Luke Taylor
1686fd0bd2
Updated ldap tests to apache directory 1.0.0 release version.
2007-02-04 20:06:36 +00:00
Ben Alex
e169e63e1b
SEC-404: Correct previous SEC-404 commit.
2007-01-02 23:36:38 +00:00
Ben Alex
3f62a5c868
SEC-404: NPE when logging out if user not already logged in.
2006-12-28 21:23:35 +00:00
Luke Taylor
93509dc999
Reformatted X.509 certificate in comment.
2006-11-29 01:40:14 +00:00
Luke Taylor
6a440f816c
removed monkeymachine.co.uk email addresses.
2006-11-28 21:37:37 +00:00
Ben Alex
1805ab8ec4
SEC-401: internalMethod handling fixes, plus correct issue with startsWith(String) usage.
2006-11-26 04:47:43 +00:00
Ben Alex
e79a28875f
SEC-400: Clarify exception if getter returns null.
2006-11-26 03:24:11 +00:00
Ray Krueger
1a486e584b
HttpSessionEventPublisher need not implement ServletContextListener any longer
2006-11-20 19:35:11 +00:00
Ray Krueger
74e8efc4e9
Fixed SEC-395
2006-11-20 19:09:45 +00:00
Ben Alex
6fe569556c
Use type in same module (Maven requirement).
2006-11-17 03:18:07 +00:00
Ben Alex
197a011ac5
Relocate resource files to comply with Maven directory conventions.
2006-11-17 03:06:30 +00:00
Ben Alex
1081c267d9
SEC-239: New ACL module.
2006-11-17 02:03:23 +00:00
Ben Alex
9f512c384e
SEC-239: New ACL module.
2006-11-17 02:01:21 +00:00
Ben Alex
2984913051
SEC-393: More elegantly deal with setProviders(List) type safety enforcement.
2006-11-16 02:15:43 +00:00
Carlos Sanchez
5e819af782
SEC-388: Upgrade other Spring dependencies to 1.2.8.
2006-11-15 22:54:54 +00:00
Ben Alex
1b4a098760
SEC-354: Add label-based voter.
2006-11-14 22:07:36 +00:00
Ben Alex
4d166a6867
SEC-333: Error in last commit, should default to regexp processor, not Ant Path processor, in the case of empty or null strings.
2006-11-14 21:52:51 +00:00
Ben Alex
780130d0f3
SEC-333: Eliminate dependecy on ORO when Ant Paths being used instead of Regular Expressions.
2006-11-14 20:55:24 +00:00
Ben Alex
775840a565
SEC-374: Allow GrantedAuthority[]s assigned to switched user identity to be filtered.
2006-11-14 05:49:56 +00:00
Ben Alex
f5ce0250b4
SEC-310: Add AbstractProcessingFilter.getAuthenticationDetailsSource().
2006-11-14 03:30:04 +00:00
Ben Alex
8dda52eeaa
SEC-322: Workaround bug in WebSphere.
2006-11-14 02:21:27 +00:00
Ben Alex
5640eb0511
SEC-378: Use trim instead of replacement for space removal.
2006-11-14 01:55:44 +00:00
Ben Alex
ad6c501379
SEC-360: Minor correction in patch applied yesterday.
2006-11-14 01:09:35 +00:00
Ben Alex
2a65d386d5
SEC-384: Remove Commons-Lang dependency.
2006-11-14 00:59:17 +00:00
Ben Alex
59bf8602d2
SEC-356: Add cloneFromHttpSession property.
2006-11-14 00:43:00 +00:00
Ben Alex
5911234f65
SEC-359: Logout even if not logged in.
2006-11-13 06:05:28 +00:00
Ben Alex
fa6b4480b1
SEC-360: Provide server side forward option instead of redirection.
2006-11-13 00:17:07 +00:00
Ben Alex
f0ae6f53a7
SEC-327: Add includeDetailsObject property.
2006-11-12 23:55:50 +00:00
Ben Alex
f28ce39bde
SEC-365: Provide an alwaysRemember property, together with an abstract method so subclasses can determine custom behaviour.
2006-11-12 23:28:57 +00:00
Ben Alex
71eba94cf2
SEC-371: Use AbstractTicketValidator for logger.
2006-11-12 23:10:09 +00:00
Ben Alex
0f517cb8e2
SEC-375: Publish AuthorizationFailureEvent event when AccessDeniedException thrown by AfterInvocationProvider.
2006-11-12 22:06:37 +00:00
Ben Alex
b8d0722251
SEC-367: Added clarification of immutability contract.
2006-11-12 21:36:52 +00:00
Ben Alex
43dbe6c991
SEC-364: Fix context path handling.
2006-11-12 21:31:31 +00:00
Carlos Sanchez
10d6859dad
Added ACL table SQL for some databases
2006-10-17 22:24:57 +00:00
Ben Alex
172026f875
SEC-377: Remove Commons Lang dependency.
2006-10-14 00:17:19 +00:00
Ben Alex
c292826475
SEC-373: Add byte array encryption/decryption support.
2006-10-07 09:45:51 +00:00
Ben Alex
21dd050d7b
SEC-348: Limit Basic automatic reauthentication scope to UsernamePasswordAuthenticationToken (specifically avoid CasAuthenticationToken).
2006-09-29 08:41:25 +00:00
Ben Alex
d2fb473a4e
Formatting only.
2006-09-29 07:33:45 +00:00
Ben Alex
49a2de8f0f
SEC-366: Initial commit.
2006-09-29 07:29:13 +00:00
Ben Alex
cc03675776
SEC-340: Invalidate HttpSession on logout.
2006-09-29 06:45:40 +00:00
Scott McCrory
db96650d99
SEC-319: Reverted to 1.0.1 version to delay these changes to 1.1.0, based on small breakage of backward compatability.
2006-09-23 19:48:39 +00:00
Carlos Sanchez
558fd5d75d
Add scm info because we don't use artifactid as folder name
2006-09-17 21:06:22 +00:00
Ben Alex
b0056568f0
SEC-338: Serializable and serialVersionUID missing for Authentication-related objects.
2006-09-15 08:38:11 +00:00
Ben Alex
7313d5def0
SEC-324: Ensure IllegalStateException no longer occurs.
2006-09-15 07:55:57 +00:00
Ben Alex
324789d544
SEC-311: Must observe symmetry requirement of Object.equals(Object) contract.
2006-09-15 06:27:45 +00:00
Ben Alex
9e3ce85dd5
SEC-330: Make UserMap work with UserDetails, not User concrete class.
2006-09-15 03:47:17 +00:00
Ben Alex
f0b259a32e
SEC-349: GrantedAuthority constructor argument can be null.
