filter information.
2008-04-21 12:53:54 +00:00
469f55ce05
SEC-773: global-method-security fails with JPA
...
http://jira.springframework.org/browse/SEC-773 . Added extra constructor to MethodDefinitionSourceAdvisor to allow for lazy initialization of the advice (MethodSecurityInterceptor), and in turn the AuthenticationManager and ay referenced UserDetailsService implementations.
2008-04-18 13:15:56 +00:00
7238097310
OPEN - issue SEC-775: CLONE -impossible to specify "observeOncePerRequest" property in the namespace based configuration.
...
http://jira.springframework.org/browse/SEC-775 . Corrected check for value of observe-once-per-request attribute. Should be a check for "false" as it is true by default.
2008-04-15 16:57:47 +00:00
b5dc523041
[maven-release-plugin] prepare for next development iteration
2008-04-14 07:06:44 +00:00
0c42670431
[maven-release-plugin] prepare release spring-security-parent-2.0.0
2008-04-14 07:05:46 +00:00
4d714b33e0
SEC-770: Mark old org.springframework.security.acl module as @deprecated.
2008-04-14 06:50:01 +00:00
57b5f38df1
OPEN - issue SEC-769: Remember-Me functionality not available in namespace configuration
...
http://jira.springframework.org/browse/SEC-769 . I've added a check in FormLoginBeanDefintionParser to see if RememberMeServices is registered. If so, it will inject the bean into the filter. Also added a check in HttpSecurityBeanDefinitionParserTests that the field has been set.
2008-04-13 22:11:09 +00:00
4ae40150c9
SEC-752: ClassLoading in GlobalMethodSecurityBeanDefinitionParser doesn't work in tooling
...
http://jira.springframework.org/browse/SEC-752 . Removed check for JSR-250 class.
2008-04-13 20:59:39 +00:00
552dc6486a
SEC-703: Expose customization of SQL used by <jdbc-user-service>
...
http://jira.springframework.org/browse/SEC-703 . Added suggested attributes for sql queries.
2008-04-13 20:51:40 +00:00
d6e5dbbcfd
SEC-767: Added override for flushBuffer in response wrapper.
2008-04-13 20:22:31 +00:00
9d54c2d22b
OPEN - issue SEC-637: Dependency on RequestUtils
...
http://jira.springframework.org/browse/SEC-637 . Removed use of ServletRequestUtils in AbstractRememberMeServices
2008-04-13 12:53:01 +00:00
0422cb1f8f
Fixed artifact groups for aspectjrt and added cas sample to project build
2008-04-13 00:08:18 +00:00
83c152e379
SEC-768: Changed exception to error reported through parser context. Added entry-point-ref to cas config
2008-04-13 00:02:46 +00:00
a2f4ee1c58
SEC-767: Added check for committed response before attempting to create a new session
2008-04-12 23:18:03 +00:00
2d3bc27d06
SEC-755: Updated bundle names in line with Christian's recommendations.
2008-04-12 18:38:06 +00:00
d0ae8e072d
Refactored out safeGetHttpSession method to remove multiple try/catch IllegalArgumentException blocks round request.getSession() calls.
2008-04-12 15:01:52 +00:00
6b86b05a0a
Removed autoboxing
2008-04-11 23:22:36 +00:00
d288f722a8
OPEN - issue SEC-759: GrantedAuthoritiesContainer should extend Serializable
...
http://jira.springframework.org/browse/SEC-759 . Added Serializable to interface.
2008-04-11 17:25:41 +00:00
3b3d339393
SEC-764: Added support for "position" attribute. Also added "LAST" as an option for filter position.
2008-04-11 17:01:08 +00:00
7145198e5a
OPEN - issue SEC-763: Allow setting of alwaysUseDirectTargetUrl via form-login namespace URL
...
http://jira.springframework.org/browse/SEC-763 . Added always-use-default target attribute to namespace.
2008-04-11 12:03:55 +00:00
a3de51ea51
Fixed typo in constant name.
2008-04-09 23:41:27 +00:00
029f8a2409
Made test method getFilters on FilterChainProxy default access.
2008-04-07 22:41:50 +00:00
a2d2c6b67a
Corrected element name.
2008-04-07 22:28:47 +00:00
243b5f4a2a
SEC-746: impossible to specify errorPage for the AccessDeniedHandlerImp when using namespace based configuration
...
http://jira.springframework.org/browse/SEC-746 . Added access-denied-page to http element.
2008-04-07 22:17:09 +00:00
f57ba43780
SEC-673: Reinstated a bean registration that had accidentally bean removed by the last patch, breaking core-tiger tests.
2008-04-07 21:05:13 +00:00
80dbc4fd75
SEC-673: Applied patch from Christian.
2008-04-07 20:20:58 +00:00
594b69b7ef
SEC-754: Changed tests to use unicode escapes rather than explicit UTF-8.
2008-04-07 18:05:45 +00:00
236e310ea7
SEC-747: impossible to specify "observeOncePerRequest" property in the namespace based configuration.
...
http://jira.springframework.org/browse/SEC-747 . Added once-per-request attribute to http element.
2008-04-07 15:30:27 +00:00
6612d0f729
SEC-754: Fixed wrong array length and added tests for encoding non-ascii password.
2008-04-07 14:13:40 +00:00
6d1932da33
SEC-753: Changed Spring version range in felix plugin to [2.0,2.6) to allow use with minor 2.5 versions.
2008-04-07 12:39:00 +00:00
92ad1ecf81
Typo in Javadoc.
2008-04-06 00:08:41 +00:00
67d5a5b814
SEC-750: Support for JPA PersistenceContext annotation broken
...
http://jira.springframework.org/browse/SEC-750 . Updates to prevent the HttpSecurityPostProcessor from causing beans to be instantiated. Added a simplified test case to HttpSecurityBeanDefinitionParserTests.
2008-04-06 00:04:50 +00:00
a43d054bd7
Removed comment about status checking as it is not entirely correct and misleads people.
2008-04-04 19:40:28 +00:00
21e83e8364
[maven-release-plugin] prepare for next development iteration
2008-04-01 15:03:29 +00:00
91ed7dceb6
[maven-release-plugin] prepare release release_2_0_0_RC1
2008-04-01 15:01:30 +00:00
3cb504fa95
Fixed jdk 1.4 compatibility issues
2008-04-01 14:32:31 +00:00
e05d1da102
Refactored AuthenticationUserDetailsService to userdetails package as it isn't preauth specific
2008-03-31 23:08:30 +00:00
f898bec370
OPEN - issue SEC-742: IllegalArgumentException if namespace configuration defines RememberMeServices without BasicProcessingFilter
...
http://jira.springframework.org/browse/SEC-742 . Fix. Post processor was assuming there was a BasicProcessinFilter in the app context when a remember-me services was present.
2008-03-31 22:44:11 +00:00
c347834401
OPEN - issue SEC-605: JdbcDaoImpl of UserDetailsService should provide a method for customizing creation of the final UserDetails object
...
http://jira.springframework.org/browse/SEC-605 . Added a createUserDetails method and also some other methods which are responsible for executing the individual queries for loading the userinformation and authorities.
2008-03-31 18:01:07 +00:00
40e51dd5fe
OPEN - issue SEC-649: Add user-service-ref attribute to remember-me namespace element
...
http://jira.springframework.org/browse/SEC-649 . Added attribute to namespace and parsing support.
2008-03-31 17:27:58 +00:00
cc752cfc28
OPEN - issue SEC-732: Encapsulate query objects in JdbcDaoImpl and JdbcUserDetailsManager
...
http://jira.springframework.org/browse/SEC-732 . Updated these classes to hide the internal query and update objects to allow future refactoring.
2008-03-31 16:52:31 +00:00
53b084e2f9
Simple tests to detect invalid configurations, particularly when the namespace has been updated without applying the spring-security.xsl transformation, which prevents certain elements from appearing at top level.
2008-03-31 16:30:28 +00:00
b1ae4922d2
SEC-726: Added entry-point-ref to <http> namespace element to allow customization of authentication process.
2008-03-31 16:22:40 +00:00
9db55f336c
SEC-739: Removed siteminder provider code.
2008-03-31 12:23:32 +00:00
512c64fb98
SEC-738: Add session-registry-alias attribute to concurrent-session-control
...
http://jira.springframework.org/browse/SEC-738 . Added this attribute. Also various bugfixes in handling of attribute names for concurrent session control.
2008-03-31 12:01:37 +00:00
07f820f1a6
Minor portlet-related changes suggested by John Lewis: Javadoc and default values of booleans.
2008-03-31 10:10:13 +00:00
c9b6fe9555
OPEN - issue SEC-657: Create pre-authenticated processing filter which obtains username from request header
...
http://jira.springframework.org/browse/SEC-657 . Added filter and test class.
2008-03-30 13:37:13 +00:00
b98c72056a
SEC-728: Change use of String.getBytes() in password encoders to use UTF-8
2008-03-29 15:21:31 +00:00
1463b9769d
SEC-629: authentication-provider doesn't support caching.
...
http://jira.springframework.org/browse/SEC-629 . Added support for cache-ref elements on jdbc-user-service and ldap-user-service
2008-03-28 17:55:12 +00:00
db6fafaf56
SEC-629: authentication-provider doesn't support caching. Refactored MockUserCache class to top level
2008-03-28 14:17:05 +00:00
1fece47b49
SEC-691: Applied patch to allow setting of returned user attributes from LDAP search.
2008-03-27 14:41:11 +00:00
350a626587
SEC-477: Added preauthenticated websphere contribution.
2008-03-27 14:25:17 +00:00
584853bbcb
Tidied imports.
2008-03-26 21:49:26 +00:00
ef5b3e2f9c
SEC-733: Changed names of <global-method-security> attributes as discussed with Ben and updated sample to reflect the changes. Also changed explicit instantiation of Jsr250 and Secured annotation MethodDefinitionSource beans in GlobalMethodSecurityBDP into bean definitions to make more tooling friendly.
2008-03-26 21:48:24 +00:00
9ea2408ac6
Fixed error in choosing main entry point (it's an alias not a bean name, so doesn't appear in the entry map - you have to get it direct from the bean factory).
2008-03-26 17:34:42 +00:00
1b8a3c5673
SEC-689: Updated session fixation protection namespace support to set session registry on SessionFixationProtectionFilter.
2008-03-26 14:51:16 +00:00
eeb14b3965
Changed filter order numbers to start at zero (makes them more readable in log compared with large negative numbers)
2008-03-26 12:22:26 +00:00
4681ff3d50
SEC-689: Fix 1.4 compatibility issue (overlooked autoboxing of boolean)
2008-03-26 12:09:57 +00:00
43b51ca64d
SEC-689: Session Fixation protection should be available to all authentication mechanisms.
...
http://jira.springframework.org/browse/SEC-689 . Added support to namespace.
2008-03-26 12:00:58 +00:00
2af2f299cb
SEC-689: Further tests, logging improvements.
2008-03-26 00:00:56 +00:00
a29842a467
SEC-689: Tests for SessionFixationProtectionFilter
2008-03-25 23:24:38 +00:00
8f5bcb64a6
SEC-689: Session Fixation protection should be available to all authentication mechanisms.
...
http://jira.springframework.org/browse/SEC-689 . Added a general SessionFixationProtectionFilter which can be added to the filter stack to detect when a user has been authenticated and then migrate them to a new session. Also added support to <http/> namespace element.
2008-03-25 22:32:26 +00:00
83bcc6ad7c
Removed loggers from subclasses of SpringSecurityFilter in favour of using base class logger.
2008-03-25 14:51:34 +00:00
0860333a3f
SEC-733: AspectJ Pointcut Expression Parsing support.
2008-03-25 08:28:53 +00:00
f4eb15b08b
SEC-428: Tests to prove proxy-target-class="true" works.
2008-03-24 23:10:01 +00:00
f8b5000d40
SEC-428: Make sure context is cleared before running test.
2008-03-24 22:56:43 +00:00
18fef571c3
Import cleaning.
2008-03-24 22:44:42 +00:00
028af06d61
SEC-428: Security interceptor does not work with schema based aop:config
...
http://jira.springframework.org/browse/SEC-428 . Fixed broken test method.
2008-03-24 22:43:08 +00:00
a375d8e59e
SEC-428: Added test
2008-03-24 20:50:58 +00:00
1dd5f42142
Adding svn keywords, correcting typos etc.
2008-03-24 20:48:45 +00:00
9a4977ebd1
SEC-99/428/429/563: Various refactoring of method security metadata support.
2008-03-24 09:40:13 +00:00
6ab301981c
Update dependency versions and POM structure.
2008-03-24 09:05:44 +00:00
fe0e05a6c8
SEC-725: PasswordEncoderParser: <security:password-encoder> element does not pick up 'base64' attribute value
...
http://jira.springframework.org/browse/SEC-725 . Added fix as recommended in issue.
