Luke Taylor
|
d1be9f9980
|
SEC-539: Refactored so that SecurityContextHolder.setContext() is called in exactly one place. Moved setting of httpSession = null to point immediately after its last use.
|
2007-08-28 22:38:55 +00:00 |
|
Luke Taylor
|
3dd0716611
|
SEC-539: Altered storeSecurityContextInSession to take the SecurityContext as a parameter rather than calling SecurityContextHolder.getContext(). This allows SecurityContextHolder.clearContext() to be called immediately after reading the context in the finally block of doFilter().
|
2007-08-28 21:58:30 +00:00 |
|
Luke Taylor
|
fa63d8ecfb
|
SEC-539: Refactored if (httpSession == null) block in storeSecurityContextInSession()
|
2007-08-28 21:25:17 +00:00 |
|
Luke Taylor
|
ce3eb599ed
|
SEC-539: Renamed populateSecurityContextFromSession to extractSecurityContextFromSession and removed the side-effect of setting SecurityContextHolder. It now returns the context found in the session (or null) and SecurityContextHolder.setContext() is called in a single place in doFilter().
|
2007-08-28 21:11:48 +00:00 |
|
Luke Taylor
|
ba88214d1d
|
SEC-539: Refactored populateSecurityContextFromSession() to reduce nested blocks and clarify logic.
|
2007-08-28 20:16:19 +00:00 |
|
Luke Taylor
|
27ef2caf45
|
SEC-539: Removed filterApplied boolean.
|
2007-08-28 19:56:33 +00:00 |
|
Luke Taylor
|
e8d11f28f2
|
SEC-539: Extracted storeSecurityContextInSession() method.
|
2007-08-28 19:54:24 +00:00 |
|
Luke Taylor
|
bcf69cbe3d
|
SEC-539: Extracted populateSecurityContextFromSession() method.
|
2007-08-28 19:16:37 +00:00 |
|
Luke Taylor
|
6651a240de
|
Replaced massive if/else with guard clause to reduce nesting. Moved declaration of filterApplied boolean to where it is actually set. It is only used when removing the attribute from the request at the end of the invocation, so should probably not be needed at all. request.removeAttribute() can be called regardless of whether the attribute is set or not.
|
2007-08-28 18:26:04 +00:00 |
|
Luke Taylor
|
6fe00b3433
|
SEC-501: Fix. Convert secure url paths to lower case if convertUrlToLowercaseBeforeComparison is true.
Also removed unnecessary assertions from PathBasedFilterDefinitionMapTests.
|
2007-08-28 16:53:05 +00:00 |
|
Luke Taylor
|
4ba77fa736
|
SEC-450: Added group subtree to LDAP test server and extra tests for DefaultLdapAuthoritiesPopulator to make sure searchSubtree parameter works as expected.
|
2007-08-28 15:26:59 +00:00 |
|
Luke Taylor
|
e189bc685f
|
SEC-408: Fix. Provide getter for filterProcessesUrl.
|
2007-08-28 11:37:05 +00:00 |
|
Luke Taylor
|
c8077c5e87
|
SEC-506: Fix as suggested by reporter. Split the disgest header string ignoring separating commas which occur between quotes.
|
2007-08-28 00:31:30 +00:00 |
|
Luke Taylor
|
3f123e1478
|
SEC-518: Fix. "Cache" in EhCache is a class, so change the APIs to use the interface it implements (Ehcache).
|
2007-08-27 23:41:59 +00:00 |
|
Luke Taylor
|
87d6b8dedd
|
SEC-412: Fix. Added extra constructor to UsernameNotFoundException allow use of extraInformation property of parent class.
|
2007-08-27 23:22:48 +00:00 |
|
Luke Taylor
|
dda88e3931
|
SEC-502: Fix. Use a Map instead of HashMap in the API. Also some minor tidying of test class.
|
2007-08-27 17:21:16 +00:00 |
|
Luke Taylor
|
57f3d268a1
|
SEC-519: Fix. Changed notNull() assertion for "key" parameter to hasText() to prevent the use of empty keys.
|
2007-08-27 17:17:25 +00:00 |
|
Luke Taylor
|
1c72b7989e
|
Fix for SEC-522. Strip query parameters from logout URL before doing comparison with filterProcessesUrl.
|
2007-08-27 17:14:23 +00:00 |
|
Luke Taylor
|
82599a72ba
|
Reformatted LogoutFilter.
|
2007-08-27 16:56:33 +00:00 |
|
Luke Taylor
|
f8689b18b2
|
SEC-526: Fixed. Support for different case prefixes ({SHA}, {sha} etc).
|
2007-08-27 16:23:14 +00:00 |
|
Luke Taylor
|
0425d3b638
|
Rolled back unnecessary changes (whitespace, imports etc) for SEC-398 to make actual change from revision 1858 clearer.
|
2007-08-27 13:29:39 +00:00 |
Ben Alex
|
db3024f9a4
|
SEC-271: Revert Ordered and ApplicationContextAware usage at this time, due to release of 1.0..
|
2007-08-25 00:15:30 +00:00 |
Vishal Puri
|
2b4d8a6378
|
Removed print statement
|
2007-08-22 04:48:04 +00:00 |
|
Luke Taylor
|
3fbc7beb88
|
SEC-251: Document use of {1} parameter in javadoc for DefaultLdapAuthoritiesPopulator.
|
2007-08-17 15:45:57 +00:00 |
|
Vishal Puri
|
bc30b903f8
|
SEC-398: Lazy update of 'filterApplied' to true
|
2007-07-25 05:34:40 +00:00 |
|
Luke Taylor
|
a499e74102
|
SEC-449: Add spring-ldap dependency to pom.xml.
|
2007-07-24 17:23:47 +00:00 |
|
Luke Taylor
|
b646a06443
|
Fix for SEC-512. Removed unnecessary context creation.
|
2007-07-24 17:01:36 +00:00 |
|
Luke Taylor
|
aea1148ffb
|
Fix broken test caused by null application context in AbtractAccessDecisionManager when auto-detection of voters is called.
|
2007-07-24 16:48:49 +00:00 |
|
Vishal Puri
|
c5cc42e16c
|
made two instance variables protected for RBA solution
|
2007-07-23 07:59:28 +00:00 |
|
Vishal Puri
|
5ea8232f84
|
SEC-484: fixed concurrency issue
|
2007-07-23 07:58:31 +00:00 |
|
Vishal Puri
|
0e46e5307c
|
SEC-271: added Ordered interface to AcessDecisionVoters
|
2007-07-06 13:34:43 +00:00 |
|
Vishal Puri
|
ef38844a6d
|
Improved comments and made TokenBasedRememberMeServices modular to support subclasses
|
2007-06-27 08:33:37 +00:00 |
Ray Krueger
|
0159b617cf
|
Refactored the failureUrl lookup into a protected method to allow customization
|
2007-06-19 13:09:57 +00:00 |
|
Vishal Puri
|
b2c30277f4
|
SEC-271: work on security:autoconfig
|
2007-06-19 04:08:19 +00:00 |
Carlos Sanchez
|
165d2c0122
|
[maven-release-plugin] prepare for next development iteration
|
2007-06-02 21:28:53 +00:00 |
|
Carlos Sanchez
|
942b5d7345
|
[maven-release-plugin] prepare release acegi-security-1.0.4-maven2
|
2007-06-02 21:21:51 +00:00 |
|
Ben Alex
|
4561c3a1f1
|
Remove unused imports that were causing warnings.
|
2007-05-25 05:33:06 +00:00 |
|
Ben Alex
|
e252f4a497
|
Make compatible with Assert static class in Spring 1.2.9.