2006-09-15 03:42:11 +00:00
Ben Alex
58d3f0c56f
SEC-290: Correct bug with generation of SimpleMethodInvocation.
2006-09-15 03:38:36 +00:00
Ben Alex
5364db2c27
SEC-328: Avoid unnecessarily hitting backend a second time, if the cache wasn't used in first place.
2006-09-15 03:36:51 +00:00
Ben Alex
53beadb7bf
SEC-290: Correct bug with generation of SimpleMethodInvocation.
2006-09-15 03:27:26 +00:00
Ben Alex
03df6a90eb
SEC-293: Modified collection remove logic to use removeList.
2006-09-15 03:20:08 +00:00
Ben Alex
1292420476
SEC-311: Must observe symmetry requirement of Object.equals(Object) contract.
2006-09-15 03:09:05 +00:00
Ray Krueger
cf91104b69
Made parameters case-insensitive
2006-09-14 20:47:17 +00:00
Ray Krueger
6779d97546
Made parameters case-insensitive
2006-09-14 20:39:37 +00:00
Carlos Sanchez
757062e8f9
Initialization of exceptionMappings was broken in last commit
2006-09-13 08:20:08 +00:00
Carlos Sanchez
4d070eab25
Add setAuthoritiesAsString to UserAttribute
2006-09-04 21:54:15 +00:00
Luke Taylor
000f9ab7ac
SEC-321: truncate from first question mark, not last.
2006-09-03 22:12:13 +00:00
Luke Taylor
4e65b24253
SEC-245: Add mapPassword method to allow customized translation of password attribute.
2006-08-28 20:58:26 +00:00
Luke Taylor
57a8d2adb3
Added handleBindException method to allow subclasses to inspect the reason for bind failure.
2006-08-25 16:06:20 +00:00
Luke Taylor
dc13f25dee
Tidied up formatting.
2006-08-25 16:04:27 +00:00
Luke Taylor
8dd1177c02
Added property to force use of LdapContext instead of DirContext
2006-08-25 16:03:50 +00:00
Luke Taylor
92dcf694b4
added createTarget method on Essence class to allow subclassing.
2006-08-25 15:32:39 +00:00
Luke Taylor
b5cbc977e1
Javadoc correction
2006-08-24 10:56:26 +00:00
Luke Taylor
3889894d16
Added extra mapping of OperationNotSupportedException to BadCredentialsException as some servers return a 53 code (unwilling to perform) when attempting a bind (e.g. is password has expired). This shouldn't be treated as an outright failure.
2006-08-24 10:32:38 +00:00
Luke Taylor
67fcf426eb
Close returned context in nameExists method
2006-08-24 10:10:24 +00:00
Luke Taylor
e96fee6ec1
Updated apacheds version to RC3 and slf4j to 1.0.1
2006-08-24 10:07:39 +00:00
Carlos Sanchez
27d2db9e22
Ensure that array of valid permissions can't be modified outside the class
2006-08-22 17:57:18 +00:00
Carlos Sanchez
38ec0f0d30
SEC-286: Reverted rev# 1588 as build fails without log4j (class not found exception)
2006-08-22 16:17:46 +00:00
Carlos Sanchez
69ec903088
Add MethodDefinitionSourceMapping for easier configuration
2006-08-22 16:02:44 +00:00
Carlos Sanchez
0298851ca3
Allow setting ACLs by its name
2006-08-22 16:01:34 +00:00
Carlos Sanchez
3487da0e85
Added javadoc
2006-08-22 15:53:41 +00:00
Luke Taylor
3498b36c14
SEC-285: Removed duplicate commons-lang dependency from pom.xml
2006-08-19 20:03:58 +00:00
Scott McCrory
8d3a2b42d9
SEC-319: Improvements to Siteminder integration: Create its own authentication provider & reeval strategy. Note that documentation not yet complete, but code is functional, test-covered and validated in a Siteminder environment.
2006-07-27 01:13:46 +00:00
Luke Taylor
52a167acfa
SEC-286: removed log4j dep as it is in the parent pom and tests run fine without it..
2006-07-25 23:53:42 +00:00
Carlos Sanchez
f7cb31a301
Fix broken test
2006-07-20 18:43:58 +00:00
Carlos Sanchez
9a337d2fea
Removed default constructors added in rev# 1573
2006-07-20 13:15:55 +00:00
Luke Taylor
4930657e57
Remove typo in method name "getAuthoritiesPopulator"
2006-07-16 20:17:20 +00:00
Scott McCrory
442c51bb30
SEC-318: Rename AuthenticationDao to UserDetailsService in local variables and logging messages
2006-07-15 15:18:51 +00:00
Ray Krueger
d485e30fd5
SavedCookieTest was renamed to SavedCookieTests
2006-07-12 10:33:14 +00:00
Ray Krueger
ca863ce4f7
http://opensource.atlassian.com/projects/spring/browse/SEC-308
...
Headers should remain case-insensitive.
2006-07-12 10:25:32 +00:00
Carlos Sanchez
91799c9290
Added missing resources
2006-07-11 21:42:42 +00:00
Carlos Sanchez
156af5b8b6
Added missing tld and notice file to jar
2006-07-11 18:54:04 +00:00
Carlos Sanchez
94a9acedad
Added checks to ensure object is properly initialized
2006-07-10 11:48:35 +00:00
Carlos Sanchez
488abe58fb
Added default constructor for easier use
2006-07-10 11:24:18 +00:00
Carlos Sanchez
80c1ae3bde
fix problems when not loaded through Spring context
2006-07-09 22:08:21 +00:00
Carlos Sanchez
00b73e8331
Fix failing tests keeping old behaviour.
2006-07-06 17:56:50 +00:00
Carlos Sanchez
46af400466
Added FilterInvocationDefinition interface to unify FilterInvocationDefinitionSource and FilterInvocationDefinitionMap
2006-07-06 17:05:08 +00:00
Carlos Sanchez
9e87bd6789
Add javadocs
2006-07-06 17:03:48 +00:00
Carlos Sanchez
aa52124d72
Simplify configuration of FilterInvocationDefinitionMap
2006-07-05 22:00:21 +00:00
Carlos Sanchez
9560636380
Simplify configuration of FilterInvocationDefinitionMap
2006-07-05 20:58:50 +00:00
Carlos Sanchez
9d539a13d9
Use accessor instead of field
2006-07-05 20:03:52 +00:00
Carlos Sanchez
0edb75d4aa
Added setUsers and setAuthorities for easier configuration
2006-07-05 16:16:13 +00:00
Carlos Sanchez
41f7bb3755
Improve javadoc formatting
2006-07-05 16:00:51 +00:00
Carlos Sanchez
27de814d54
Prevent NullPointerException when not loaded from application context
2006-07-05 15:59:17 +00:00
Carlos Sanchez
d847772c81
Prevent NullPointerException when not loaded from application context
2006-07-05 15:58:20 +00:00
Luke Taylor
ae55e04522
SEC-297: Stop prepending of context path to full url default targets. Also added more stringent checks on format of injected defaultTargetUrl property.