2008-03-23 22:38:13 +00:00
b54e3978dc
SEC-729: Organization of pom dependencies, particularly for servlet-api and jstl. Some other adjustments, removal of unrequired deps etc
2008-03-23 00:31:32 +00:00
30a6abbe50
Tidied formatting of toString output for FilterBasedLdapUserSearch
2008-03-22 21:40:54 +00:00
162933155e
Added implementation of GrantedAuthoritiesContainer to allow refactoring of duplication in various preauth details classes
2008-03-22 19:29:13 +00:00
2ea94e2cc9
Tidying imports etc
2008-03-22 11:44:28 +00:00
563dabda2f
SEC-722: Add Open ID Namespace Support
...
http://jira.springframework.org/browse/SEC-722 . Added OpenIDProvider to bean registry and fixed login page generator to use correct URL for OpenID. Added user-service-ref to namespace element. Changed OpenID sample to use <openid-login />.
2008-03-21 23:47:09 +00:00
b89dbc6060
Import cleaning
2008-03-21 21:51:48 +00:00
9871685ea3
SEC-722: Fixed problem with empty loginpage string (rather than null) preventing default login page filter from being added to the stack.
2008-03-21 21:50:26 +00:00
b73736ffaf
Updated example configuration in javadoc for LdapAuthenticationProvider.
2008-03-21 17:12:22 +00:00
16ea8faa0d
SEC-727: Ensure SecurityConfig cannot be constructed unsafely; also update SecurityConfigTests to JUnit 4.
2008-03-21 02:15:47 +00:00
acc22b2745
SEC-722: Add Open ID Namespace Support
...
http://jira.springframework.org/browse/SEC-722 . Added check for MAIN_ENTRY_POINT bean when resolving entry points. If this has been set during parsing it will be used.
2008-03-20 20:11:34 +00:00
815f04b6c3
SEC-722: Add Open ID Namespace Support
...
http://jira.springframework.org/browse/SEC-722 . Added element to namespace and modified form login parser to handle open id element. Also added openID support to login page generator.
2008-03-20 20:05:11 +00:00
bbc5fea598
SEC-722: Add Open ID Namespace Support
...
http://jira.springframework.org/browse/SEC-722 . Added extra constants for OpenID support.
2008-03-20 19:51:59 +00:00
d333655b0b
Updated to commons logging 1.1.1 to get rid of servlet api dependency in their pom
2008-03-20 19:43:55 +00:00
56b967f935
Removed filer name duplication in rnc file.
2008-03-20 15:10:21 +00:00
a65b5a9ed8
Corrected separators between http method strings in rnc file.
2008-03-20 14:56:02 +00:00
8f379768a8
SEC-720: Design for extension: PreAuthenticatedGrantedAuthoritiesUserDetailsService
...
http://jira.springframework.org/browse/SEC-720 . Added createUserDetails method to allow custom UserDetails object t be created.
2008-03-19 18:29:38 +00:00
030550a88e
Applied XSL transform to XSD file
2008-03-19 17:04:39 +00:00
f8d855f1a2
SEC-716: Default (non-web) AuthenticationDetailsSource implementation.
2008-03-18 18:45:38 +00:00
c9ff912b2f
SEC-723: Change PreAuthenticatedAuthenticationProvider to reject authentication tokens with null credentials. Also introduced a property "throwExceptionWhenTokenIsRejected" which raises a BadCredentialsException when the toke is invalid.
2008-03-18 18:29:48 +00:00
163fb1052f
SEC-721: Call Principal.getName() in AbstractAuthenticationToken.getName() if principal instaceof Principal
2008-03-18 18:06:56 +00:00
2df2eaa169
SEC-719: Introduced base class for J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource to extract non-http specific functionality (for use in portlet version).
2008-03-18 17:22:02 +00:00
52b92b209c
Removed out of date email address for Ben.
2008-03-17 22:44:13 +00:00
8f7b216de3
Import cleaning, removal of unnecessary constructors etc based on eclipse warnings
2008-03-17 14:10:22 +00:00
abd5e384fe
removed unused eh-cache config file
2008-03-17 14:07:19 +00:00
60de6314d4
Replaced casting to check validity of provider list with call to Assert.isInstanceof.
2008-03-17 13:50:37 +00:00
e4c6022b36
SEC-718: Support additional HTTP methods.
2008-03-16 04:14:21 +00:00
6bc0585e4a
SEC-717: Resolve UserDetails.getAuthorities() sort logic issue.
2008-03-16 04:02:55 +00:00
5743763599
SEC-625: Remove references to FilterToBeanProxy
2008-03-13 18:52:31 +00:00
5d6ec8ed71
SEC-702: Updated use of UsernameNotFoundException to set extraInformation property
2008-03-13 16:49:19 +00:00
712f1770d9
SEC-714: Refactor PreAuthenticatedGrantedAuthoritiesSetter and PreAuthenticatedGrantedAuthoritiesRetriever
...
http://jira.springframework.org/browse/SEC-714
2008-03-13 16:03:18 +00:00
42a80931c1
SEC-671: Changed AuthenticationDetailsSource to take an object as argument instead of an HttpServletRequest and renamed AuthenticationDetailsSourceImpl to WebAuthenticationDetailsSource. Also removed some preauth dependencies on commons lang
2008-03-13 14:42:38 +00:00
df0d52ada7
SEC-708: Improve generation of XSD file from Relax NG schema
...
http://jira.springframework.org/browse/SEC-708 . Committed XSL transformed XSD file and some minor changes to organisation of RNC file.
2008-03-13 10:33:28 +00:00
3a364a3343
SEC-713: Made MethodDefinitionAdvisor an infrastructure bean as required by Spring 2.0.7+ and upgraded to Spring 2.0.8
2008-03-11 17:53:04 +00:00
089bffa10f
SEC-712: HttpSessionContextIntegrationFilter "context" property should be renamed
...
http://jira.springframework.org/browse/SEC-712
2008-03-11 14:16:40 +00:00
ed08ba10ba
Added test file for CustomAuthenticationProviderBeanDefinitionDecorator
2008-03-11 13:50:53 +00:00
6fcadb2022
SEC-699: Make TargetUrlResolverImpl parameter non-optional
...
http://jira.springframework.org/browse/SEC-699
2008-03-11 11:25:55 +00:00
e8c0e74498
SEC-708: Improve generation of XSD file from Relax NG schema. XSL file to be run on generated xsd to inline selected elements which should not be global.
...
http://jira.springframework.org/browse/SEC-708
2008-03-10 19:47:20 +00:00
8231df4bc1
Catalog file for security xsd file to simplify its use in editors or ther tools supporting this format.
2008-03-10 12:23:23 +00:00
f76f1b340f
SEC-707: Make purpose of form-login attributes clearer. Renamed login-url to login-processing-url
2008-03-10 10:46:23 +00:00
f7ae070b2f
SEC-705: Extend ldap-authentication-provider namespace elt to support user searches and multiple authentication strategies
...
http://jira.springframework.org/browse/SEC-705
2008-03-09 19:26:34 +00:00
424d291a8f
SEC-672: Added symbolic name to bundle.
2008-03-05 19:44:07 +00:00
a7e4dc3636
SEC-672: Added felix plugin to core build pom.xml
2008-03-05 19:41:59 +00:00
89415e3ee5
SEC-693: RoleVoter can improve performance
...
http://jira.springframework.org/browse/SEC-693
2008-03-05 13:42:39 +00:00
5ec8aa797c
SEC-694: Add check to LdapShaPasswordEncoder to detect use with non-SHA passwords
...
http://jira.springframework.org/browse/SEC-694
2008-03-05 13:29:26 +00:00
426e526694
Minor tidying.
2008-03-03 21:57:59 +00:00
ff16c413dd
[maven-release-plugin] prepare for next development iteration
2008-02-29 14:55:31 +00:00
b8916ffaba
[maven-release-plugin] prepare release release_2_0_M2
2008-02-29 14:54:15 +00:00
6c8adfc982
SEC-640: Test class for FilterInvocationDefinitionSourceParser
2008-02-28 19:36:22 +00:00
33023565a8
SEC-640: Add namespace support for FilterInvocationDefinitionSource configuration
...
http://jira.springframework.org/browse/SEC-640
2008-02-28 19:29:33 +00:00
93432b7626
SEC-680: Missed some additional method, method parameter & field names, JavaDoc
...
http://jira.springframework.org/browse/SEC-680
2008-02-28 12:28:17 +00:00
25c4db08b9
Updated class javadoc to reflect recent changes to AbstractProcessingFilter
2008-02-28 12:04:24 +00:00
709f78e481
SEC-688: java.lang.NullPointerException in AbstractAuthenticationToken.equals()
...
http://jira.springframework.org/browse/SEC-688
2008-02-28 11:44:15 +00:00
e6e1f2586f
SEC-213: Allow custom redirects based on "redirect" parameter in AbstractProcessingFilter. successfulAuthentication()
...
http://jira.springframework.org/browse/SEC-213
2008-02-28 11:03:05 +00:00
439b0be58e
SEC-462: 302 redirect is not usable for SOAP clients
...
http://jira.springframework.org/browse/SEC-462
2008-02-26 14:54:29 +00:00
5e27b326d2
SEC-685: minor javadoc change
2008-02-26 13:02:59 +00:00
0f63084afe
SEC-685: Improvement to Javadoc for FilterChainProxy and changed to use of LinkedHashSet in obtainAllDefinedFilters to guarantee order is preserved.
2008-02-26 12:59:33 +00:00
8c00bb1537
SEC-674: Updated samples to work with new module layout. Changed taglib build to copy tld file to META-INF directory.
...
Also standardized JSTL version to 1.1.0 (impl 1.1.2), moving deps to root sample pom.
2008-02-22 16:21:37 +00:00
5187f89fe8
SEC-679: Removed use of MockApplicationContext and improved use of ehcache (shutting down cache managers after tests are run). Upgraded ehcache version to 1.3 as used in Spring pom.
2008-02-22 13:34:20 +00:00
ca9e64f857
SEC-674: Moved cas "ui" package to new module
2008-02-22 11:11:56 +00:00
2dd9faabc0
SEC-674: Created new project modules for cas, captcha, acls and taglibs
2008-02-19 20:30:53 +00:00
59651f5214
SEC-678: Moved extraInformation property to AuthenticationException so ti isn't only available in BadCredentialsException. Added clearExtraInformation flag to AbstractAuthenticationManager to allow the information to be removed if required before rethrowing.
2008-02-18 20:18:40 +00:00
1aec2a6d0a
Tidying javadoc
2008-02-18 18:27:50 +00:00
d7b3a1f734
SEC-603: Removed requirement for an entry point on BasicProcessingFilter if ignoreFailures is true.
2008-02-18 15:41:23 +00:00
5af9653a8e
Import cleaning.
2008-02-18 12:35:55 +00:00
6575f5af1c
SEC-536: Added account status checking to Siteminder provider
2008-02-18 12:35:18 +00:00
3c011685cd
SEC-536: Added account status checking to pre-auth provider.
2008-02-18 12:15:30 +00:00
84282ffabb
SEC-532: added test method for SEC-655
2008-02-15 22:27:14 +00:00
48e2c38736
SEC-536: Added account status checking to Cas provider
2008-02-15 18:14:57 +00:00
04e187d1a7
Tiding up code in acl package (formatting, reduction onf nesting etc).
2008-02-15 18:09:26 +00:00
5e204e23f3
SEC-536: Introduced UserDetailsChecker strategy to extract code for checking status of accounts and allowing variation in pre/post authentication checks made by AbstractUserDetailsAuthenticationProvider
2008-02-15 18:05:12 +00:00
da90b81e16
Corrected toString output (using "username" instead of "principal")
2008-02-15 17:15:20 +00:00
48e2d5ad62
Refactored AbstractSecurityInterceptor, extracting method authenticateIfRequired();
2008-02-15 17:05:58 +00:00
a930ce2bf6
SEC-577: Correct javadocs for switch user
2008-02-15 14:34:46 +00:00
985818ae2c
SEC-581: Copy authentication details to CAS result token
2008-02-15 14:11:56 +00:00
bdc791649d
SEC-656: Provide ability to dependency inject additional exception to event mappings, rather than require subclassing.
2008-02-15 11:56:53 +00:00
afca3d8adc
tidying up changes
2008-02-15 10:56:05 +00:00
24ff891fea
tidying up changes
2008-02-15 10:55:27 +00:00
69c2f31aa7
SEC-532: AclImpl tests class
2008-02-15 10:53:23 +00:00
0eff5afc8f
SEC-532: small bug-fix
2008-02-15 10:39:25 +00:00
c65ec2aa38
Make authentication-failure-url attribute optional.
