Commit Graph

1280 Commits

Author SHA1 Message Date
Luke Taylor 1686fd0bd2 Updated ldap tests to apache directory 1.0.0 release version. 2007-02-04 20:06:36 +00:00
Ben Alex e169e63e1b SEC-404: Correct previous SEC-404 commit. 2007-01-02 23:36:38 +00:00
Ben Alex 3f62a5c868 SEC-404: NPE when logging out if user not already logged in. 2006-12-28 21:23:35 +00:00
Luke Taylor 93509dc999 Reformatted X.509 certificate in comment. 2006-11-29 01:40:14 +00:00
Luke Taylor 6a440f816c removed monkeymachine.co.uk email addresses. 2006-11-28 21:37:37 +00:00
Ben Alex 1805ab8ec4 SEC-401: internalMethod handling fixes, plus correct issue with startsWith(String) usage. 2006-11-26 04:47:43 +00:00
Ben Alex e79a28875f SEC-400: Clarify exception if getter returns null. 2006-11-26 03:24:11 +00:00
Ray Krueger 1a486e584b HttpSessionEventPublisher need not implement ServletContextListener any longer 2006-11-20 19:35:11 +00:00
Ray Krueger 74e8efc4e9 Fixed SEC-395 2006-11-20 19:09:45 +00:00
Ben Alex 6fe569556c Use type in same module (Maven requirement). 2006-11-17 03:18:07 +00:00
Ben Alex 197a011ac5 Relocate resource files to comply with Maven directory conventions. 2006-11-17 03:06:30 +00:00
Ben Alex 1081c267d9 SEC-239: New ACL module. 2006-11-17 02:03:23 +00:00
Ben Alex 9f512c384e SEC-239: New ACL module. 2006-11-17 02:01:21 +00:00
Ben Alex 2984913051 SEC-393: More elegantly deal with setProviders(List) type safety enforcement. 2006-11-16 02:15:43 +00:00
Carlos Sanchez 5e819af782 SEC-388: Upgrade other Spring dependencies to 1.2.8. 2006-11-15 22:54:54 +00:00
Ben Alex 1b4a098760 SEC-354: Add label-based voter. 2006-11-14 22:07:36 +00:00
Ben Alex 4d166a6867 SEC-333: Error in last commit, should default to regexp processor, not Ant Path processor, in the case of empty or null strings. 2006-11-14 21:52:51 +00:00
Ben Alex 780130d0f3 SEC-333: Eliminate dependecy on ORO when Ant Paths being used instead of Regular Expressions. 2006-11-14 20:55:24 +00:00
Ben Alex 775840a565 SEC-374: Allow GrantedAuthority[]s assigned to switched user identity to be filtered. 2006-11-14 05:49:56 +00:00
Ben Alex f5ce0250b4 SEC-310: Add AbstractProcessingFilter.getAuthenticationDetailsSource(). 2006-11-14 03:30:04 +00:00
Ben Alex 8dda52eeaa SEC-322: Workaround bug in WebSphere. 2006-11-14 02:21:27 +00:00
Ben Alex 5640eb0511 SEC-378: Use trim instead of replacement for space removal. 2006-11-14 01:55:44 +00:00
Ben Alex ad6c501379 SEC-360: Minor correction in patch applied yesterday. 2006-11-14 01:09:35 +00:00
Ben Alex 2a65d386d5 SEC-384: Remove Commons-Lang dependency. 2006-11-14 00:59:17 +00:00
Ben Alex 59bf8602d2 SEC-356: Add cloneFromHttpSession property. 2006-11-14 00:43:00 +00:00
Ben Alex 5911234f65 SEC-359: Logout even if not logged in. 2006-11-13 06:05:28 +00:00
Ben Alex fa6b4480b1 SEC-360: Provide server side forward option instead of redirection. 2006-11-13 00:17:07 +00:00
Ben Alex f0ae6f53a7 SEC-327: Add includeDetailsObject property. 2006-11-12 23:55:50 +00:00
Ben Alex f28ce39bde SEC-365: Provide an alwaysRemember property, together with an abstract method so subclasses can determine custom behaviour. 2006-11-12 23:28:57 +00:00
Ben Alex 71eba94cf2 SEC-371: Use AbstractTicketValidator for logger. 2006-11-12 23:10:09 +00:00
Ben Alex 0f517cb8e2 SEC-375: Publish AuthorizationFailureEvent event when AccessDeniedException thrown by AfterInvocationProvider. 2006-11-12 22:06:37 +00:00
Ben Alex b8d0722251 SEC-367: Added clarification of immutability contract. 2006-11-12 21:36:52 +00:00
Ben Alex 43dbe6c991 SEC-364: Fix context path handling. 2006-11-12 21:31:31 +00:00
Carlos Sanchez 10d6859dad Added ACL table SQL for some databases 2006-10-17 22:24:57 +00:00
Ben Alex 172026f875 SEC-377: Remove Commons Lang dependency. 2006-10-14 00:17:19 +00:00
Ben Alex c292826475 SEC-373: Add byte array encryption/decryption support. 2006-10-07 09:45:51 +00:00
Ben Alex 21dd050d7b SEC-348: Limit Basic automatic reauthentication scope to UsernamePasswordAuthenticationToken (specifically avoid CasAuthenticationToken). 2006-09-29 08:41:25 +00:00
Ben Alex d2fb473a4e Formatting only. 2006-09-29 07:33:45 +00:00
Ben Alex 49a2de8f0f SEC-366: Initial commit. 2006-09-29 07:29:13 +00:00
Ben Alex cc03675776 SEC-340: Invalidate HttpSession on logout. 2006-09-29 06:45:40 +00:00
Scott McCrory db96650d99 SEC-319: Reverted to 1.0.1 version to delay these changes to 1.1.0, based on small breakage of backward compatability. 2006-09-23 19:48:39 +00:00
Carlos Sanchez 558fd5d75d Add scm info because we don't use artifactid as folder name 2006-09-17 21:06:22 +00:00
Ben Alex b0056568f0 SEC-338: Serializable and serialVersionUID missing for Authentication-related objects. 2006-09-15 08:38:11 +00:00
Ben Alex 7313d5def0 SEC-324: Ensure IllegalStateException no longer occurs. 2006-09-15 07:55:57 +00:00
Ben Alex 324789d544 SEC-311: Must observe symmetry requirement of Object.equals(Object) contract. 2006-09-15 06:27:45 +00:00
Ben Alex 9e3ce85dd5 SEC-330: Make UserMap work with UserDetails, not User concrete class. 2006-09-15 03:47:17 +00:00
Ben Alex f0b259a32e SEC-349: GrantedAuthority constructor argument can be null. 2006-09-15 03:42:11 +00:00
Ben Alex 58d3f0c56f SEC-290: Correct bug with generation of SimpleMethodInvocation. 2006-09-15 03:38:36 +00:00
Ben Alex 5364db2c27 SEC-328: Avoid unnecessarily hitting backend a second time, if the cache wasn't used in first place. 2006-09-15 03:36:51 +00:00
Ben Alex 53beadb7bf SEC-290: Correct bug with generation of SimpleMethodInvocation. 2006-09-15 03:27:26 +00:00
Ben Alex 03df6a90eb SEC-293: Modified collection remove logic to use removeList. 2006-09-15 03:20:08 +00:00
Ben Alex 1292420476 SEC-311: Must observe symmetry requirement of Object.equals(Object) contract. 2006-09-15 03:09:05 +00:00
Ray Krueger cf91104b69 Made parameters case-insensitive 2006-09-14 20:47:17 +00:00
Ray Krueger 6779d97546 Made parameters case-insensitive 2006-09-14 20:39:37 +00:00
Carlos Sanchez 757062e8f9 Initialization of exceptionMappings was broken in last commit 2006-09-13 08:20:08 +00:00
Carlos Sanchez 4d070eab25 Add setAuthoritiesAsString to UserAttribute 2006-09-04 21:54:15 +00:00
Luke Taylor 000f9ab7ac SEC-321: truncate from first question mark, not last. 2006-09-03 22:12:13 +00:00
Luke Taylor 4e65b24253 SEC-245: Add mapPassword method to allow customized translation of password attribute. 2006-08-28 20:58:26 +00:00
Luke Taylor 57a8d2adb3 Added handleBindException method to allow subclasses to inspect the reason for bind failure. 2006-08-25 16:06:20 +00:00
Luke Taylor dc13f25dee Tidied up formatting. 2006-08-25 16:04:27 +00:00
Luke Taylor 8dd1177c02 Added property to force use of LdapContext instead of DirContext 2006-08-25 16:03:50 +00:00
Luke Taylor 92dcf694b4 added createTarget method on Essence class to allow subclassing. 2006-08-25 15:32:39 +00:00
Luke Taylor b5cbc977e1 Javadoc correction 2006-08-24 10:56:26 +00:00
