Ben Alex
|
4f13db5552
|
SEC-398: Delay sending of redirect until after HttpSession updated with revised SecurityContextHolder contents.
|
2007-05-25 01:24:07 +00:00 |
Vishal Puri
|
4c6d132ead
|
SEC-411: fixed broken unit tests as a consequence of adding anoter constructor argument
|
2007-05-24 23:35:01 +00:00 |
|
Vishal Puri
|
220ba29fc6
|
SEC-411: another constructor argument added as required in SecurityContextHolderAwareRequestWrapper
|
2007-05-24 23:20:40 +00:00 |
|
Ben Alex
|
0736f4ffa0
|
SEC-305: Retain SecurityContext when rendering error pages.
|
2007-05-24 02:04:47 +00:00 |
|
Ben Alex
|
6ea8899134
|
|
2007-05-24 00:47:12 +00:00 |
|
Ben Alex
|
5b3c633790
|
SEC-451: Correctly handle an empty context path.
|
2007-05-24 00:18:09 +00:00 |
|
Ben Alex
|
c8c37c8935
|
SEC-439: Do not modify the object (ie replace it with null) unless the provider is supposed to fire according to the processDomainObjectClass property.
|
2007-05-23 07:04:22 +00:00 |
|
Ben Alex
|
a3c992113e
|
SEC-459: Provide local argument to the message source accessor.
|
2007-05-23 06:57:07 +00:00 |
|
Ben Alex
|
a18bd9100c
|
SEC-474: Gracefully abort if username and password non-retrievable.
|
2007-05-23 06:48:42 +00:00 |
|
Ben Alex
|
f45c0944ef
|
SEC-478: Handle incorrect Base64 cookie encoding.
|
2007-05-23 06:45:45 +00:00 |
|
Ben Alex
|
5b8898c750
|
SEC-298: Ensure returned cookies have a maximum age equal to the TokenBasedRememberMeServices.tokenValiditySeconds property.
|
2007-05-23 06:43:47 +00:00 |
|
Ben Alex
|
ac3b142e4f
|
SEC-438: Made afterPropertiesSet() use instance variable instead of static variable.
|
2007-05-23 06:35:03 +00:00 |
|
Ben Alex
|
72a7d06ad1
|
SEC-476: Provide support for not logging interactive authentication events.
|
2007-05-23 06:31:32 +00:00 |
|
Ben Alex
|
f7e714b9da
|
Maven 2 polishing.
|
2007-05-23 04:20:54 +00:00 |
|
Vishal Puri
|
3f7e00c796
|
SEC-271: removed autowiring by type and explicity introspected the applicationContext to detect the required dependencies of userDetailsService
|
2007-05-18 03:21:21 +00:00 |
|
Vishal Puri
|
e3435da9ae
|
SEC-271: removed autowiring by type and explicity introspected the applicationContext to detect the required dependencies of userDetailsService
|
2007-05-18 03:20:28 +00:00 |
|
Vishal Puri
|
a934f82af4
|
SEC-271: Fixed IllegalStateException being thrown by LogoutHandlerOrdereResolver and add an assert statement in the unit test
|
2007-05-17 13:42:51 +00:00 |
|
Vishal Puri
|
a01bb3bbee
|
Added more bean definition parsers
|
2007-05-17 12:57:16 +00:00 |
|
Vishal Puri
|
1a06723404
|
fixed broken test in build 47
|
2007-05-17 12:49:58 +00:00 |
|
Vishal Puri
|
3eb9870162
|
SEC-271: Added more security elements
|
2007-05-17 12:30:36 +00:00 |
|
Vishal Puri
|
26b0d4d1cb
|
SEC-271: uncommented copy of resources in META-INF directory
|
2007-05-17 12:23:07 +00:00 |
|
Vishal Puri
|
e43439ba44
|
implemented Ordered interface
|
2007-05-17 12:21:02 +00:00 |
|
Vishal Puri
|
001dc0b1d9
|
SEC-271: implemented Orderd interface in all the entrypoints
|
2007-05-17 12:20:16 +00:00 |
Ray Krueger
|
8b1cc05518
|
Updated Assertion message
|
2007-05-17 03:18:35 +00:00 |
|
Vishal Puri
|
84a3c87ea4
|
SEC-271: Replaced Java 5 specific code with pre Java 5
|
2007-05-17 03:04:07 +00:00 |
|
Vishal Puri
|
e67bff61a0
|
Explicity specified version 2.3 for surefire-plugin
|
2007-05-17 01:14:07 +00:00 |
|
Vishal Puri
|
74123cd234
|
Replace resource property with location for PropertyFactoryBean
|
2007-05-16 00:31:31 +00:00 |
|
Vishal Puri
|
ee2eac5a51
|
SEC-271: added LogoutFilterBeanDefinitionParserTests
|
2007-05-15 13:54:43 +00:00 |
|
Vishal Puri
|
1203e9858a
|
SEC-271: Added BeanDefitnitionParser for principal-repository, extended security schema and added unit tests
|
2007-05-15 13:32:06 +00:00 |
|
Vishal Puri
|
51f306a19a
|
SEC-271: Added more BeanDefinitionParsers and extend spring-security.xsd to have more elements
|
2007-05-15 13:26:05 +00:00 |
|
Vishal Puri
|
ced5cb4f85
|
added new security element in the spring-security schema and wrote a parser for the element
|
2007-05-13 13:33:33 +00:00 |
|
Vishal Puri
|
e73421d7b2
|
Spring version upgrade to 2.0.4, changed svn urls in project.xml and poms
|
2007-05-13 12:30:53 +00:00 |
|
Vishal Puri
|
9794c518d6
|
SEC-271: Spring 2-based configuration simplification of Acegi Security
|
2007-05-11 00:09:56 +00:00 |
|
Vishal Puri
|
566314dae5
|
SEC-271: Spring 2-based configuration simplification of Acegi Security
|
2007-05-10 02:32:30 +00:00 |
|
Vishal Puri
|
09fd79bc64
|
SEC-419: Added the right logger class in CollectionFilterer
|
2007-05-10 02:25:15 +00:00 |
|
Vishal Puri
|
82f215700b
|
changed svn url to https://acegisecurity.svn.....
|
2007-05-10 02:11:54 +00:00 |
|
Vishal Puri
|
62c832e366
|
SEC-423: Fixed IllegalArguemntException being thrown by checking for null contextFromSessionObject
|
2007-04-27 07:35:11 +00:00 |
|
Vishal Puri
|
c2d1405f44
|
SEC-357: Added testIfSwitchUserWithNullUsernameThrowsException
|
2007-04-24 06:35:15 +00:00 |
|
Ray Krueger
|
fe0c99c816
|
Fixed http://opensource.atlassian.com/projects/spring/browse/SEC-445
Import servlet-api 2.4 in order to bring in the correct PageContext class
|
2007-04-23 18:25:01 +00:00 |
Luke Taylor
|
6bfff55da3
|
Corrected Javadoc for setRejectPublicInvocations (s/true/false) and tidied up code for validation of attributes
|
2007-03-30 18:27:19 +00:00 |
|
Luke Taylor
|
993f7e4af0
|
Refactored to pull "public invocation" behaviour (attr==null) into a single guard clause.
|
2007-03-30 18:02:08 +00:00 |
|
Luke Taylor
|
6e5f5e15ad
|
Refactored to introduce constants for number of ops and number of threads for tuning.
|
2007-03-10 21:34:53 +00:00 |
|
Luke Taylor
|
fabca162a7
|
Added a customized checkstyle configuration file to tame the Maven 2 checkstyle report to the extent that it gives some useful infomation. Tidied up comments, excessively long lines, use of tabs etc. to match.
|
2007-02-24 21:00:24 +00:00 |
|
Luke Taylor
|
bd2d4b013a
|
Extracted a method to evaluate the conditions for whether basic authentication is required.
|
2007-02-23 19:21:44 +00:00 |
|
Luke Taylor
|
a1886bd1e0
|
Made string constant RECIPIENT_FOR_CACHE_EMPTY final.
|
2007-02-22 23:57:49 +00:00 |
|
Luke Taylor
|
b8a0f97fde
|
Removed irrelevant CAS stuff from equalsWhenEqual test.
|
2007-02-22 23:29:01 +00:00 |
|
Luke Taylor
|
25bc67885d
|
Uncommented tests which now work due to apache-ds bugfixes
|
2007-02-06 18:21:31 +00:00 |
|
Luke Taylor
|
0d9cae43bf
|
Corrected mistake in reading java.io.tmpdir.