|
2007-05-25 05:32:32 +00:00 |
|
Vishal Puri
|
5b97b3458c
|
utility class added required to copy ordering information from one object to another
|
2007-05-25 03:25:28 +00:00 |
|
Ben Alex
|
10bf40fc03
|
SEC-472: Provide support for subclasses to select the login form URL to use for a given request.
|
2007-05-25 03:21:17 +00:00 |
|
Vishal Puri
|
b30162191e
|
SEC-271: Moved spring security namespaces cnfig code to sandbox
|
2007-05-25 03:17:12 +00:00 |
|
Ben Alex
|
a8b402462e
|
SEC-470: Provide flexibility to customize cookie name.
|
2007-05-25 03:12:49 +00:00 |
|
Ben Alex
|
24b31c0c57
|
SEC-443: Provide useRelativeContext property.
|
2007-05-25 02:55:25 +00:00 |
|
Ben Alex
|
c8d5374602
|
SEC-436: Add hashCode() methods.
|
2007-05-25 02:28:40 +00:00 |
|
Ben Alex
|
95735017e6
|
SEC-421: MutableAcl.setParent(MutableAcl) method to accept Acl parameter, not MutableAcl.
|
2007-05-25 02:22:18 +00:00 |
|
Ben Alex
|
d0d645788a
|
SEC-405: Extract out target URL determination method.
|
2007-05-25 02:07:44 +00:00 |
|
Ben Alex
|
998fc938df
|
SEC-403: Add support for Chinese.
|
2007-05-25 02:04:44 +00:00 |
|
Ben Alex
|
296d235135
|
SEC-343: Make obtainAllDefinedFilters() protected.
|
2007-05-25 02:03:12 +00:00 |
|
Ben Alex
|
1fa89e99c4
|
SEC-307: Preserve result of AuthenticationManager.authenticate(Authentication).
|
2007-05-25 02:00:37 +00:00 |
|
Ben Alex
|
3b9a8dc53e
|
SEC-444: Handle synchronization issues if multiple authentications taking place for same session ID concurrently.
|
2007-05-25 01:38:42 +00:00 |
|
Ben Alex
|
4f13db5552
|
SEC-398: Delay sending of redirect until after HttpSession updated with revised SecurityContextHolder contents.
|
2007-05-25 01:24:07 +00:00 |
|
Vishal Puri
|
4c6d132ead
|
SEC-411: fixed broken unit tests as a consequence of adding anoter constructor argument
|
2007-05-24 23:35:01 +00:00 |
|
Vishal Puri
|
220ba29fc6
|
SEC-411: another constructor argument added as required in SecurityContextHolderAwareRequestWrapper
|
2007-05-24 23:20:40 +00:00 |
|
Ben Alex
|
0736f4ffa0
|
SEC-305: Retain SecurityContext when rendering error pages.
|
2007-05-24 02:04:47 +00:00 |
|
Ben Alex
|
6ea8899134
|
|
2007-05-24 00:47:12 +00:00 |
|
Ben Alex
|
5b3c633790
|
SEC-451: Correctly handle an empty context path.
|
2007-05-24 00:18:09 +00:00 |
|
Ben Alex
|
c8c37c8935
|
SEC-439: Do not modify the object (ie replace it with null) unless the provider is supposed to fire according to the processDomainObjectClass property.
|
2007-05-23 07:04:22 +00:00 |
|
Ben Alex
|
a3c992113e
|
SEC-459: Provide local argument to the message source accessor.
|
2007-05-23 06:57:07 +00:00 |
|
Ben Alex
|
a18bd9100c
|
SEC-474: Gracefully abort if username and password non-retrievable.
|
2007-05-23 06:48:42 +00:00 |
|
Ben Alex
|
f45c0944ef
|
SEC-478: Handle incorrect Base64 cookie encoding.
|
2007-05-23 06:45:45 +00:00 |
|
Ben Alex
|
5b8898c750
|
SEC-298: Ensure returned cookies have a maximum age equal to the TokenBasedRememberMeServices.tokenValiditySeconds property.
|
2007-05-23 06:43:47 +00:00 |
|
Ben Alex
|
ac3b142e4f
|
SEC-438: Made afterPropertiesSet() use instance variable instead of static variable.
|
2007-05-23 06:35:03 +00:00 |
|
Ben Alex
|
72a7d06ad1
|
SEC-476: Provide support for not logging interactive authentication events.
|
2007-05-23 06:31:32 +00:00 |
|
Ben Alex
|
f7e714b9da
|
Maven 2 polishing.
|
2007-05-23 04:20:54 +00:00 |
|
Vishal Puri
|
3f7e00c796
|
SEC-271: removed autowiring by type and explicity introspected the applicationContext to detect the required dependencies of userDetailsService
|
2007-05-18 03:21:21 +00:00 |
|
Vishal Puri
|
e3435da9ae
|
SEC-271: removed autowiring by type and explicity introspected the applicationContext to detect the required dependencies of userDetailsService
|
2007-05-18 03:20:28 +00:00 |
|
Vishal Puri
|
a934f82af4
|
SEC-271: Fixed IllegalStateException being thrown by LogoutHandlerOrdereResolver and add an assert statement in the unit test
|
2007-05-17 13:42:51 +00:00 |
|
Vishal Puri
|
a01bb3bbee
|
Added more bean definition parsers
|
2007-05-17 12:57:16 +00:00 |
|
Vishal Puri
|
1a06723404
|
fixed broken test in build 47
|
2007-05-17 12:49:58 +00:00 |
|
Vishal Puri
|
3eb9870162
|
SEC-271: Added more security elements
|
2007-05-17 12:30:36 +00:00 |
|
Vishal Puri
|
26b0d4d1cb
|
SEC-271: uncommented copy of resources in META-INF directory
|
2007-05-17 12:23:07 +00:00 |
|
Vishal Puri
|
e43439ba44
|
implemented Ordered interface
|
2007-05-17 12:21:02 +00:00 |
|
Vishal Puri
|
001dc0b1d9
|
SEC-271: implemented Orderd interface in all the entrypoints
|
2007-05-17 12:20:16 +00:00 |
|
Ray Krueger
|
8b1cc05518
|
Updated Assertion message
|
2007-05-17 03:18:35 +00:00 |
|
Vishal Puri
|
84a3c87ea4
|
SEC-271: Replaced Java 5 specific code with pre Java 5
|
2007-05-17 03:04:07 +00:00 |
|
Vishal Puri
|
e67bff61a0
|
Explicity specified version 2.3 for surefire-plugin
|
2007-05-17 01:14:07 +00:00 |
|
Vishal Puri
|
74123cd234
|
Replace resource property with location for PropertyFactoryBean
|
2007-05-16 00:31:31 +00:00 |
|
Vishal Puri
|
ee2eac5a51
|
SEC-271: added LogoutFilterBeanDefinitionParserTests
|
2007-05-15 13:54:43 +00:00 |
|
Vishal Puri
|
1203e9858a
|
SEC-271: Added BeanDefitnitionParser for principal-repository, extended security schema and added unit tests
|
2007-05-15 13:32:06 +00:00 |
|
Vishal Puri
|
51f306a19a
|
SEC-271: Added more BeanDefinitionParsers and extend spring-security.xsd to have more elements
|
2007-05-15 13:26:05 +00:00 |
|
Vishal Puri
|
ced5cb4f85
|
added new security element in the spring-security schema and wrote a parser for the element
|
2007-05-13 13:33:33 +00:00 |
|
Vishal Puri
|
e73421d7b2
|
Spring version upgrade to 2.0.4, changed svn urls in project.xml and poms
|
2007-05-13 12:30:53 +00:00 |
|
Vishal Puri
|
9794c518d6
|
SEC-271: Spring 2-based configuration simplification of Acegi Security
|
2007-05-11 00:09:56 +00:00 |
|
Vishal Puri
|
566314dae5
|
SEC-271: Spring 2-based configuration simplification of Acegi Security
|
2007-05-10 02:32:30 +00:00 |
|
Vishal Puri
|
09fd79bc64
|
SEC-419: Added the right logger class in CollectionFilterer
|
2007-05-10 02:25:15 +00:00 |
|
Vishal Puri
|
82f215700b
|
changed svn url to https://acegisecurity.svn.....