Luke Taylor 3889894d16 Added extra mapping of OperationNotSupportedException to BadCredentialsException as some servers return a 53 code (unwilling to perform) when attempting a bind (e.g. is password has expired). This shouldn't be treated as an outright failure. 2006-08-24 10:32:38 +00:00
Luke Taylor 67fcf426eb Close returned context in nameExists method 2006-08-24 10:10:24 +00:00
Luke Taylor e96fee6ec1 Updated apacheds version to RC3 and slf4j to 1.0.1 2006-08-24 10:07:39 +00:00
Carlos Sanchez 27d2db9e22 Ensure that array of valid permissions can't be modified outside the class 2006-08-22 17:57:18 +00:00
Carlos Sanchez 38ec0f0d30 SEC-286: Reverted rev# 1588 as build fails without log4j (class not found exception) 2006-08-22 16:17:46 +00:00
Carlos Sanchez 69ec903088 Add MethodDefinitionSourceMapping for easier configuration 2006-08-22 16:02:44 +00:00
Carlos Sanchez 0298851ca3 Allow setting ACLs by its name 2006-08-22 16:01:34 +00:00
Carlos Sanchez 3487da0e85 Added javadoc 2006-08-22 15:53:41 +00:00
Luke Taylor 3498b36c14 SEC-285: Removed duplicate commons-lang dependency from pom.xml 2006-08-19 20:03:58 +00:00
Scott McCrory 8d3a2b42d9 SEC-319: Improvements to Siteminder integration: Create its own authentication provider & reeval strategy. Note that documentation not yet complete, but code is functional, test-covered and validated in a Siteminder environment. 2006-07-27 01:13:46 +00:00
Luke Taylor 52a167acfa SEC-286: removed log4j dep as it is in the parent pom and tests run fine without it.. 2006-07-25 23:53:42 +00:00
Carlos Sanchez f7cb31a301 Fix broken test 2006-07-20 18:43:58 +00:00
Carlos Sanchez 9a337d2fea Removed default constructors added in rev# 1573 2006-07-20 13:15:55 +00:00
Luke Taylor 4930657e57 Remove typo in method name "getAuthoritiesPopulator" 2006-07-16 20:17:20 +00:00
Scott McCrory 442c51bb30 SEC-318: Rename AuthenticationDao to UserDetailsService in local variables and logging messages 2006-07-15 15:18:51 +00:00
Ray Krueger d485e30fd5 SavedCookieTest was renamed to SavedCookieTests 2006-07-12 10:33:14 +00:00
Ray Krueger ca863ce4f7 http://opensource.atlassian.com/projects/spring/browse/SEC-308
Headers should remain case-insensitive.
2006-07-12 10:25:32 +00:00
Carlos Sanchez 91799c9290 Added missing resources 2006-07-11 21:42:42 +00:00
Carlos Sanchez 156af5b8b6 Added missing tld and notice file to jar 2006-07-11 18:54:04 +00:00
Carlos Sanchez 94a9acedad Added checks to ensure object is properly initialized 2006-07-10 11:48:35 +00:00
Carlos Sanchez 488abe58fb Added default constructor for easier use 2006-07-10 11:24:18 +00:00
Carlos Sanchez 80c1ae3bde fix problems when not loaded through Spring context 2006-07-09 22:08:21 +00:00
Carlos Sanchez 00b73e8331 Fix failing tests keeping old behaviour. 2006-07-06 17:56:50 +00:00
Carlos Sanchez 46af400466 Added FilterInvocationDefinition interface to unify FilterInvocationDefinitionSource and FilterInvocationDefinitionMap 2006-07-06 17:05:08 +00:00
Carlos Sanchez 9e87bd6789 Add javadocs 2006-07-06 17:03:48 +00:00
Carlos Sanchez aa52124d72 Simplify configuration of FilterInvocationDefinitionMap 2006-07-05 22:00:21 +00:00
Carlos Sanchez 9560636380 Simplify configuration of FilterInvocationDefinitionMap 2006-07-05 20:58:50 +00:00
Carlos Sanchez 9d539a13d9 Use accessor instead of field 2006-07-05 20:03:52 +00:00
Carlos Sanchez 0edb75d4aa Added setUsers and setAuthorities for easier configuration 2006-07-05 16:16:13 +00:00
Carlos Sanchez 41f7bb3755 Improve javadoc formatting 2006-07-05 16:00:51 +00:00
Carlos Sanchez 27de814d54 Prevent NullPointerException when not loaded from application context 2006-07-05 15:59:17 +00:00
Carlos Sanchez d847772c81 Prevent NullPointerException when not loaded from application context 2006-07-05 15:58:20 +00:00
Luke Taylor ae55e04522 SEC-297: Stop prepending of context path to full url default targets. Also added more stringent checks on format of injected defaultTargetUrl property. 2006-06-27 23:26:25 +00:00
Carlos Sanchez 18c6838bec [maven-release-plugin] prepare for next development iteration 2006-06-22 17:29:52 +00:00
Carlos Sanchez c7bcbe1b35 [maven-release-plugin] prepare release release_1_0_1 2006-06-22 17:27:29 +00:00
Carlos Sanchez 4e612922ac SEC-281: Go back to spring 1.2.7 to prevent backwards compatibility issues 2006-06-16 17:25:05 +00:00
Luke Taylor a2c3635d78 Moved class to test treee 2006-06-15 00:41:53 +00:00
Luke Taylor 552c275e8f Accidentally checked into source tree rather than test source 2006-06-15 00:37:18 +00:00
Luke Taylor aaf51c4bee Added test for non-String role. 2006-06-14 23:20:51 +00:00
Luke Taylor 49da801096 SEC-303: Check from null role attribute in LdapUserDetailsMapper 2006-06-14 22:44:39 +00:00
Luke Taylor eb3e954ae4 Added chained append call in toString method 2006-06-14 21:46:21 +00:00
Luke Taylor b0caa72e80 Added template method for role creation, as requested in the forum. 2006-06-13 13:18:45 +00:00
Luke Taylor 7475906218 Remove Javadoc errors 2006-06-12 22:32:59 +00:00
Luke Taylor 18680e8fab Remove Jalopy mistakes 2006-06-12 22:31:10 +00:00
Ray Krueger cada23f57d Synchronized MockFilterConfig uses for Spring 1.2.6 and 1.2.8 2006-06-11 01:20:29 +00:00
Ray Krueger fa3c61b19b Call to getCookies() should return Cookies, not SavedCookies 2006-06-11 01:19:44 +00:00
Luke Taylor 88825089a7 Removed "final" from getGroupMembershipRoles 2006-06-07 13:31:11 +00:00
Luke Taylor 2a7caff95f SEC-295: Changed to use getDefaultTargetUrl() accessor internally rather than accessing property directly. Allows for overriding method to supply different Urls. 2006-06-04 15:14:33 +00:00
Ray Krueger 9fd0bbd694 Added Serializable check just to be sure... 2006-06-03 13:40:39 +00:00
Ray Krueger 1a9629b197 http://opensource.atlassian.com/projects/spring/browse/SEC-289
Wraps disassembles cookies into a SavedCookie that is serializable
2006-06-03 13:36:51 +00:00
Ben Alex f7020755be SEC-291: Avoid unnecessary creation of SecurityContextHolderStrategy. 2006-06-01 14:02:56 +00:00
Luke Taylor da780e4567 Tidy up XML formatting in comment 2006-05-31 21:56:16 +00:00
Luke Taylor 9f41b9f470 Wrap any DataAccessExceptions thrown by the Ldaptemplate with AuthenticationServiceFailureExceptions 2006-05-31 21:46:16 +00:00
Luke Taylor 5d7a75a421 SEC-284: Removed allowEmptyPassword flag.. 2006-05-31 20:12:12 +00:00
Luke Taylor d2ee383e06 Changed to reject empty passwords by default. 2006-05-31 18:22:05 +00:00
Luke Taylor ee50d6e334 SEC-281: Modified to use Spring 1.2 compatible exception class for incorrect search results size. 2006-05-31 16:54:27 +00:00
Luke Taylor 02e7bbb982 SEC-284: added allowEmptyPasswords property with default value "true" 2006-05-31 15:00:59 +00:00
Ray Krueger 00620b6992 http://opensource.atlassian.com/projects/spring/browse/SEC-96
Refactored Digest encoding for better support of all MessageDigest algorithms, such as the SHA family.