|
2007-02-06 18:20:14 +00:00 |
|
Luke Taylor
|
5464678355
|
Pass apache-ds temp working directory as a system property through the surefire plugin.
|
2007-02-06 18:18:14 +00:00 |
|
Luke Taylor
|
8b98a9d27c
|
Added code to delete the previous contents of the ldap test server working directory as these aren't always compatible if the apache-ds version has changed.
|
2007-02-05 00:35:42 +00:00 |
|
Luke Taylor
|
1686fd0bd2
|
Updated ldap tests to apache directory 1.0.0 release version.
|
2007-02-04 20:06:36 +00:00 |
|
Ben Alex
|
e169e63e1b
|
SEC-404: Correct previous SEC-404 commit.
|
2007-01-02 23:36:38 +00:00 |
|
Ben Alex
|
3f62a5c868
|
SEC-404: NPE when logging out if user not already logged in.
|
2006-12-28 21:23:35 +00:00 |
|
Luke Taylor
|
93509dc999
|
Reformatted X.509 certificate in comment.
|
2006-11-29 01:40:14 +00:00 |
|
Luke Taylor
|
6a440f816c
|
removed monkeymachine.co.uk email addresses.
|
2006-11-28 21:37:37 +00:00 |
|
Ben Alex
|
1805ab8ec4
|
SEC-401: internalMethod handling fixes, plus correct issue with startsWith(String) usage.
|
2006-11-26 04:47:43 +00:00 |
|
Ben Alex
|
e79a28875f
|
SEC-400: Clarify exception if getter returns null.
|
2006-11-26 03:24:11 +00:00 |
|
Ray Krueger
|
1a486e584b
|
HttpSessionEventPublisher need not implement ServletContextListener any longer
|
2006-11-20 19:35:11 +00:00 |
|
Ray Krueger
|
74e8efc4e9
|
Fixed SEC-395
|
2006-11-20 19:09:45 +00:00 |
|
Ben Alex
|
6fe569556c
|
Use type in same module (Maven requirement).
|
2006-11-17 03:18:07 +00:00 |
|
Ben Alex
|
197a011ac5
|
Relocate resource files to comply with Maven directory conventions.
|
2006-11-17 03:06:30 +00:00 |
|
Ben Alex
|
1081c267d9
|
SEC-239: New ACL module.
|
2006-11-17 02:03:23 +00:00 |
|
Ben Alex
|
9f512c384e
|
SEC-239: New ACL module.
|
2006-11-17 02:01:21 +00:00 |
|
Ben Alex
|
2984913051
|
SEC-393: More elegantly deal with setProviders(List) type safety enforcement.
|
2006-11-16 02:15:43 +00:00 |
Carlos Sanchez
|
5e819af782
|
SEC-388: Upgrade other Spring dependencies to 1.2.8.
|
2006-11-15 22:54:54 +00:00 |
|
Ben Alex
|
1b4a098760
|
SEC-354: Add label-based voter.
|
2006-11-14 22:07:36 +00:00 |
|
Ben Alex
|
4d166a6867
|
SEC-333: Error in last commit, should default to regexp processor, not Ant Path processor, in the case of empty or null strings.
|
2006-11-14 21:52:51 +00:00 |
|
Ben Alex
|
780130d0f3
|
SEC-333: Eliminate dependecy on ORO when Ant Paths being used instead of Regular Expressions.
|
2006-11-14 20:55:24 +00:00 |
|
Ben Alex
|
775840a565
|
SEC-374: Allow GrantedAuthority[]s assigned to switched user identity to be filtered.
|
2006-11-14 05:49:56 +00:00 |
|
Ben Alex
|
f5ce0250b4
|
SEC-310: Add AbstractProcessingFilter.getAuthenticationDetailsSource().
|
2006-11-14 03:30:04 +00:00 |
|
Ben Alex
|
8dda52eeaa
|
SEC-322: Workaround bug in WebSphere.
|
2006-11-14 02:21:27 +00:00 |
|
Ben Alex
|
5640eb0511
|
SEC-378: Use trim instead of replacement for space removal.
|
2006-11-14 01:55:44 +00:00 |
|
Ben Alex
|
ad6c501379
|
SEC-360: Minor correction in patch applied yesterday.
|
2006-11-14 01:09:35 +00:00 |
|
Ben Alex
|
2a65d386d5
|
SEC-384: Remove Commons-Lang dependency.
|
2006-11-14 00:59:17 +00:00 |
|
Ben Alex
|
59bf8602d2
|
SEC-356: Add cloneFromHttpSession property.
|
2006-11-14 00:43:00 +00:00 |
|
Ben Alex
|
5911234f65
|
SEC-359: Logout even if not logged in.
|
2006-11-13 06:05:28 +00:00 |
|
Ben Alex
|
fa6b4480b1
|
SEC-360: Provide server side forward option instead of redirection.
|
2006-11-13 00:17:07 +00:00 |
|
Ben Alex
|
f0ae6f53a7
|
SEC-327: Add includeDetailsObject property.
|
2006-11-12 23:55:50 +00:00 |
|
Ben Alex
|
f28ce39bde
|
SEC-365: Provide an alwaysRemember property, together with an abstract method so subclasses can determine custom behaviour.
|
2006-11-12 23:28:57 +00:00 |
|
Ben Alex
|
71eba94cf2
|
SEC-371: Use AbstractTicketValidator for logger.
|
2006-11-12 23:10:09 +00:00 |
|
Ben Alex
|
0f517cb8e2
|
SEC-375: Publish AuthorizationFailureEvent event when AccessDeniedException thrown by AfterInvocationProvider.
|
2006-11-12 22:06:37 +00:00 |
|
Ben Alex
|
b8d0722251
|
SEC-367: Added clarification of immutability contract.
|
2006-11-12 21:36:52 +00:00 |
|
Ben Alex
|
43dbe6c991
|
SEC-364: Fix context path handling.
|
2006-11-12 21:31:31 +00:00 |
|
Carlos Sanchez
|
10d6859dad
|
Added ACL table SQL for some databases
|
2006-10-17 22:24:57 +00:00 |
|
Ben Alex
|
172026f875
|
SEC-377: Remove Commons Lang dependency.
|
2006-10-14 00:17:19 +00:00 |
|
Ben Alex
|
c292826475
|
SEC-373: Add byte array encryption/decryption support.
|
2006-10-07 09:45:51 +00:00 |
|
Ben Alex
|
21dd050d7b
|
SEC-348: Limit Basic automatic reauthentication scope to UsernamePasswordAuthenticationToken (specifically avoid CasAuthenticationToken).
|
2006-09-29 08:41:25 +00:00 |
|
Ben Alex
|
d2fb473a4e
|
Formatting only.
|
2006-09-29 07:33:45 +00:00 |
|
Ben Alex
|
49a2de8f0f
|
SEC-366: Initial commit.
|
2006-09-29 07:29:13 +00:00 |
|
Ben Alex
|
cc03675776
|
SEC-340: Invalidate HttpSession on logout.
|
2006-09-29 06:45:40 +00:00 |
Scott McCrory
|
db96650d99
|
SEC-319: Reverted to 1.0.1 version to delay these changes to 1.1.0, based on small breakage of backward compatability.
|
2006-09-23 19:48:39 +00:00 |
|
Carlos Sanchez
|
558fd5d75d
|
Add scm info because we don't use artifactid as folder name
|
2006-09-17 21:06:22 +00:00 |
|
Ben Alex
|
b0056568f0
|
SEC-338: Serializable and serialVersionUID missing for Authentication-related objects.
|
2006-09-15 08:38:11 +00:00 |
|
Ben Alex
|
7313d5def0
|
SEC-324: Ensure IllegalStateException no longer occurs.
|
2006-09-15 07:55:57 +00:00 |
|
Ben Alex
|
324789d544
|
SEC-311: Must observe symmetry requirement of Object.equals(Object) contract.
|
2006-09-15 06:27:45 +00:00 |
|
Ben Alex
|
9e3ce85dd5
|
SEC-330: Make UserMap work with UserDetails, not User concrete class.
|
2006-09-15 03:47:17 +00:00 |
|
Ben Alex
|
f0b259a32e
|
SEC-349: GrantedAuthority constructor argument can be null.
|
2006-09-15 03:42:11 +00:00 |
|
Ben Alex
|
58d3f0c56f
|
SEC-290: Correct bug with generation of SimpleMethodInvocation.