2008-02-12 17:40:49 +00:00
b84c812305
SEC-532: added method that reproduces bug in SEC-590
2008-02-12 16:28:33 +00:00
0dae2a2dfc
SEC-532: added test methods; one method reproduces bug in SEC-590
2008-02-12 16:20:48 +00:00
ae28169383
SEC-482: Load AclService implementations from parent app contexts.
2008-02-10 12:42:06 +00:00
f0ec1eeabd
Tidying.
2008-02-09 15:39:16 +00:00
3c775b5d0d
Added access-decision-manager-ref attribute to intercept-methods element. Made interceptor bean autowired by default to pick up AfterInvocationManager.
2008-02-09 15:38:31 +00:00
10ab4136d1
SEC-309: Patch for Authentication tag to use property of authentication object, rather than invoking an operation on the principal. Allows use of nested properties.
2008-02-09 13:41:05 +00:00
e0d0cc20c7
SEC-665: Missed a method name...
2008-02-08 18:19:27 +00:00
bd5a64825d
SEC-552: Replaced authorites populators in CAS and OpenID with a plain UserDetailsService
2008-02-08 13:23:43 +00:00
842c49c890
SEC-665: Renaming of rolemapping package to authoritymapping, and corresponding refactoring of classes.
2008-02-08 12:01:10 +00:00
549de2927e
SEC-641: Avoid direct use of external classes in namespace parsing.
2008-02-07 15:03:27 +00:00
6e93ec92eb
Added db creation message.
2008-02-07 13:35:27 +00:00
28153f2c7f
Added TestDataSource class to cut down verbosity of in-memory test databases and to implement DisposableBean, so the database is destroyed when the application context containing it is closed.
2008-02-07 13:33:15 +00:00
208d1ee8e2
SEC-456: Added test class for UserDetailsServiceLdapAuthoritiesPopulator
2008-02-07 13:31:25 +00:00
9292317e1c
Deleted unused context file.
2008-02-07 13:30:03 +00:00
b6d3ed135d
SEC-456: Added class Javadoc
2008-02-06 17:24:45 +00:00
b2cc817835
SEC-456: Basic LDAP authorities populator that delegates to a UserDetailsService.
2008-02-06 17:22:27 +00:00
99621a225d
SEC-481: Refactoring commence method of AuthenticationProcessingFilterEtryPoint to allow alternative redirect options. Extracted two methods, "buildRedirectUrlToLoginPage" and "buildHttpsRedirectUrlForRequest" and introduced a RedirectUrlBuilder class for assembling the URLs from schemes, ports etc.
2008-02-06 16:38:47 +00:00
adbf18a091
SEC-507: Updated JSR-250 impl to include better support for PermitAll and DenyAll as suggested by Ryan Heaton. Includes JSR-250 voter which is now used by AnnotationDriverbeanDefinitionParser.
2008-02-06 13:14:46 +00:00
c1895acb6b
Changed package doc which mentioned adding filter to web.xml rather than filter chain.
2008-02-06 10:36:25 +00:00
98ccaa61e7
SEC-532: test class for ObjectIdentityRetrievalStrategyImpl
2008-02-06 09:26:39 +00:00
5d09f1264b
SEC-532: Added test method for different hashCode calculation when different Serializable classes are used (the method is commmented as, now, it doesn't pass the test)
2008-02-06 09:26:05 +00:00
419a7a6426
SEC-532: added more test methods for JdbcAclService implementation
2008-02-06 09:24:13 +00:00
2c0c731aaa
SEC-552: Removed accidentally commited incomplete caching-related classes.
2008-02-05 16:59:41 +00:00
b82fbb698d
SEC-641: Updated to set "source" values on BeanDefinitions where possible.
2008-02-05 14:48:39 +00:00
8859034d11
SEC-641: Reomove use of SecurityConfigException during parsing.
2008-02-05 11:46:27 +00:00
717ab0b3cc
SEC-641: Replaced use of Assert with more tooling friendly calls to parserContext.getReaderContext().error()
2008-02-05 11:29:52 +00:00
abb6402cec
Import cleaning.
2008-02-05 10:51:52 +00:00
84c7ac5e57
SEC-664: Removed validateUserDetails method from AbstractRememberMeServices, wrapped the UserDetailsService in a status-checking one and added a catch block for AccountStatusExceptions. Also some minor tidying up of other remember-me classes.
2008-02-04 21:26:07 +00:00
d3f26f09b6
Added support for locking user accounts in namespace <user-service> "user" elements (for use in testing).
2008-02-04 21:23:49 +00:00
2343577fec
Update new X509 namespace config to use status checking of user accounts by default.
2008-02-04 19:43:09 +00:00
600ab04cc7
SEC-663: Added null check for pre-authenticated principal value (and skip authentication attempt if null).
2008-02-04 19:36:44 +00:00
3f1ab233dc
SEC-662: Add check for a null authentication object returned by provider and skip passing it to session controller.
2008-02-04 19:27:12 +00:00
9be3f20faa
2008-02-04 16:44:11 +00:00
1191701d8b
SEC-372: Added switchFailureUrl to SwitchUserProcessingFilter. Also did some refactoring to use the StatusCheckingUserDetailsService decorator, rather than checking status internally.
2008-02-04 14:02:30 +00:00
424ac4f117
Commented out tests which are breaking build.
2008-02-02 22:03:35 +00:00
ab5d416e00
SEC-516: Make default SavedRequest a "GET" in test to prevent NPE.
2008-02-02 21:41:41 +00:00
842dec0180
2008-02-01 15:35:20 +00:00
bd9138d78a
Import cleaning.
2008-02-01 14:38:03 +00:00
df1def412e
Changed to using new alias for security filter chain in samples.
2008-02-01 14:28:04 +00:00
298546014a
SEC-659: Added authentication-manager element to allow users to define an alias for the internal authentication manager.
2008-02-01 14:25:07 +00:00
2ad0c2cbd0
Corrected check on whether delegate implements Ordered interface.
2008-02-01 14:02:01 +00:00
ca75905c3e
SEC-658: Add support for ldap-user-service to AuthenticationProviderBeanDefinitionParser.
2008-01-31 20:32:31 +00:00
2c6fb3d1c9
Added extra tests for jdbc-user-details service to make sure it works within an <authentication-provider> element.
2008-01-31 20:30:37 +00:00
e82dfd3f1a
Added some further tests for LDAP searching with a different user search base.
2008-01-31 17:44:52 +00:00
feb790ea83
SEC-486: Added determineExpiredUrl method to ConcurrentSessionFilter
2008-01-31 16:25:50 +00:00
feadb3582a
SEC-516: TargetUrlResolver path to avoid redirecting to POST requests.
2008-01-31 16:05:25 +00:00
9f45f95fab
SEC-491: Add alternative options for determining logout URL.
2008-01-31 15:48:04 +00:00
a305c9111f
SEC-576: Add check for null pre-auth principal and return null if found.
2008-01-31 14:50:12 +00:00
5394350cc8
SEC-576: Renamed PreAuthenticateduserDetailsService to AuthenticationUserdetailsService and changed signature accordingly.
2008-01-31 14:24:12 +00:00
311add2270
SEC-300: Applied Andreas Senft's patch for unwrapping exceptions in ExceptionTranslationFilter to obtain the cause.
2008-01-30 16:15:02 +00:00
3b6ce862f3
SEC-342: Change ObjectDefinitionSource to return a Collection instead of an Iterator.
2008-01-30 15:43:40 +00:00
d695f5002c
SEC-654: Made ConfigAttributeDefinition immutable, added several constructors to simplify its use. Removed MethodDefinitionMapping and FilterInvocationDefinitionMapping.
2008-01-30 15:17:30 +00:00
c7754d7bee
SEC-473: Reduce the number of "cookie methods" in AbstractRememberMeServices.
2008-01-29 22:28:04 +00:00
00b5c0e61b
2008-01-29 18:36:22 +00:00
f121b6ac90
Fixed tests which were making assumptions about ordering within sets.
2008-01-29 18:35:56 +00:00
aa0744a705
test class for EhCacheBasedAclCache
2008-01-29 17:42:39 +00:00
944c7e9665
2008-01-29 17:42:05 +00:00
e37d0b0bb1
SEC-543: sessionsUsedByPrincipal only needs to be added to "principals" map when it is first created.
2008-01-29 16:28:17 +00:00
379b7ab337
SEC-543: Moved logging out of synchronized block
2008-01-29 16:04:49 +00:00
9fe181046b
SEC-543: Added null guard clauses to reduce nesting and increase readability.
2008-01-29 15:55:29 +00:00
c9de2f6c9f
SEC-532: Remove FilterInvocationDefinitionSource-related classes which are no longer needed.
2008-01-29 15:09:20 +00:00
a0ee7fb6fd
SEC-532: Madded FilterinvocationDefinitionSourceMapping package scoped
2008-01-29 13:08:12 +00:00
8e5b608ee9
SEC-532: Removed FilterInvocationDecorator and tests.
2008-01-29 12:34:01 +00:00
059ac644bb
SEC-645: Deprecated old X.509 provider.
2008-01-29 11:50:33 +00:00
95c6ecdb1e
SEC-468: Added Mike Wiesner's patch for AspectJ annotation support.
2008-01-29 11:33:38 +00:00
ef428d2c22
Moved test class to correct source tree
2008-01-29 10:57:44 +00:00
e63fa0f610
SEC-418: Changed interface SwitchAuthorityChanger to return List rather than expecting modification of passed in List of authorities.
2008-01-28 19:26:30 +00:00
0be34cdcc1
SEC-536: Added messages for generic UserDetails status checks.
2008-01-28 18:19:23 +00:00
c9dee10704
SEC-536: Added UserDetailsService decorator class which will throw an appropriate exception if the returned UserDetails object has a status of locked, disabled etc.
2008-01-28 18:10:43 +00:00
934e59a562
SEC-652: Fixed CasAuthenticationProvider to be compatible with Ray's recent AuthoritiesPopulator refactoring.
2008-01-28 16:05:39 +00:00
26ea65ddb1
SEC-652: Add a trustPassword to AbstractTicketValidator for use with password protected keystores (as in the sample application).
2008-01-28 16:04:38 +00:00
5738a51040
SEC-651: Support for ldap-user-service bean.
2008-01-28 00:47:34 +00:00
544df3ea09
Updated SpringSecurityLdapTemplate to include base LDAP context in returned DirContextAdapter entry to make sure the result gives a correct value for getNameInNamespace(). This is necessary when a search is used to obtain entries to pass to DefaultLdapAuthoritiesPopulator, for example.
2008-01-28 00:39:42 +00:00
80b6111641
SEC-650: Change default scope to sub-tree.
2008-01-28 00:24:54 +00:00
e6d6e88117
Corrections to calculated order values from "before" and "after" attributes.
2008-01-27 22:46:24 +00:00
acf5601714
SEC-645: Reimplementation of X509 provider and namespace implementation.
2008-01-27 22:45:44 +00:00
9af7ab68bf
Removed duplicate setting of bean property in BasicAuthenticationBeanDefinitionParser.
2008-01-27 20:48:37 +00:00
d8d657da7f
Removed classname from log message (normally output by log4j anyway)
2008-01-27 20:44:58 +00:00
82940db6c8
SEC-648: Added custom-authentication-provider support.
2008-01-27 13:31:34 +00:00
dbc901fba9
Deleted
2008-01-27 13:30:11 +00:00
384af268ab
Import cleaning.
2008-01-27 13:28:58 +00:00
c7792458b4
SEC-645: Reimplementation of X509 authentication.
2008-01-27 11:12:50 +00:00
ae71e9a5bd
SEC-632: Changed user-filter to custom-filter to avoid confusion with system "users".
2008-01-27 00:48:53 +00:00
cd16dac290
SEC-648: Added custom-authentication-provider element.
2008-01-27 00:42:35 +00:00
619c7b0dbf
SEC-632: Explicit filter chain ordering is now achieved using "after" or "before". Setting the order value directly in the context is fragile due to potential future changes in the order values of standard filters.
2008-01-26 23:56:04 +00:00
0005da3b63
Corrected spelling of class name.
2008-01-26 11:36:24 +00:00
83ecb3e9e0
test classes
2008-01-26 11:35:49 +00:00
0e58e816a2
2008-01-26 11:31:49 +00:00
0f32b3fc40
reverted to junit 3
2008-01-25 15:04:29 +00:00
630efbf536
AclFormattingUtils and AccessControlEntryImpl test classes
2008-01-24 22:11:17 +00:00
d10450cfb7
SEC-531: Provide support for HTTP methods in FilterInvocationDefinitionSource. Path/Regex versions of FIDS are now deprecated and in favour of using their (no longer abstract) parent class with a UrlPathMatcher strategy.