2006-05-31 03:03:18 +00:00
Carlos Sanchez 35093e09f6 Bump version to 1.1.0-SNAPSHOT 2006-05-31 00:52:26 +00:00
Ben Alex b7a579f27a JavaDoc corrections. 2006-05-29 15:06:32 +00:00
Ben Alex 89eb74b1b2 Refer to 1.0.0 final. 2006-05-28 00:49:38 +00:00
Luke Taylor f8545f4dc2 Added extra commenting to Ldap classes 2006-05-26 22:48:21 +00:00
Ben Alex a130b65937 Add package.html. 2006-05-23 14:04:33 +00:00
Ben Alex ab12817b7a SEC-97: Format Acegi Security source code in accordance with latest Jalopy configuration. 2006-05-23 13:38:33 +00:00
Ben Alex 49800018e9 SEC-173: Expand on JavaDocs for ACLs which have no permission records. 2006-05-23 12:15:43 +00:00
Ben Alex 92dbf836a1 SEC-259: Correct JavaDoc error. 2006-05-23 12:02:44 +00:00
Ben Alex 563ac1324c SEC-263: Stop polling voters after first one votes to deny. 2006-05-23 11:11:21 +00:00
Ben Alex 07e805e342 SEC-262: Refactor common method into superclass. 2006-05-23 11:03:30 +00:00
Ben Alex d795836bf1 SEC-266: Handle -1 allowing unlimited logins, as per JavaDocs. 2006-05-23 10:49:23 +00:00
Ben Alex 501eaadd09 SEC-267: Bug when working with CGLIB-generated classes. 2006-05-23 10:42:01 +00:00
Ben Alex a5d74ca2e1 SEC-260: Remove disused loggers. 2006-05-23 10:37:30 +00:00
Luke Taylor 4d24c88d1e Enforce the setting of a LdapUserDetailsMapper on authenticators (rather than a general mapper) to make sure the correct type is returned and that the username is set before it is returned. 2006-05-22 23:40:29 +00:00
Luke Taylor 3eaed3ad44 Added additionalAuthenticationChecks implementation to make sure password is rechecked if Ldap is used with a user cache. 2006-05-22 23:37:54 +00:00
Luke Taylor e30c3d7bd2 SEC-270: Make SavedRequest serializable. 2006-05-22 19:07:57 +00:00
Luke Taylor e5b79f1f95 Make getGroupMembershipRoles method public for convenience. 2006-05-22 19:06:19 +00:00
Luke Taylor 53b6735c3e Make sure the username and password are set on the final UserDetails object returned by the provider. 2006-05-21 03:03:50 +00:00
Luke Taylor e1eac8f0ca Added setters for rolePrefix and convertToUpperCase 2006-05-21 02:19:42 +00:00
Luke Taylor c1e76b64bc Chnaged to use setters in essence "copy constructor" 2006-05-21 02:17:14 +00:00
Luke Taylor 360e9908b7 Added test for empty or null username 2006-05-21 01:40:00 +00:00
Luke Taylor d8a28d6068 Add call for setDerefLinkFlag 2006-05-21 01:32:37 +00:00
Luke Taylor 016ac8016c Minor changes to increase coverage of methods 2006-05-21 01:23:34 +00:00
Luke Taylor 0d6b3ab9f3 Renamed 'execute' method in LdapCallback in line with Spring equivalents. Added some extra tests. 2006-05-21 01:06:37 +00:00
Luke Taylor 9623eb3d04 Correct log category package name 2006-05-20 23:45:54 +00:00
Luke Taylor b5e9690735 Removed duplicate file. 2006-05-20 18:14:05 +00:00
Luke Taylor 577cc17764 Removed individual search controls setter methods in favour of supplying complete search controls object. Added comment for 'compare' method. 2006-05-20 18:02:04 +00:00
Luke Taylor b8fa1ad906 Delete deprecated ldap classes (from previous package move) 2006-05-20 17:53:16 +00:00
Luke Taylor 316798ef9e Made mock context factory a standalone class 2006-05-20 17:47:36 +00:00
Luke Taylor 859185eebd Removed unused methods and added some extra tests. 2006-05-20 17:46:10 +00:00
Luke Taylor 2a24e4faf8 Deleted old version of LdapDataAccessException 2006-05-20 00:21:17 +00:00
Luke Taylor 7794ebf84b Now extends Spring's DataAccessException 2006-05-20 00:18:01 +00:00
Luke Taylor 3583470a49 Now extends Spring's DataAccessException 2006-05-20 00:14:24 +00:00
Luke Taylor 3eea670efc Exception translator IF for use in LdapTemplate 2006-05-19 23:22:55 +00:00
Luke Taylor 983afec70c Added license. 2006-05-19 23:20:27 +00:00
Luke Taylor ce1c59e924 Make template and search controls member variables. 2006-05-19 23:02:37 +00:00
Luke Taylor d3e42c6f3f Move conversion of roles to Strings into LdapTemplate 2006-05-19 22:29:17 +00:00
Luke Taylor 3239cd139e SEC-251: use username as parameter {2} in group searches 2006-05-19 22:10:05 +00:00
Luke Taylor 46cc1bec1e SEC-268: allow for delayed obtaining of app context reference 2006-05-19 21:38:26 +00:00
Luke Taylor 5d811c4a94 Removed "==true" in boolean conditional. 2006-05-19 19:29:59 +00:00
Luke Taylor f546e2bbad Remove default constructor as class is now only responsible for group searches which need the args version. 2006-05-16 23:38:48 +00:00
Luke Taylor 30d878b22e Change essence class to use a new ArrayList for the authorities (list from Arrays.asList() doesn't support add method). 2006-05-16 23:35:15 +00:00
Luke Taylor fc8ead3c54 Make sure populator roles are added rather than overwriting any roles loaded with the user entry. 2006-05-16 23:33:02 +00:00
Luke Taylor f8db6a4c78 Switch LDAP tests back to embedded server and comment out apacheds-broken ones. 2006-05-15 21:20:50 +00:00
Luke Taylor 9219c6548e SEC-264: Delete classes which are no longer used after LDAP changes. 2006-05-15 21:14:38 +00:00
Luke Taylor 65fe641900 SEC-264: changes to LDAP services. 2006-05-15 20:53:10 +00:00
Luke Taylor db042046e9 Introduce LDAPUserDetails. 2006-05-15 19:34:57 +00:00
Scott Battaglia ab05cb95ff SEC-239: changed order url is created in to reflect new processing filter url order 2006-05-04 19:31:28 +00:00
Scott Battaglia aee934812a SEC-239: switched to encoding a url with response.encodeURL to get the jsession. 2006-05-04 19:27:57 +00:00
Carlos Sanchez 76ce826345 Remove spring transitive deps, add log4j 2006-05-03 17:38:19 +00:00
Luke Taylor a7d7631f2f Fixed potential problem with multiple userDn patterns. 2006-05-01 00:43:42 +00:00
Luke Taylor f0b11109b4 Added tests for nameExists method 2006-05-01 00:41:07 +00:00
Luke Taylor 9f385eb1e0 Typo in Javadoc. 2006-05-01 00:40:18 +00:00
Luke Taylor a468f03cae Add functionality to LdapTemplate for checking that an entry exists, and for retrieving an entry as an object, mapped from its attributes. 2006-05-01 00:28:27 +00:00
Luke Taylor 3f0f45706c Update Javadoc to include SSHA info. 2006-04-30 22:14:27 +00:00
Luke Taylor def8a849a2 Added String-only 'compare' operation tests which now work with ApacheDS RC2 (unlike byte[] comparisons which are still broken). 2006-04-30 21:53:05 +00:00
Luke Taylor 98887f37da Change to more appropriate inline inner class name. 2006-04-30 21:40:53 +00:00
Luke Taylor 0b2be28def Added search method which will be used for finding roles. 2006-04-30 21:37:18 +00:00
Luke Taylor 91f5fc30be SEC-258: Removed use of URI class 2006-04-30 19:45:37 +00:00