|
2006-09-15 03:38:36 +00:00 |
|
Ben Alex
|
5364db2c27
|
SEC-328: Avoid unnecessarily hitting backend a second time, if the cache wasn't used in first place.
|
2006-09-15 03:36:51 +00:00 |
|
Ben Alex
|
53beadb7bf
|
SEC-290: Correct bug with generation of SimpleMethodInvocation.
|
2006-09-15 03:27:26 +00:00 |
|
Ben Alex
|
03df6a90eb
|
SEC-293: Modified collection remove logic to use removeList.
|
2006-09-15 03:20:08 +00:00 |
|
Ben Alex
|
1292420476
|
SEC-311: Must observe symmetry requirement of Object.equals(Object) contract.
|
2006-09-15 03:09:05 +00:00 |
|
Ray Krueger
|
cf91104b69
|
Made parameters case-insensitive
|
2006-09-14 20:47:17 +00:00 |
|
Ray Krueger
|
6779d97546
|
Made parameters case-insensitive
|
2006-09-14 20:39:37 +00:00 |
|
Carlos Sanchez
|
757062e8f9
|
Initialization of exceptionMappings was broken in last commit
|
2006-09-13 08:20:08 +00:00 |
|
Carlos Sanchez
|
4d070eab25
|
Add setAuthoritiesAsString to UserAttribute
|
2006-09-04 21:54:15 +00:00 |
|
Luke Taylor
|
000f9ab7ac
|
SEC-321: truncate from first question mark, not last.
|
2006-09-03 22:12:13 +00:00 |
|
Luke Taylor
|
4e65b24253
|
SEC-245: Add mapPassword method to allow customized translation of password attribute.
|
2006-08-28 20:58:26 +00:00 |
|
Luke Taylor
|
57a8d2adb3
|
Added handleBindException method to allow subclasses to inspect the reason for bind failure.
|
2006-08-25 16:06:20 +00:00 |
|
Luke Taylor
|
dc13f25dee
|
Tidied up formatting.
|
2006-08-25 16:04:27 +00:00 |
|
Luke Taylor
|
8dd1177c02
|
Added property to force use of LdapContext instead of DirContext
|
2006-08-25 16:03:50 +00:00 |
|
Luke Taylor
|
92dcf694b4
|
added createTarget method on Essence class to allow subclassing.
|
2006-08-25 15:32:39 +00:00 |
|
Luke Taylor
|
b5cbc977e1
|
Javadoc correction
|
2006-08-24 10:56:26 +00:00 |
|
Luke Taylor
|
3889894d16
|
Added extra mapping of OperationNotSupportedException to BadCredentialsException as some servers return a 53 code (unwilling to perform) when attempting a bind (e.g. is password has expired). This shouldn't be treated as an outright failure.
|
2006-08-24 10:32:38 +00:00 |
|
Luke Taylor
|
67fcf426eb
|
Close returned context in nameExists method
|
2006-08-24 10:10:24 +00:00 |
|
Luke Taylor
|
e96fee6ec1
|
Updated apacheds version to RC3 and slf4j to 1.0.1
|
2006-08-24 10:07:39 +00:00 |
|
Carlos Sanchez
|
27d2db9e22
|
Ensure that array of valid permissions can't be modified outside the class
|
2006-08-22 17:57:18 +00:00 |
|
Carlos Sanchez
|
38ec0f0d30
|
SEC-286: Reverted rev# 1588 as build fails without log4j (class not found exception)
|
2006-08-22 16:17:46 +00:00 |
|
Carlos Sanchez
|
69ec903088
|
Add MethodDefinitionSourceMapping for easier configuration
|
2006-08-22 16:02:44 +00:00 |
|
Carlos Sanchez
|
0298851ca3
|
Allow setting ACLs by its name
|
2006-08-22 16:01:34 +00:00 |
|
Carlos Sanchez
|
3487da0e85
|
Added javadoc
|
2006-08-22 15:53:41 +00:00 |
|
Luke Taylor
|
3498b36c14
|
SEC-285: Removed duplicate commons-lang dependency from pom.xml
|
2006-08-19 20:03:58 +00:00 |
|
Scott McCrory
|
8d3a2b42d9
|
SEC-319: Improvements to Siteminder integration: Create its own authentication provider & reeval strategy. Note that documentation not yet complete, but code is functional, test-covered and validated in a Siteminder environment.
|
2006-07-27 01:13:46 +00:00 |
|
Luke Taylor
|
52a167acfa
|
SEC-286: removed log4j dep as it is in the parent pom and tests run fine without it..
|
2006-07-25 23:53:42 +00:00 |
|
Carlos Sanchez
|
f7cb31a301
|
Fix broken test
|
2006-07-20 18:43:58 +00:00 |
|
Carlos Sanchez
|
9a337d2fea
|
Removed default constructors added in rev# 1573
|
2006-07-20 13:15:55 +00:00 |
|
Luke Taylor
|
4930657e57
|
Remove typo in method name "getAuthoritiesPopulator"
|
2006-07-16 20:17:20 +00:00 |
|
Scott McCrory
|
442c51bb30
|
SEC-318: Rename AuthenticationDao to UserDetailsService in local variables and logging messages
|
2006-07-15 15:18:51 +00:00 |
|
Ray Krueger
|
d485e30fd5
|
SavedCookieTest was renamed to SavedCookieTests
|
2006-07-12 10:33:14 +00:00 |
|
Ray Krueger
|
ca863ce4f7
|
http://opensource.atlassian.com/projects/spring/browse/SEC-308
Headers should remain case-insensitive.
|
2006-07-12 10:25:32 +00:00 |
|
Carlos Sanchez
|
91799c9290
|
Added missing resources
|
2006-07-11 21:42:42 +00:00 |
|
Carlos Sanchez
|
156af5b8b6
|
Added missing tld and notice file to jar
|
2006-07-11 18:54:04 +00:00 |
|
Carlos Sanchez
|
94a9acedad
|
Added checks to ensure object is properly initialized
|
2006-07-10 11:48:35 +00:00 |
|
Carlos Sanchez
|
488abe58fb
|
Added default constructor for easier use
|
2006-07-10 11:24:18 +00:00 |
|
Carlos Sanchez
|
80c1ae3bde
|
fix problems when not loaded through Spring context
|
2006-07-09 22:08:21 +00:00 |
|
Carlos Sanchez
|
00b73e8331
|
Fix failing tests keeping old behaviour.
|
2006-07-06 17:56:50 +00:00 |
|
Carlos Sanchez
|
46af400466
|
Added FilterInvocationDefinition interface to unify FilterInvocationDefinitionSource and FilterInvocationDefinitionMap
|
2006-07-06 17:05:08 +00:00 |
|
Carlos Sanchez
|
9e87bd6789
|
Add javadocs
|
2006-07-06 17:03:48 +00:00 |
|
Carlos Sanchez
|
aa52124d72
|
Simplify configuration of FilterInvocationDefinitionMap
|
2006-07-05 22:00:21 +00:00 |
|
Carlos Sanchez
|
9560636380
|
Simplify configuration of FilterInvocationDefinitionMap
|
2006-07-05 20:58:50 +00:00 |
|
Carlos Sanchez
|
9d539a13d9
|
Use accessor instead of field
|
2006-07-05 20:03:52 +00:00 |
|
Carlos Sanchez
|
0edb75d4aa
|
Added setUsers and setAuthorities for easier configuration
|
2006-07-05 16:16:13 +00:00 |
|
Carlos Sanchez
|
41f7bb3755
|
Improve javadoc formatting
|
2006-07-05 16:00:51 +00:00 |
|
Carlos Sanchez
|
27de814d54
|
Prevent NullPointerException when not loaded from application context
|
2006-07-05 15:59:17 +00:00 |
|
Carlos Sanchez
|
d847772c81
|
Prevent NullPointerException when not loaded from application context
|
2006-07-05 15:58:20 +00:00 |
|
Luke Taylor
|
ae55e04522
|
SEC-297: Stop prepending of context path to full url default targets. Also added more stringent checks on format of injected defaultTargetUrl property.
|
2006-06-27 23:26:25 +00:00 |
|
Carlos Sanchez
|
18c6838bec
|
[maven-release-plugin] prepare for next development iteration
|
2006-06-22 17:29:52 +00:00 |
|
Carlos Sanchez
|
c7bcbe1b35
|
[maven-release-plugin] prepare release release_1_0_1
|
2006-06-22 17:27:29 +00:00 |
|
Carlos Sanchez
|
4e612922ac
|
SEC-281: Go back to spring 1.2.7 to prevent backwards compatibility issues
|
2006-06-16 17:25:05 +00:00 |
|
Luke Taylor
|
a2c3635d78
|
Moved class to test treee
|
2006-06-15 00:41:53 +00:00 |
|
Luke Taylor
|
552c275e8f
|
Accidentally checked into source tree rather than test source
|
2006-06-15 00:37:18 +00:00 |
|
Luke Taylor
|
aaf51c4bee
|
Added test for non-String role.