|
2007-05-10 02:11:54 +00:00 |
|
Vishal Puri
|
62c832e366
|
SEC-423: Fixed IllegalArguemntException being thrown by checking for null contextFromSessionObject
|
2007-04-27 07:35:11 +00:00 |
|
Vishal Puri
|
c2d1405f44
|
SEC-357: Added testIfSwitchUserWithNullUsernameThrowsException
|
2007-04-24 06:35:15 +00:00 |
|
Ray Krueger
|
fe0c99c816
|
Fixed http://opensource.atlassian.com/projects/spring/browse/SEC-445
Import servlet-api 2.4 in order to bring in the correct PageContext class
|
2007-04-23 18:25:01 +00:00 |
|
Luke Taylor
|
6bfff55da3
|
Corrected Javadoc for setRejectPublicInvocations (s/true/false) and tidied up code for validation of attributes
|
2007-03-30 18:27:19 +00:00 |
|
Luke Taylor
|
993f7e4af0
|
Refactored to pull "public invocation" behaviour (attr==null) into a single guard clause.
|
2007-03-30 18:02:08 +00:00 |
|
Luke Taylor
|
6e5f5e15ad
|
Refactored to introduce constants for number of ops and number of threads for tuning.
|
2007-03-10 21:34:53 +00:00 |
|
Luke Taylor
|
fabca162a7
|
Added a customized checkstyle configuration file to tame the Maven 2 checkstyle report to the extent that it gives some useful infomation. Tidied up comments, excessively long lines, use of tabs etc. to match.
|
2007-02-24 21:00:24 +00:00 |
|
Luke Taylor
|
bd2d4b013a
|
Extracted a method to evaluate the conditions for whether basic authentication is required.
|
2007-02-23 19:21:44 +00:00 |
|
Luke Taylor
|
a1886bd1e0
|
Made string constant RECIPIENT_FOR_CACHE_EMPTY final.
|
2007-02-22 23:57:49 +00:00 |
|
Luke Taylor
|
b8a0f97fde
|
Removed irrelevant CAS stuff from equalsWhenEqual test.
|
2007-02-22 23:29:01 +00:00 |
|
Luke Taylor
|
25bc67885d
|
Uncommented tests which now work due to apache-ds bugfixes
|
2007-02-06 18:21:31 +00:00 |
|
Luke Taylor
|
0d9cae43bf
|
Corrected mistake in reading java.io.tmpdir.
|
2007-02-06 18:20:14 +00:00 |
|
Luke Taylor
|
5464678355
|
Pass apache-ds temp working directory as a system property through the surefire plugin.
|
2007-02-06 18:18:14 +00:00 |
|
Luke Taylor
|
8b98a9d27c
|
Added code to delete the previous contents of the ldap test server working directory as these aren't always compatible if the apache-ds version has changed.
|
2007-02-05 00:35:42 +00:00 |
|
Luke Taylor
|
1686fd0bd2
|
Updated ldap tests to apache directory 1.0.0 release version.
|
2007-02-04 20:06:36 +00:00 |
|
Ben Alex
|
e169e63e1b
|
SEC-404: Correct previous SEC-404 commit.
|
2007-01-02 23:36:38 +00:00 |
|
Ben Alex
|
3f62a5c868
|
SEC-404: NPE when logging out if user not already logged in.
|
2006-12-28 21:23:35 +00:00 |
|
Luke Taylor
|
93509dc999
|
Reformatted X.509 certificate in comment.
|
2006-11-29 01:40:14 +00:00 |
|
Luke Taylor
|
6a440f816c
|
removed monkeymachine.co.uk email addresses.
|
2006-11-28 21:37:37 +00:00 |
|
Ben Alex
|
1805ab8ec4
|
SEC-401: internalMethod handling fixes, plus correct issue with startsWith(String) usage.
|
2006-11-26 04:47:43 +00:00 |
|
Ben Alex
|
e79a28875f
|
SEC-400: Clarify exception if getter returns null.
|
2006-11-26 03:24:11 +00:00 |
|
Ray Krueger
|
1a486e584b
|
HttpSessionEventPublisher need not implement ServletContextListener any longer
|
2006-11-20 19:35:11 +00:00 |
|
Ray Krueger
|
74e8efc4e9
|
Fixed SEC-395
|
2006-11-20 19:09:45 +00:00 |
|
Ben Alex
|
6fe569556c
|
Use type in same module (Maven requirement).
|
2006-11-17 03:18:07 +00:00 |
|
Ben Alex
|
197a011ac5
|
Relocate resource files to comply with Maven directory conventions.
|
2006-11-17 03:06:30 +00:00 |
|
Ben Alex
|
1081c267d9
|
SEC-239: New ACL module.
|
2006-11-17 02:03:23 +00:00 |
|
Ben Alex
|
9f512c384e
|
SEC-239: New ACL module.
|
2006-11-17 02:01:21 +00:00 |
|
Ben Alex
|
2984913051
|
SEC-393: More elegantly deal with setProviders(List) type safety enforcement.
|
2006-11-16 02:15:43 +00:00 |
|
Carlos Sanchez
|
5e819af782
|
SEC-388: Upgrade other Spring dependencies to 1.2.8.
|
2006-11-15 22:54:54 +00:00 |
|
Ben Alex
|
1b4a098760
|
SEC-354: Add label-based voter.
|
2006-11-14 22:07:36 +00:00 |
|
Ben Alex
|
4d166a6867
|
SEC-333: Error in last commit, should default to regexp processor, not Ant Path processor, in the case of empty or null strings.
|
2006-11-14 21:52:51 +00:00 |
|
Ben Alex
|
780130d0f3
|
SEC-333: Eliminate dependecy on ORO when Ant Paths being used instead of Regular Expressions.
|
2006-11-14 20:55:24 +00:00 |
|
Ben Alex
|
775840a565
|
SEC-374: Allow GrantedAuthority[]s assigned to switched user identity to be filtered.
|
2006-11-14 05:49:56 +00:00 |
|
Ben Alex
|
f5ce0250b4
|
SEC-310: Add AbstractProcessingFilter.getAuthenticationDetailsSource().
|
2006-11-14 03:30:04 +00:00 |
|
Ben Alex
|
8dda52eeaa
|
SEC-322: Workaround bug in WebSphere.
|
2006-11-14 02:21:27 +00:00 |
|
Ben Alex
|
5640eb0511
|
SEC-378: Use trim instead of replacement for space removal.
|
2006-11-14 01:55:44 +00:00 |
|
Ben Alex
|
ad6c501379
|
SEC-360: Minor correction in patch applied yesterday.
|
2006-11-14 01:09:35 +00:00 |
|
Ben Alex
|
2a65d386d5
|
SEC-384: Remove Commons-Lang dependency.
|
2006-11-14 00:59:17 +00:00 |
|
Ben Alex
|
59bf8602d2
|
SEC-356: Add cloneFromHttpSession property.