Luke Taylor 25c643970a Change package names to match apacheds RC1. 2006-04-29 22:45:19 +00:00
Luke Taylor a50695a1a8 Upgrade apacheds to RC1 2006-04-29 22:41:21 +00:00
Ben Alex 890864ed00 SEC-194: Allow remember-me services to be used with BASIC authentication. 2006-04-28 08:54:54 +00:00
Ben Alex 9b63051149 SEC-204: Improve startup time detection of errors by FilterInvocationDefinitionSourceEditor. 2006-04-28 08:41:55 +00:00
Ben Alex cc07f620df SEC-257: ExceptionTranslationFilter to use AccessDeniedHandler. 2006-04-28 06:52:50 +00:00
Ben Alex 21aaf2b9db SEC-256: Contacts sample not displaying localized exceptions correctly. 2006-04-28 06:43:50 +00:00
Ben Alex d125569bd6 SEC-29: Save POST parameters on AuthenticationEntryPoint redirect. 2006-04-28 05:05:35 +00:00
Ben Alex 22aa0e898f SEC-243: SessionRegistry.getAllSessions() now accepts an "includeExpiredSessions" argument. 2006-04-27 23:26:19 +00:00
Ben Alex 0648c65b0b SEC-243: SessionRegistry.getAllSessions() now accepts an "includeExpiredSessions" argument. 2006-04-27 23:25:00 +00:00
Ben Alex d8a56d4e60 SEEC-255: Always create HttpSession before calling AuthenticationDetailsSource. 2006-04-27 23:11:56 +00:00
Marc-Antoine Garrigue 2af791a801 Error in javadoc concerning the default keyword
REQUIRES_CAPTCHA_BELOW_AVERAGE_TIME_IN_MILLIS_REQUESTS
2006-04-27 08:56:42 +00:00
Ben Alex 81603832be SEC-152: Strategy pattern for SecurityContextHoldder. 2006-04-27 08:31:32 +00:00
Ben Alex b05709df6a SEC-152: Strategy pattern for SecurityContextHoldder. 2006-04-27 08:30:29 +00:00
Scott McCrory 88ff43017d Added unit test for the overridden requiresAuthentication method 2006-04-27 02:24:30 +00:00
Scott McCrory 481a9377e4 Added NPE check for defaultTargetUrl in requiresAuthentication 2006-04-27 02:23:46 +00:00
Ben Alex 8cc5dcde30 SEC-249: Support logout filter. 2006-04-26 23:36:03 +00:00
Luke Taylor 8400341399 Tidy up screwy formatting. 2006-04-26 21:19:20 +00:00
Ray Krueger a7d0f88e01 Fixed no authority check so that it is after addCustomAuthorities
http://opensource.atlassian.com/projects/spring/browse/SEC-253

Also removed the unused logger
2006-04-26 16:22:38 +00:00
Ben Alex a47a342ce6 SEC-234: Allow pluggable AuthenticationDetailsSource strategy interface. 2006-04-26 05:24:49 +00:00
Ben Alex b1becf9277 SEC-242: Make logger reflect subclass, not superclass. 2006-04-26 04:56:46 +00:00
Ben Alex f4156a22bd SEC-246: Enable late binding on DaoAuthenticationProvider.userDetailsService field. 2006-04-26 04:54:44 +00:00
Ben Alex d541c8e257 SEC-238: Add AuthenticationException to onUnsuccessfulAuthentication method signature. 2006-04-26 04:42:16 +00:00
Ben Alex 540c7b2e6a SEC-229: Allow external URLs from AbstractProcessingFilter. 2006-04-26 04:36:54 +00:00
Ben Alex 97ac9f7e98 SEC-191: Look in parent bean factories for AclManager. 2006-04-26 04:26:04 +00:00
Ben Alex f6b7429947 SEC-187: Tidy up URL composition logic basedon default HTTP(S) ports. 2006-04-26 04:19:35 +00:00
Ben Alex 307ac99ec5 SEC-199: Use ServletException.getRootCause() to extract any Acegi Security exceptions. 2006-04-26 04:11:05 +00:00
Ben Alex 4e09777dec SEC-247: Allow #NONE# to be used to specify paths that shouldn't have any filters fire. 2006-04-26 03:55:39 +00:00
Ben Alex 185d63f23c SEC-221: AbstractProcessingFilter.onPreAuthentication() should have exceptions caught. 2006-04-26 03:40:24 +00:00
Ben Alex 6bae43d380 SEC-206: Include context root when generating cookies. 2006-04-26 03:35:33 +00:00
Ben Alex 5d9ed78b50 SEC-147: Add processDomainObjectClass property to AfterInvocationProviders. 2006-04-26 03:30:27 +00:00
Ben Alex de4af379cc SEC-252: Stop NPE if principal object is null. 2006-04-26 03:00:14 +00:00
Ben Alex fba45cb19e SEC-208: Fix threading issue. 2006-04-26 02:54:18 +00:00
Carlos Sanchez 88e8e60861 [SEC-240] Moved log4j.properties to test folder to avoid including it in jar 2006-04-26 02:39:56 +00:00
Ben Alex 5f79a25860 SEC-243: SessionRegistryImpl no longer incorrectly includes expired sessions. 2006-04-26 02:36:37 +00:00
Ben Alex 948f79e2e2 SEC-219: Support complex tokenization scenarios. 2006-04-26 02:23:19 +00:00
Ben Alex 14683dcbc7 SEC-190: Add hashCode() and equals() methods. 2006-04-26 01:41:10 +00:00
Ben Alex 36c096858d SEC-223: Improve hashCode() performance. 2006-04-26 01:31:17 +00:00
Ben Alex 57aee4e605 SEC-218: Fix authentication exception cleanup of SecurityContextHolder. 2006-04-26 01:28:06 +00:00
Ben Alex 8cff715599 SEC-222: Improve hashCode() to use XOR. 2006-04-26 01:18:42 +00:00
Scott McCrory e39bd43541 SEC-217 - Improve Siteminder Filter - now authenticates on calls to both j_security_check and the default target URL if the user isn't already authenticated. Thanks Paul Garvey for determining this and providing solution code. 2006-04-25 23:19:30 +00:00
Scott McCrory e44c5e66d3 As per SEC-193, removed unnecessarily overridden methods. 2006-04-25 23:01:04 +00:00
Carlos Sanchez 465f76cb22 Resolve some compilation problems with m2 2006-04-25 16:31:48 +00:00
Carlos Sanchez 7d250eda78 Use latest directory server version
Set test scope to spring mock
2006-04-25 04:46:19 +00:00
Ben Alex 719d3af879 SVN updates. 2006-04-25 00:22:00 +00:00
Luke Taylor 4d9f99acc4 Added getter for authoritiesPopulator. Fix for SEC-227. 2006-04-18 23:44:07 +00:00
Luke Taylor 596882804f First commit of LdapTemplate class, a la Spring JdbcTemplate, as suggested by Ben to simplify Ldap connection handling etc. 2006-04-18 22:34:04 +00:00
Luke Taylor 3d51c46575 Added license header. 2006-04-18 22:27:17 +00:00
Luke Taylor f61a58d98b Added a couple more tests. 2006-04-16 21:18:12 +00:00
Luke Taylor 7a0a87a167 Added support for LDAP SSHA (salted SHA) encoded passwords. 2006-04-16 21:12:39 +00:00
Luke Taylor c6dd545de0 Javadoc change. 2006-04-16 17:11:44 +00:00
Luke Taylor e5bef3f31b Added doc for @throws 2006-04-16 17:11:06 +00:00
Luke Taylor 9c8a4c2f74 Fix for SEC-237. Make LDAP Provider reject empty username. 2006-04-16 16:41:08 +00:00
Luke Taylor 743cc9fec7 Fix for SEC-215. Check for empty nameInNameSpace before appending. 2006-04-16 16:11:02 +00:00
Luke Taylor d5885baf6b Added some comments. 2006-04-16 16:00:32 +00:00
Luke Taylor 3f06c51379 Fix for SEC-225. Allow empty search base in authorities populator. 2006-04-16 15:37:48 +00:00
Luke Taylor 48716af20a Removed unnecessary package names left over from refactoring. 2006-04-16 15:25:33 +00:00
Luke Taylor 072a4c3d18 Fix for SEC-226. Added ability to set derefLinkFlag property. 2006-04-16 15:15:55 +00:00