2008-01-24 14:39:47 +00:00
b4c37db9f9
test classes for AuditLogger and security checks in AclImpl and AclAuthorizationStrategyImpl
2008-01-23 21:50:49 +00:00
837ecd85ec
SEC-576: Tidied up code, added preauth sample demo app.
2008-01-23 20:02:11 +00:00
a9ff309b02
Deleted as test now uses inline context snippets.
2008-01-22 21:08:33 +00:00
06f3bcbf6a
Converted all namespace attributes which refer to bean IDs to use "-ref" suffix (or "ref").
2008-01-22 20:58:12 +00:00
11570d9584
SEC-576: Test web.xml files.
2008-01-22 20:42:09 +00:00
24caad5a67
Make sure default lower/upper case is respected for regex and ant paths when not set explicitly using the lowercase-comparisons attribute. Added much more comprehensive testing of HttpSecurityBeanDefinitionParser.
2008-01-22 20:25:46 +00:00
b9561cc4e0
SEC-643: Fix to allow namespace configuration without remember-me authentication.
2008-01-22 18:32:18 +00:00
7854e36029
SEC-576: Tidying.
2008-01-22 15:07:37 +00:00
c8b9f24038
SEC-576: Committed pre-autheticated contribution. Still has to be more thoroughly reviewed.
2008-01-22 13:55:19 +00:00
35a7928cb9
SEC-635: Convert xsd:IDREF types to xsd:string to allow references to beans outside the current file.
2008-01-22 11:38:50 +00:00
b29bcfebe8
Converted test class to use in memory XML snippets - makes it easier to work out which one is causing a failure.
2008-01-22 11:36:15 +00:00
ca8dff7abb
Delete unused ldap namespace test context file
2008-01-21 20:09:07 +00:00
1b8f13aa4c
Use "'" for XML attributes in in-memory test contexts for readability.
2008-01-21 20:08:24 +00:00
aff568efb9
Tidied up getters/setters (undoing jalopy ordering). Made getters protected.
2008-01-21 17:23:48 +00:00
9836bda5b3
SEC-630: Support for "properties" attribute in user-service namespace element.
2008-01-21 17:15:53 +00:00
59a947bbe5
SEC-636: Support for use of "ref" attribute in salt-source element.
2008-01-21 15:06:43 +00:00
568211b77f
SEC-638: Fixed problem caused by using Spring 2.5.1 method from ReflectionUtils which isn't available in 2.0.6.
2008-01-21 15:00:16 +00:00
eb70db1dee
SEC-638: Allow property names as well as method names to be used in ReflectionSaltSource.
2008-01-21 14:45:29 +00:00
fe6e297358
Added missing space to SQL query in JdbcMutableAclService.
2008-01-21 10:31:48 +00:00
437c6fb7b7
Tidying.
2008-01-21 09:33:49 +00:00
8694028b13
SEC-632: Completed comment.
2008-01-19 14:21:20 +00:00
d70a820e64
SEC-632: Make order attribute in user-filter optional for cases when the filter implements Ordered directly.
2008-01-19 14:18:33 +00:00
5e3a0ef379
SEC-632: Added user-filter element to namespace to allow a user to add their filters. Filters which aren't in the org.security.springframework package will now be skipped. Also renamed FilterChainOrderUtils and members for future use in ordering (e.g. using "after", "before" as attributes in user-filter).
2008-01-19 13:51:03 +00:00
c3cd5d98ba
Added logging of FilterChainProxy when security namespace postprocessor has finished configuring it.
2008-01-18 22:20:16 +00:00
84815df529
Added toString method to FilterChainProxy.
2008-01-18 22:16:41 +00:00
48620f3550
Changed AuthorizeTag to use StringUtils.deleteAny(), instead of replace()
2008-01-18 17:12:21 +00:00
a40bb11be3
SEC-599: Refactoring to use Map.Entry for iterating through patterns.
2008-01-18 16:33:36 +00:00
04c89e0795
SEC-599: Refactoring of FilterInvocationDefinitionSource implementations to use UrlPathMatcher strategy.
2008-01-18 16:24:35 +00:00
cc96fa730a
Added file header
2008-01-18 16:11:44 +00:00
61c91d1b79
SEC-633: Handle null credentials in AbstractAuthenticationToken.equals
...
Also added a test for the OpenIDAuthenticationToken to reproduce the original error.
2008-01-18 16:09:31 +00:00
01569e5746
SEC-599: Refactoring of FilterInvocationDefinitionSource implementations to use a LinkedHashMap internally rather than list of "EntryHolder" classes.
2008-01-18 13:04:46 +00:00
ea70845987
SEC-335: Support for ANY_CHANNEL configuration attribute in channel processing. Also added to namespace.
2008-01-17 20:52:26 +00:00
2ed1c7d494
SEC-596: Added Italian messages file.
2008-01-17 16:39:18 +00:00
acd87918d2
Implemented hashcode (and equals) to prevent NPE with Spring 2.5
2008-01-17 15:13:47 +00:00
a458d21b9f
Changed to be compatible with Spring 2.5. ManagedMap no longer has a constructor taking a map.
2008-01-17 14:25:08 +00:00
ad92dbf389
Minor correction to error message.
2008-01-17 11:01:23 +00:00
66f73897e6
Refactored up an AuthoritiesPopulator and DaoAuthoritiesPopulator from functionality in the cas provider. This interface and impl are well suited for use in the openid provider, and possibly in the sitemesh provider.
2008-01-16 03:01:51 +00:00
e90498c4f7
Import cleaning.
2008-01-15 22:26:10 +00:00
9e21c48fce
SEC-628: Added port-mappings element to allow use of a PortMapper.
2008-01-15 19:59:07 +00:00
60b7e2d4f2
Refactored channel entry points to use a common base clase since the functionality is almost exactlythe same (apart from the function called on the PortMapper).
2008-01-15 17:56:21 +00:00
afded24b62
Removed accidentally committed JDK 1.5 methods (Integer.valueOf()).
2008-01-15 17:22:10 +00:00
a4a7813ddb
Refactoring PortResolverImpl - simpler code and remove InitializingBean implementation.
2008-01-15 16:28:38 +00:00
5295d33000
SEC-272: Deleted GroupsManager after rename.
2008-01-15 12:28:03 +00:00
0459fc5477
SEC-272: Completion of JDBC manager implementation.
2008-01-14 18:52:42 +00:00
f27ea98217
SEC-272: More group manager method implementations.
2008-01-14 11:33:05 +00:00
bad58fe96a
SEC-272: Partial group manager implementation.
2008-01-11 16:46:53 +00:00
d66b9693ba
SEC-507: Initial support for JSR-250 "RolesAllowed" attributes.
...
Added jsr250 boolean to annotation-driven element to determine whether JSR-250 annotations should be used in preference to the traditional Acegi "Secured" attribute.
2008-01-10 20:19:15 +00:00
dfb60e2f62
Clarifying Javadoc
2008-01-10 13:38:12 +00:00
9a23ec4937
Clarifying Javadoc
2008-01-10 13:37:47 +00:00
06c6c3b9f3
Reformatting.
2008-01-10 13:09:23 +00:00
518ccada8c
Tidying.
2008-01-10 12:42:02 +00:00
dac911ac08
Fixed test failures caused by reordering of authorities loading order in JdbcDaoImpl.
2008-01-09 18:31:54 +00:00
c77475cda6
SEC-272: Added groups support to JdbcDaoImpl.
2008-01-09 18:06:41 +00:00
f983ff204d
SEC-414: Add useRelativeContext and sendRedirectMethod to SwitchUserProcessingFilter.
2008-01-08 22:41:28 +00:00
96dd564b79
Renamed obtainFullRequestUrl to obtainFullSavedRequestUrl.
2008-01-08 22:17:56 +00:00
28d4fa4665
Reformatting.
2008-01-08 18:41:06 +00:00
07db88a367
Import cleaning.
2008-01-08 18:13:53 +00:00
2eca8ee7b0
SEC-572: Added allowSessionCreation (default=true) property to AbstractProcessingFilter and modified it and AuthenticationProcessingFilter to stop them creating a new session for storing data if this property is set to false.
2008-01-08 18:11:20 +00:00
41d90e9bdb
SEC-399: Added tests for new session creation/attribute migration options.
2008-01-08 15:44:21 +00:00
c5e6a4cdfd
SEC-546: Added AccountStatusException as base class for dibled, locked etc. Modified ProviderManager to prevent it querying further providers if either this exception or a ConcurrentLoginException is thrown.
2008-01-08 13:33:20 +00:00
99b7510482
Tidied up getters/setters in AbstractProcessingFilter. Removed unused getters and reduced the scope of others where possible.
2008-01-07 16:10:50 +00:00
c5bc0fc683
SEC-623: Added login success and failure hooks to RememberMeProcessingFilter. Also moved MockApplicationEventPublisher implementations to a single class.
2008-01-07 15:06:29 +00:00
10ec13e4e2
[maven-release-plugin] prepare for next development iteration
2008-01-02 22:42:21 +00:00
2c5090da90
[maven-release-plugin] prepare release release_2_0_M1
2008-01-02 22:41:31 +00:00
09242ec66d
[maven-release-plugin] rollback the release of release_2_0_M1
2008-01-02 22:31:09 +00:00
42dcccd1b7
[maven-release-plugin] prepare release release_2_0_M1
2008-01-02 22:18:28 +00:00
aafbb5bb67
[maven-release-plugin] rollback the release of release_2_0_M1
2008-01-02 22:10:46 +00:00
425508d70d
[maven-release-plugin] prepare release release_2_0_M1
2008-01-02 22:01:34 +00:00
0b1e17f69a
[maven-release-plugin] rollback the release of release_2_0_M1
2008-01-02 21:54:37 +00:00
07aa0c6880
[maven-release-plugin] prepare release release_2_0_M1
2008-01-02 21:52:42 +00:00
5b9042ae07
Removed outdated scm elements from sub poms.
2008-01-02 20:33:09 +00:00
b115f4aa83
Removed unecessary rethrow of AuthenticationException from AbstractSecurityInterceptor and tidied up javadoc etc.
2008-01-01 16:43:34 +00:00
7ee049c824
Refactored SwitchUserProcessingFilter to extend SpringSecurityFilter.
2007-12-23 16:41:30 +00:00
5f1eea42fc
Moved configuration of security interceptors with access and authentication manangers from post processing stage to bean creation stage.
2007-12-23 16:40:29 +00:00
27de29f469
Corrected cut and paste error when parsing jdbc-user-service within AuthenticationProvider BDP.
2007-12-23 01:26:46 +00:00
ea8914f9ba
Moved Http post processor bean name to BeanIds class.
2007-12-23 01:06:22 +00:00
9d671fbdbf
Deleted original Ldap BD parser.
2007-12-23 01:05:35 +00:00
14e68618a5
Make constants class abstract.
2007-12-23 01:02:48 +00:00
46285a0ec0
SwitchUserProcessingFilter should come after FilterSecurityInterceptor (See SEC-376).
2007-12-23 01:02:12 +00:00
a38ed3cfde
Added check for multiple RememberMeServices beans.
2007-12-23 00:18:14 +00:00
debfbe47cf
Improvements to LDAP namespace configuration - splitting "ldap" element into ldap-server and ldap-authentication-provider. Also some minor changes to authentication-provider.
2007-12-23 00:17:37 +00:00
cf80292de3
Changes to namespace reinstating authentication-provider element in preference to "repository" to wrap convey that a user-service will be used as to authenticate against. Also introduced separate password-encoder element for use within authentication-provider.
2007-12-21 15:50:56 +00:00
70286f1197
Fixed problem caused by maven-2.0.8 change in test classpath. ldif file wasn't being loaded for tests. Default path should be "classpath*:" not "classpath:". (See discussing in Spring's PathMatchingResourcePatternResolver).
2007-12-20 20:53:26 +00:00
6e74d925fb
Boosted logging to try to resolve issues on bamboo server.
2007-12-20 19:45:43 +00:00
78e376312a
Added logging of working directory location.
2007-12-20 18:29:05 +00:00
85b10f79c2
Made servlet-api integration into an attribute of http, rather than a child element since it has no configuration.
2007-12-20 17:51:27 +00:00
31c09896ea
Fixed problem with relative name being used in (member={0}) search in DefaultAuthoritiesPopulator.
2007-12-14 20:41:00 +00:00
1a171ea316
SEC-595: Introduced loadUserAuthorities method. This can be overridden to allow loading of authorities with the authenticated user's credentials (by setting the security context). The Ldap ContextSource used in the authorities populator would also be configured with a SpringSecurityAuthentcationSource, to make use of the information in the security context.