2006-06-27 23:26:25 +00:00
Carlos Sanchez
18c6838bec
[maven-release-plugin] prepare for next development iteration
2006-06-22 17:29:52 +00:00
Carlos Sanchez
c7bcbe1b35
[maven-release-plugin] prepare release release_1_0_1
2006-06-22 17:27:29 +00:00
Carlos Sanchez
4e612922ac
SEC-281: Go back to spring 1.2.7 to prevent backwards compatibility issues
2006-06-16 17:25:05 +00:00
Luke Taylor
a2c3635d78
Moved class to test treee
2006-06-15 00:41:53 +00:00
Luke Taylor
552c275e8f
Accidentally checked into source tree rather than test source
2006-06-15 00:37:18 +00:00
Luke Taylor
aaf51c4bee
Added test for non-String role.
2006-06-14 23:20:51 +00:00
Luke Taylor
49da801096
SEC-303: Check from null role attribute in LdapUserDetailsMapper
2006-06-14 22:44:39 +00:00
Luke Taylor
eb3e954ae4
Added chained append call in toString method
2006-06-14 21:46:21 +00:00
Luke Taylor
b0caa72e80
Added template method for role creation, as requested in the forum.
2006-06-13 13:18:45 +00:00
Luke Taylor
7475906218
Remove Javadoc errors
2006-06-12 22:32:59 +00:00
Luke Taylor
18680e8fab
Remove Jalopy mistakes
2006-06-12 22:31:10 +00:00
Ray Krueger
cada23f57d
Synchronized MockFilterConfig uses for Spring 1.2.6 and 1.2.8
2006-06-11 01:20:29 +00:00
Ray Krueger
fa3c61b19b
Call to getCookies() should return Cookies, not SavedCookies
2006-06-11 01:19:44 +00:00
Luke Taylor
88825089a7
Removed "final" from getGroupMembershipRoles
2006-06-07 13:31:11 +00:00
Luke Taylor
2a7caff95f
SEC-295: Changed to use getDefaultTargetUrl() accessor internally rather than accessing property directly. Allows for overriding method to supply different Urls.
2006-06-04 15:14:33 +00:00
Ray Krueger
9fd0bbd694
Added Serializable check just to be sure...
2006-06-03 13:40:39 +00:00
Ray Krueger
1a9629b197
http://opensource.atlassian.com/projects/spring/browse/SEC-289
...
Wraps disassembles cookies into a SavedCookie that is serializable
2006-06-03 13:36:51 +00:00
Ben Alex
f7020755be
SEC-291: Avoid unnecessary creation of SecurityContextHolderStrategy.
2006-06-01 14:02:56 +00:00
Luke Taylor
da780e4567
Tidy up XML formatting in comment
2006-05-31 21:56:16 +00:00
Luke Taylor
9f41b9f470
Wrap any DataAccessExceptions thrown by the Ldaptemplate with AuthenticationServiceFailureExceptions
2006-05-31 21:46:16 +00:00
Luke Taylor
5d7a75a421
SEC-284: Removed allowEmptyPassword flag..
2006-05-31 20:12:12 +00:00
Luke Taylor
d2ee383e06
Changed to reject empty passwords by default.
2006-05-31 18:22:05 +00:00
Luke Taylor
ee50d6e334
SEC-281: Modified to use Spring 1.2 compatible exception class for incorrect search results size.
2006-05-31 16:54:27 +00:00
Luke Taylor
02e7bbb982
SEC-284: added allowEmptyPasswords property with default value "true"
2006-05-31 15:00:59 +00:00
Ray Krueger
00620b6992
http://opensource.atlassian.com/projects/spring/browse/SEC-96
...
Refactored Digest encoding for better support of all MessageDigest algorithms, such as the SHA family.
2006-05-31 03:03:18 +00:00
Carlos Sanchez
35093e09f6
Bump version to 1.1.0-SNAPSHOT
2006-05-31 00:52:26 +00:00
Ben Alex
b7a579f27a
JavaDoc corrections.
2006-05-29 15:06:32 +00:00
Ben Alex
89eb74b1b2
Refer to 1.0.0 final.
2006-05-28 00:49:38 +00:00
Luke Taylor
f8545f4dc2
Added extra commenting to Ldap classes
2006-05-26 22:48:21 +00:00
Ben Alex
a130b65937
Add package.html.
2006-05-23 14:04:33 +00:00
Ben Alex
ab12817b7a
SEC-97: Format Acegi Security source code in accordance with latest Jalopy configuration.
2006-05-23 13:38:33 +00:00
Ben Alex
49800018e9
SEC-173: Expand on JavaDocs for ACLs which have no permission records.
2006-05-23 12:15:43 +00:00
Ben Alex
92dbf836a1
SEC-259: Correct JavaDoc error.
2006-05-23 12:02:44 +00:00
Ben Alex
563ac1324c
SEC-263: Stop polling voters after first one votes to deny.
2006-05-23 11:11:21 +00:00
Ben Alex
07e805e342
SEC-262: Refactor common method into superclass.
2006-05-23 11:03:30 +00:00
Ben Alex
d795836bf1
SEC-266: Handle -1 allowing unlimited logins, as per JavaDocs.
2006-05-23 10:49:23 +00:00
Ben Alex
501eaadd09
SEC-267: Bug when working with CGLIB-generated classes.
2006-05-23 10:42:01 +00:00
Ben Alex
a5d74ca2e1
SEC-260: Remove disused loggers.
2006-05-23 10:37:30 +00:00
Luke Taylor
4d24c88d1e
Enforce the setting of a LdapUserDetailsMapper on authenticators (rather than a general mapper) to make sure the correct type is returned and that the username is set before it is returned.
2006-05-22 23:40:29 +00:00
Luke Taylor
3eaed3ad44
Added additionalAuthenticationChecks implementation to make sure password is rechecked if Ldap is used with a user cache.
2006-05-22 23:37:54 +00:00
Luke Taylor
e30c3d7bd2
SEC-270: Make SavedRequest serializable.
2006-05-22 19:07:57 +00:00
Luke Taylor
e5b79f1f95
Make getGroupMembershipRoles method public for convenience.
2006-05-22 19:06:19 +00:00
Luke Taylor
53b6735c3e
Make sure the username and password are set on the final UserDetails object returned by the provider.