|
2006-11-14 00:43:00 +00:00 |
|
Ben Alex
|
5911234f65
|
SEC-359: Logout even if not logged in.
|
2006-11-13 06:05:28 +00:00 |
|
Ben Alex
|
fa6b4480b1
|
SEC-360: Provide server side forward option instead of redirection.
|
2006-11-13 00:17:07 +00:00 |
|
Ben Alex
|
f0ae6f53a7
|
SEC-327: Add includeDetailsObject property.
|
2006-11-12 23:55:50 +00:00 |
|
Ben Alex
|
f28ce39bde
|
SEC-365: Provide an alwaysRemember property, together with an abstract method so subclasses can determine custom behaviour.
|
2006-11-12 23:28:57 +00:00 |
|
Ben Alex
|
71eba94cf2
|
SEC-371: Use AbstractTicketValidator for logger.
|
2006-11-12 23:10:09 +00:00 |
|
Ben Alex
|
0f517cb8e2
|
SEC-375: Publish AuthorizationFailureEvent event when AccessDeniedException thrown by AfterInvocationProvider.
|
2006-11-12 22:06:37 +00:00 |
|
Ben Alex
|
b8d0722251
|
SEC-367: Added clarification of immutability contract.
|
2006-11-12 21:36:52 +00:00 |
|
Ben Alex
|
43dbe6c991
|
SEC-364: Fix context path handling.
|
2006-11-12 21:31:31 +00:00 |
|
Carlos Sanchez
|
10d6859dad
|
Added ACL table SQL for some databases
|
2006-10-17 22:24:57 +00:00 |
|
Ben Alex
|
172026f875
|
SEC-377: Remove Commons Lang dependency.
|
2006-10-14 00:17:19 +00:00 |
|
Ben Alex
|
c292826475
|
SEC-373: Add byte array encryption/decryption support.
|
2006-10-07 09:45:51 +00:00 |
|
Ben Alex
|
21dd050d7b
|
SEC-348: Limit Basic automatic reauthentication scope to UsernamePasswordAuthenticationToken (specifically avoid CasAuthenticationToken).
|
2006-09-29 08:41:25 +00:00 |
|
Ben Alex
|
d2fb473a4e
|
Formatting only.
|
2006-09-29 07:33:45 +00:00 |
|
Ben Alex
|
49a2de8f0f
|
SEC-366: Initial commit.
|
2006-09-29 07:29:13 +00:00 |
|
Ben Alex
|
cc03675776
|
SEC-340: Invalidate HttpSession on logout.
|
2006-09-29 06:45:40 +00:00 |
Scott McCrory
|
db96650d99
|
SEC-319: Reverted to 1.0.1 version to delay these changes to 1.1.0, based on small breakage of backward compatability.
|
2006-09-23 19:48:39 +00:00 |
|
Carlos Sanchez
|
558fd5d75d
|
Add scm info because we don't use artifactid as folder name
|
2006-09-17 21:06:22 +00:00 |
|
Ben Alex
|
b0056568f0
|
SEC-338: Serializable and serialVersionUID missing for Authentication-related objects.
|
2006-09-15 08:38:11 +00:00 |
|
Ben Alex
|
7313d5def0
|
SEC-324: Ensure IllegalStateException no longer occurs.
|
2006-09-15 07:55:57 +00:00 |
|
Ben Alex
|
324789d544
|
SEC-311: Must observe symmetry requirement of Object.equals(Object) contract.
|
2006-09-15 06:27:45 +00:00 |
|
Ben Alex
|
9e3ce85dd5
|
SEC-330: Make UserMap work with UserDetails, not User concrete class.
|
2006-09-15 03:47:17 +00:00 |
|
Ben Alex
|
f0b259a32e
|
SEC-349: GrantedAuthority constructor argument can be null.
|
2006-09-15 03:42:11 +00:00 |
|
Ben Alex
|
58d3f0c56f
|
SEC-290: Correct bug with generation of SimpleMethodInvocation.
|
2006-09-15 03:38:36 +00:00 |
|
Ben Alex
|
5364db2c27
|
SEC-328: Avoid unnecessarily hitting backend a second time, if the cache wasn't used in first place.
|
2006-09-15 03:36:51 +00:00 |
|
Ben Alex
|
53beadb7bf
|
SEC-290: Correct bug with generation of SimpleMethodInvocation.
|
2006-09-15 03:27:26 +00:00 |
|
Ben Alex
|
03df6a90eb
|
SEC-293: Modified collection remove logic to use removeList.
|
2006-09-15 03:20:08 +00:00 |
|
Ben Alex
|
1292420476
|
SEC-311: Must observe symmetry requirement of Object.equals(Object) contract.
|
2006-09-15 03:09:05 +00:00 |
|
Ray Krueger
|
cf91104b69
|
Made parameters case-insensitive
|
2006-09-14 20:47:17 +00:00 |
|
Ray Krueger
|
6779d97546
|
Made parameters case-insensitive
|
2006-09-14 20:39:37 +00:00 |
|
Carlos Sanchez
|
757062e8f9
|
Initialization of exceptionMappings was broken in last commit
|
2006-09-13 08:20:08 +00:00 |
|
Carlos Sanchez
|
4d070eab25
|
Add setAuthoritiesAsString to UserAttribute
|
2006-09-04 21:54:15 +00:00 |
|
Luke Taylor
|
000f9ab7ac
|
SEC-321: truncate from first question mark, not last.
|
2006-09-03 22:12:13 +00:00 |
|
Luke Taylor
|
4e65b24253
|
SEC-245: Add mapPassword method to allow customized translation of password attribute.
|
2006-08-28 20:58:26 +00:00 |
|
Luke Taylor
|
57a8d2adb3
|
Added handleBindException method to allow subclasses to inspect the reason for bind failure.
|
2006-08-25 16:06:20 +00:00 |
|
Luke Taylor
|
dc13f25dee
|
Tidied up formatting.
|
2006-08-25 16:04:27 +00:00 |
|
Luke Taylor
|
8dd1177c02
|
Added property to force use of LdapContext instead of DirContext
|
2006-08-25 16:03:50 +00:00 |
|
Luke Taylor
|
92dcf694b4
|
added createTarget method on Essence class to allow subclassing.
|
2006-08-25 15:32:39 +00:00 |
|
Luke Taylor
|
b5cbc977e1
|
Javadoc correction
|
2006-08-24 10:56:26 +00:00 |
|
Luke Taylor
|
3889894d16
|
Added extra mapping of OperationNotSupportedException to BadCredentialsException as some servers return a 53 code (unwilling to perform) when attempting a bind (e.g. is password has expired). This shouldn't be treated as an outright failure.
|
2006-08-24 10:32:38 +00:00 |
|
Luke Taylor
|
67fcf426eb
|
Close returned context in nameExists method
|
2006-08-24 10:10:24 +00:00 |
|
Luke Taylor
|
e96fee6ec1
|
Updated apacheds version to RC3 and slf4j to 1.0.1
|
2006-08-24 10:07:39 +00:00 |
|
Carlos Sanchez
|
27d2db9e22
|
Ensure that array of valid permissions can't be modified outside the class
|
2006-08-22 17:57:18 +00:00 |
|
Carlos Sanchez
|
38ec0f0d30
|
SEC-286: Reverted rev# 1588 as build fails without log4j (class not found exception)
|
2006-08-22 16:17:46 +00:00 |
|
Carlos Sanchez
|
69ec903088
|
Add MethodDefinitionSourceMapping for easier configuration
|
2006-08-22 16:02:44 +00:00 |
|
Carlos Sanchez
|
0298851ca3
|
Allow setting ACLs by its name
|
2006-08-22 16:01:34 +00:00 |
|
Carlos Sanchez
|
3487da0e85
|
Added javadoc
|
2006-08-22 15:53:41 +00:00 |
|
Luke Taylor
|
3498b36c14
|
SEC-285: Removed duplicate commons-lang dependency from pom.xml
|
2006-08-19 20:03:58 +00:00 |
|
Scott McCrory
|
8d3a2b42d9
|
SEC-319: Improvements to Siteminder integration: Create its own authentication provider & reeval strategy. Note that documentation not yet complete, but code is functional, test-covered and validated in a Siteminder environment.