Luke Taylor 267c846e12 Sort out LDAP tests to match up with moved production classes. 2006-04-16 14:31:13 +00:00
Luke Taylor bf4fca9126 Move non security-specific LDAP classes to org.acegisecurity.ldap package 2006-04-16 14:26:46 +00:00
Luke Taylor 7c69668589 Deprecated, pending deletion. 2006-04-16 14:12:23 +00:00
Luke Taylor bbd250e442 Modified to use classes from org.acegisecurity.ldap package 2006-04-16 14:05:28 +00:00
Luke Taylor 7f24e209a6 Move non security-specific LDAP classes to org.acegisecurity.ldap package 2006-04-16 13:56:36 +00:00
Luke Taylor 0c1ab7f98c Corrected a couple of Javadoc typos. 2006-04-15 12:32:50 +00:00
Scott Battaglia 9a8fdcd269 SEC-196
updated references to Yale CAS to JA-SIG CAS
2006-03-28 15:41:20 +00:00
Scott Battaglia b0d4cbceac updated javadoc to reflect proper value of getPrincipal 2006-03-28 14:05:57 +00:00
Scott Battaglia 3d0f746719 SEC-224
updated CasAuthenticationToken to be consistant with approach taken by other providers with regards to authentication.getPrincipal()
2006-03-14 16:15:51 +00:00
Ben Alex 51f1b33af9 SEC-209: Make eventPublisher protected. 2006-03-07 13:04:12 +00:00
Luke Taylor 7e7920ce00 Fix for SEC-202. Intialize manager password to default "manager_password_not_set". 2006-02-28 17:47:55 +00:00
Scott Battaglia 5607da8d67 updated references from Yale CAS to JA-SIG CAS 2006-02-27 13:52:41 +00:00
Luke Taylor 6abceb7ab0 Additional changes related to SEC-192 (avoiding session creation when creating WebAuthenticationDetails). Also fixed Jalopy chaos in SwitchUserProcessingFilter. 2006-02-20 00:37:39 +00:00
Luke Taylor 52a212e609 Removed "== true" in boolean. 2006-02-20 00:27:36 +00:00
Luke Taylor 5475ab0575 Modify AbstractAuthenticationManager to transfer the details object from authentication request to the resulting authentication token, provided it has not already been set on the latter by an authentication provider. 2006-02-19 23:50:21 +00:00
Luke Taylor c88b9093c0 Remove unnecessary check for null. 2006-02-19 22:35:37 +00:00
Luke Taylor ee41d24447 Javadoc correction. 2006-02-19 22:23:04 +00:00
Luke Taylor e12c8310eb Remove unnecessary default constructors which throw IllegalArgumentException. Favours compile time over runtime errors. 2006-02-16 16:44:35 +00:00
Luke Taylor 4b4d4d3332 Added some uses of Spring Assert class and removed one to prevent unnecessary StringBuffer creation. 2006-02-16 01:11:31 +00:00
Luke Taylor 84ccd89061 More readable javadoc. 2006-02-15 19:06:04 +00:00
Luke Taylor cd7efaf567 Fix for SEC-189. Added getter for initialDirContextFactory. 2006-02-13 16:20:42 +00:00
Luke Taylor 6c29a6d17e Added test for immutability of authorities array. Refactored standard authorities array into an instance field. 2006-02-13 16:16:43 +00:00
Ben Alex 2ab5af0a69 SEC-188: Fix JavaDocs. 2006-02-12 06:29:53 +00:00
Ben Alex a28a932598 SEC-183: Minimise session creation as a consequence of SEC-168 and SEC-182 changes. 2006-02-09 23:04:29 +00:00
Ben Alex 0282696202 SEC-182: Remember-me compatibility with concurrent session support. 2006-02-09 10:32:49 +00:00
Ben Alex b1dd784dee SEC-180: BasicProcessingFilter should configurably ignore authentication failures. 2006-02-09 06:41:31 +00:00
Ben Alex e63b2ec9e6 Cleanup unused imports. 2006-02-09 06:00:25 +00:00
Ben Alex 96196bd637 SEC-179: Upgrade to Spring 2.0-M2. 2006-02-09 05:36:06 +00:00
Ben Alex ae29498f75 SEC-158: X509 to support Authentication.isAuthenticated() as per usual contract. 2006-02-09 04:25:07 +00:00
Ben Alex 79287999dc SEC-178: Refactor AbstractAuthenticationToken. 2006-02-09 04:16:50 +00:00
Ben Alex 74de83e5f1 SEC-177: Add hashCode() method. 2006-02-09 03:45:47 +00:00
Ben Alex c9cee6651c SEC-176: Add hashCode() method. 2006-02-09 03:36:47 +00:00
Ben Alex ac457021b8 Inheritance doesn't seem to work, so added the groupId manually. 2006-02-09 03:13:58 +00:00
Ben Alex 77be0009ad Correct equals(Object) method handling if both objects have null getDetails(). 2006-02-09 02:54:40 +00:00
Ben Alex 78df09db8a SEC-175: Add equals(Object) method. 2006-02-09 02:53:27 +00:00
Luke Taylor dc959b1847 Fix for SEC-159. Added clearContext() method to SecurityContextHolder and refactored code to use it instead of putting an empty context into the holder. 2006-02-08 23:27:46 +00:00
Ben Alex 8c0ce12332 SEC-169: Add SessionRegistry.getAllPrincipals() method. 2006-02-08 05:22:48 +00:00
Ben Alex 3a01e48b17 SEC-174: Correct IE6 bug with AuthenticationProcessingFilterEntryPoint. 2006-02-08 04:58:50 +00:00
Ben Alex 9d213f46a4 SEC-168: Prevent errors with concurrent session support. 2006-02-08 04:42:03 +00:00
Ben Alex 1fa6ac0975 SEC-164: Copy Authentication.getDetails() to returned Authentication object. 2006-02-08 02:19:43 +00:00
Luke Taylor 2daea069f9 Refactoring of BindAuthenticator to allow an extended version which uses ppolicy controls. Added no-cause constructor in LdapDataAccessException for use in data parsing errors. 2006-02-08 02:17:44 +00:00
Ben Alex ca1bf5cc21 SEC-170: AbstractAclVoter to support JoinPoint. 2006-02-08 02:06:55 +00:00
Luke Taylor eb7964f6e5 Clean imports. 2006-02-08 01:54:03 +00:00
Luke Taylor fe88d6ec17 SEC-134 fix. Authorities array is now copied on access. Also refactored token classes to move authorities to the base class. 2006-02-08 01:24:38 +00:00
Luke Taylor 842ad929a4 Change search object to use constructor injection (SEC-165) . 2006-02-03 19:53:08 +00:00
Luke Taylor 436fcde10b Change apacheds to version 0.9.4-SNAPSHOT, add slf4j-log4j12 dep 2006-02-02 19:58:46 +00:00
Carlos Sanchez 3036b5d46b Spring mock is required for compilation 2006-02-01 19:16:46 +00:00
Ben Alex 9771b7817a SEC-144: Separate SecurityEnforcementFilter from FilterSecurityInterceptor. 2006-01-28 22:54:23 +00:00
Ben Alex fa4c2a6ade Correct bug with SEC-120 location of where filter chain proceeds. 2006-01-28 22:52:17 +00:00
Ben Alex 823f93fe3b SEC-163: Fix ClassCastException bug in MethodInvocationUtils, and add test to prove correct functionality. 2006-01-28 21:33:35 +00:00
Ben Alex ce907f2ddc SEC-153: Improve toString() method. 2006-01-28 01:30:46 +00:00
Ben Alex 484b0e3a51 SEC-126: Initial commit of WebInvocationPrivilegeEvaluator feature. 2006-01-28 01:26:58 +00:00
Ben Alex 0c89822c56 SEC-162: Properly handle null Authentication. 2006-01-28 01:24:52 +00:00
Ben Alex c8c7c24822 SEC-120: Remember-me to delegate to AuthenticationManager so authentication-specific behaviour (such as concurrent user management) can be applied. 2006-01-28 01:22:36 +00:00