2006-05-21 03:03:50 +00:00
Luke Taylor
e1eac8f0ca
Added setters for rolePrefix and convertToUpperCase
2006-05-21 02:19:42 +00:00
Luke Taylor
c1e76b64bc
Chnaged to use setters in essence "copy constructor"
2006-05-21 02:17:14 +00:00
Luke Taylor
360e9908b7
Added test for empty or null username
2006-05-21 01:40:00 +00:00
Luke Taylor
d8a28d6068
Add call for setDerefLinkFlag
2006-05-21 01:32:37 +00:00
Luke Taylor
016ac8016c
Minor changes to increase coverage of methods
2006-05-21 01:23:34 +00:00
Luke Taylor
0d6b3ab9f3
Renamed 'execute' method in LdapCallback in line with Spring equivalents. Added some extra tests.
2006-05-21 01:06:37 +00:00
Luke Taylor
9623eb3d04
Correct log category package name
2006-05-20 23:45:54 +00:00
Luke Taylor
b5e9690735
Removed duplicate file.
2006-05-20 18:14:05 +00:00
Luke Taylor
577cc17764
Removed individual search controls setter methods in favour of supplying complete search controls object. Added comment for 'compare' method.
2006-05-20 18:02:04 +00:00
Luke Taylor
b8fa1ad906
Delete deprecated ldap classes (from previous package move)
2006-05-20 17:53:16 +00:00
Luke Taylor
316798ef9e
Made mock context factory a standalone class
2006-05-20 17:47:36 +00:00
Luke Taylor
859185eebd
Removed unused methods and added some extra tests.
2006-05-20 17:46:10 +00:00
Luke Taylor
2a24e4faf8
Deleted old version of LdapDataAccessException
2006-05-20 00:21:17 +00:00
Luke Taylor
7794ebf84b
Now extends Spring's DataAccessException
2006-05-20 00:18:01 +00:00
Luke Taylor
3583470a49
Now extends Spring's DataAccessException
2006-05-20 00:14:24 +00:00
Luke Taylor
3eea670efc
Exception translator IF for use in LdapTemplate
2006-05-19 23:22:55 +00:00
Luke Taylor
983afec70c
Added license.
2006-05-19 23:20:27 +00:00
Luke Taylor
ce1c59e924
Make template and search controls member variables.
2006-05-19 23:02:37 +00:00
Luke Taylor
d3e42c6f3f
Move conversion of roles to Strings into LdapTemplate
2006-05-19 22:29:17 +00:00
Luke Taylor
3239cd139e
SEC-251: use username as parameter {2} in group searches
2006-05-19 22:10:05 +00:00
Luke Taylor
46cc1bec1e
SEC-268: allow for delayed obtaining of app context reference
2006-05-19 21:38:26 +00:00
Luke Taylor
5d811c4a94
Removed "==true" in boolean conditional.
2006-05-19 19:29:59 +00:00
Luke Taylor
f546e2bbad
Remove default constructor as class is now only responsible for group searches which need the args version.
2006-05-16 23:38:48 +00:00
Luke Taylor
30d878b22e
Change essence class to use a new ArrayList for the authorities (list from Arrays.asList() doesn't support add method).
2006-05-16 23:35:15 +00:00
Luke Taylor
fc8ead3c54
Make sure populator roles are added rather than overwriting any roles loaded with the user entry.
2006-05-16 23:33:02 +00:00
Luke Taylor
f8db6a4c78
Switch LDAP tests back to embedded server and comment out apacheds-broken ones.
2006-05-15 21:20:50 +00:00
Luke Taylor
9219c6548e
SEC-264: Delete classes which are no longer used after LDAP changes.
2006-05-15 21:14:38 +00:00
Luke Taylor
65fe641900
SEC-264: changes to LDAP services.
2006-05-15 20:53:10 +00:00
Luke Taylor
db042046e9
Introduce LDAPUserDetails.
2006-05-15 19:34:57 +00:00
Scott Battaglia
ab05cb95ff
SEC-239: changed order url is created in to reflect new processing filter url order
2006-05-04 19:31:28 +00:00
Scott Battaglia
aee934812a
SEC-239: switched to encoding a url with response.encodeURL to get the jsession.
2006-05-04 19:27:57 +00:00
Carlos Sanchez
76ce826345
Remove spring transitive deps, add log4j
2006-05-03 17:38:19 +00:00
Luke Taylor
a7d7631f2f
Fixed potential problem with multiple userDn patterns.
2006-05-01 00:43:42 +00:00
Luke Taylor
f0b11109b4
Added tests for nameExists method
2006-05-01 00:41:07 +00:00
Luke Taylor
9f385eb1e0
Typo in Javadoc.
2006-05-01 00:40:18 +00:00
Luke Taylor
a468f03cae
Add functionality to LdapTemplate for checking that an entry exists, and for retrieving an entry as an object, mapped from its attributes.
2006-05-01 00:28:27 +00:00
Luke Taylor
3f0f45706c
Update Javadoc to include SSHA info.
2006-04-30 22:14:27 +00:00
Luke Taylor
def8a849a2
Added String-only 'compare' operation tests which now work with ApacheDS RC2 (unlike byte[] comparisons which are still broken).
2006-04-30 21:53:05 +00:00
Luke Taylor
98887f37da
Change to more appropriate inline inner class name.
2006-04-30 21:40:53 +00:00
Luke Taylor
0b2be28def
Added search method which will be used for finding roles.
2006-04-30 21:37:18 +00:00
Luke Taylor
91f5fc30be
SEC-258: Removed use of URI class
2006-04-30 19:45:37 +00:00
Luke Taylor
25c643970a
Change package names to match apacheds RC1.
2006-04-29 22:45:19 +00:00
Luke Taylor
a50695a1a8
Upgrade apacheds to RC1
2006-04-29 22:41:21 +00:00
Ben Alex
890864ed00
SEC-194: Allow remember-me services to be used with BASIC authentication.
2006-04-28 08:54:54 +00:00
Ben Alex
9b63051149
SEC-204: Improve startup time detection of errors by FilterInvocationDefinitionSourceEditor.
2006-04-28 08:41:55 +00:00
Ben Alex
cc07f620df
SEC-257: ExceptionTranslationFilter to use AccessDeniedHandler.
2006-04-28 06:52:50 +00:00
Ben Alex
21aaf2b9db
SEC-256: Contacts sample not displaying localized exceptions correctly.
2006-04-28 06:43:50 +00:00
Ben Alex
d125569bd6
SEC-29: Save POST parameters on AuthenticationEntryPoint redirect.
2006-04-28 05:05:35 +00:00
Ben Alex
22aa0e898f
SEC-243: SessionRegistry.getAllSessions() now accepts an "includeExpiredSessions" argument.