|
2006-07-27 01:13:46 +00:00 |
|
Luke Taylor
|
52a167acfa
|
SEC-286: removed log4j dep as it is in the parent pom and tests run fine without it..
|
2006-07-25 23:53:42 +00:00 |
|
Carlos Sanchez
|
f7cb31a301
|
Fix broken test
|
2006-07-20 18:43:58 +00:00 |
|
Carlos Sanchez
|
9a337d2fea
|
Removed default constructors added in rev# 1573
|
2006-07-20 13:15:55 +00:00 |
|
Luke Taylor
|
4930657e57
|
Remove typo in method name "getAuthoritiesPopulator"
|
2006-07-16 20:17:20 +00:00 |
|
Scott McCrory
|
442c51bb30
|
SEC-318: Rename AuthenticationDao to UserDetailsService in local variables and logging messages
|
2006-07-15 15:18:51 +00:00 |
|
Ray Krueger
|
d485e30fd5
|
SavedCookieTest was renamed to SavedCookieTests
|
2006-07-12 10:33:14 +00:00 |
|
Ray Krueger
|
ca863ce4f7
|
http://opensource.atlassian.com/projects/spring/browse/SEC-308
Headers should remain case-insensitive.
|
2006-07-12 10:25:32 +00:00 |
|
Carlos Sanchez
|
91799c9290
|
Added missing resources
|
2006-07-11 21:42:42 +00:00 |
|
Carlos Sanchez
|
156af5b8b6
|
Added missing tld and notice file to jar
|
2006-07-11 18:54:04 +00:00 |
|
Carlos Sanchez
|
94a9acedad
|
Added checks to ensure object is properly initialized
|
2006-07-10 11:48:35 +00:00 |
|
Carlos Sanchez
|
488abe58fb
|
Added default constructor for easier use
|
2006-07-10 11:24:18 +00:00 |
|
Carlos Sanchez
|
80c1ae3bde
|
fix problems when not loaded through Spring context
|
2006-07-09 22:08:21 +00:00 |
|
Carlos Sanchez
|
00b73e8331
|
Fix failing tests keeping old behaviour.
|
2006-07-06 17:56:50 +00:00 |
|
Carlos Sanchez
|
46af400466
|
Added FilterInvocationDefinition interface to unify FilterInvocationDefinitionSource and FilterInvocationDefinitionMap
|
2006-07-06 17:05:08 +00:00 |
|
Carlos Sanchez
|
9e87bd6789
|
Add javadocs
|
2006-07-06 17:03:48 +00:00 |
|
Carlos Sanchez
|
aa52124d72
|
Simplify configuration of FilterInvocationDefinitionMap
|
2006-07-05 22:00:21 +00:00 |
|
Carlos Sanchez
|
9560636380
|
Simplify configuration of FilterInvocationDefinitionMap
|
2006-07-05 20:58:50 +00:00 |
|
Carlos Sanchez
|
9d539a13d9
|
Use accessor instead of field
|
2006-07-05 20:03:52 +00:00 |
|
Carlos Sanchez
|
0edb75d4aa
|
Added setUsers and setAuthorities for easier configuration
|
2006-07-05 16:16:13 +00:00 |
|
Carlos Sanchez
|
41f7bb3755
|
Improve javadoc formatting
|
2006-07-05 16:00:51 +00:00 |
|
Carlos Sanchez
|
27de814d54
|
Prevent NullPointerException when not loaded from application context
|
2006-07-05 15:59:17 +00:00 |
|
Carlos Sanchez
|
d847772c81
|
Prevent NullPointerException when not loaded from application context
|
2006-07-05 15:58:20 +00:00 |
|
Luke Taylor
|
ae55e04522
|
SEC-297: Stop prepending of context path to full url default targets. Also added more stringent checks on format of injected defaultTargetUrl property.
|
2006-06-27 23:26:25 +00:00 |
|
Carlos Sanchez
|
18c6838bec
|
[maven-release-plugin] prepare for next development iteration
|
2006-06-22 17:29:52 +00:00 |
|
Carlos Sanchez
|
c7bcbe1b35
|
[maven-release-plugin] prepare release release_1_0_1
|
2006-06-22 17:27:29 +00:00 |
|
Carlos Sanchez
|
4e612922ac
|
SEC-281: Go back to spring 1.2.7 to prevent backwards compatibility issues
|
2006-06-16 17:25:05 +00:00 |
|
Luke Taylor
|
a2c3635d78
|
Moved class to test treee
|
2006-06-15 00:41:53 +00:00 |
|
Luke Taylor
|
552c275e8f
|
Accidentally checked into source tree rather than test source
|
2006-06-15 00:37:18 +00:00 |
|
Luke Taylor
|
aaf51c4bee
|
Added test for non-String role.
|
2006-06-14 23:20:51 +00:00 |
|
Luke Taylor
|
49da801096
|
SEC-303: Check from null role attribute in LdapUserDetailsMapper
|
2006-06-14 22:44:39 +00:00 |
|
Luke Taylor
|
eb3e954ae4
|
Added chained append call in toString method
|
2006-06-14 21:46:21 +00:00 |
|
Luke Taylor
|
b0caa72e80
|
Added template method for role creation, as requested in the forum.
|
2006-06-13 13:18:45 +00:00 |
|
Luke Taylor
|
7475906218
|
Remove Javadoc errors
|
2006-06-12 22:32:59 +00:00 |
|
Luke Taylor
|
18680e8fab
|
Remove Jalopy mistakes
|
2006-06-12 22:31:10 +00:00 |
|
Ray Krueger
|
cada23f57d
|
Synchronized MockFilterConfig uses for Spring 1.2.6 and 1.2.8
|
2006-06-11 01:20:29 +00:00 |
|
Ray Krueger
|
fa3c61b19b
|
Call to getCookies() should return Cookies, not SavedCookies
|
2006-06-11 01:19:44 +00:00 |
|
Luke Taylor
|
88825089a7
|
Removed "final" from getGroupMembershipRoles
|
2006-06-07 13:31:11 +00:00 |
|
Luke Taylor
|
2a7caff95f
|
SEC-295: Changed to use getDefaultTargetUrl() accessor internally rather than accessing property directly. Allows for overriding method to supply different Urls.
|
2006-06-04 15:14:33 +00:00 |
|
Ray Krueger
|
9fd0bbd694
|
Added Serializable check just to be sure...
|
2006-06-03 13:40:39 +00:00 |
|
Ray Krueger
|
1a9629b197
|
http://opensource.atlassian.com/projects/spring/browse/SEC-289
Wraps disassembles cookies into a SavedCookie that is serializable
|
2006-06-03 13:36:51 +00:00 |
|
Ben Alex
|
f7020755be
|
SEC-291: Avoid unnecessary creation of SecurityContextHolderStrategy.
|
2006-06-01 14:02:56 +00:00 |
|
Luke Taylor
|
da780e4567
|
Tidy up XML formatting in comment
|
2006-05-31 21:56:16 +00:00 |
|
Luke Taylor
|
9f41b9f470
|
Wrap any DataAccessExceptions thrown by the Ldaptemplate with AuthenticationServiceFailureExceptions
|
2006-05-31 21:46:16 +00:00 |
|
Luke Taylor
|
5d7a75a421
|
SEC-284: Removed allowEmptyPassword flag..