|
2006-06-14 23:20:51 +00:00 |
|
Luke Taylor
|
49da801096
|
SEC-303: Check from null role attribute in LdapUserDetailsMapper
|
2006-06-14 22:44:39 +00:00 |
|
Luke Taylor
|
eb3e954ae4
|
Added chained append call in toString method
|
2006-06-14 21:46:21 +00:00 |
|
Luke Taylor
|
b0caa72e80
|
Added template method for role creation, as requested in the forum.
|
2006-06-13 13:18:45 +00:00 |
|
Luke Taylor
|
7475906218
|
Remove Javadoc errors
|
2006-06-12 22:32:59 +00:00 |
|
Luke Taylor
|
18680e8fab
|
Remove Jalopy mistakes
|
2006-06-12 22:31:10 +00:00 |
|
Ray Krueger
|
cada23f57d
|
Synchronized MockFilterConfig uses for Spring 1.2.6 and 1.2.8
|
2006-06-11 01:20:29 +00:00 |
|
Ray Krueger
|
fa3c61b19b
|
Call to getCookies() should return Cookies, not SavedCookies
|
2006-06-11 01:19:44 +00:00 |
|
Luke Taylor
|
88825089a7
|
Removed "final" from getGroupMembershipRoles
|
2006-06-07 13:31:11 +00:00 |
|
Luke Taylor
|
2a7caff95f
|
SEC-295: Changed to use getDefaultTargetUrl() accessor internally rather than accessing property directly. Allows for overriding method to supply different Urls.
|
2006-06-04 15:14:33 +00:00 |
|
Ray Krueger
|
9fd0bbd694
|
Added Serializable check just to be sure...
|
2006-06-03 13:40:39 +00:00 |
|
Ray Krueger
|
1a9629b197
|
http://opensource.atlassian.com/projects/spring/browse/SEC-289
Wraps disassembles cookies into a SavedCookie that is serializable
|
2006-06-03 13:36:51 +00:00 |
|
Ben Alex
|
f7020755be
|
SEC-291: Avoid unnecessary creation of SecurityContextHolderStrategy.
|
2006-06-01 14:02:56 +00:00 |
|
Luke Taylor
|
da780e4567
|
Tidy up XML formatting in comment
|
2006-05-31 21:56:16 +00:00 |
|
Luke Taylor
|
9f41b9f470
|
Wrap any DataAccessExceptions thrown by the Ldaptemplate with AuthenticationServiceFailureExceptions
|
2006-05-31 21:46:16 +00:00 |
|
Luke Taylor
|
5d7a75a421
|
SEC-284: Removed allowEmptyPassword flag..
|
2006-05-31 20:12:12 +00:00 |
|
Luke Taylor
|
d2ee383e06
|
Changed to reject empty passwords by default.
|
2006-05-31 18:22:05 +00:00 |
|
Luke Taylor
|
ee50d6e334
|
SEC-281: Modified to use Spring 1.2 compatible exception class for incorrect search results size.
|
2006-05-31 16:54:27 +00:00 |
|
Luke Taylor
|
02e7bbb982
|
SEC-284: added allowEmptyPasswords property with default value "true"
|
2006-05-31 15:00:59 +00:00 |
|
Ray Krueger
|
00620b6992
|
http://opensource.atlassian.com/projects/spring/browse/SEC-96
Refactored Digest encoding for better support of all MessageDigest algorithms, such as the SHA family.
|
2006-05-31 03:03:18 +00:00 |
|
Carlos Sanchez
|
35093e09f6
|
Bump version to 1.1.0-SNAPSHOT
|
2006-05-31 00:52:26 +00:00 |
|
Ben Alex
|
b7a579f27a
|
JavaDoc corrections.
|
2006-05-29 15:06:32 +00:00 |
|
Ben Alex
|
89eb74b1b2
|
Refer to 1.0.0 final.
|
2006-05-28 00:49:38 +00:00 |
|
Luke Taylor
|
f8545f4dc2
|
Added extra commenting to Ldap classes
|
2006-05-26 22:48:21 +00:00 |
|
Ben Alex
|
a130b65937
|
Add package.html.
|
2006-05-23 14:04:33 +00:00 |
|
Ben Alex
|
ab12817b7a
|
SEC-97: Format Acegi Security source code in accordance with latest Jalopy configuration.
|
2006-05-23 13:38:33 +00:00 |
|
Ben Alex
|
49800018e9
|
SEC-173: Expand on JavaDocs for ACLs which have no permission records.
|
2006-05-23 12:15:43 +00:00 |
|
Ben Alex
|
92dbf836a1
|
SEC-259: Correct JavaDoc error.
|
2006-05-23 12:02:44 +00:00 |
|
Ben Alex
|
563ac1324c
|
SEC-263: Stop polling voters after first one votes to deny.
|
2006-05-23 11:11:21 +00:00 |
|
Ben Alex
|
07e805e342
|
SEC-262: Refactor common method into superclass.
|
2006-05-23 11:03:30 +00:00 |
|
Ben Alex
|
d795836bf1
|
SEC-266: Handle -1 allowing unlimited logins, as per JavaDocs.
|
2006-05-23 10:49:23 +00:00 |
|
Ben Alex
|
501eaadd09
|
SEC-267: Bug when working with CGLIB-generated classes.
|
2006-05-23 10:42:01 +00:00 |
|
Ben Alex
|
a5d74ca2e1
|
SEC-260: Remove disused loggers.
|
2006-05-23 10:37:30 +00:00 |
|
Luke Taylor
|
4d24c88d1e
|
Enforce the setting of a LdapUserDetailsMapper on authenticators (rather than a general mapper) to make sure the correct type is returned and that the username is set before it is returned.
|
2006-05-22 23:40:29 +00:00 |
|
Luke Taylor
|
3eaed3ad44
|
Added additionalAuthenticationChecks implementation to make sure password is rechecked if Ldap is used with a user cache.
|
2006-05-22 23:37:54 +00:00 |
|
Luke Taylor
|
e30c3d7bd2
|
SEC-270: Make SavedRequest serializable.
|
2006-05-22 19:07:57 +00:00 |
|
Luke Taylor
|
e5b79f1f95
|
Make getGroupMembershipRoles method public for convenience.
|
2006-05-22 19:06:19 +00:00 |
|
Luke Taylor
|
53b6735c3e
|
Make sure the username and password are set on the final UserDetails object returned by the provider.
|
2006-05-21 03:03:50 +00:00 |
|
Luke Taylor
|
e1eac8f0ca
|
Added setters for rolePrefix and convertToUpperCase
|
2006-05-21 02:19:42 +00:00 |
|
Luke Taylor
|
c1e76b64bc
|
Chnaged to use setters in essence "copy constructor"
|
2006-05-21 02:17:14 +00:00 |
|
Luke Taylor
|
360e9908b7
|
Added test for empty or null username
|
2006-05-21 01:40:00 +00:00 |
|
Luke Taylor
|
d8a28d6068
|
Add call for setDerefLinkFlag
|
2006-05-21 01:32:37 +00:00 |
|
Luke Taylor
|
016ac8016c
|
Minor changes to increase coverage of methods
|
2006-05-21 01:23:34 +00:00 |
|
Luke Taylor
|
0d6b3ab9f3
|
Renamed 'execute' method in LdapCallback in line with Spring equivalents. Added some extra tests.
|
2006-05-21 01:06:37 +00:00 |
|
Luke Taylor
|
9623eb3d04
|
Correct log category package name
|
2006-05-20 23:45:54 +00:00 |
|
Luke Taylor
|
b5e9690735
|
Removed duplicate file.
|
2006-05-20 18:14:05 +00:00 |
|
Luke Taylor
|
577cc17764
|
Removed individual search controls setter methods in favour of supplying complete search controls object. Added comment for 'compare' method.
|
2006-05-20 18:02:04 +00:00 |
|
Luke Taylor
|
b8fa1ad906
|
Delete deprecated ldap classes (from previous package move)
|
2006-05-20 17:53:16 +00:00 |
|
Luke Taylor
|
316798ef9e
|
Made mock context factory a standalone class
|
2006-05-20 17:47:36 +00:00 |
|
Luke Taylor
|
859185eebd
|
Removed unused methods and added some extra tests.