Luke Taylor 9062b4c352 Improved solution to 1.4-compatible IllegalArgumentException with "cause" exception (as suggested on dev list). 2006-01-27 18:53:37 +00:00
Luke Taylor fbe5957c23 Add support for ldaps:// urls. (Fix for SEC-146). 2006-01-27 18:28:13 +00:00
Ben Alex 82be52cea0 SEC-123: Remove exception from no-arg constructor. 2006-01-27 05:26:46 +00:00
Ben Alex ea182f73fe SEC-145: Include nested exception. 2006-01-27 05:17:13 +00:00
Ben Alex 2459858f48 SEC-132: Refactor out getSessionId() to interface, so different Authentication.getDetails() implementations can be used. 2006-01-27 05:10:30 +00:00
Ben Alex 07ed2ca2f0 Initial commit. 2006-01-27 05:09:57 +00:00
Ben Alex ab223b8423 SEC-156: Use getName() instead of toString() as getName() is always the username whereas toString() contains extra information if the Authentication.getPrincipal() has been converted to a UserDetails. 2006-01-27 04:52:46 +00:00
Ben Alex 8f6275ab3e SEC-155: BasicaclEntryCache to provide "remove from cache" support. 2006-01-27 04:42:39 +00:00
Ben Alex 449e395181 Reformat code. 2006-01-27 04:42:15 +00:00
Ben Alex e675c89e28 Remove unused imports. 2006-01-27 04:41:32 +00:00
Ben Alex 5e258cc201 SEC-161: Truncate everything after ? in URL. 2006-01-27 03:30:01 +00:00
Ben Alex 49a917b08d Remove extra dependency on Commons Lang. This dependency is only required by the domain subproject, not the core security project. 2006-01-27 03:18:34 +00:00
Luke Taylor 13a0784736 Replaced use of Java 1.5 IllegalArgumentException constructor. 2006-01-27 01:20:15 +00:00
Luke Taylor 2b0a65983d Removed unused logger. 2006-01-26 20:48:49 +00:00
Luke Taylor f9e043d43a added commons lang dependency 2006-01-26 20:02:26 +00:00
Luke Taylor 17b3424b85 Javadoc typos. 2006-01-26 14:55:13 +00:00
Ben Alex 4024f124b9 SEC-154: Support Hibernate/CGLIB modified domain objects. 2006-01-26 10:27:32 +00:00
Ben Alex a7ebe51fc8 SEC-135: Additional logging of votes in BasicAclEntryVoter. 2006-01-26 10:04:36 +00:00
Ben Alex f4c1b81a9c SEC-150: Expand exception message. 2006-01-26 10:00:59 +00:00
Ben Alex 37802e3748 SEC-138: Make exception output to Commons Logging, not system console. 2006-01-26 09:36:48 +00:00
Ben Alex 10541fc9db SEC-137: Correct stack overflow with MethodInvocation.createFromClass(Class, Method). 2006-01-26 09:28:30 +00:00
Ben Alex e5c538d1a5 SEC-125: Provide hashCode() method for AbstractAuthenticationToken. 2006-01-26 09:23:03 +00:00
Luke Taylor 63682a9c5d Javadoc typos. 2006-01-25 17:04:58 +00:00
Luke Taylor fe2f4e4a3b Added setter method to allow connection pooling to be disabled. 2006-01-25 17:04:02 +00:00
Ray Krueger b20c0a674a Fixed NPE see SEC-143 2006-01-16 23:56:04 +00:00
Luke Taylor 38629f159a Added default role option to authorities populator. 2006-01-13 21:13:53 +00:00
Luke Taylor 63dcdec1b7 Corrected more Jalopy screwy formatting. 2006-01-06 02:00:41 +00:00
Luke Taylor 22b0e1613c Addition of package.html files. Minor formatting. 2006-01-05 19:59:04 +00:00
Luke Taylor 2f53f0e7d7 Message string changed to reflect class name changes. 2006-01-05 01:11:45 +00:00
Luke Taylor affa500778 Message string changed to reflect class name changes. 2006-01-05 01:02:49 +00:00
Luke Taylor d7ae1ad21b Refactoring to reduce code duplication, remove config files and use JMock to enforce expectations on whether FilterChain proceeds or not. 2006-01-05 00:59:10 +00:00
Luke Taylor 0202b47346 Switched to using JMock methods for dummy objects. 2006-01-04 23:31:34 +00:00
Luke Taylor 4063a87dbf Changed to use parent method for Mock creation rather than new operator. 2006-01-04 23:25:40 +00:00
Luke Taylor f9d0ee209b Changed FilterInvocationDefinitionSourceEditor to complain if the parsed URL or the config attribute is empty or null. Plus some comment tidying. 2006-01-04 21:35:10 +00:00
Luke Taylor 56bccf6070 Added MessageSource support for LDAP provider classes. 2006-01-03 20:31:19 +00:00
Luke Taylor e81be72bd7 Changed test to use tested class rather than interface name. Added test for service detection style URLs. 2006-01-01 15:11:54 +00:00
Carlos Sanchez 1dfc42550f Add spring-mock to dependency management
Add ldap dependencies
Simplify spring dependencies
2005-12-25 00:21:49 +00:00
Ben Alex 6b1f97a381 Resolve compiler warnings. 2005-12-24 10:03:18 +00:00
Carlos Sanchez b0d65259b6 Changed groupId to org.acegisecurity 2005-12-22 16:40:22 +00:00
Carlos Sanchez f226dfb67f Use ISO encoding to avoid problems 2005-12-22 16:27:44 +00:00
Carlos Sanchez 0c9e1769a4 Improved m2 poms 2005-12-22 15:54:37 +00:00
Carlos Sanchez f662ed5890 Ignore eclipse project files 2005-12-22 13:41:33 +00:00
Luke Taylor 9b5aa159aa Correct screwy formatting. 2005-12-22 01:42:27 +00:00
Luke Taylor 3977e3b822 Refactored to remove unnecessary null check in createSuccessAuthentication. Removed several legacy references to AuthenticationDao in Javadoc. 2005-12-22 01:30:53 +00:00
Luke Taylor 5b076c79d1 Changed to use a Set rather than array index to check for the presence of granted authorities as the ordering of the latter couldn't be guaranteed. 2005-12-22 01:22:09 +00:00
Luke Taylor 41a95b11cd Corrected wrong package name in Javadoc. 2005-12-22 01:18:32 +00:00
Luke Taylor 8f725f7a74 Removed no-arg constructor from UsernamePasswordAuthenticationToken. 2005-12-22 01:16:16 +00:00
Luke Taylor c378779610 Removed printStackTrace from expected exception. 2005-12-22 01:15:25 +00:00
Luke Taylor 09cef7adc2 Refactoring to remove encodeInternal method. Same as recent changes to SHA encoder. 2005-12-21 16:41:52 +00:00
Luke Taylor 2d1dd7b292 Restoring author/version tags, some minor comments. 2005-12-21 00:48:57 +00:00
Luke Taylor 20d69e2734 Tidying up some Jalopy weirdness. 2005-12-21 00:39:36 +00:00
Luke Taylor dc728987f4 Changed LdapDataAccessException to extend AuthenticationServiceException. 2005-12-21 00:14:15 +00:00
Luke Taylor 0f678d53ba Javadoc typo in tag. 2005-12-21 00:00:02 +00:00
Luke Taylor 911be66513 Move LdapUserSearch into main provider package and separate out its current implementation as it may be used for more than authentication. 2005-12-20 23:58:35 +00:00
Luke Taylor b01bf0b878 Expanded Javadoc. 2005-12-20 23:26:38 +00:00
Luke Taylor 1549ec55b1 Switch to embedded context version of apache DS (no socket nonsense etc.) 2005-12-20 23:08:54 +00:00
Luke Taylor 9554dc50bc Pull functionality for hiding UsernameNotFoundException's up into AbstractUserDetailsAuthenticationProvider. 2005-12-19 17:23:34 +00:00
Luke Taylor 929b08c085 Spring config for ApacheDS is no longer used. 2005-12-19 17:04:09 +00:00