|
2006-05-31 20:12:12 +00:00 |
|
Luke Taylor
|
d2ee383e06
|
Changed to reject empty passwords by default.
|
2006-05-31 18:22:05 +00:00 |
|
Luke Taylor
|
ee50d6e334
|
SEC-281: Modified to use Spring 1.2 compatible exception class for incorrect search results size.
|
2006-05-31 16:54:27 +00:00 |
|
Luke Taylor
|
02e7bbb982
|
SEC-284: added allowEmptyPasswords property with default value "true"
|
2006-05-31 15:00:59 +00:00 |
|
Ray Krueger
|
00620b6992
|
http://opensource.atlassian.com/projects/spring/browse/SEC-96
Refactored Digest encoding for better support of all MessageDigest algorithms, such as the SHA family.
|
2006-05-31 03:03:18 +00:00 |
|
Carlos Sanchez
|
35093e09f6
|
Bump version to 1.1.0-SNAPSHOT
|
2006-05-31 00:52:26 +00:00 |
|
Ben Alex
|
b7a579f27a
|
JavaDoc corrections.
|
2006-05-29 15:06:32 +00:00 |
|
Ben Alex
|
89eb74b1b2
|
Refer to 1.0.0 final.
|
2006-05-28 00:49:38 +00:00 |
|
Luke Taylor
|
f8545f4dc2
|
Added extra commenting to Ldap classes
|
2006-05-26 22:48:21 +00:00 |
|
Ben Alex
|
a130b65937
|
Add package.html.
|
2006-05-23 14:04:33 +00:00 |
|
Ben Alex
|
ab12817b7a
|
SEC-97: Format Acegi Security source code in accordance with latest Jalopy configuration.
|
2006-05-23 13:38:33 +00:00 |
|
Ben Alex
|
49800018e9
|
SEC-173: Expand on JavaDocs for ACLs which have no permission records.
|
2006-05-23 12:15:43 +00:00 |
|
Ben Alex
|
92dbf836a1
|
SEC-259: Correct JavaDoc error.
|
2006-05-23 12:02:44 +00:00 |
|
Ben Alex
|
563ac1324c
|
SEC-263: Stop polling voters after first one votes to deny.
|
2006-05-23 11:11:21 +00:00 |
|
Ben Alex
|
07e805e342
|
SEC-262: Refactor common method into superclass.
|
2006-05-23 11:03:30 +00:00 |
|
Ben Alex
|
d795836bf1
|
SEC-266: Handle -1 allowing unlimited logins, as per JavaDocs.
|
2006-05-23 10:49:23 +00:00 |
|
Ben Alex
|
501eaadd09
|
SEC-267: Bug when working with CGLIB-generated classes.
|
2006-05-23 10:42:01 +00:00 |
|
Ben Alex
|
a5d74ca2e1
|
SEC-260: Remove disused loggers.
|
2006-05-23 10:37:30 +00:00 |
|
Luke Taylor
|
4d24c88d1e
|
Enforce the setting of a LdapUserDetailsMapper on authenticators (rather than a general mapper) to make sure the correct type is returned and that the username is set before it is returned.
|
2006-05-22 23:40:29 +00:00 |
|
Luke Taylor
|
3eaed3ad44
|
Added additionalAuthenticationChecks implementation to make sure password is rechecked if Ldap is used with a user cache.
|
2006-05-22 23:37:54 +00:00 |
|
Luke Taylor
|
e30c3d7bd2
|
SEC-270: Make SavedRequest serializable.
|
2006-05-22 19:07:57 +00:00 |
|
Luke Taylor
|
e5b79f1f95
|
Make getGroupMembershipRoles method public for convenience.
|
2006-05-22 19:06:19 +00:00 |
|
Luke Taylor
|
53b6735c3e
|
Make sure the username and password are set on the final UserDetails object returned by the provider.
|
2006-05-21 03:03:50 +00:00 |
|
Luke Taylor
|
e1eac8f0ca
|
Added setters for rolePrefix and convertToUpperCase
|
2006-05-21 02:19:42 +00:00 |
|
Luke Taylor
|
c1e76b64bc
|
Chnaged to use setters in essence "copy constructor"
|
2006-05-21 02:17:14 +00:00 |
|
Luke Taylor
|
360e9908b7
|
Added test for empty or null username
|
2006-05-21 01:40:00 +00:00 |
|
Luke Taylor
|
d8a28d6068
|
Add call for setDerefLinkFlag
|
2006-05-21 01:32:37 +00:00 |
|
Luke Taylor
|
016ac8016c
|
Minor changes to increase coverage of methods
|
2006-05-21 01:23:34 +00:00 |
|
Luke Taylor
|
0d6b3ab9f3
|
Renamed 'execute' method in LdapCallback in line with Spring equivalents. Added some extra tests.
|
2006-05-21 01:06:37 +00:00 |
|
Luke Taylor
|
9623eb3d04
|
Correct log category package name
|
2006-05-20 23:45:54 +00:00 |
|
Luke Taylor
|
b5e9690735
|
Removed duplicate file.
|
2006-05-20 18:14:05 +00:00 |
|
Luke Taylor
|
577cc17764
|
Removed individual search controls setter methods in favour of supplying complete search controls object. Added comment for 'compare' method.
|
2006-05-20 18:02:04 +00:00 |
|
Luke Taylor
|
b8fa1ad906
|
Delete deprecated ldap classes (from previous package move)
|
2006-05-20 17:53:16 +00:00 |
|
Luke Taylor
|
316798ef9e
|
Made mock context factory a standalone class
|
2006-05-20 17:47:36 +00:00 |
|
Luke Taylor
|
859185eebd
|
Removed unused methods and added some extra tests.
|
2006-05-20 17:46:10 +00:00 |
|
Luke Taylor
|
2a24e4faf8
|
Deleted old version of LdapDataAccessException
|
2006-05-20 00:21:17 +00:00 |
|
Luke Taylor
|
7794ebf84b
|
Now extends Spring's DataAccessException
|
2006-05-20 00:18:01 +00:00 |
|
Luke Taylor
|
3583470a49
|
Now extends Spring's DataAccessException
|
2006-05-20 00:14:24 +00:00 |
|
Luke Taylor
|
3eea670efc
|
Exception translator IF for use in LdapTemplate
|
2006-05-19 23:22:55 +00:00 |
|
Luke Taylor
|
983afec70c
|
Added license.
|
2006-05-19 23:20:27 +00:00 |
|
Luke Taylor
|
ce1c59e924
|
Make template and search controls member variables.
|
2006-05-19 23:02:37 +00:00 |
|
Luke Taylor
|
d3e42c6f3f
|
Move conversion of roles to Strings into LdapTemplate
|
2006-05-19 22:29:17 +00:00 |
|
Luke Taylor
|
3239cd139e
|
SEC-251: use username as parameter {2} in group searches
|
2006-05-19 22:10:05 +00:00 |
|
Luke Taylor
|
46cc1bec1e
|
SEC-268: allow for delayed obtaining of app context reference
|
2006-05-19 21:38:26 +00:00 |
|
Luke Taylor
|
5d811c4a94
|
Removed "==true" in boolean conditional.
|
2006-05-19 19:29:59 +00:00 |
|
Luke Taylor
|
f546e2bbad
|
Remove default constructor as class is now only responsible for group searches which need the args version.