2006-04-27 23:26:19 +00:00
Ben Alex
0648c65b0b
SEC-243: SessionRegistry.getAllSessions() now accepts an "includeExpiredSessions" argument.
2006-04-27 23:25:00 +00:00
Ben Alex
d8a56d4e60
SEEC-255: Always create HttpSession before calling AuthenticationDetailsSource.
2006-04-27 23:11:56 +00:00
Marc-Antoine Garrigue
2af791a801
Error in javadoc concerning the default keyword
...
REQUIRES_CAPTCHA_BELOW_AVERAGE_TIME_IN_MILLIS_REQUESTS
2006-04-27 08:56:42 +00:00
Ben Alex
81603832be
SEC-152: Strategy pattern for SecurityContextHoldder.
2006-04-27 08:31:32 +00:00
Ben Alex
b05709df6a
SEC-152: Strategy pattern for SecurityContextHoldder.
2006-04-27 08:30:29 +00:00
Scott McCrory
88ff43017d
Added unit test for the overridden requiresAuthentication method
2006-04-27 02:24:30 +00:00
Scott McCrory
481a9377e4
Added NPE check for defaultTargetUrl in requiresAuthentication
2006-04-27 02:23:46 +00:00
Ben Alex
8cc5dcde30
SEC-249: Support logout filter.
2006-04-26 23:36:03 +00:00
Luke Taylor
8400341399
Tidy up screwy formatting.
2006-04-26 21:19:20 +00:00
Ray Krueger
a7d0f88e01
Fixed no authority check so that it is after addCustomAuthorities
...
http://opensource.atlassian.com/projects/spring/browse/SEC-253
Also removed the unused logger
2006-04-26 16:22:38 +00:00
Ben Alex
a47a342ce6
SEC-234: Allow pluggable AuthenticationDetailsSource strategy interface.
2006-04-26 05:24:49 +00:00
Ben Alex
b1becf9277
SEC-242: Make logger reflect subclass, not superclass.
2006-04-26 04:56:46 +00:00
Ben Alex
f4156a22bd
SEC-246: Enable late binding on DaoAuthenticationProvider.userDetailsService field.
2006-04-26 04:54:44 +00:00
Ben Alex
d541c8e257
SEC-238: Add AuthenticationException to onUnsuccessfulAuthentication method signature.
2006-04-26 04:42:16 +00:00
Ben Alex
540c7b2e6a
SEC-229: Allow external URLs from AbstractProcessingFilter.
2006-04-26 04:36:54 +00:00
Ben Alex
97ac9f7e98
SEC-191: Look in parent bean factories for AclManager.
2006-04-26 04:26:04 +00:00
Ben Alex
f6b7429947
SEC-187: Tidy up URL composition logic basedon default HTTP(S) ports.
2006-04-26 04:19:35 +00:00
Ben Alex
307ac99ec5
SEC-199: Use ServletException.getRootCause() to extract any Acegi Security exceptions.
2006-04-26 04:11:05 +00:00
Ben Alex
4e09777dec
SEC-247: Allow #NONE# to be used to specify paths that shouldn't have any filters fire.
2006-04-26 03:55:39 +00:00
Ben Alex
185d63f23c
SEC-221: AbstractProcessingFilter.onPreAuthentication() should have exceptions caught.
2006-04-26 03:40:24 +00:00
Ben Alex
6bae43d380
SEC-206: Include context root when generating cookies.
2006-04-26 03:35:33 +00:00
Ben Alex
5d9ed78b50
SEC-147: Add processDomainObjectClass property to AfterInvocationProviders.
2006-04-26 03:30:27 +00:00
Ben Alex
de4af379cc
SEC-252: Stop NPE if principal object is null.
2006-04-26 03:00:14 +00:00
Ben Alex
fba45cb19e
SEC-208: Fix threading issue.
2006-04-26 02:54:18 +00:00
Carlos Sanchez
88e8e60861
[SEC-240] Moved log4j.properties to test folder to avoid including it in jar
2006-04-26 02:39:56 +00:00
Ben Alex
5f79a25860
SEC-243: SessionRegistryImpl no longer incorrectly includes expired sessions.
2006-04-26 02:36:37 +00:00
Ben Alex
948f79e2e2
SEC-219: Support complex tokenization scenarios.
2006-04-26 02:23:19 +00:00
Ben Alex
14683dcbc7
SEC-190: Add hashCode() and equals() methods.
2006-04-26 01:41:10 +00:00
Ben Alex
36c096858d
SEC-223: Improve hashCode() performance.
2006-04-26 01:31:17 +00:00
Ben Alex
57aee4e605
SEC-218: Fix authentication exception cleanup of SecurityContextHolder.
2006-04-26 01:28:06 +00:00
Ben Alex
8cff715599
SEC-222: Improve hashCode() to use XOR.
2006-04-26 01:18:42 +00:00
Scott McCrory
e39bd43541
SEC-217 - Improve Siteminder Filter - now authenticates on calls to both j_security_check and the default target URL if the user isn't already authenticated. Thanks Paul Garvey for determining this and providing solution code.
2006-04-25 23:19:30 +00:00
Scott McCrory
e44c5e66d3
As per SEC-193, removed unnecessarily overridden methods.
2006-04-25 23:01:04 +00:00
Carlos Sanchez
465f76cb22
Resolve some compilation problems with m2
2006-04-25 16:31:48 +00:00
Carlos Sanchez
7d250eda78
Use latest directory server version
...
Set test scope to spring mock
2006-04-25 04:46:19 +00:00
Ben Alex
719d3af879
SVN updates.
2006-04-25 00:22:00 +00:00
Luke Taylor
4d9f99acc4
Added getter for authoritiesPopulator. Fix for SEC-227.
2006-04-18 23:44:07 +00:00
Luke Taylor
596882804f
First commit of LdapTemplate class, a la Spring JdbcTemplate, as suggested by Ben to simplify Ldap connection handling etc.
2006-04-18 22:34:04 +00:00
Luke Taylor
3d51c46575
Added license header.
2006-04-18 22:27:17 +00:00
Luke Taylor
f61a58d98b
Added a couple more tests.
2006-04-16 21:18:12 +00:00
Luke Taylor
7a0a87a167
Added support for LDAP SSHA (salted SHA) encoded passwords.
2006-04-16 21:12:39 +00:00
Luke Taylor
c6dd545de0
Javadoc change.
2006-04-16 17:11:44 +00:00
Luke Taylor
e5bef3f31b
Added doc for @throws
2006-04-16 17:11:06 +00:00
Luke Taylor
9c8a4c2f74
Fix for SEC-237. Make LDAP Provider reject empty username.
2006-04-16 16:41:08 +00:00
Luke Taylor
743cc9fec7
Fix for SEC-215. Check for empty nameInNameSpace before appending.