Luke Taylor 069f78c00b Move the apacheDS working directory to java.io.tmpdir 2005-12-19 17:01:25 +00:00
Luke Taylor 1f66750e24 Added support for multiple DN patterns. Changes to favour constructor injection for mandatory properties. Renamed LdapUserInfo to prevent confusion with UserDetails interface. 2005-12-18 21:14:27 +00:00
Luke Taylor e3b728cc9a Javadoc typos. 2005-12-18 15:02:17 +00:00
Luke Taylor 40f50498b2 Re-enable some tests which partially work with embedded ApacheDS. 2005-12-16 18:26:23 +00:00
Luke Taylor bfb4fb81d4 Remove messages about existing data. 2005-12-16 02:47:47 +00:00
Luke Taylor f9c88adfa9 Switch to embedded server and disable tests which cause problems with apacheDS for the time being. 2005-12-16 02:23:06 +00:00
Luke Taylor 53252d258f Set extra properties on InitialDirContextFactory and corrected group search filter. 2005-12-16 01:28:29 +00:00
Luke Taylor 1db1a3cd62 Changes try to get Ldap tests working with the possibility of using a non-networked embedded server. 2005-12-16 01:07:31 +00:00
Luke Taylor 45e2f9dac4 Removed internal encoding method to make subclassing work. 2005-12-16 00:59:29 +00:00
Luke Taylor 781ed0f380 Switch to local url. 2005-12-15 03:45:48 +00:00
Luke Taylor d014411d48 Corrections to DIT for apache-ds tests. 2005-12-15 02:16:13 +00:00
Luke Taylor ce3d6f2129 Initial LDAP provider checkin. 2005-12-15 00:18:13 +00:00
Ben Alex a1037ddc87 Prepare 1.0.0 RC1. 2005-12-04 11:20:52 +00:00
Ben Alex d89c6c0a74 SEC-118: Wrong logger class corrected. 2005-12-04 10:48:33 +00:00
Ben Alex ee48f38ff0 SEC-116: Correct JavaDocs. 2005-12-02 12:14:38 +00:00
Ben Alex 75a9784028 SEC-58: Initial commit of Velocity helper. 2005-12-01 09:38:50 +00:00
Ben Alex b16ce31c5b Prove placeholders work correctly. 2005-12-01 00:30:18 +00:00
Ben Alex 2c28ff4fd1 SEC-56: Further improvements to localization. 2005-11-30 01:23:36 +00:00
Ben Alex 62fde4ede3 SEC-107: Finalize rename of AuthenticationDao to UserDetailsService with corresponding change in package from .providers.dao to .userdetails. 2005-11-30 00:20:13 +00:00
Ben Alex a6e23d79ae SEC-107: Rename AuthenticationDao to UserDetailsService. 2005-11-29 13:10:15 +00:00
Ben Alex 6144e1664e SEC-108: Make fields protected. 2005-11-29 02:43:35 +00:00
Ben Alex 6585c2b391 Allow subclasses to make modifications to GrantedAuthority[]. 2005-11-26 13:27:30 +00:00
Ben Alex fddcd6112e SEC-56: Add localisation support. 2005-11-26 05:11:53 +00:00
Ben Alex f4c3e2ff8c Use Spring Assert for cleaner code. 2005-11-26 04:18:21 +00:00
Ben Alex e53a00371c Use logger instead of System.out.println(). 2005-11-26 04:10:05 +00:00
Ben Alex 218fcf5b24 SEC-3: Add static method so digest-compatible passwords can be stored in database. 2005-11-25 05:20:57 +00:00
Ben Alex bb2ac126b7 SEC-47: AbstractSecurityInterceptor to reject secure object invocations which do not have configuration attributes defined. 2005-11-25 04:56:01 +00:00
Ben Alex 27f47673ad SEC-106: Use getMethod() instead of getDeclaredMethod() so that methods defined in principal Object superclasses are accessible. 2005-11-25 04:40:27 +00:00
Ben Alex 9ccaf05cc7 SEC-112: Bug when SecurityEnforcementFilter used with disabled Authentication and remember-me services. 2005-11-25 04:38:18 +00:00
Ben Alex 47166fe078 SEC-110: ProviderManager to properly handle ConcurrentLoginException. 2005-11-25 04:33:40 +00:00
Ben Alex 58b8b840b3 SEC-105: Correct incorrect JavaDocs. 2005-11-25 04:29:32 +00:00
Ben Alex 969bbff00c SEC-18: Preemptive method invocation security checking helper. 2005-11-25 04:18:34 +00:00
Ben Alex 731d7b2e89 SEC-113 Provide MethodInvocationUtils. 2005-11-25 04:17:25 +00:00
Ben Alex 72256a225f SEC-73: Support storage and retrieval of actual Principal object (such as UserDetails) from PrnicipalAcegiUserToken. 2005-11-25 00:26:30 +00:00
Luke Taylor 7847af2664 Fix for SEC-111. Added a try/finally block to make sure context is always reset after the invocation. 2005-11-23 16:09:44 +00:00
Ben Alex 6a1a4abb1d SEC-104: Move to org.acegisecurity package. 2005-11-17 00:56:49 +00:00
Scott McCrory 79c3ba521b Resolved and/or inhibit build warnings as seen in Eclipse 3.1. Please refer to http://opensource2.atlassian.com/projects/spring/browse/SEC-93 for more info. 2005-11-11 22:37:38 +00:00
Ben Alex b1d247835a Stop causing an exception when there is no AuthenticationException to ApplicationEvent mapping. Requested by Brian Moseley on acegisecurity-developer 10 November 2005. 2005-11-10 00:41:54 +00:00
Ben Alex c167e9fd87 Change SecurityContextHolder to ThreadLocal due to IBM JDK 1.3 issues as described at http://tinyurl.com/8zhka and reported by Scott McCrory on acegisecurity-developer 8 November 2005. 2005-11-08 22:07:33 +00:00
Scott McCrory b938b6b363 Increased SiteminderAuthenticationProcessinfFilter test coverage from 70% to 93%. 2005-11-08 02:55:48 +00:00
Ben Alex df9deea4de Only clear SecurityContextHolder if the Authentication object has not changed. 2005-11-08 01:39:27 +00:00
Scott McCrory 97f3ad79cb Removed unused imports & organized the remnants. 2005-11-07 03:32:18 +00:00
Ben Alex 55f5093ec7 SEC-94: DaoAuthenticationProvider to include UserDetails in BadCredentialsException. 2005-11-07 03:04:47 +00:00
Scott McCrory 309b559a8f Removed unused imports. 2005-11-06 23:00:31 +00:00
Luke Taylor e02dbd5c34 Changed class names to match new context classes. 2005-11-06 22:00:27 +00:00
Luke Taylor 0aef31d302 Converted ApplicationContextAware classes to ApplicationEventPublisherAware (SEC-69). 2005-11-06 21:11:25 +00:00
Luke Taylor 6511677f93 Moved duplicate setting of null authentication to setUp method. 2005-11-06 21:06:53 +00:00
Luke Taylor bba77b64e9 Corrected javadoc 2005-11-06 21:01:21 +00:00
Luke Taylor 5cb7575b2b Corrected references to old context class names in Javadoc and logging. 2005-11-05 18:49:55 +00:00
Ben Alex 5a51f391a4 Add UsernameNotFoundException to default exception to event mappings list. 2005-11-05 09:20:14 +00:00
Ben Alex aa4fd8586c Fix concurrent session interaction bug where UserDetails.getUsername() may have been override to be a different value than the original login request, as per email from Herryanto Siatono on acegisecurity-developer 5 November 2005. 2005-11-05 03:50:22 +00:00
Ray Krueger 0aa4989dad JaasAuthenticationProvider no longer supports the useSystemProperty setting.This is because it no longer uses the java.security.auth.login.config system property for configuring Jaas. Custom Jaas configuration needs can be implemented in a subclass that overrides the configureJaas method.