|
2006-05-16 23:38:48 +00:00 |
|
Luke Taylor
|
30d878b22e
|
Change essence class to use a new ArrayList for the authorities (list from Arrays.asList() doesn't support add method).
|
2006-05-16 23:35:15 +00:00 |
|
Luke Taylor
|
fc8ead3c54
|
Make sure populator roles are added rather than overwriting any roles loaded with the user entry.
|
2006-05-16 23:33:02 +00:00 |
|
Luke Taylor
|
f8db6a4c78
|
Switch LDAP tests back to embedded server and comment out apacheds-broken ones.
|
2006-05-15 21:20:50 +00:00 |
|
Luke Taylor
|
9219c6548e
|
SEC-264: Delete classes which are no longer used after LDAP changes.
|
2006-05-15 21:14:38 +00:00 |
|
Luke Taylor
|
65fe641900
|
SEC-264: changes to LDAP services.
|
2006-05-15 20:53:10 +00:00 |
|
Luke Taylor
|
db042046e9
|
Introduce LDAPUserDetails.
|
2006-05-15 19:34:57 +00:00 |
Scott Battaglia
|
ab05cb95ff
|
SEC-239: changed order url is created in to reflect new processing filter url order
|
2006-05-04 19:31:28 +00:00 |
|
Scott Battaglia
|
aee934812a
|
SEC-239: switched to encoding a url with response.encodeURL to get the jsession.
|
2006-05-04 19:27:57 +00:00 |
|
Carlos Sanchez
|
76ce826345
|
Remove spring transitive deps, add log4j
|
2006-05-03 17:38:19 +00:00 |
|
Luke Taylor
|
a7d7631f2f
|
Fixed potential problem with multiple userDn patterns.
|
2006-05-01 00:43:42 +00:00 |
|
Luke Taylor
|
f0b11109b4
|
Added tests for nameExists method
|
2006-05-01 00:41:07 +00:00 |
|
Luke Taylor
|
9f385eb1e0
|
Typo in Javadoc.
|
2006-05-01 00:40:18 +00:00 |
|
Luke Taylor
|
a468f03cae
|
Add functionality to LdapTemplate for checking that an entry exists, and for retrieving an entry as an object, mapped from its attributes.
|
2006-05-01 00:28:27 +00:00 |
|
Luke Taylor
|
3f0f45706c
|
Update Javadoc to include SSHA info.
|
2006-04-30 22:14:27 +00:00 |
|
Luke Taylor
|
def8a849a2
|
Added String-only 'compare' operation tests which now work with ApacheDS RC2 (unlike byte[] comparisons which are still broken).
|
2006-04-30 21:53:05 +00:00 |
|
Luke Taylor
|
98887f37da
|
Change to more appropriate inline inner class name.
|
2006-04-30 21:40:53 +00:00 |
|
Luke Taylor
|
0b2be28def
|
Added search method which will be used for finding roles.
|
2006-04-30 21:37:18 +00:00 |
|
Luke Taylor
|
91f5fc30be
|
SEC-258: Removed use of URI class
|
2006-04-30 19:45:37 +00:00 |
|
Luke Taylor
|
25c643970a
|
Change package names to match apacheds RC1.
|
2006-04-29 22:45:19 +00:00 |
|
Luke Taylor
|
a50695a1a8
|
Upgrade apacheds to RC1
|
2006-04-29 22:41:21 +00:00 |
|
Ben Alex
|
890864ed00
|
SEC-194: Allow remember-me services to be used with BASIC authentication.
|
2006-04-28 08:54:54 +00:00 |
|
Ben Alex
|
9b63051149
|
SEC-204: Improve startup time detection of errors by FilterInvocationDefinitionSourceEditor.
|
2006-04-28 08:41:55 +00:00 |
|
Ben Alex
|
cc07f620df
|
SEC-257: ExceptionTranslationFilter to use AccessDeniedHandler.
|
2006-04-28 06:52:50 +00:00 |
|
Ben Alex
|
21aaf2b9db
|
SEC-256: Contacts sample not displaying localized exceptions correctly.
|
2006-04-28 06:43:50 +00:00 |
|
Ben Alex
|
d125569bd6
|
SEC-29: Save POST parameters on AuthenticationEntryPoint redirect.
|
2006-04-28 05:05:35 +00:00 |
|
Ben Alex
|
22aa0e898f
|
SEC-243: SessionRegistry.getAllSessions() now accepts an "includeExpiredSessions" argument.
|
2006-04-27 23:26:19 +00:00 |
|
Ben Alex
|
0648c65b0b
|
SEC-243: SessionRegistry.getAllSessions() now accepts an "includeExpiredSessions" argument.
|
2006-04-27 23:25:00 +00:00 |
|
Ben Alex
|
d8a56d4e60
|
SEEC-255: Always create HttpSession before calling AuthenticationDetailsSource.
|
2006-04-27 23:11:56 +00:00 |
Marc-Antoine Garrigue
|
2af791a801
|
Error in javadoc concerning the default keyword
REQUIRES_CAPTCHA_BELOW_AVERAGE_TIME_IN_MILLIS_REQUESTS
|
2006-04-27 08:56:42 +00:00 |
|
Ben Alex
|
81603832be
|
SEC-152: Strategy pattern for SecurityContextHoldder.
|
2006-04-27 08:31:32 +00:00 |
|
Ben Alex
|
b05709df6a
|
SEC-152: Strategy pattern for SecurityContextHoldder.
|
2006-04-27 08:30:29 +00:00 |
|
Scott McCrory
|
88ff43017d
|
Added unit test for the overridden requiresAuthentication method
|
2006-04-27 02:24:30 +00:00 |
|
Scott McCrory
|
481a9377e4
|
Added NPE check for defaultTargetUrl in requiresAuthentication
|
2006-04-27 02:23:46 +00:00 |
|
Ben Alex
|
8cc5dcde30
|
SEC-249: Support logout filter.
|
2006-04-26 23:36:03 +00:00 |
|
Luke Taylor
|
8400341399
|
Tidy up screwy formatting.
|
2006-04-26 21:19:20 +00:00 |
|
Ray Krueger
|
a7d0f88e01
|
Fixed no authority check so that it is after addCustomAuthorities
http://opensource.atlassian.com/projects/spring/browse/SEC-253
Also removed the unused logger
|
2006-04-26 16:22:38 +00:00 |
|
Ben Alex
|
a47a342ce6
|
SEC-234: Allow pluggable AuthenticationDetailsSource strategy interface.
|
2006-04-26 05:24:49 +00:00 |
|
Ben Alex
|
b1becf9277
|
SEC-242: Make logger reflect subclass, not superclass.
|
2006-04-26 04:56:46 +00:00 |
|
Ben Alex
|
f4156a22bd
|
SEC-246: Enable late binding on DaoAuthenticationProvider.userDetailsService field.
|
2006-04-26 04:54:44 +00:00 |
|
Ben Alex
|
d541c8e257
|
SEC-238: Add AuthenticationException to onUnsuccessfulAuthentication method signature.
|
2006-04-26 04:42:16 +00:00 |
|
Ben Alex
|
540c7b2e6a
|
SEC-229: Allow external URLs from AbstractProcessingFilter.
|
2006-04-26 04:36:54 +00:00 |
|
Ben Alex
|
97ac9f7e98
|
SEC-191: Look in parent bean factories for AclManager.
|
2006-04-26 04:26:04 +00:00 |
|
Ben Alex
|
f6b7429947
|
SEC-187: Tidy up URL composition logic basedon default HTTP(S) ports.
|
2006-04-26 04:19:35 +00:00 |
|
Ben Alex
|
307ac99ec5
|
SEC-199: Use ServletException.getRootCause() to extract any Acegi Security exceptions.