2006-04-16 16:11:02 +00:00
Luke Taylor
d5885baf6b
Added some comments.
2006-04-16 16:00:32 +00:00
Luke Taylor
3f06c51379
Fix for SEC-225. Allow empty search base in authorities populator.
2006-04-16 15:37:48 +00:00
Luke Taylor
48716af20a
Removed unnecessary package names left over from refactoring.
2006-04-16 15:25:33 +00:00
Luke Taylor
072a4c3d18
Fix for SEC-226. Added ability to set derefLinkFlag property.
2006-04-16 15:15:55 +00:00
Luke Taylor
267c846e12
Sort out LDAP tests to match up with moved production classes.
2006-04-16 14:31:13 +00:00
Luke Taylor
bf4fca9126
Move non security-specific LDAP classes to org.acegisecurity.ldap package
2006-04-16 14:26:46 +00:00
Luke Taylor
7c69668589
Deprecated, pending deletion.
2006-04-16 14:12:23 +00:00
Luke Taylor
bbd250e442
Modified to use classes from org.acegisecurity.ldap package
2006-04-16 14:05:28 +00:00
Luke Taylor
7f24e209a6
Move non security-specific LDAP classes to org.acegisecurity.ldap package
2006-04-16 13:56:36 +00:00
Luke Taylor
0c1ab7f98c
Corrected a couple of Javadoc typos.
2006-04-15 12:32:50 +00:00
Scott Battaglia
9a8fdcd269
SEC-196
...
updated references to Yale CAS to JA-SIG CAS
2006-03-28 15:41:20 +00:00
Scott Battaglia
b0d4cbceac
updated javadoc to reflect proper value of getPrincipal
2006-03-28 14:05:57 +00:00
Scott Battaglia
3d0f746719
SEC-224
...
updated CasAuthenticationToken to be consistant with approach taken by other providers with regards to authentication.getPrincipal()
2006-03-14 16:15:51 +00:00
Ben Alex
51f1b33af9
SEC-209: Make eventPublisher protected.
2006-03-07 13:04:12 +00:00
Luke Taylor
7e7920ce00
Fix for SEC-202. Intialize manager password to default "manager_password_not_set".
2006-02-28 17:47:55 +00:00
Scott Battaglia
5607da8d67
updated references from Yale CAS to JA-SIG CAS
2006-02-27 13:52:41 +00:00
Luke Taylor
6abceb7ab0
Additional changes related to SEC-192 (avoiding session creation when creating WebAuthenticationDetails). Also fixed Jalopy chaos in SwitchUserProcessingFilter.
2006-02-20 00:37:39 +00:00
Luke Taylor
52a212e609
Removed "== true" in boolean.
2006-02-20 00:27:36 +00:00
Luke Taylor
5475ab0575
Modify AbstractAuthenticationManager to transfer the details object from authentication request to the resulting authentication token, provided it has not already been set on the latter by an authentication provider.
2006-02-19 23:50:21 +00:00
Luke Taylor
c88b9093c0
Remove unnecessary check for null.
2006-02-19 22:35:37 +00:00
Luke Taylor
ee41d24447
Javadoc correction.
2006-02-19 22:23:04 +00:00
Luke Taylor
e12c8310eb
Remove unnecessary default constructors which throw IllegalArgumentException. Favours compile time over runtime errors.
2006-02-16 16:44:35 +00:00
Luke Taylor
4b4d4d3332
Added some uses of Spring Assert class and removed one to prevent unnecessary StringBuffer creation.
2006-02-16 01:11:31 +00:00
Luke Taylor
84ccd89061
More readable javadoc.
2006-02-15 19:06:04 +00:00
Luke Taylor
cd7efaf567
Fix for SEC-189. Added getter for initialDirContextFactory.
2006-02-13 16:20:42 +00:00
Luke Taylor
6c29a6d17e
Added test for immutability of authorities array. Refactored standard authorities array into an instance field.
2006-02-13 16:16:43 +00:00
Ben Alex
2ab5af0a69
SEC-188: Fix JavaDocs.
2006-02-12 06:29:53 +00:00
Ben Alex
a28a932598
SEC-183: Minimise session creation as a consequence of SEC-168 and SEC-182 changes.
2006-02-09 23:04:29 +00:00
Ben Alex
0282696202
SEC-182: Remember-me compatibility with concurrent session support.
2006-02-09 10:32:49 +00:00
Ben Alex
b1dd784dee
SEC-180: BasicProcessingFilter should configurably ignore authentication failures.
2006-02-09 06:41:31 +00:00
Ben Alex
e63b2ec9e6
Cleanup unused imports.
2006-02-09 06:00:25 +00:00
Ben Alex
96196bd637
SEC-179: Upgrade to Spring 2.0-M2.
2006-02-09 05:36:06 +00:00
Ben Alex
ae29498f75
SEC-158: X509 to support Authentication.isAuthenticated() as per usual contract.
2006-02-09 04:25:07 +00:00
Ben Alex
79287999dc
SEC-178: Refactor AbstractAuthenticationToken.
2006-02-09 04:16:50 +00:00
Ben Alex
74de83e5f1
SEC-177: Add hashCode() method.
2006-02-09 03:45:47 +00:00
Ben Alex
c9cee6651c
SEC-176: Add hashCode() method.
2006-02-09 03:36:47 +00:00
Ben Alex
ac457021b8
Inheritance doesn't seem to work, so added the groupId manually.
2006-02-09 03:13:58 +00:00
Ben Alex
77be0009ad
Correct equals(Object) method handling if both objects have null getDetails().
2006-02-09 02:54:40 +00:00
Ben Alex
78df09db8a
SEC-175: Add equals(Object) method.
2006-02-09 02:53:27 +00:00
Luke Taylor
dc959b1847
Fix for SEC-159. Added clearContext() method to SecurityContextHolder and refactored code to use it instead of putting an empty context into the holder.
2006-02-08 23:27:46 +00:00
Ben Alex
8c0ce12332
SEC-169: Add SessionRegistry.getAllPrincipals() method.
2006-02-08 05:22:48 +00:00
Ben Alex
3a01e48b17
SEC-174: Correct IE6 bug with AuthenticationProcessingFilterEntryPoint.
2006-02-08 04:58:50 +00:00
Ben Alex
9d213f46a4
SEC-168: Prevent errors with concurrent session support.
2006-02-08 04:42:03 +00:00
Ben Alex
1fa6ac0975
SEC-164: Copy Authentication.getDetails() to returned Authentication object.
2006-02-08 02:19:43 +00:00
Luke Taylor
2daea069f9
Refactoring of BindAuthenticator to allow an extended version which uses ppolicy controls. Added no-cause constructor in LdapDataAccessException for use in data parsing errors.