|
2006-05-20 17:46:10 +00:00 |
|
Luke Taylor
|
2a24e4faf8
|
Deleted old version of LdapDataAccessException
|
2006-05-20 00:21:17 +00:00 |
|
Luke Taylor
|
7794ebf84b
|
Now extends Spring's DataAccessException
|
2006-05-20 00:18:01 +00:00 |
|
Luke Taylor
|
3583470a49
|
Now extends Spring's DataAccessException
|
2006-05-20 00:14:24 +00:00 |
|
Luke Taylor
|
3eea670efc
|
Exception translator IF for use in LdapTemplate
|
2006-05-19 23:22:55 +00:00 |
|
Luke Taylor
|
983afec70c
|
Added license.
|
2006-05-19 23:20:27 +00:00 |
|
Luke Taylor
|
ce1c59e924
|
Make template and search controls member variables.
|
2006-05-19 23:02:37 +00:00 |
|
Luke Taylor
|
d3e42c6f3f
|
Move conversion of roles to Strings into LdapTemplate
|
2006-05-19 22:29:17 +00:00 |
|
Luke Taylor
|
3239cd139e
|
SEC-251: use username as parameter {2} in group searches
|
2006-05-19 22:10:05 +00:00 |
|
Luke Taylor
|
46cc1bec1e
|
SEC-268: allow for delayed obtaining of app context reference
|
2006-05-19 21:38:26 +00:00 |
|
Luke Taylor
|
5d811c4a94
|
Removed "==true" in boolean conditional.
|
2006-05-19 19:29:59 +00:00 |
|
Luke Taylor
|
f546e2bbad
|
Remove default constructor as class is now only responsible for group searches which need the args version.
|
2006-05-16 23:38:48 +00:00 |
|
Luke Taylor
|
30d878b22e
|
Change essence class to use a new ArrayList for the authorities (list from Arrays.asList() doesn't support add method).
|
2006-05-16 23:35:15 +00:00 |
|
Luke Taylor
|
fc8ead3c54
|
Make sure populator roles are added rather than overwriting any roles loaded with the user entry.
|
2006-05-16 23:33:02 +00:00 |
|
Luke Taylor
|
f8db6a4c78
|
Switch LDAP tests back to embedded server and comment out apacheds-broken ones.
|
2006-05-15 21:20:50 +00:00 |
|
Luke Taylor
|
9219c6548e
|
SEC-264: Delete classes which are no longer used after LDAP changes.
|
2006-05-15 21:14:38 +00:00 |
|
Luke Taylor
|
65fe641900
|
SEC-264: changes to LDAP services.
|
2006-05-15 20:53:10 +00:00 |
|
Luke Taylor
|
db042046e9
|
Introduce LDAPUserDetails.
|
2006-05-15 19:34:57 +00:00 |
Scott Battaglia
|
ab05cb95ff
|
SEC-239: changed order url is created in to reflect new processing filter url order
|
2006-05-04 19:31:28 +00:00 |
|
Scott Battaglia
|
aee934812a
|
SEC-239: switched to encoding a url with response.encodeURL to get the jsession.
|
2006-05-04 19:27:57 +00:00 |
|
Carlos Sanchez
|
76ce826345
|
Remove spring transitive deps, add log4j
|
2006-05-03 17:38:19 +00:00 |
|
Luke Taylor
|
a7d7631f2f
|
Fixed potential problem with multiple userDn patterns.
|
2006-05-01 00:43:42 +00:00 |
|
Luke Taylor
|
f0b11109b4
|
Added tests for nameExists method
|
2006-05-01 00:41:07 +00:00 |
|
Luke Taylor
|
9f385eb1e0
|
Typo in Javadoc.
|
2006-05-01 00:40:18 +00:00 |
|
Luke Taylor
|
a468f03cae
|
Add functionality to LdapTemplate for checking that an entry exists, and for retrieving an entry as an object, mapped from its attributes.
|
2006-05-01 00:28:27 +00:00 |
|
Luke Taylor
|
3f0f45706c
|
Update Javadoc to include SSHA info.
|
2006-04-30 22:14:27 +00:00 |
|
Luke Taylor
|
def8a849a2
|
Added String-only 'compare' operation tests which now work with ApacheDS RC2 (unlike byte[] comparisons which are still broken).
|
2006-04-30 21:53:05 +00:00 |
|
Luke Taylor
|
98887f37da
|
Change to more appropriate inline inner class name.
|
2006-04-30 21:40:53 +00:00 |
|
Luke Taylor
|
0b2be28def
|
Added search method which will be used for finding roles.
|
2006-04-30 21:37:18 +00:00 |
|
Luke Taylor
|
91f5fc30be
|
SEC-258: Removed use of URI class
|
2006-04-30 19:45:37 +00:00 |
|
Luke Taylor
|
25c643970a
|
Change package names to match apacheds RC1.
|
2006-04-29 22:45:19 +00:00 |
|
Luke Taylor
|
a50695a1a8
|
Upgrade apacheds to RC1
|
2006-04-29 22:41:21 +00:00 |
|
Ben Alex
|
890864ed00
|
SEC-194: Allow remember-me services to be used with BASIC authentication.
|
2006-04-28 08:54:54 +00:00 |
|
Ben Alex
|
9b63051149
|
SEC-204: Improve startup time detection of errors by FilterInvocationDefinitionSourceEditor.
|
2006-04-28 08:41:55 +00:00 |
|
Ben Alex
|
cc07f620df
|
SEC-257: ExceptionTranslationFilter to use AccessDeniedHandler.
|
2006-04-28 06:52:50 +00:00 |
|
Ben Alex
|
21aaf2b9db
|
SEC-256: Contacts sample not displaying localized exceptions correctly.
|
2006-04-28 06:43:50 +00:00 |
|
Ben Alex
|
d125569bd6
|
SEC-29: Save POST parameters on AuthenticationEntryPoint redirect.
|
2006-04-28 05:05:35 +00:00 |
|
Ben Alex
|
22aa0e898f
|
SEC-243: SessionRegistry.getAllSessions() now accepts an "includeExpiredSessions" argument.
|
2006-04-27 23:26:19 +00:00 |
|
Ben Alex
|
0648c65b0b
|
SEC-243: SessionRegistry.getAllSessions() now accepts an "includeExpiredSessions" argument.
|
2006-04-27 23:25:00 +00:00 |
|
Ben Alex
|
d8a56d4e60
|
SEEC-255: Always create HttpSession before calling AuthenticationDetailsSource.
|
2006-04-27 23:11:56 +00:00 |
Marc-Antoine Garrigue
|
2af791a801
|
Error in javadoc concerning the default keyword
REQUIRES_CAPTCHA_BELOW_AVERAGE_TIME_IN_MILLIS_REQUESTS
|
2006-04-27 08:56:42 +00:00 |
|
Ben Alex
|
81603832be
|
SEC-152: Strategy pattern for SecurityContextHoldder.
|
2006-04-27 08:31:32 +00:00 |
|
Ben Alex
|
b05709df6a
|
SEC-152: Strategy pattern for SecurityContextHoldder.
|
2006-04-27 08:30:29 +00:00 |
|
Scott McCrory
|
88ff43017d
|
Added unit test for the overridden requiresAuthentication method
|
2006-04-27 02:24:30 +00:00 |
|
Scott McCrory
|
481a9377e4
|
Added NPE check for defaultTargetUrl in requiresAuthentication
|
2006-04-27 02:23:46 +00:00 |
|
Ben Alex
|
8cc5dcde30
|
SEC-249: Support logout filter.
|
2006-04-26 23:36:03 +00:00 |
|
Luke Taylor
|
8400341399
|
Tidy up screwy formatting.
|
2006-04-26 21:19:20 +00:00 |
|
Ray Krueger
|
a7d0f88e01
|
Fixed no authority check so that it is after addCustomAuthorities
http://opensource.atlassian.com/projects/spring/browse/SEC-253
Also removed the unused logger
|
2006-04-26 16:22:38 +00:00 |
|
Ben Alex
|
a47a342ce6
|
SEC-234: Allow pluggable AuthenticationDetailsSource strategy interface.
|
2006-04-26 05:24:49 +00:00 |
|
Ben Alex
|
b1becf9277
|
SEC-242: Make logger reflect subclass, not superclass.