2007-12-14 14:13:39 +00:00
fa510b3187
Modify attribute names to use "ref" instead of "id", plus use a hyphen
...
as an attribute value separator rather than a colon. This was changed
for compatibility with other components in the Spring Portfolio. tests
pass.
2007-12-13 20:19:56 +00:00
0f12d31d90
Corrected code for choosing entry point in namespace configuration.
2007-12-12 19:44:54 +00:00
9728f48adf
Convert to using AopNamespaceUtils, to avoid potentially creating
...
duplicate DefaultAdvisorAutoProxyCreator bean instances.
2007-12-11 18:46:20 +00:00
82cfa722be
Upgrade Spring-LDAP to 1.2.1 version.
2007-12-11 18:08:44 +00:00
ca996de2dc
Added tests for SpringSecurityAuthenticationSource.
2007-12-10 23:37:08 +00:00
894c90dadd
Moved AbstractAuthenticationManagerTests into ProviderManager as tested methods have already been moved there (maven wasn't running Abstract* tests but they were actually failing).
2007-12-10 23:36:27 +00:00
32038d8b92
Tidying.
2007-12-10 19:14:17 +00:00
47dec4e597
Make getters in AbstractRememberMeServices protected rather than public
2007-12-10 16:00:49 +00:00
ee31305fd5
Deprecated InitialDirContextFactory
2007-12-10 15:29:26 +00:00
5382627d4a
Added property to LdapAuthenticationProvider to allow the credentials to be set either using the submitted password (the default) or the credentials from the loaded UserDetails object (which may be null if the attribute isn't readable).
2007-12-09 23:46:28 +00:00
78529f6d28
SEC-620: AuthenticationSource implementation.
2007-12-09 23:44:15 +00:00
5e0cb21c8d
SEC-619: Added test class for LdapUserDetailsService. The LdapAuthoritiesPopulator interface and also implementations have been moved to the org.springframework.security.ldap package since they are now used by both the ldap provider and the user service.
2007-12-09 18:40:28 +00:00
4770c29094
Use hyphens in attribute names, and not Camel Case. This is to maintain
...
consistency with the rest of Spring Portfolio. Camel Case was preserved
for attribute values, consistent with Spring Portfolio usage such as
autowiring modes (byName, byType etc).
2007-12-09 03:42:20 +00:00
6ad176ce1a
Tidying.
2007-12-07 17:00:40 +00:00
4984024314
SEC-618: Moved copyDetails method down to ProviderManager so that it can be called prior to checking if authentication is allowed by ConcurrentSessionController.
2007-12-07 16:26:50 +00:00
b12a4939df
SEC-619: LdapUserDetailsService implementation.
2007-12-07 13:16:44 +00:00
a569ff01e2
Tidying.
2007-12-07 12:32:54 +00:00
382dc50f3c
SEC-299: Change ConcurrentSessionFilter to delegate to an array of LogoutHandlers rather than invalidating an expired session directly.
2007-12-06 17:39:04 +00:00
cb980f12d5
Tidying.
2007-12-06 17:26:04 +00:00
628227f5e7
Corrected out of date comment (constructor doesn't create a session). Removed unnecessary default constructor.
2007-12-06 16:53:35 +00:00
4b8455c831
Tidying comments.
2007-12-06 16:40:16 +00:00
4c6e41af7d
Tidying comments.
2007-12-06 16:33:59 +00:00
c66a3ba323
@deprecate FilterToBeanProxy in favour of the simpler and Spring Core provided DelegatingFilterProxy.
2007-12-06 09:43:43 +00:00
ab23fe56ad
Added log msg for loading of ldif files.
2007-12-06 00:14:25 +00:00
a1abcc39d2
SEC-513: Minor work on LDAP UserDetailsManager implementation.
2007-12-06 00:13:42 +00:00
e3432c2407
Some changes suggested by Spring LDAP guys to improve template usage.
2007-12-06 00:13:00 +00:00
4d133be0d0
Tidying.
2007-12-06 00:12:24 +00:00
3ddcc203bf
LdapUserDetailsMapper now throws UnsupportedOperationException for mapUserToContext method as only subclasses of this which implement actual LDAP object classes should be used for writing to a directory.
2007-12-06 00:12:06 +00:00
22052115b6
SEC-617: Make LDAPAuthenticationProvider a standalone class.
2007-12-05 14:39:46 +00:00
88ab9671c6
Correct attribute name.
2007-12-04 14:24:53 +00:00
9b6c798a52
SEC-496: <annotation-driven> element.
2007-12-04 14:14:17 +00:00
949205b369
Correction of equals(Object) and hashCode() methods.
2007-12-04 12:44:40 +00:00
85085abf9e
Add namespace support for Servlet API integration.
2007-12-04 12:23:41 +00:00
8c3cc5c67b
Add hash code support.
2007-12-04 11:21:39 +00:00
8e7c540b16
General refactorings and improvements to namespace support, including
...
autoDetect="true" attribute for <http> element.
2007-12-04 10:35:08 +00:00
2441ab6d9a
Move "realm" attribute to be on <http> element rather than <http-basic>.
...
This faciltiates reuse with other mechanisms (like Digest) whilst also
moving towards the <http-auto-configure> element (which benefits from
having shared configuration in <http> as opposed to mechanism-specific
elements).
2007-12-04 08:02:40 +00:00
d9ec944579
Refactor strings to static fields. To facilitate unit testing, package
...
protected visibility was adopted for all element names, attribute names,
and attribute default values. A public access modifier was used for all
bean IDs assigned to bean definitions created by the
BeanDefinitionParsers.
2007-12-04 07:12:08 +00:00
4e55bd0117
Make extend Spring Security's exception, for consistency with all other Spring Security exceptions.
2007-12-04 06:58:43 +00:00
9b4bb0ffd8
<repository> element and JdbcUserDetailsManager support.
2007-12-04 05:58:54 +00:00
5f98ee6817
<repository> element and JdbcUserDetailsManager support.
2007-12-04 05:54:58 +00:00
0b0b174eda
Support <repository> and JbcUserDetailsManager.
2007-12-04 05:27:17 +00:00
8cf46ad0f8
Remove, as not used.
2007-12-04 05:12:39 +00:00
8c9138b443
Typos.
2007-12-04 02:11:16 +00:00
021f03487e
Enhancements to correctly handle authentication failures.
2007-12-04 01:50:45 +00:00
2a83843e7d
Correct username key.
2007-12-04 01:46:26 +00:00
75391e89de
Tidied up Id tag.
2007-12-04 00:01:09 +00:00
794795712d
Parameter renamed.
2007-12-04 00:00:50 +00:00
97030e8942
Changed LDAP namespace parsing to make sure LDAP provider is registered with ProviderManager.
2007-12-03 23:58:38 +00:00
248d97c9d6
SEC-513: Added support for cache flushing after updating or deleting data in JdbcUserDetailsManager.
2007-12-03 22:12:02 +00:00
d086815d75
Add namespace support for anonymous requests. Also minor improvements to .rnc file as Trang didn't appear to be properly translating multi-line comments to the XSD (all multi-line comments were made single lines).
2007-12-03 07:46:52 +00:00
5c9009a391
Use new SpringSecurityFilter so compatible with enhanced FilterChainProxy class.
2007-12-03 07:44:32 +00:00
239fd05d37
Mark the unused Servlet Container callback methods as final to ensure subclasses do not rely upon them.
2007-12-03 07:33:18 +00:00
a53357778f
Remove superfluous method.
2007-12-03 07:32:23 +00:00
cb765bc34b
SEC-615: Automatically focus on login name HTML element on page load.
2007-12-03 06:34:43 +00:00
86fb6f2dea
Remove OrderedUtils (was used for old namespace testing).
2007-12-03 05:06:11 +00:00
f04f9097b1
Make name consistent with other MVN modules.
2007-12-03 04:10:19 +00:00
47229be5cb
Make samples and tests use username "rod".
2007-12-03 02:56:52 +00:00
3123d24337
SEC-613: Rename tag libraries.
2007-12-03 01:46:11 +00:00
c24958d7b8
Spelling correction.
2007-12-03 01:33:19 +00:00
08db4a1358
SEC-610: Reauthenticate even if AnonymousAuthenticationToken is present.
2007-12-02 02:15:43 +00:00
843a20e691
Changed default namespace in config files to "security" for clarity.
2007-11-29 13:14:15 +00:00
09c588a138
Removed unecessary check in additionalAuthenticationChecks() for null credentials in authentication object. Previous line already throws an exception if null is found.
2007-11-28 19:20:33 +00:00
88e01624eb
SEC-560: Removed local password comparison form PasswordComparisonAuthenticator.
2007-11-28 18:29:04 +00:00
0e1ae11fca
Tidying.
2007-11-28 18:00:43 +00:00
292320bd33
SEC-607: Changed NtlmUsernamePasswordAuthenticationToken to make authenticated=true the default state when an instance is created. NtlmAwareLdapAuthenticator now rejects tokens with authenticated=false (e.g. if the token has been passed remotely).
2007-11-24 20:13:29 +00:00
4f3a1739aa
Changed Ntlm filter to use SpringSecurityFilter base class.
2007-11-24 20:08:17 +00:00
9e2f372bad
SEC-607: Deprecated InitialDirContextFactory and replaced it with SpringSecurityContextSource.
...
Also some refactoring of LdapUserDetailsManager to use a strategy for creating DNs from usernames.
2007-11-20 20:54:48 +00:00
6d5773d177
Replaced creation of new list with Collections.EMPTY_LIST reference.
2007-11-17 23:06:32 +00:00
1196381220
Remove "controls" property as it doesn't really make sense and has never been used.
2007-11-17 20:55:39 +00:00
91e0a329f9
Upgrade to Spring LDAP 1.2 final.
2007-11-17 20:53:26 +00:00
b1b3f585e4
Moved setter methods out of inner classes area.
2007-11-13 22:55:01 +00:00
c485664ee7
Removed accidental use of autoboxing.
2007-11-13 22:16:52 +00:00
3e3dac4050
SEC-600: Added extra test assertions on authentication details object after password change.
2007-11-13 17:17:25 +00:00
cb237055ac
SEC-600: Added Jdbc implementation of UserDetailsManager
2007-11-13 17:11:29 +00:00
81067840ef
SEC-485: Added calculateLoginLifetime method.
2007-11-13 01:16:27 +00:00
b681952933
SEC-545: Added utility methods for checking if user has a particular role to existing AuthorityUtils class. Class may be renamed at some point as more functionality is added.
2007-11-11 23:37:32 +00:00
315d4a247f
Added method to clear datasource field after use.
2007-11-11 23:10:21 +00:00
910e63f83c
SEC-586: Implemented secure channel support in namespace configuration.
2007-11-11 22:07:46 +00:00
c214f4a9bc
Simplified initialization of datasource.
2007-11-11 22:06:22 +00:00
4f3bbb52f6
Pulled methods and fields up into AbstractFilterInvocationDefinitionSource to make it easier to query the map size etc, regardless of the specific type.
2007-11-11 19:29:11 +00:00
28a138f8ec
Converted to use guard clause to reduce nesting.
2007-11-11 19:22:51 +00:00
756be6fed3
Removed unnecessary constructor.
2007-11-11 19:10:47 +00:00
964e6911a7
Added RememberMeServices to list of logout handlers.
2007-11-11 18:11:18 +00:00
2856a6ba43
Allow configuration of embedded ldap server port through ldap namespace configuration. Changed default port from 3389 to avoid conflict with windows remote desktop (as reported by Ray Krueger in dev list).
2007-11-11 16:10:30 +00:00
0e7dac6ca5
SEC-565: Refactoring of TokenBasedRememberMeServices. Changed arguments to makeValidSignature so that it could be used from both places where a signature is required and refactored the class to extend AbstractRememberMeServices. The method processAutoLoginCookie now returns a UserDetails, rather than username, as the UserDetails is needed in TokenBasedRememberMeServices.
2007-11-10 19:20:36 +00:00
1a5ef2dece
SEC-588: Completed JdbcTokenRepositoryImpl and added extra update method to PersistentTokenRepository interface (additional files from failed commit).
2007-11-10 15:56:07 +00:00
7caa1587b3
SEC-588: Completed JdbcTokenRepositoryImpl and added extra update method to PersistentTokenRepository interface.
2007-11-10 15:42:21 +00:00
87a864619d
SEC-592
...
fixed failing test due to thinking a null value should be provided.
2007-11-07 21:44:15 +00:00
981f185575
SEC-592
...
implemented NullStatelessTicketCache and test cases and made it the default for CasAuthenticationProvider.
2007-11-07 18:46:35 +00:00
0a50cd67ce
Tidied up logic for setting token repository in RememberMeBeanDefinitionParser. Plus some tinkering with attributes in rnc file.