2006-02-08 02:17:44 +00:00
Ben Alex
ca1bf5cc21
SEC-170: AbstractAclVoter to support JoinPoint.
2006-02-08 02:06:55 +00:00
Luke Taylor
eb7964f6e5
Clean imports.
2006-02-08 01:54:03 +00:00
Luke Taylor
fe88d6ec17
SEC-134 fix. Authorities array is now copied on access. Also refactored token classes to move authorities to the base class.
2006-02-08 01:24:38 +00:00
Luke Taylor
842ad929a4
Change search object to use constructor injection (SEC-165) .
2006-02-03 19:53:08 +00:00
Luke Taylor
436fcde10b
Change apacheds to version 0.9.4-SNAPSHOT, add slf4j-log4j12 dep
2006-02-02 19:58:46 +00:00
Carlos Sanchez
3036b5d46b
Spring mock is required for compilation
2006-02-01 19:16:46 +00:00
Ben Alex
9771b7817a
SEC-144: Separate SecurityEnforcementFilter from FilterSecurityInterceptor.
2006-01-28 22:54:23 +00:00
Ben Alex
fa4c2a6ade
Correct bug with SEC-120 location of where filter chain proceeds.
2006-01-28 22:52:17 +00:00
Ben Alex
823f93fe3b
SEC-163: Fix ClassCastException bug in MethodInvocationUtils, and add test to prove correct functionality.
2006-01-28 21:33:35 +00:00
Ben Alex
ce907f2ddc
SEC-153: Improve toString() method.
2006-01-28 01:30:46 +00:00
Ben Alex
484b0e3a51
SEC-126: Initial commit of WebInvocationPrivilegeEvaluator feature.
2006-01-28 01:26:58 +00:00
Ben Alex
0c89822c56
SEC-162: Properly handle null Authentication.
2006-01-28 01:24:52 +00:00
Ben Alex
c8c7c24822
SEC-120: Remember-me to delegate to AuthenticationManager so authentication-specific behaviour (such as concurrent user management) can be applied.
2006-01-28 01:22:36 +00:00
Luke Taylor
9062b4c352
Improved solution to 1.4-compatible IllegalArgumentException with "cause" exception (as suggested on dev list).
2006-01-27 18:53:37 +00:00
Luke Taylor
fbe5957c23
Add support for ldaps:// urls. (Fix for SEC-146).
2006-01-27 18:28:13 +00:00
Ben Alex
82be52cea0
SEC-123: Remove exception from no-arg constructor.
2006-01-27 05:26:46 +00:00
Ben Alex
ea182f73fe
SEC-145: Include nested exception.
2006-01-27 05:17:13 +00:00
Ben Alex
2459858f48
SEC-132: Refactor out getSessionId() to interface, so different Authentication.getDetails() implementations can be used.
2006-01-27 05:10:30 +00:00
Ben Alex
07ed2ca2f0
Initial commit.
2006-01-27 05:09:57 +00:00
Ben Alex
ab223b8423
SEC-156: Use getName() instead of toString() as getName() is always the username whereas toString() contains extra information if the Authentication.getPrincipal() has been converted to a UserDetails.
2006-01-27 04:52:46 +00:00
Ben Alex
8f6275ab3e
SEC-155: BasicaclEntryCache to provide "remove from cache" support.
2006-01-27 04:42:39 +00:00
Ben Alex
449e395181
Reformat code.
2006-01-27 04:42:15 +00:00
Ben Alex
e675c89e28
Remove unused imports.
2006-01-27 04:41:32 +00:00
Ben Alex
5e258cc201
SEC-161: Truncate everything after ? in URL.
2006-01-27 03:30:01 +00:00
Ben Alex
49a917b08d
Remove extra dependency on Commons Lang. This dependency is only required by the domain subproject, not the core security project.
2006-01-27 03:18:34 +00:00
Luke Taylor
13a0784736
Replaced use of Java 1.5 IllegalArgumentException constructor.
2006-01-27 01:20:15 +00:00
Luke Taylor
2b0a65983d
Removed unused logger.
2006-01-26 20:48:49 +00:00
Luke Taylor
f9e043d43a
added commons lang dependency
2006-01-26 20:02:26 +00:00
Luke Taylor
17b3424b85
Javadoc typos.
2006-01-26 14:55:13 +00:00
Ben Alex
4024f124b9
SEC-154: Support Hibernate/CGLIB modified domain objects.
2006-01-26 10:27:32 +00:00
Ben Alex
a7ebe51fc8
SEC-135: Additional logging of votes in BasicAclEntryVoter.
2006-01-26 10:04:36 +00:00
Ben Alex
f4c1b81a9c
SEC-150: Expand exception message.
2006-01-26 10:00:59 +00:00
Ben Alex
37802e3748
SEC-138: Make exception output to Commons Logging, not system console.
2006-01-26 09:36:48 +00:00
Ben Alex
10541fc9db
SEC-137: Correct stack overflow with MethodInvocation.createFromClass(Class, Method).
2006-01-26 09:28:30 +00:00
Ben Alex
e5c538d1a5
SEC-125: Provide hashCode() method for AbstractAuthenticationToken.
2006-01-26 09:23:03 +00:00
Luke Taylor
63682a9c5d
Javadoc typos.
2006-01-25 17:04:58 +00:00
Luke Taylor
fe2f4e4a3b
Added setter method to allow connection pooling to be disabled.
2006-01-25 17:04:02 +00:00
Ray Krueger
b20c0a674a
Fixed NPE see SEC-143
2006-01-16 23:56:04 +00:00
Luke Taylor
38629f159a
Added default role option to authorities populator.
2006-01-13 21:13:53 +00:00
Luke Taylor
63dcdec1b7
Corrected more Jalopy screwy formatting.
2006-01-06 02:00:41 +00:00
Luke Taylor
22b0e1613c
Addition of package.html files. Minor formatting.
2006-01-05 19:59:04 +00:00
Luke Taylor
2f53f0e7d7
Message string changed to reflect class name changes.
2006-01-05 01:11:45 +00:00
Luke Taylor
affa500778
Message string changed to reflect class name changes.
2006-01-05 01:02:49 +00:00
Luke Taylor
d7ae1ad21b
Refactoring to reduce code duplication, remove config files and use JMock to enforce expectations on whether FilterChain proceeds or not.
2006-01-05 00:59:10 +00:00
Luke Taylor
0202b47346
Switched to using JMock methods for dummy objects.
2006-01-04 23:31:34 +00:00
Luke Taylor
4063a87dbf
Changed to use parent method for Mock creation rather than new operator.