|
2006-04-26 04:56:46 +00:00 |
|
Ben Alex
|
f4156a22bd
|
SEC-246: Enable late binding on DaoAuthenticationProvider.userDetailsService field.
|
2006-04-26 04:54:44 +00:00 |
|
Ben Alex
|
d541c8e257
|
SEC-238: Add AuthenticationException to onUnsuccessfulAuthentication method signature.
|
2006-04-26 04:42:16 +00:00 |
|
Ben Alex
|
540c7b2e6a
|
SEC-229: Allow external URLs from AbstractProcessingFilter.
|
2006-04-26 04:36:54 +00:00 |
|
Ben Alex
|
97ac9f7e98
|
SEC-191: Look in parent bean factories for AclManager.
|
2006-04-26 04:26:04 +00:00 |
|
Ben Alex
|
f6b7429947
|
SEC-187: Tidy up URL composition logic basedon default HTTP(S) ports.
|
2006-04-26 04:19:35 +00:00 |
|
Ben Alex
|
307ac99ec5
|
SEC-199: Use ServletException.getRootCause() to extract any Acegi Security exceptions.
|
2006-04-26 04:11:05 +00:00 |
|
Ben Alex
|
4e09777dec
|
SEC-247: Allow #NONE# to be used to specify paths that shouldn't have any filters fire.
|
2006-04-26 03:55:39 +00:00 |
|
Ben Alex
|
185d63f23c
|
SEC-221: AbstractProcessingFilter.onPreAuthentication() should have exceptions caught.
|
2006-04-26 03:40:24 +00:00 |
|
Ben Alex
|
6bae43d380
|
SEC-206: Include context root when generating cookies.
|
2006-04-26 03:35:33 +00:00 |
|
Ben Alex
|
5d9ed78b50
|
SEC-147: Add processDomainObjectClass property to AfterInvocationProviders.
|
2006-04-26 03:30:27 +00:00 |
|
Ben Alex
|
de4af379cc
|
SEC-252: Stop NPE if principal object is null.
|
2006-04-26 03:00:14 +00:00 |
|
Ben Alex
|
fba45cb19e
|
SEC-208: Fix threading issue.
|
2006-04-26 02:54:18 +00:00 |
|
Carlos Sanchez
|
88e8e60861
|
[SEC-240] Moved log4j.properties to test folder to avoid including it in jar
|
2006-04-26 02:39:56 +00:00 |
|
Ben Alex
|
5f79a25860
|
SEC-243: SessionRegistryImpl no longer incorrectly includes expired sessions.
|
2006-04-26 02:36:37 +00:00 |
|
Ben Alex
|
948f79e2e2
|
SEC-219: Support complex tokenization scenarios.
|
2006-04-26 02:23:19 +00:00 |
|
Ben Alex
|
14683dcbc7
|
SEC-190: Add hashCode() and equals() methods.
|
2006-04-26 01:41:10 +00:00 |
|
Ben Alex
|
36c096858d
|
SEC-223: Improve hashCode() performance.
|
2006-04-26 01:31:17 +00:00 |
|
Ben Alex
|
57aee4e605
|
SEC-218: Fix authentication exception cleanup of SecurityContextHolder.
|
2006-04-26 01:28:06 +00:00 |
|
Ben Alex
|
8cff715599
|
SEC-222: Improve hashCode() to use XOR.
|
2006-04-26 01:18:42 +00:00 |
|
Scott McCrory
|
e39bd43541
|
SEC-217 - Improve Siteminder Filter - now authenticates on calls to both j_security_check and the default target URL if the user isn't already authenticated. Thanks Paul Garvey for determining this and providing solution code.
|
2006-04-25 23:19:30 +00:00 |
|
Scott McCrory
|
e44c5e66d3
|
As per SEC-193, removed unnecessarily overridden methods.
|
2006-04-25 23:01:04 +00:00 |
|
Carlos Sanchez
|
465f76cb22
|
Resolve some compilation problems with m2
|
2006-04-25 16:31:48 +00:00 |
|
Carlos Sanchez
|
7d250eda78
|
Use latest directory server version
Set test scope to spring mock
|
2006-04-25 04:46:19 +00:00 |
|
Ben Alex
|
719d3af879
|
SVN updates.
|
2006-04-25 00:22:00 +00:00 |
|
Luke Taylor
|
4d9f99acc4
|
Added getter for authoritiesPopulator. Fix for SEC-227.
|
2006-04-18 23:44:07 +00:00 |
|
Luke Taylor
|
596882804f
|
First commit of LdapTemplate class, a la Spring JdbcTemplate, as suggested by Ben to simplify Ldap connection handling etc.
|
2006-04-18 22:34:04 +00:00 |
|
Luke Taylor
|
3d51c46575
|
Added license header.
|
2006-04-18 22:27:17 +00:00 |
|
Luke Taylor
|
f61a58d98b
|
Added a couple more tests.
|
2006-04-16 21:18:12 +00:00 |
|
Luke Taylor
|
7a0a87a167
|
Added support for LDAP SSHA (salted SHA) encoded passwords.
|
2006-04-16 21:12:39 +00:00 |
|
Luke Taylor
|
c6dd545de0
|
Javadoc change.
|
2006-04-16 17:11:44 +00:00 |
|
Luke Taylor
|
e5bef3f31b
|
Added doc for @throws
|
2006-04-16 17:11:06 +00:00 |
|
Luke Taylor
|
9c8a4c2f74
|
Fix for SEC-237. Make LDAP Provider reject empty username.
|
2006-04-16 16:41:08 +00:00 |
|
Luke Taylor
|
743cc9fec7
|
Fix for SEC-215. Check for empty nameInNameSpace before appending.
|
2006-04-16 16:11:02 +00:00 |
|
Luke Taylor
|
d5885baf6b
|
Added some comments.
|
2006-04-16 16:00:32 +00:00 |
|
Luke Taylor
|
3f06c51379
|
Fix for SEC-225. Allow empty search base in authorities populator.
|
2006-04-16 15:37:48 +00:00 |
|
Luke Taylor
|
48716af20a
|
Removed unnecessary package names left over from refactoring.
|
2006-04-16 15:25:33 +00:00 |
|
Luke Taylor
|
072a4c3d18
|
Fix for SEC-226. Added ability to set derefLinkFlag property.
|
2006-04-16 15:15:55 +00:00 |
|
Luke Taylor
|
267c846e12
|
Sort out LDAP tests to match up with moved production classes.
|
2006-04-16 14:31:13 +00:00 |
|
Luke Taylor
|
bf4fca9126
|
Move non security-specific LDAP classes to org.acegisecurity.ldap package
|
2006-04-16 14:26:46 +00:00 |
|
Luke Taylor
|
7c69668589
|
Deprecated, pending deletion.
|
2006-04-16 14:12:23 +00:00 |
|
Luke Taylor
|
bbd250e442
|
Modified to use classes from org.acegisecurity.ldap package
|
2006-04-16 14:05:28 +00:00 |
|
Luke Taylor
|
7f24e209a6
|
Move non security-specific LDAP classes to org.acegisecurity.ldap package
|
2006-04-16 13:56:36 +00:00 |
|
Luke Taylor
|
0c1ab7f98c
|
Corrected a couple of Javadoc typos.
|
2006-04-15 12:32:50 +00:00 |
|
Scott Battaglia
|
9a8fdcd269
|
SEC-196
updated references to Yale CAS to JA-SIG CAS
|
2006-03-28 15:41:20 +00:00 |
|
Scott Battaglia
|
b0d4cbceac
|
updated javadoc to reflect proper value of getPrincipal
|
2006-03-28 14:05:57 +00:00 |
|
Scott Battaglia
|
3d0f746719
|
SEC-224
updated CasAuthenticationToken to be consistant with approach taken by other providers with regards to authentication.getPrincipal()
|
2006-03-14 16:15:51 +00:00 |
|
Ben Alex
|
51f1b33af9
|
SEC-209: Make eventPublisher protected.
|
2006-03-07 13:04:12 +00:00 |
|
Luke Taylor
|
7e7920ce00
|
Fix for SEC-202. Intialize manager password to default "manager_password_not_set".
|
2006-02-28 17:47:55 +00:00 |
|
Scott Battaglia
|
5607da8d67
|
updated references from Yale CAS to JA-SIG CAS
|
2006-02-27 13:52:41 +00:00 |
|
Luke Taylor
|
6abceb7ab0
|
Additional changes related to SEC-192 (avoiding session creation when creating WebAuthenticationDetails). Also fixed Jalopy chaos in SwitchUserProcessingFilter.