2007-11-07 13:29:15 +00:00
9fa32bac7c
SEC-578: Set FilterInvocationDefinitionSource field in FilterChainProxy to null after it has been converted to a map of paths->filters.
2007-11-06 23:58:56 +00:00
9f2bc9a842
SEC-582: Namespace configuration implementation for remember-me support.
2007-11-06 23:20:25 +00:00
b868143fb1
Make sure "start" is called even if working directory is already set.
2007-11-06 22:18:13 +00:00
7ad8e2acf0
SEC-591: Removed default NullRememberMeServices in RememberMeProcessingFilter
2007-11-06 21:43:37 +00:00
4c44bd782f
SEC-588: Added extra tests to check cookie values.
2007-11-04 12:07:49 +00:00
55b1f9348d
SEC-588: PersistentTokenBasedRememberMeServices implementation.
2007-11-03 22:11:26 +00:00
8b199d38ed
Refactored autoLogin method to reduce nesting of conditionals and loops.
2007-10-30 21:09:47 +00:00
d7b6ca281a
Removed unused "autodetect" method.
2007-10-27 11:50:38 +00:00
43fc8e2660
Added Id keyword for all java files
2007-10-27 00:45:30 +00:00
d3b165749f
SEC-583: Implementation of namespace config for concurrent session support.
...
Also some minor adjustments to ordering of different http features in schema.
2007-10-27 00:28:24 +00:00
334d55b12e
Tidying.
2007-10-27 00:26:25 +00:00
685d74d81b
FilterSecurityInterceptor is now configured through ConfigUtils, rather than by autowiring.
2007-10-27 00:25:59 +00:00
0185dc5a90
Moved registration of ProviderManager bean to ConfigUtils.
2007-10-27 00:24:16 +00:00
06ce4b79e9
SEC-584: Remove use of default SessionRegistryImpl.
2007-10-27 00:23:21 +00:00
0cdac4912a
Changed to use a BeanReference when creating default login page to prevent duplication of filter bean.
2007-10-27 00:20:55 +00:00
3d9ea49d19
SEC-585: Made expiredUrl optional.
...
Also implemented Ordered interface for use in namespace configuration.
2007-10-26 23:32:40 +00:00
55ef50a4df
Added checking of path ordering to FilterChainProxy to detect misplaced universal match ("/**").
2007-10-26 13:51:32 +00:00
1bcb62af2e
Remove use of autoconfig, as it was really just a conveniece for creating default access and authentication managers.
2007-10-26 13:05:31 +00:00
700de0d388
Tidying.
2007-10-25 15:07:15 +00:00
03e285c31d
Moved responsability for creating AuthenticationManager into AuthenticationProviderBeanDefinitionParser. Tidied up SecrityNamespaceHandler.
2007-10-25 14:21:45 +00:00
3927ba9ed0
SEC-578: Removed additional FilterChainMap reference.
2007-10-25 13:40:51 +00:00
7ef57c67ed
SEC-578: Removed FilterChainMap class
2007-10-25 11:51:51 +00:00
fb72fa82de
Changed comment to remove reference to FilterChainMap.
2007-10-22 23:56:01 +00:00
acf3966651
SEC-578: Refactored to remove FilterChainMap and use a LinkedHashMap instead to maintain the path ordering. Also made use of Springs ManagedList and ManagedMap to preform resolution of bean names to Filter objects at runtime, replacing the unnecessary bean which was performing this task for the filter lists.
2007-10-22 23:52:29 +00:00
b9cfae5903
Exception for flagging errors in namespace config.
2007-10-20 23:18:41 +00:00
2d3d5ceb8d
Tidying.
2007-10-20 23:17:56 +00:00
cffd3131f0
Added building of filter chain in post-processing, support for basic authentication and automatic generation of login page, if no loginUrl supplied.
2007-10-20 23:17:01 +00:00
f0d8db5ce6
Store the default order values of security filters.
2007-10-20 23:12:41 +00:00
7afa99a21a
Security filter base class.
2007-10-20 23:10:53 +00:00
a6a372a5ab
SEC-568: Added the decorated for filter-chain-map to the namespace handler registry.
2007-10-20 23:10:28 +00:00
2b14d2da98
Make Spring Security filters implement the Ordered interface, for use when post-processing the application context
2007-10-20 23:09:23 +00:00
9b8c06e9f6
SEC-568: Introduced FilterChainMap as a simpler option for configuring FilterChainProxy and introduced a namespace-based for configuring it. The Url pattern matching is factored out into a separate strategy with ant and regex versions.
2007-10-20 23:05:03 +00:00
d6fe97de43
Latest updates to namespace configuration.
2007-10-20 22:58:59 +00:00
28d04c1759
Removed unnecessary casts, corrected incomplete comment and reformatted code.
2007-10-19 11:53:26 +00:00
380b22f50d
Removed unused autodetect method and reformatted code.
2007-10-18 16:50:31 +00:00
c51bcd9c1f
Changed method protection config to make it compatible with MethodDefinitionMap for the time being.
2007-10-14 14:29:15 +00:00
a4b522351f
Added "unprotected" method for tests
2007-10-14 14:15:51 +00:00
0b54eece28
Added code to set the manager username and password if supplied.
2007-10-13 21:20:19 +00:00
3d0f3302dc
RNC file used for convenience to generate the namespace xsd schema file.
2007-10-13 16:27:14 +00:00
0f4cdf345d
Intermediate checkin of experimental namespace config work (additional parser files).
2007-10-13 16:26:08 +00:00
627b0b38ad
Intermediate checkin of experimental namespace config work.
2007-10-13 16:24:24 +00:00
98f6111d06
Corrected wrong error message in ProviderManager.
2007-10-13 12:15:13 +00:00
e561b87987
Switched testOperation method to use unicode escaped characters.
2007-10-13 11:40:16 +00:00
75bc838ae8
Switched testOperation method to use French locale to prevent use of default machine locales such as Chinese (see previous commit sg).
2007-10-11 16:18:28 +00:00
0a214e4930
Removed locale-specific message value assertions which will cause tests to fail if run with a different standard locale for which we have a message file (e.g. Chinese).
2007-10-11 15:23:01 +00:00
92bc57eefd
Switch test to use a specific locale for which we have a message file (french). The default ResourceBundle behaviour is to attempt to load the platform locale if the specified one isn't found before using the default. We don't have a messages_en.properties file, hence trying to use "en" locale on a Chinese computer will result in Chinese messages being used (and test failing).
2007-10-11 15:16:06 +00:00
650a5467e8
Renamed ApacheDSStartStopBean to ApacheDSContainer and implemented LifeCycle interface.
2007-10-03 18:09:53 +00:00
3f2b9cd6fb
SEC-562: More changes of Acegi name in comments, docs etc.
2007-10-03 14:02:39 +00:00
9dbeda1c85
Corrected out of date comments referring to SecurityEnforcementFilter etc.
2007-10-03 11:13:40 +00:00
87ddc63f73
Format to correct spacing.
2007-10-02 16:13:55 +00:00
6fbf73e74f
Added explicit dependency override on mina 1.0.5 to get round this problem:
...
http://issues.apache.org/jira/browse/DIRMINA-366
when using apache DS embedded. It causes failures on linux, but not on OS X.
2007-10-02 16:13:06 +00:00
438dc44004
Minor changes to improve robustess of LDAP tests.
2007-10-02 14:50:08 +00:00
5a3f5fcd78
Minor changes to improve robustess of LDAP tests.
2007-10-02 14:49:08 +00:00
a4266f3fb8
Minor imrovements to configuration of embedded apache server.
2007-10-02 14:20:27 +00:00
acb02246e0
Refactored embedded LDAP server tests to make use of new namespace configuration. Use Junit 4 annotations in preference to AbstractDependencyInjectionSpringContextTests so that it is possible to clear up the context after each class is run rather than at JVM shutdown (causes problems with running embedded apache DS).
2007-10-02 10:52:06 +00:00
77b6503e2e
SEC-271: Added namespace handler class and experimental LDAP parser. The latter creates an embedded Apache DS server if no server URL is supplied, so changed dependencies on the latter to compile-time/optional.
2007-10-02 10:46:38 +00:00
5066fc5e39
SEC-562: Changed urls for login, logout, switch user etc.
2007-09-24 15:39:51 +00:00
eacbc71ba1
Switch ldap server port to 3999 (intermittent test failures occurring).
2007-09-23 20:57:01 +00:00
18c8ba4ac2
SEC-562: Changing constants and key names.
2007-09-23 11:16:01 +00:00
757b153430
SEC-562: Repackaging adapters module.
2007-09-22 11:54:13 +00:00
5a586c04a9
SEC-562: Repackaging core.
2007-09-21 18:18:21 +00:00
274658f9b0
SEC-272: Added group tables to test DB.
2007-09-21 15:51:36 +00:00
d19fe54c01
Renamed test class to match target (JdbcDaoImpl).
2007-09-21 15:50:23 +00:00
400a3b90f0
SEC-232: Additional updates to hierachical roles code from contributor.
2007-09-19 22:10:31 +00:00
eb0307bcd9
SEC-557: Reinstate use of default AccessDeniedHandlerImpl for the time being (2.0 branch).
2007-09-19 16:49:18 +00:00
477dc308f8
SEC-413: Consistent redirect behaviour between LogoutFilter and AbstractProcessingFilter. (previous commit of AbstractProcessingFilter has an erroneous message).
2007-09-19 16:27:23 +00:00
7139cbafbb
Removed assertions on response buffer size.
2007-09-19 16:25:31 +00:00
dde3803532
Removed assertions on response buffer size.
2007-09-19 16:24:20 +00:00
03beaf0777
SEC-448: MD4 password encode implementation.
2007-09-19 15:28:57 +00:00
2ef2bfc514
SEC-561: Removed setting of respose buffer size prior to redirect.
2007-09-19 15:17:29 +00:00
809c962d3b
Corrected method name in comment.
2007-09-19 15:04:30 +00:00
0288204432
SEC-369: Made spring-jdbc and spring-remoting optional dependencies in core. Removed explicit commons-lang dependency and updated commons logging to 1.1.
2007-09-19 00:23:33 +00:00
fdd3dfc51f
Remove explicit commons-lang dependency.
2007-09-19 00:17:04 +00:00
2f03000b68
SEC-232: Add role hierarchy contribution.
2007-09-17 22:37:39 +00:00
1a4b32e50e
Remove unused import.
2007-09-17 22:17:42 +00:00
e872823490
SEC-559: Throw an initialization exception if configured truststore file doesn't exist.
2007-09-17 21:29:40 +00:00
96eb11aadc
SEC-399: Add support for invalidating the existing session on successful authentication.
2007-09-17 15:54:07 +00:00
0efa5c3090
SEC-458: implementy hashCode() in PrincipalSid and GrantedAuthoritySid.
2007-09-17 13:10:17 +00:00
d79d55c8b6
SEC-8: Changes to LDAP authenticator API to take an authentication object rather than username/password.
2007-09-17 12:28:07 +00:00
c7354c125a
SEC-417: Fix. Remove hard-coded messages from JdbcDaoImpl to allow internationalized versions for "user not found" etc.
2007-09-16 22:20:08 +00:00
8a35f7da75
SEC-558: Combine user mapping implementations into a single interface and make more use of DirContextOperations in SS LDAP APIs.
2007-09-16 18:56:00 +00:00
56deb3dd83
SEC-549: Trim whitespace from username submitted with login form.
2007-09-14 14:25:21 +00:00
8398e940cf
SEC-449: Corrected comment.
2007-09-14 14:18:54 +00:00
fdbcbec9d8
SEC-449: Reamed template test class to match tested class. Added test method for case when no attribute value is found.
2007-09-14 14:17:30 +00:00
223a597208
SEC-449: Changed role searching to use parent spring ldap template search method.
2007-09-14 14:16:28 +00:00
b7d9466f99
SEC-449: Remoned unnecessary declaration of ContextMapper interface.
2007-09-14 14:12:32 +00:00
97ef5f389f
SEC-449: Remoned unnecessary declaration of ContextMapper interface.
2007-09-14 14:11:57 +00:00
d208cf3824
SEC-449: Make LdapUserDetailsMapper a pure ContextMapper so it can be used with LdapTemplate.
2007-09-13 20:42:50 +00:00
6d8f92e1b8
Allow an ldif file to be set in the configuration and loaded on initialization.
2007-09-13 20:40:49 +00:00
ae40919d13
Tidying up class.
2007-09-12 19:55:52 +00:00
c0f5230667
SEC-302: Add rolePrefix property to SecurityContextHolderAwareRequestFilter.
2007-09-11 17:29:47 +00:00
6a6bafa219
Make sure test classes which are setting the context clear it in their tearDown methods.
2007-09-11 14:13:50 +00:00
c56b8c4117
SEC-471: Allow names of username and password parameters to be customized in AuthenticationProcessingFilter.