JaasAuthenticationProvider now handles logout by associating the LoginContext with a new JaasAuthenticationToken
2005-11-04 15:02:27 +00:00
Ray Krueger 6049e9ac65 Removed string concatenation from buffer.append methods 2005-11-04 14:54:25 +00:00
Ben Alex 9be82a3d8f SEC-67: Enhance taglib to allow retrieval of custom UserDetails methods. 2005-11-03 13:51:55 +00:00
Ben Alex 31a1f0be1a SEC-52: Move potentially useful methods to an abstract superclass so that other voters can use them. 2005-11-03 13:47:44 +00:00
Ben Alex 6e389ca1b8 SEC-51: Use long instead of int for ACL primary keys. 2005-11-03 13:38:45 +00:00
Ben Alex 633f2cfe66 SEC-39: Add equals(Object) method to User. 2005-11-03 13:20:26 +00:00
Ben Alex 7faf2741f1 SEC-32: Patches to move isPermissable(int) method to the BasicAclEntry interface. Thanks to Andres March for this patch. 2005-11-03 13:08:43 +00:00
Ben Alex a42dec6fbf SEC-21: Initial commit. 2005-11-03 12:56:27 +00:00
Ben Alex e9b1d9452f SEC-9 and SEC-55: Refactor DaoAuthenticationProvider and deprecate PasswordDaoAuthenticationProvider. 2005-11-03 11:31:23 +00:00
Ben Alex f50cbd31ba SEC-38: Make InMemoryDaoImpl support external Properties objects. 2005-11-03 10:05:02 +00:00
Ben Alex 0d77abb9c1 SEC-64: Correct operation with Orion Web Application Server. Patch thanks to Paul Brooks. 2005-11-03 09:48:52 +00:00
Ben Alex d9be0f86fd SEC-53: BasicProcessingFilter only to reauthenticate if the SecurityContextHolder contains an unauthenticated Authentication, or an Authentication with a different username. 2005-11-03 09:45:30 +00:00
Ben Alex 690ab27a52 SEC-70 and SEC-71: Refactor event publishing. 2005-11-03 09:23:49 +00:00
Ben Alex b6dbfde55c SEC-70: Refactor event publishing. 2005-11-03 06:55:47 +00:00
Ben Alex 3811200599 Improve debug output. 2005-11-03 06:51:30 +00:00
Ben Alex 2cbe42f493 SEC-7: Allow better chaining of authentication providers. 2005-11-03 04:14:12 +00:00
Ben Alex 42c47c086a JavaDocs formatting. 2005-11-03 04:13:56 +00:00
Luke Taylor f8b0de3459 Corrected Javadoc link to interface name. 2005-11-01 14:22:08 +00:00
Marc-Antoine Garrigue 5235727d23 SEC-2
Refactor the CaptchaChannelProcessor and extract a CaptchaChannelProcessor that is an abstract class and add its implementations.
Jalopy on all java files.
2005-10-24 17:08:18 +00:00
Ben Alex 1ae07779a2 SEC-710: Refactor concurrent session handling support. 2005-10-22 01:53:03 +00:00
Ben Alex a5ffda7369 SEC-63: Do not return an absolute URL unless switching from HTTP to HTTPS. 2005-10-21 08:00:15 +00:00
Ben Alex c6d5363e5d SEC-60: Make method more friendly towards Hibernate detached object. Please note my comments in the JIRA task, as I believing calling toString() is not an unreasonable expectation. 2005-10-21 07:53:34 +00:00
Ben Alex d49198a944 SEC-43: Eliminate id column. 2005-10-21 07:32:48 +00:00
Ben Alex 41202112bc SEC-37: Only update HttpSession if SecurityContext has actually been changed. 2005-10-21 07:26:16 +00:00
Ben Alex 494e35f009 Jalopy styling. 2005-10-21 07:23:33 +00:00
Luke Taylor 24a78be159 Corrected link in Javadoc. 2005-10-19 21:19:16 +00:00
Luke Taylor c065c46668 Javadoc correction: ContextHolder -> SecurityContextHolder 2005-10-18 15:44:22 +00:00
Luke Taylor df4b8f602f Javadoc correction: SecureContext -> SecurityContext 2005-10-18 15:43:41 +00:00
Carlos Sanchez b2363dfe07 SEC-62 Add maven 2 support 2005-10-06 20:53:08 +00:00
Ray Krueger a39339674e login.config.url should be set to a url, not a file path
The System property java.security.auth.login.config will only be used if the useSystemProperty option is enabled. This is the default.
2005-09-26 14:14:42 +00:00
Scott McCrory bc14dd62db Fixed CVS line break 2005-09-25 22:49:45 +00:00
Scott McCrory 4717b64b83 Updated Siteminder auth processing filter and added test case. As of this weekend, this version is in production at a large financial org. 2005-09-25 22:48:33 +00:00
Ben Alex 0f5e9ad372 Fix NPE. Thanks to Tom Dunstan. 2005-09-22 01:49:12 +00:00
Ben Alex f5741962ed Add createSessionAllowed property, which should be set to false to avoid unnecessary session creation. 2005-09-22 00:54:27 +00:00
Marc-Antoine Garrigue 60d3b6505b Finalizing the validation, entry point and channel processor concerning captchas. Replacing the Thread.sleep() in captchaChannelProcessorTest to avoid the build break issue. 2005-09-20 12:24:47 +00:00
Mark St. Godard fb3f4af3b2 when extracting the original user, fix by referencing by the interface (UserDetail) rather than the concrete class (User) 2005-09-20 02:28:01 +00:00
Mark St. Godard 24394b7b2b added fix to preserve custom UserDetails implementations (Matt DeHoust fix recommendation) 2005-09-19 02:22:44 +00:00
Ben Alex d44b570087 Disable failing tests until Marc-Antoine has a chance to look at them. 2005-09-18 22:38:37 +00:00
Ben Alex ae9e7733db Fix broken tests. 2005-09-18 22:38:05 +00:00
Ben Alex 35ca25f085 BasicAuthenticationProcessingFilter no longer creates HttpSession via WebAuthenticationDetails call. 2005-09-08 11:15:48 +00:00
Ben Alex c7dcceb05c Do not setAuthenticated(false) in the event of a public (unsecured) invocation. Thanks to Joseph Dane for reporting this issue on acegisecurity-developer on 3 September 2005. 2005-09-08 09:32:24 +00:00
Mark St. Godard 486bbee35d added context path to redirect 2005-09-03 21:43:08 +00:00
Mark St. Godard 9d359780d9 finish user context switch event publishing 2005-09-03 20:24:35 +00:00
Mark St. Godard 20ebb668a6 Added event for user context switching and updated switch user filter 2005-08-25 02:59:19 +00:00
Ben Alex 55f5c3397a Relocated JdbcDaoExtendedImpl.convertAclObjectIdentityToString to superclass (pursuant to suggestion made by Tim Kettering on acegisecurity-developer). 2005-08-23 22:45:17 +00:00
Ray Krueger 2bda6ec25c Fix: SEC-48 http://opensource2.atlassian.com/projects/spring/browse/SEC-48
If the principal is an instanceof UserDetails, UserDetails.getUsername();
2005-08-23 15:15:06 +00:00
Ben Alex 40a81ed220 Revisit synchonization issue and correct problem identified by Volker Malzahn. 2005-08-21 10:10:16 +00:00
Mark St. Godard ec5e39c2e8 Initial checkin of user security context switching (see SEC-15). This is the first cut of the SwitchUserProcessingFilter that handles switching to a target uesr and exiting back to the original user. Note: This is going to be used for the common use-case of an Administrator 'switching' to another user (i.e. ROLE_ADMIN -> ROLE_USER). This is the initial cut of a Unix 'su' for Acegi managed web applications. 2005-08-04 05:49:12 +00:00
Luke Taylor 725ec767b6 Javadoc typo corrected (as suggested on mailing list) 2005-08-01 20:05:02 +00:00
Scott McCrory c2c48b905b Added package.html files to reamining java packages (see http://opensource.atlassian.com/projects/spring/browse/SEC-41) 2005-07-26 01:54:18 +00:00