|
2006-02-20 00:37:39 +00:00 |
|
Luke Taylor
|
52a212e609
|
Removed "== true" in boolean.
|
2006-02-20 00:27:36 +00:00 |
|
Luke Taylor
|
5475ab0575
|
Modify AbstractAuthenticationManager to transfer the details object from authentication request to the resulting authentication token, provided it has not already been set on the latter by an authentication provider.
|
2006-02-19 23:50:21 +00:00 |
|
Luke Taylor
|
c88b9093c0
|
Remove unnecessary check for null.
|
2006-02-19 22:35:37 +00:00 |
|
Luke Taylor
|
ee41d24447
|
Javadoc correction.
|
2006-02-19 22:23:04 +00:00 |
|
Luke Taylor
|
e12c8310eb
|
Remove unnecessary default constructors which throw IllegalArgumentException. Favours compile time over runtime errors.
|
2006-02-16 16:44:35 +00:00 |
|
Luke Taylor
|
4b4d4d3332
|
Added some uses of Spring Assert class and removed one to prevent unnecessary StringBuffer creation.
|
2006-02-16 01:11:31 +00:00 |
|
Luke Taylor
|
84ccd89061
|
More readable javadoc.
|
2006-02-15 19:06:04 +00:00 |
|
Luke Taylor
|
cd7efaf567
|
Fix for SEC-189. Added getter for initialDirContextFactory.
|
2006-02-13 16:20:42 +00:00 |
|
Luke Taylor
|
6c29a6d17e
|
Added test for immutability of authorities array. Refactored standard authorities array into an instance field.
|
2006-02-13 16:16:43 +00:00 |
|
Ben Alex
|
2ab5af0a69
|
SEC-188: Fix JavaDocs.
|
2006-02-12 06:29:53 +00:00 |
|
Ben Alex
|
a28a932598
|
SEC-183: Minimise session creation as a consequence of SEC-168 and SEC-182 changes.
|
2006-02-09 23:04:29 +00:00 |
|
Ben Alex
|
0282696202
|
SEC-182: Remember-me compatibility with concurrent session support.
|
2006-02-09 10:32:49 +00:00 |
|
Ben Alex
|
b1dd784dee
|
SEC-180: BasicProcessingFilter should configurably ignore authentication failures.
|
2006-02-09 06:41:31 +00:00 |
|
Ben Alex
|
e63b2ec9e6
|
Cleanup unused imports.
|
2006-02-09 06:00:25 +00:00 |
|
Ben Alex
|
96196bd637
|
SEC-179: Upgrade to Spring 2.0-M2.
|
2006-02-09 05:36:06 +00:00 |
|
Ben Alex
|
ae29498f75
|
SEC-158: X509 to support Authentication.isAuthenticated() as per usual contract.
|
2006-02-09 04:25:07 +00:00 |
|
Ben Alex
|
79287999dc
|
SEC-178: Refactor AbstractAuthenticationToken.
|
2006-02-09 04:16:50 +00:00 |
|
Ben Alex
|
74de83e5f1
|
SEC-177: Add hashCode() method.
|
2006-02-09 03:45:47 +00:00 |
|
Ben Alex
|
c9cee6651c
|
SEC-176: Add hashCode() method.
|
2006-02-09 03:36:47 +00:00 |
|
Ben Alex
|
ac457021b8
|
Inheritance doesn't seem to work, so added the groupId manually.
|
2006-02-09 03:13:58 +00:00 |
|
Ben Alex
|
77be0009ad
|
Correct equals(Object) method handling if both objects have null getDetails().
|
2006-02-09 02:54:40 +00:00 |
|
Ben Alex
|
78df09db8a
|
SEC-175: Add equals(Object) method.
|
2006-02-09 02:53:27 +00:00 |
|
Luke Taylor
|
dc959b1847
|
Fix for SEC-159. Added clearContext() method to SecurityContextHolder and refactored code to use it instead of putting an empty context into the holder.
|
2006-02-08 23:27:46 +00:00 |
|
Ben Alex
|
8c0ce12332
|
SEC-169: Add SessionRegistry.getAllPrincipals() method.
|
2006-02-08 05:22:48 +00:00 |
|
Ben Alex
|
3a01e48b17
|
SEC-174: Correct IE6 bug with AuthenticationProcessingFilterEntryPoint.
|
2006-02-08 04:58:50 +00:00 |
|
Ben Alex
|
9d213f46a4
|
SEC-168: Prevent errors with concurrent session support.
|
2006-02-08 04:42:03 +00:00 |
|
Ben Alex
|
1fa6ac0975
|
SEC-164: Copy Authentication.getDetails() to returned Authentication object.
|
2006-02-08 02:19:43 +00:00 |
|
Luke Taylor
|
2daea069f9
|
Refactoring of BindAuthenticator to allow an extended version which uses ppolicy controls. Added no-cause constructor in LdapDataAccessException for use in data parsing errors.
|
2006-02-08 02:17:44 +00:00 |
|
Ben Alex
|
ca1bf5cc21
|
SEC-170: AbstractAclVoter to support JoinPoint.
|
2006-02-08 02:06:55 +00:00 |
|
Luke Taylor
|
eb7964f6e5
|
Clean imports.
|
2006-02-08 01:54:03 +00:00 |
|
Luke Taylor
|
fe88d6ec17
|
SEC-134 fix. Authorities array is now copied on access. Also refactored token classes to move authorities to the base class.
|
2006-02-08 01:24:38 +00:00 |
|
Luke Taylor
|
842ad929a4
|
Change search object to use constructor injection (SEC-165) .
|
2006-02-03 19:53:08 +00:00 |
|
Luke Taylor
|
436fcde10b
|
Change apacheds to version 0.9.4-SNAPSHOT, add slf4j-log4j12 dep
|
2006-02-02 19:58:46 +00:00 |
|
Carlos Sanchez
|
3036b5d46b
|
Spring mock is required for compilation
|
2006-02-01 19:16:46 +00:00 |
|
Ben Alex
|
9771b7817a
|
SEC-144: Separate SecurityEnforcementFilter from FilterSecurityInterceptor.
|
2006-01-28 22:54:23 +00:00 |
|
Ben Alex
|
fa4c2a6ade
|
Correct bug with SEC-120 location of where filter chain proceeds.
|
2006-01-28 22:52:17 +00:00 |
|
Ben Alex
|
823f93fe3b
|
SEC-163: Fix ClassCastException bug in MethodInvocationUtils, and add test to prove correct functionality.
|
2006-01-28 21:33:35 +00:00 |
|
Ben Alex
|
ce907f2ddc
|
SEC-153: Improve toString() method.
|
2006-01-28 01:30:46 +00:00 |
|
Ben Alex
|
484b0e3a51
|
SEC-126: Initial commit of WebInvocationPrivilegeEvaluator feature.
|
2006-01-28 01:26:58 +00:00 |
|
Ben Alex
|
0c89822c56
|
SEC-162: Properly handle null Authentication.
|
2006-01-28 01:24:52 +00:00 |
|
Ben Alex
|
c8c7c24822
|
SEC-120: Remember-me to delegate to AuthenticationManager so authentication-specific behaviour (such as concurrent user management) can be applied.
|
2006-01-28 01:22:36 +00:00 |
|
Luke Taylor
|
9062b4c352
|
Improved solution to 1.4-compatible IllegalArgumentException with "cause" exception (as suggested on dev list).
|
2006-01-27 18:53:37 +00:00 |
|
Luke Taylor
|
fbe5957c23
|
Add support for ldaps:// urls. (Fix for SEC-146).
|
2006-01-27 18:28:13 +00:00 |
|
Ben Alex
|
82be52cea0
|
SEC-123: Remove exception from no-arg constructor.
|
2006-01-27 05:26:46 +00:00 |
|
Ben Alex
|
ea182f73fe
|
SEC-145: Include nested exception.
|
2006-01-27 05:17:13 +00:00 |
|
Ben Alex
|
2459858f48
|
SEC-132: Refactor out getSessionId() to interface, so different Authentication.getDetails() implementations can be used.
|
2006-01-27 05:10:30 +00:00 |
|
Ben Alex
|
07ed2ca2f0
|
Initial commit.
|
2006-01-27 05:09:57 +00:00 |
|
Ben Alex
|
ab223b8423
|
SEC-156: Use getName() instead of toString() as getName() is always the username whereas toString() contains extra information if the Authentication.getPrincipal() has been converted to a UserDetails.