2007-09-11 12:12:14 +00:00
3326525b65
SEC-368: Tidied up captcha spelling.
2007-09-11 11:16:07 +00:00
dd2a46c7ca
SEC-368: Tidied up captcha spelling.
2007-09-11 11:11:05 +00:00
c91400b03b
Corrected scm sections of core and parent poms.
2007-09-10 23:18:43 +00:00
448e8cfb42
SEC-551: Convert RegExpBasedFilterInvocationDefinitionMap and DaoX509AuthoritiesPopulator to use JDK regexps. Removed ORO dependency from the project.
2007-09-10 23:09:36 +00:00
6eb17c8546
SEC-513: Ldap user manager implementation classes changed to use new spring ldap apis.
2007-09-10 21:13:45 +00:00
afaa169e97
SEC-449: Test data ldif file for ApacheDS.
2007-09-10 21:09:59 +00:00
0503c3e1ab
SEC-449: Refactoring towards more use of Spring LDAP. Also borrowed the Spring LDAP integration testing setup which is much better and makes use of the full LDAP stack. There were still problems with using Apache DS's CoreContextFactory (e.g. compare operations) so it is an improvement on that front too. Moved spring ldap to 1.2-RC1 version.
2007-09-10 21:09:02 +00:00
f7815e8da2
SEC-520
...
added parameter to determine whether to encode the session id or not and an explanation on when it should/should not be used.
2007-09-10 15:11:56 +00:00
e7ede68352
Update ldap test base class to use LdapContext by default.
2007-09-07 20:52:03 +00:00
ff1f1d8ef5
SEC-449: Rename internal LdapTemplate class to SpringSecurityLdapTemplate to avoid confusion.
2007-09-07 20:49:38 +00:00
f178ca2a39
Updated trunk poms to 2.0-SNAPSHOT version
2007-09-07 20:14:55 +00:00
70239a9769
SEC-513: First check in of user management stuff.
2007-09-07 20:01:46 +00:00
9b71b5aa00
SEC-449: Mostly changes to aid moving towards compatibility with spring-ldap.
2007-09-07 19:55:45 +00:00
8d4b97f685
Updated poms post-release 1.0.5
2007-09-06 02:52:09 +00:00
c8b6111418
Release 1.0.5.
2007-09-06 01:52:53 +00:00
3de8745494
Commented out (another) failing captcha test whose behaviour varies with speed of the build server (makes assumptions about the interval within which certain lines of code are executed).
2007-09-04 01:06:58 +00:00
6289503643
Commented out failing captcha test whose behaviour varies with speed of the build server (makes assumptions about the interval within which certain lines of code are executed).
2007-09-03 23:33:13 +00:00
34527c3305
Changed spring version to 1.2.9 and modified dependencies to get build to work with this version. Corrected some javadoc links.
2007-09-03 15:47:39 +00:00
15ee5b2364
SEC-540,SEC-541: Changes for maven 2 site generation and use of docbkx.
2007-09-02 13:22:24 +00:00
4e452046ec
Comment out System.out.println
2007-09-01 14:59:41 +00:00
edd7bbeceb
Removed repeated downcasting of ServletRequest and ServletResponse
2007-09-01 14:43:09 +00:00
b2799985f2
SEC-398: Added patch which uses response wrapper to set context in session on redirect or error.
2007-08-31 20:39:33 +00:00
219b865c01
SEC-544: Added German localization messages from Andreas Senft.
2007-08-31 12:15:13 +00:00
c021bf4682
SEC-542: Made SessionInformation serializable. Also remove unused default constructor.
2007-08-30 21:38:07 +00:00
0adf0d6f1c
SEC-529: Added French translation of messages from Laurent Pireyn
2007-08-30 21:27:49 +00:00
bc411c7c3b
SEC-457: Added Czech translation of messages from Jan Novotný
2007-08-30 21:20:19 +00:00
ea61964f56
SEC-483: Fix. Make getGroupSearchBase protected.
2007-08-30 21:15:14 +00:00
0c4916ee98
SEC-427: Fix. Added NullAuthoritiesPopulator and extra constructor.
2007-08-30 21:12:16 +00:00
301626fd6e
SEC-346: Fix. Added suggested change. Also some minor tidying up of comments etc.
2007-08-30 20:55:49 +00:00
2e8d16c538
SEC-484: Multithreaded tests for SessionRegistryImpl.
2007-08-30 19:26:24 +00:00
ad43d433b4
SEC-484: Fix for NPE concurreny issue. Also reinstated synchronized on registerNewSession (had removed it for testing).
2007-08-30 19:04:18 +00:00
aa4ee54f86
Added logging to SessionRegistryImpl.
2007-08-30 18:22:40 +00:00
7fcdd4a6ff
More tidying...
2007-08-30 11:31:36 +00:00
510cd5050f
Tidied up SessionRegistryImpl and rolled back reformatting of its test class to incorrect width.
2007-08-30 11:21:28 +00:00
5f993e5627
SEC-534: Refactored JaasAuthenticationProvider to use ApplicationPublisherAware rather than ApplicationContextAware.
2007-08-29 11:51:02 +00:00
1467527c0a
SEC-538: Deleted maven 1 files.
2007-08-29 11:00:28 +00:00
5b7ed79b6a
SEC-539: Reformatted "divider" comments (//~ Methods=== etc). Simplified boolean expression in afterPropertiesSet.
2007-08-28 23:19:06 +00:00
d7cef1ba31
SEC-539: Moved SecurityContextHolder.setContext() call into the try {} block to emphasize that it is only set for the duration of chain.doFilter() and immediately cleared afterwards. Changed the debug messages about setting the context, since it has not strictly taken place when they are logged.
2007-08-28 23:11:58 +00:00
47c5a6d43f
SEC-539: Renamed extractSecurityContextFromSession to readSecurityContextFromSession to emphasize that it doesn't actually modify anything (the context is still stored in the session).
2007-08-28 22:43:13 +00:00
f7a6129657
SEC-539: Removed unnecessary check for a null request object. Removed unnecessary catch/rethrow of IOException and ServletException from try/finally around chain.doFilter.
2007-08-28 22:40:56 +00:00
d1be9f9980
SEC-539: Refactored so that SecurityContextHolder.setContext() is called in exactly one place. Moved setting of httpSession = null to point immediately after its last use.
2007-08-28 22:38:55 +00:00
3dd0716611
SEC-539: Altered storeSecurityContextInSession to take the SecurityContext as a parameter rather than calling SecurityContextHolder.getContext(). This allows SecurityContextHolder.clearContext() to be called immediately after reading the context in the finally block of doFilter().
2007-08-28 21:58:30 +00:00
fa63d8ecfb
SEC-539: Refactored if (httpSession == null) block in storeSecurityContextInSession()
2007-08-28 21:25:17 +00:00
ce3eb599ed
SEC-539: Renamed populateSecurityContextFromSession to extractSecurityContextFromSession and removed the side-effect of setting SecurityContextHolder. It now returns the context found in the session (or null) and SecurityContextHolder.setContext() is called in a single place in doFilter().
2007-08-28 21:11:48 +00:00
ba88214d1d
SEC-539: Refactored populateSecurityContextFromSession() to reduce nested blocks and clarify logic.
2007-08-28 20:16:19 +00:00
27ef2caf45
SEC-539: Removed filterApplied boolean.
2007-08-28 19:56:33 +00:00
e8d11f28f2
SEC-539: Extracted storeSecurityContextInSession() method.
2007-08-28 19:54:24 +00:00
bcf69cbe3d
SEC-539: Extracted populateSecurityContextFromSession() method.
2007-08-28 19:16:37 +00:00
6651a240de
Replaced massive if/else with guard clause to reduce nesting. Moved declaration of filterApplied boolean to where it is actually set. It is only used when removing the attribute from the request at the end of the invocation, so should probably not be needed at all. request.removeAttribute() can be called regardless of whether the attribute is set or not.
2007-08-28 18:26:04 +00:00
6fe00b3433
SEC-501: Fix. Convert secure url paths to lower case if convertUrlToLowercaseBeforeComparison is true.
...
Also removed unnecessary assertions from PathBasedFilterDefinitionMapTests.
2007-08-28 16:53:05 +00:00
4ba77fa736
SEC-450: Added group subtree to LDAP test server and extra tests for DefaultLdapAuthoritiesPopulator to make sure searchSubtree parameter works as expected.
2007-08-28 15:26:59 +00:00
e189bc685f
SEC-408: Fix. Provide getter for filterProcessesUrl.
2007-08-28 11:37:05 +00:00
c8077c5e87
SEC-506: Fix as suggested by reporter. Split the disgest header string ignoring separating commas which occur between quotes.
2007-08-28 00:31:30 +00:00
3f123e1478
SEC-518: Fix. "Cache" in EhCache is a class, so change the APIs to use the interface it implements (Ehcache).
2007-08-27 23:41:59 +00:00
87d6b8dedd
SEC-412: Fix. Added extra constructor to UsernameNotFoundException allow use of extraInformation property of parent class.
2007-08-27 23:22:48 +00:00
dda88e3931
SEC-502: Fix. Use a Map instead of HashMap in the API. Also some minor tidying of test class.
2007-08-27 17:21:16 +00:00
57f3d268a1
SEC-519: Fix. Changed notNull() assertion for "key" parameter to hasText() to prevent the use of empty keys.
2007-08-27 17:17:25 +00:00
1c72b7989e
Fix for SEC-522. Strip query parameters from logout URL before doing comparison with filterProcessesUrl.
2007-08-27 17:14:23 +00:00
82599a72ba
Reformatted LogoutFilter.
2007-08-27 16:56:33 +00:00
f8689b18b2
SEC-526: Fixed. Support for different case prefixes ({SHA}, {sha} etc).
2007-08-27 16:23:14 +00:00
0425d3b638
Rolled back unnecessary changes (whitespace, imports etc) for SEC-398 to make actual change from revision 1858 clearer.
2007-08-27 13:29:39 +00:00
db3024f9a4
SEC-271: Revert Ordered and ApplicationContextAware usage at this time, due to release of 1.0..
2007-08-25 00:15:30 +00:00
2b4d8a6378
Removed print statement
2007-08-22 04:48:04 +00:00
3fbc7beb88
SEC-251: Document use of {1} parameter in javadoc for DefaultLdapAuthoritiesPopulator.
2007-08-17 15:45:57 +00:00
bc30b903f8
SEC-398: Lazy update of 'filterApplied' to true
2007-07-25 05:34:40 +00:00
a499e74102
SEC-449: Add spring-ldap dependency to pom.xml.
2007-07-24 17:23:47 +00:00
b646a06443
Fix for SEC-512. Removed unnecessary context creation.
2007-07-24 17:01:36 +00:00
aea1148ffb
Fix broken test caused by null application context in AbtractAccessDecisionManager when auto-detection of voters is called.
2007-07-24 16:48:49 +00:00
c5cc42e16c
made two instance variables protected for RBA solution
2007-07-23 07:59:28 +00:00
5ea8232f84
SEC-484: fixed concurrency issue
2007-07-23 07:58:31 +00:00
0e46e5307c
SEC-271: added Ordered interface to AcessDecisionVoters
2007-07-06 13:34:43 +00:00
ef38844a6d
Improved comments and made TokenBasedRememberMeServices modular to support subclasses
2007-06-27 08:33:37 +00:00
0159b617cf
Refactored the failureUrl lookup into a protected method to allow customization
2007-06-19 13:09:57 +00:00
b2c30277f4
SEC-271: work on security:autoconfig
2007-06-19 04:08:19 +00:00
165d2c0122
[maven-release-plugin] prepare for next development iteration
2007-06-02 21:28:53 +00:00
942b5d7345
[maven-release-plugin] prepare release acegi-security-1.0.4-maven2
2007-06-02 21:21:51 +00:00
4561c3a1f1
Remove unused imports that were causing warnings.
2007-05-25 05:33:06 +00:00
e252f4a497
Make compatible with Assert static class in Spring 1.2.9.
2007-05-25 05:32:32 +00:00
5b97b3458c
utility class added required to copy ordering information from one object to another
2007-05-25 03:25:28 +00:00
10bf40fc03
SEC-472: Provide support for subclasses to select the login form URL to use for a given request.
2007-05-25 03:21:17 +00:00
b30162191e
SEC-271: Moved spring security namespaces cnfig code to sandbox
2007-05-25 03:17:12 +00:00
a8b402462e
SEC-470: Provide flexibility to customize cookie name.
2007-05-25 03:12:49 +00:00
24b31c0c57
SEC-443: Provide useRelativeContext property.
2007-05-25 02:55:25 +00:00
c8d5374602
SEC-436: Add hashCode() methods.