|
2006-04-26 04:11:05 +00:00 |
|
Ben Alex
|
4e09777dec
|
SEC-247: Allow #NONE# to be used to specify paths that shouldn't have any filters fire.
|
2006-04-26 03:55:39 +00:00 |
|
Ben Alex
|
185d63f23c
|
SEC-221: AbstractProcessingFilter.onPreAuthentication() should have exceptions caught.
|
2006-04-26 03:40:24 +00:00 |
|
Ben Alex
|
6bae43d380
|
SEC-206: Include context root when generating cookies.
|
2006-04-26 03:35:33 +00:00 |
|
Ben Alex
|
5d9ed78b50
|
SEC-147: Add processDomainObjectClass property to AfterInvocationProviders.
|
2006-04-26 03:30:27 +00:00 |
|
Ben Alex
|
de4af379cc
|
SEC-252: Stop NPE if principal object is null.
|
2006-04-26 03:00:14 +00:00 |
|
Ben Alex
|
fba45cb19e
|
SEC-208: Fix threading issue.
|
2006-04-26 02:54:18 +00:00 |
|
Carlos Sanchez
|
88e8e60861
|
[SEC-240] Moved log4j.properties to test folder to avoid including it in jar
|
2006-04-26 02:39:56 +00:00 |
|
Ben Alex
|
5f79a25860
|
SEC-243: SessionRegistryImpl no longer incorrectly includes expired sessions.
|
2006-04-26 02:36:37 +00:00 |
|
Ben Alex
|
948f79e2e2
|
SEC-219: Support complex tokenization scenarios.
|
2006-04-26 02:23:19 +00:00 |
|
Ben Alex
|
14683dcbc7
|
SEC-190: Add hashCode() and equals() methods.
|
2006-04-26 01:41:10 +00:00 |
|
Ben Alex
|
36c096858d
|
SEC-223: Improve hashCode() performance.
|
2006-04-26 01:31:17 +00:00 |
|
Ben Alex
|
57aee4e605
|
SEC-218: Fix authentication exception cleanup of SecurityContextHolder.
|
2006-04-26 01:28:06 +00:00 |
|
Ben Alex
|
8cff715599
|
SEC-222: Improve hashCode() to use XOR.
|
2006-04-26 01:18:42 +00:00 |
|
Scott McCrory
|
e39bd43541
|
SEC-217 - Improve Siteminder Filter - now authenticates on calls to both j_security_check and the default target URL if the user isn't already authenticated. Thanks Paul Garvey for determining this and providing solution code.
|
2006-04-25 23:19:30 +00:00 |
|
Scott McCrory
|
e44c5e66d3
|
As per SEC-193, removed unnecessarily overridden methods.
|
2006-04-25 23:01:04 +00:00 |
|
Carlos Sanchez
|
465f76cb22
|
Resolve some compilation problems with m2
|
2006-04-25 16:31:48 +00:00 |
|
Carlos Sanchez
|
7d250eda78
|
Use latest directory server version
Set test scope to spring mock
|
2006-04-25 04:46:19 +00:00 |
|
Ben Alex
|
719d3af879
|
SVN updates.
|
2006-04-25 00:22:00 +00:00 |
|
Luke Taylor
|
4d9f99acc4
|
Added getter for authoritiesPopulator. Fix for SEC-227.
|
2006-04-18 23:44:07 +00:00 |
|
Luke Taylor
|
596882804f
|
First commit of LdapTemplate class, a la Spring JdbcTemplate, as suggested by Ben to simplify Ldap connection handling etc.
|
2006-04-18 22:34:04 +00:00 |
|
Luke Taylor
|
3d51c46575
|
Added license header.
|
2006-04-18 22:27:17 +00:00 |
|
Luke Taylor
|
f61a58d98b
|
Added a couple more tests.
|
2006-04-16 21:18:12 +00:00 |
|
Luke Taylor
|
7a0a87a167
|
Added support for LDAP SSHA (salted SHA) encoded passwords.
|
2006-04-16 21:12:39 +00:00 |
|
Luke Taylor
|
c6dd545de0
|
Javadoc change.
|
2006-04-16 17:11:44 +00:00 |
|
Luke Taylor
|
e5bef3f31b
|
Added doc for @throws
|
2006-04-16 17:11:06 +00:00 |
|
Luke Taylor
|
9c8a4c2f74
|
Fix for SEC-237. Make LDAP Provider reject empty username.
|
2006-04-16 16:41:08 +00:00 |
|
Luke Taylor
|
743cc9fec7
|
Fix for SEC-215. Check for empty nameInNameSpace before appending.
|
2006-04-16 16:11:02 +00:00 |
|
Luke Taylor
|
d5885baf6b
|
Added some comments.
|
2006-04-16 16:00:32 +00:00 |
|
Luke Taylor
|
3f06c51379
|
Fix for SEC-225. Allow empty search base in authorities populator.
|
2006-04-16 15:37:48 +00:00 |
|
Luke Taylor
|
48716af20a
|
Removed unnecessary package names left over from refactoring.
|
2006-04-16 15:25:33 +00:00 |
|
Luke Taylor
|
072a4c3d18
|
Fix for SEC-226. Added ability to set derefLinkFlag property.
|
2006-04-16 15:15:55 +00:00 |
|
Luke Taylor
|
267c846e12
|
Sort out LDAP tests to match up with moved production classes.
|
2006-04-16 14:31:13 +00:00 |
|
Luke Taylor
|
bf4fca9126
|
Move non security-specific LDAP classes to org.acegisecurity.ldap package
|
2006-04-16 14:26:46 +00:00 |
|
Luke Taylor
|
7c69668589
|
Deprecated, pending deletion.
|
2006-04-16 14:12:23 +00:00 |
|
Luke Taylor
|
bbd250e442
|
Modified to use classes from org.acegisecurity.ldap package
|
2006-04-16 14:05:28 +00:00 |
|
Luke Taylor
|
7f24e209a6
|
Move non security-specific LDAP classes to org.acegisecurity.ldap package
|
2006-04-16 13:56:36 +00:00 |
|
Luke Taylor
|
0c1ab7f98c
|
Corrected a couple of Javadoc typos.
|
2006-04-15 12:32:50 +00:00 |
|
Scott Battaglia
|
9a8fdcd269
|
SEC-196
updated references to Yale CAS to JA-SIG CAS
|
2006-03-28 15:41:20 +00:00 |
|
Scott Battaglia
|
b0d4cbceac
|
updated javadoc to reflect proper value of getPrincipal
|
2006-03-28 14:05:57 +00:00 |
|
Scott Battaglia
|
3d0f746719
|
SEC-224
updated CasAuthenticationToken to be consistant with approach taken by other providers with regards to authentication.getPrincipal()
|
2006-03-14 16:15:51 +00:00 |
|
Ben Alex
|
51f1b33af9
|
SEC-209: Make eventPublisher protected.
|
2006-03-07 13:04:12 +00:00 |
|
Luke Taylor
|
7e7920ce00
|
Fix for SEC-202. Intialize manager password to default "manager_password_not_set".
|
2006-02-28 17:47:55 +00:00 |
|
Scott Battaglia
|
5607da8d67
|
updated references from Yale CAS to JA-SIG CAS
|
2006-02-27 13:52:41 +00:00 |
|
Luke Taylor
|
6abceb7ab0
|
Additional changes related to SEC-192 (avoiding session creation when creating WebAuthenticationDetails). Also fixed Jalopy chaos in SwitchUserProcessingFilter.
|
2006-02-20 00:37:39 +00:00 |