|
2006-01-27 04:52:46 +00:00 |
|
Ben Alex
|
8f6275ab3e
|
SEC-155: BasicaclEntryCache to provide "remove from cache" support.
|
2006-01-27 04:42:39 +00:00 |
|
Ben Alex
|
449e395181
|
Reformat code.
|
2006-01-27 04:42:15 +00:00 |
|
Ben Alex
|
e675c89e28
|
Remove unused imports.
|
2006-01-27 04:41:32 +00:00 |
|
Ben Alex
|
5e258cc201
|
SEC-161: Truncate everything after ? in URL.
|
2006-01-27 03:30:01 +00:00 |
|
Ben Alex
|
49a917b08d
|
Remove extra dependency on Commons Lang. This dependency is only required by the domain subproject, not the core security project.
|
2006-01-27 03:18:34 +00:00 |
|
Luke Taylor
|
13a0784736
|
Replaced use of Java 1.5 IllegalArgumentException constructor.
|
2006-01-27 01:20:15 +00:00 |
|
Luke Taylor
|
2b0a65983d
|
Removed unused logger.
|
2006-01-26 20:48:49 +00:00 |
|
Luke Taylor
|
f9e043d43a
|
added commons lang dependency
|
2006-01-26 20:02:26 +00:00 |
|
Luke Taylor
|
17b3424b85
|
Javadoc typos.
|
2006-01-26 14:55:13 +00:00 |
|
Ben Alex
|
4024f124b9
|
SEC-154: Support Hibernate/CGLIB modified domain objects.
|
2006-01-26 10:27:32 +00:00 |
|
Ben Alex
|
a7ebe51fc8
|
SEC-135: Additional logging of votes in BasicAclEntryVoter.
|
2006-01-26 10:04:36 +00:00 |
|
Ben Alex
|
f4c1b81a9c
|
SEC-150: Expand exception message.
|
2006-01-26 10:00:59 +00:00 |
|
Ben Alex
|
37802e3748
|
SEC-138: Make exception output to Commons Logging, not system console.
|
2006-01-26 09:36:48 +00:00 |
|
Ben Alex
|
10541fc9db
|
SEC-137: Correct stack overflow with MethodInvocation.createFromClass(Class, Method).
|
2006-01-26 09:28:30 +00:00 |
|
Ben Alex
|
e5c538d1a5
|
SEC-125: Provide hashCode() method for AbstractAuthenticationToken.
|
2006-01-26 09:23:03 +00:00 |
|
Luke Taylor
|
63682a9c5d
|
Javadoc typos.
|
2006-01-25 17:04:58 +00:00 |
|
Luke Taylor
|
fe2f4e4a3b
|
Added setter method to allow connection pooling to be disabled.
|
2006-01-25 17:04:02 +00:00 |
|
Ray Krueger
|
b20c0a674a
|
Fixed NPE see SEC-143
|
2006-01-16 23:56:04 +00:00 |
|
Luke Taylor
|
38629f159a
|
Added default role option to authorities populator.
|
2006-01-13 21:13:53 +00:00 |
|
Luke Taylor
|
63dcdec1b7
|
Corrected more Jalopy screwy formatting.
|
2006-01-06 02:00:41 +00:00 |
|
Luke Taylor
|
22b0e1613c
|
Addition of package.html files. Minor formatting.
|
2006-01-05 19:59:04 +00:00 |
|
Luke Taylor
|
2f53f0e7d7
|
Message string changed to reflect class name changes.
|
2006-01-05 01:11:45 +00:00 |
|
Luke Taylor
|
affa500778
|
Message string changed to reflect class name changes.
|
2006-01-05 01:02:49 +00:00 |
|
Luke Taylor
|
d7ae1ad21b
|
Refactoring to reduce code duplication, remove config files and use JMock to enforce expectations on whether FilterChain proceeds or not.
|
2006-01-05 00:59:10 +00:00 |
|
Luke Taylor
|
0202b47346
|
Switched to using JMock methods for dummy objects.
|
2006-01-04 23:31:34 +00:00 |
|
Luke Taylor
|
4063a87dbf
|
Changed to use parent method for Mock creation rather than new operator.
|
2006-01-04 23:25:40 +00:00 |
|
Luke Taylor
|
f9d0ee209b
|
Changed FilterInvocationDefinitionSourceEditor to complain if the parsed URL or the config attribute is empty or null. Plus some comment tidying.
|
2006-01-04 21:35:10 +00:00 |
|
Luke Taylor
|
56bccf6070
|
Added MessageSource support for LDAP provider classes.
|
2006-01-03 20:31:19 +00:00 |
|
Luke Taylor
|
e81be72bd7
|
Changed test to use tested class rather than interface name. Added test for service detection style URLs.
|
2006-01-01 15:11:54 +00:00 |
|
Carlos Sanchez
|
1dfc42550f
|
Add spring-mock to dependency management
Add ldap dependencies
Simplify spring dependencies
|
2005-12-25 00:21:49 +00:00 |
|
Ben Alex
|
6b1f97a381
|
Resolve compiler warnings.
|
2005-12-24 10:03:18 +00:00 |
|
Carlos Sanchez
|
b0d65259b6
|
Changed groupId to org.acegisecurity
|
2005-12-22 16:40:22 +00:00 |
|
Carlos Sanchez
|
f226dfb67f
|
Use ISO encoding to avoid problems
|
2005-12-22 16:27:44 +00:00 |
|
Carlos Sanchez
|
0c9e1769a4
|
Improved m2 poms
|
2005-12-22 15:54:37 +00:00 |
|
Carlos Sanchez
|
f662ed5890
|
Ignore eclipse project files
|
2005-12-22 13:41:33 +00:00 |
|
Luke Taylor
|
9b5aa159aa
|
Correct screwy formatting.
|
2005-12-22 01:42:27 +00:00 |
|
Luke Taylor
|
3977e3b822
|
Refactored to remove unnecessary null check in createSuccessAuthentication. Removed several legacy references to AuthenticationDao in Javadoc.
|
2005-12-22 01:30:53 +00:00 |
|
Luke Taylor
|
5b076c79d1
|
Changed to use a Set rather than array index to check for the presence of granted authorities as the ordering of the latter couldn't be guaranteed.
|
2005-12-22 01:22:09 +00:00 |
|
Luke Taylor
|
41a95b11cd
|
Corrected wrong package name in Javadoc.
|
2005-12-22 01:18:32 +00:00 |
|
Luke Taylor
|
8f725f7a74
|
Removed no-arg constructor from UsernamePasswordAuthenticationToken.
|
2005-12-22 01:16:16 +00:00 |
|
Luke Taylor
|
c378779610
|
Removed printStackTrace from expected exception.
|
2005-12-22 01:15:25 +00:00 |
|
Luke Taylor
|
09cef7adc2
|
Refactoring to remove encodeInternal method. Same as recent changes to SHA encoder.
|
2005-12-21 16:41:52 +00:00 |
|
Luke Taylor
|
2d1dd7b292
|
Restoring author/version tags, some minor comments.
|
2005-12-21 00:48:57 +00:00 |
|
Luke Taylor
|
20d69e2734
|
Tidying up some Jalopy weirdness.
|
2005-12-21 00:39:36 +00:00 |
|
Luke Taylor
|
dc728987f4
|
Changed LdapDataAccessException to extend AuthenticationServiceException.
|
2005-12-21 00:14:15 +00:00 |
|
Luke Taylor
|
0f678d53ba
|
Javadoc typo in tag.
|
2005-12-21 00:00:02 +00:00 |
|
Luke Taylor
|
911be66513
|
Move LdapUserSearch into main provider package and separate out its current implementation as it may be used for more than authentication.
|
2005-12-20 23:58:35 +00:00 |
|
Luke Taylor
|
b01bf0b878
|
Expanded Javadoc.
|
2005-12-20 23:26:38 +00:00 |
|
Luke Taylor
|
1549ec55b1
|
Switch to embedded context version of apache DS (no socket nonsense etc.)
|
2005-12-20 23:08:54 +00:00 |
|
Luke Taylor
|
9554dc50bc
|
Pull functionality for hiding UsernameNotFoundException's up into AbstractUserDetailsAuthenticationProvider.
|
2005-12-19 17:23:34 +00:00 |
|
Luke Taylor
|
929b08c085
|
Spring config for ApacheDS is no longer used.
|
2005-12-19 17:04:09 +00:00 |
|
Luke Taylor
|
069f78c00b
|
Move the apacheDS working directory to java.io.tmpdir
|
2005-12-19 17:01:25 +00:00 |