2007-05-25 02:28:40 +00:00
95735017e6
SEC-421: MutableAcl.setParent(MutableAcl) method to accept Acl parameter, not MutableAcl.
2007-05-25 02:22:18 +00:00
d0d645788a
SEC-405: Extract out target URL determination method.
2007-05-25 02:07:44 +00:00
998fc938df
SEC-403: Add support for Chinese.
2007-05-25 02:04:44 +00:00
296d235135
SEC-343: Make obtainAllDefinedFilters() protected.
2007-05-25 02:03:12 +00:00
1fa89e99c4
SEC-307: Preserve result of AuthenticationManager.authenticate(Authentication).
2007-05-25 02:00:37 +00:00
3b9a8dc53e
SEC-444: Handle synchronization issues if multiple authentications taking place for same session ID concurrently.
2007-05-25 01:38:42 +00:00
4f13db5552
SEC-398: Delay sending of redirect until after HttpSession updated with revised SecurityContextHolder contents.
2007-05-25 01:24:07 +00:00
4c6d132ead
SEC-411: fixed broken unit tests as a consequence of adding anoter constructor argument
2007-05-24 23:35:01 +00:00
220ba29fc6
SEC-411: another constructor argument added as required in SecurityContextHolderAwareRequestWrapper
2007-05-24 23:20:40 +00:00
0736f4ffa0
SEC-305: Retain SecurityContext when rendering error pages.
2007-05-24 02:04:47 +00:00
6ea8899134
2007-05-24 00:47:12 +00:00
5b3c633790
SEC-451: Correctly handle an empty context path.
2007-05-24 00:18:09 +00:00
c8c37c8935
SEC-439: Do not modify the object (ie replace it with null) unless the provider is supposed to fire according to the processDomainObjectClass property.
2007-05-23 07:04:22 +00:00
a3c992113e
SEC-459: Provide local argument to the message source accessor.
2007-05-23 06:57:07 +00:00
a18bd9100c
SEC-474: Gracefully abort if username and password non-retrievable.
2007-05-23 06:48:42 +00:00
f45c0944ef
SEC-478: Handle incorrect Base64 cookie encoding.
2007-05-23 06:45:45 +00:00
5b8898c750
SEC-298: Ensure returned cookies have a maximum age equal to the TokenBasedRememberMeServices.tokenValiditySeconds property.
2007-05-23 06:43:47 +00:00
ac3b142e4f
SEC-438: Made afterPropertiesSet() use instance variable instead of static variable.
2007-05-23 06:35:03 +00:00
72a7d06ad1
SEC-476: Provide support for not logging interactive authentication events.
2007-05-23 06:31:32 +00:00
f7e714b9da
Maven 2 polishing.
2007-05-23 04:20:54 +00:00
3f7e00c796
SEC-271: removed autowiring by type and explicity introspected the applicationContext to detect the required dependencies of userDetailsService
2007-05-18 03:21:21 +00:00
e3435da9ae
SEC-271: removed autowiring by type and explicity introspected the applicationContext to detect the required dependencies of userDetailsService
2007-05-18 03:20:28 +00:00
a934f82af4
SEC-271: Fixed IllegalStateException being thrown by LogoutHandlerOrdereResolver and add an assert statement in the unit test
2007-05-17 13:42:51 +00:00
a01bb3bbee
Added more bean definition parsers
2007-05-17 12:57:16 +00:00
1a06723404
fixed broken test in build 47
2007-05-17 12:49:58 +00:00
3eb9870162
SEC-271: Added more security elements
2007-05-17 12:30:36 +00:00
26b0d4d1cb
SEC-271: uncommented copy of resources in META-INF directory
2007-05-17 12:23:07 +00:00
e43439ba44
implemented Ordered interface
2007-05-17 12:21:02 +00:00
001dc0b1d9
SEC-271: implemented Orderd interface in all the entrypoints
2007-05-17 12:20:16 +00:00
8b1cc05518
Updated Assertion message
2007-05-17 03:18:35 +00:00
84a3c87ea4
SEC-271: Replaced Java 5 specific code with pre Java 5
2007-05-17 03:04:07 +00:00
e67bff61a0
Explicity specified version 2.3 for surefire-plugin
2007-05-17 01:14:07 +00:00
74123cd234
Replace resource property with location for PropertyFactoryBean
2007-05-16 00:31:31 +00:00
ee2eac5a51
SEC-271: added LogoutFilterBeanDefinitionParserTests
2007-05-15 13:54:43 +00:00
1203e9858a
SEC-271: Added BeanDefitnitionParser for principal-repository, extended security schema and added unit tests
2007-05-15 13:32:06 +00:00
51f306a19a
SEC-271: Added more BeanDefinitionParsers and extend spring-security.xsd to have more elements
2007-05-15 13:26:05 +00:00
ced5cb4f85
added new security element in the spring-security schema and wrote a parser for the element
2007-05-13 13:33:33 +00:00
e73421d7b2
Spring version upgrade to 2.0.4, changed svn urls in project.xml and poms
2007-05-13 12:30:53 +00:00
9794c518d6
SEC-271: Spring 2-based configuration simplification of Acegi Security
2007-05-11 00:09:56 +00:00
566314dae5
SEC-271: Spring 2-based configuration simplification of Acegi Security
2007-05-10 02:32:30 +00:00
09fd79bc64
SEC-419: Added the right logger class in CollectionFilterer
2007-05-10 02:25:15 +00:00
82f215700b
changed svn url to https://acegisecurity.svn .....
2007-05-10 02:11:54 +00:00
62c832e366
SEC-423: Fixed IllegalArguemntException being thrown by checking for null contextFromSessionObject
2007-04-27 07:35:11 +00:00
c2d1405f44
SEC-357: Added testIfSwitchUserWithNullUsernameThrowsException
2007-04-24 06:35:15 +00:00
fe0c99c816
Fixed http://opensource.atlassian.com/projects/spring/browse/SEC-445
...
Import servlet-api 2.4 in order to bring in the correct PageContext class
2007-04-23 18:25:01 +00:00
6bfff55da3
Corrected Javadoc for setRejectPublicInvocations (s/true/false) and tidied up code for validation of attributes
2007-03-30 18:27:19 +00:00
993f7e4af0
Refactored to pull "public invocation" behaviour (attr==null) into a single guard clause.
2007-03-30 18:02:08 +00:00
6e5f5e15ad
Refactored to introduce constants for number of ops and number of threads for tuning.
2007-03-10 21:34:53 +00:00
fabca162a7
Added a customized checkstyle configuration file to tame the Maven 2 checkstyle report to the extent that it gives some useful infomation. Tidied up comments, excessively long lines, use of tabs etc. to match.
2007-02-24 21:00:24 +00:00
bd2d4b013a
Extracted a method to evaluate the conditions for whether basic authentication is required.
2007-02-23 19:21:44 +00:00
a1886bd1e0
Made string constant RECIPIENT_FOR_CACHE_EMPTY final.
2007-02-22 23:57:49 +00:00
b8a0f97fde
Removed irrelevant CAS stuff from equalsWhenEqual test.
2007-02-22 23:29:01 +00:00
25bc67885d
Uncommented tests which now work due to apache-ds bugfixes
2007-02-06 18:21:31 +00:00
0d9cae43bf
Corrected mistake in reading java.io.tmpdir.
2007-02-06 18:20:14 +00:00
5464678355
Pass apache-ds temp working directory as a system property through the surefire plugin.
2007-02-06 18:18:14 +00:00
8b98a9d27c
Added code to delete the previous contents of the ldap test server working directory as these aren't always compatible if the apache-ds version has changed.
2007-02-05 00:35:42 +00:00
1686fd0bd2
Updated ldap tests to apache directory 1.0.0 release version.
2007-02-04 20:06:36 +00:00
e169e63e1b
SEC-404: Correct previous SEC-404 commit.
2007-01-02 23:36:38 +00:00
3f62a5c868
SEC-404: NPE when logging out if user not already logged in.
2006-12-28 21:23:35 +00:00
93509dc999
Reformatted X.509 certificate in comment.
2006-11-29 01:40:14 +00:00
6a440f816c
removed monkeymachine.co.uk email addresses.
2006-11-28 21:37:37 +00:00
1805ab8ec4
SEC-401: internalMethod handling fixes, plus correct issue with startsWith(String) usage.
2006-11-26 04:47:43 +00:00
e79a28875f
SEC-400: Clarify exception if getter returns null.
2006-11-26 03:24:11 +00:00
1a486e584b
HttpSessionEventPublisher need not implement ServletContextListener any longer
2006-11-20 19:35:11 +00:00
74e8efc4e9
Fixed SEC-395
2006-11-20 19:09:45 +00:00
6fe569556c
Use type in same module (Maven requirement).
2006-11-17 03:18:07 +00:00
197a011ac5
Relocate resource files to comply with Maven directory conventions.
2006-11-17 03:06:30 +00:00
1081c267d9
SEC-239: New ACL module.
2006-11-17 02:03:23 +00:00
9f512c384e
SEC-239: New ACL module.
2006-11-17 02:01:21 +00:00
2984913051
SEC-393: More elegantly deal with setProviders(List) type safety enforcement.
2006-11-16 02:15:43 +00:00
5e819af782
SEC-388: Upgrade other Spring dependencies to 1.2.8.
2006-11-15 22:54:54 +00:00
1b4a098760
SEC-354: Add label-based voter.
2006-11-14 22:07:36 +00:00
4d166a6867
SEC-333: Error in last commit, should default to regexp processor, not Ant Path processor, in the case of empty or null strings.
2006-11-14 21:52:51 +00:00
780130d0f3
SEC-333: Eliminate dependecy on ORO when Ant Paths being used instead of Regular Expressions.
2006-11-14 20:55:24 +00:00
775840a565
SEC-374: Allow GrantedAuthority[]s assigned to switched user identity to be filtered.
2006-11-14 05:49:56 +00:00
f5ce0250b4
SEC-310: Add AbstractProcessingFilter.getAuthenticationDetailsSource().
2006-11-14 03:30:04 +00:00
8dda52eeaa
SEC-322: Workaround bug in WebSphere.
2006-11-14 02:21:27 +00:00
5640eb0511
SEC-378: Use trim instead of replacement for space removal.
2006-11-14 01:55:44 +00:00
ad6c501379
SEC-360: Minor correction in patch applied yesterday.
2006-11-14 01:09:35 +00:00
2a65d386d5
SEC-384: Remove Commons-Lang dependency.
2006-11-14 00:59:17 +00:00
59bf8602d2
SEC-356: Add cloneFromHttpSession property.
2006-11-14 00:43:00 +00:00
5911234f65
SEC-359: Logout even if not logged in.
2006-11-13 06:05:28 +00:00
fa6b4480b1
SEC-360: Provide server side forward option instead of redirection.
2006-11-13 00:17:07 +00:00
f0ae6f53a7
SEC-327: Add includeDetailsObject property.
2006-11-12 23:55:50 +00:00
f28ce39bde
SEC-365: Provide an alwaysRemember property, together with an abstract method so subclasses can determine custom behaviour.
2006-11-12 23:28:57 +00:00
71eba94cf2
SEC-371: Use AbstractTicketValidator for logger.
2006-11-12 23:10:09 +00:00
0f517cb8e2
SEC-375: Publish AuthorizationFailureEvent event when AccessDeniedException thrown by AfterInvocationProvider.
2006-11-12 22:06:37 +00:00
b8d0722251
SEC-367: Added clarification of immutability contract.
2006-11-12 21:36:52 +00:00
43dbe6c991
SEC-364: Fix context path handling.
2006-11-12 21:31:31 +00:00
10d6859dad
Added ACL table SQL for some databases
2006-10-17 22:24:57 +00:00
172026f875
SEC-377: Remove Commons Lang dependency.
2006-10-14 00:17:19 +00:00
c292826475
SEC-373: Add byte array encryption/decryption support.
2006-10-07 09:45:51 +00:00
21dd050d7b
SEC-348: Limit Basic automatic reauthentication scope to UsernamePasswordAuthenticationToken (specifically avoid CasAuthenticationToken).
2006-09-29 08:41:25 +00:00
d2fb473a4e
Formatting only.
2006-09-29 07:33:45 +00:00
49a2de8f0f
SEC-366: Initial commit.
2006-09-29 07:29:13 +00:00
cc03675776
SEC-340: Invalidate HttpSession on logout.
2006-09-29 06:45:40 +00:00
db96650d99
SEC-319: Reverted to 1.0.1 version to delay these changes to 1.1.0, based on small breakage of backward compatability.
2006-09-23 19:48:39 +00:00
Luke Taylor
Ben Alex
Andrei Stefan
Ray Krueger
Scott Battaglia
Vishal Puri
Carlos Sanchez
Scott McCrory