2006-01-04 23:25:40 +00:00
Luke Taylor
f9d0ee209b
Changed FilterInvocationDefinitionSourceEditor to complain if the parsed URL or the config attribute is empty or null. Plus some comment tidying.
2006-01-04 21:35:10 +00:00
Luke Taylor
56bccf6070
Added MessageSource support for LDAP provider classes.
2006-01-03 20:31:19 +00:00
Luke Taylor
e81be72bd7
Changed test to use tested class rather than interface name. Added test for service detection style URLs.
2006-01-01 15:11:54 +00:00
Carlos Sanchez
1dfc42550f
Add spring-mock to dependency management
...
Add ldap dependencies
Simplify spring dependencies
2005-12-25 00:21:49 +00:00
Ben Alex
6b1f97a381
Resolve compiler warnings.
2005-12-24 10:03:18 +00:00
Carlos Sanchez
b0d65259b6
Changed groupId to org.acegisecurity
2005-12-22 16:40:22 +00:00
Carlos Sanchez
f226dfb67f
Use ISO encoding to avoid problems
2005-12-22 16:27:44 +00:00
Carlos Sanchez
0c9e1769a4
Improved m2 poms
2005-12-22 15:54:37 +00:00
Carlos Sanchez
f662ed5890
Ignore eclipse project files
2005-12-22 13:41:33 +00:00
Luke Taylor
9b5aa159aa
Correct screwy formatting.
2005-12-22 01:42:27 +00:00
Luke Taylor
3977e3b822
Refactored to remove unnecessary null check in createSuccessAuthentication. Removed several legacy references to AuthenticationDao in Javadoc.
2005-12-22 01:30:53 +00:00
Luke Taylor
5b076c79d1
Changed to use a Set rather than array index to check for the presence of granted authorities as the ordering of the latter couldn't be guaranteed.
2005-12-22 01:22:09 +00:00
Luke Taylor
41a95b11cd
Corrected wrong package name in Javadoc.
2005-12-22 01:18:32 +00:00
Luke Taylor
8f725f7a74
Removed no-arg constructor from UsernamePasswordAuthenticationToken.
2005-12-22 01:16:16 +00:00
Luke Taylor
c378779610
Removed printStackTrace from expected exception.
2005-12-22 01:15:25 +00:00
Luke Taylor
09cef7adc2
Refactoring to remove encodeInternal method. Same as recent changes to SHA encoder.
2005-12-21 16:41:52 +00:00
Luke Taylor
2d1dd7b292
Restoring author/version tags, some minor comments.
2005-12-21 00:48:57 +00:00
Luke Taylor
20d69e2734
Tidying up some Jalopy weirdness.
2005-12-21 00:39:36 +00:00
Luke Taylor
dc728987f4
Changed LdapDataAccessException to extend AuthenticationServiceException.
2005-12-21 00:14:15 +00:00
Luke Taylor
0f678d53ba
Javadoc typo in tag.
2005-12-21 00:00:02 +00:00
Luke Taylor
911be66513
Move LdapUserSearch into main provider package and separate out its current implementation as it may be used for more than authentication.
2005-12-20 23:58:35 +00:00
Luke Taylor
b01bf0b878
Expanded Javadoc.
2005-12-20 23:26:38 +00:00
Luke Taylor
1549ec55b1
Switch to embedded context version of apache DS (no socket nonsense etc.)
2005-12-20 23:08:54 +00:00
Luke Taylor
9554dc50bc
Pull functionality for hiding UsernameNotFoundException's up into AbstractUserDetailsAuthenticationProvider.
2005-12-19 17:23:34 +00:00
Luke Taylor
929b08c085
Spring config for ApacheDS is no longer used.
2005-12-19 17:04:09 +00:00
Luke Taylor
069f78c00b
Move the apacheDS working directory to java.io.tmpdir
2005-12-19 17:01:25 +00:00
Luke Taylor
1f66750e24
Added support for multiple DN patterns. Changes to favour constructor injection for mandatory properties. Renamed LdapUserInfo to prevent confusion with UserDetails interface.
2005-12-18 21:14:27 +00:00
Luke Taylor
e3b728cc9a
Javadoc typos.
2005-12-18 15:02:17 +00:00
Luke Taylor
40f50498b2
Re-enable some tests which partially work with embedded ApacheDS.
2005-12-16 18:26:23 +00:00
Luke Taylor
bfb4fb81d4
Remove messages about existing data.
2005-12-16 02:47:47 +00:00
Luke Taylor
f9c88adfa9
Switch to embedded server and disable tests which cause problems with apacheDS for the time being.
2005-12-16 02:23:06 +00:00
Luke Taylor
53252d258f
Set extra properties on InitialDirContextFactory and corrected group search filter.
2005-12-16 01:28:29 +00:00
Luke Taylor
1db1a3cd62
Changes try to get Ldap tests working with the possibility of using a non-networked embedded server.
2005-12-16 01:07:31 +00:00
Luke Taylor
45e2f9dac4
Removed internal encoding method to make subclassing work.
2005-12-16 00:59:29 +00:00
Luke Taylor
781ed0f380
Switch to local url.
2005-12-15 03:45:48 +00:00
Luke Taylor
d014411d48
Corrections to DIT for apache-ds tests.
2005-12-15 02:16:13 +00:00
Luke Taylor
ce3d6f2129
Initial LDAP provider checkin.
2005-12-15 00:18:13 +00:00
Ben Alex
a1037ddc87
Prepare 1.0.0 RC1.
2005-12-04 11:20:52 +00:00
Ben Alex
d89c6c0a74
SEC-118: Wrong logger class corrected.
2005-12-04 10:48:33 +00:00
Ben Alex
ee48f38ff0
SEC-116: Correct JavaDocs.
2005-12-02 12:14:38 +00:00
Ben Alex
75a9784028
SEC-58: Initial commit of Velocity helper.
2005-12-01 09:38:50 +00:00
Ben Alex
b16ce31c5b
Prove placeholders work correctly.
2005-12-01 00:30:18 +00:00
Ben Alex
2c28ff4fd1
SEC-56: Further improvements to localization.
2005-11-30 01:23:36 +00:00
Ben Alex
62fde4ede3
SEC-107: Finalize rename of AuthenticationDao to UserDetailsService with corresponding change in package from .providers.dao to .userdetails.
2005-11-30 00:20:13 +00:00
Ben Alex
a6e23d79ae
SEC-107: Rename AuthenticationDao to UserDetailsService.
2005-11-29 13:10:15 +00:00
Ben Alex
6144e1664e
SEC-108: Make fields protected.
2005-11-29 02:43:35 +00:00
Ben Alex
6585c2b391
Allow subclasses to make modifications to GrantedAuthority[].
2005-11-26 13:27:30 +00:00
Ben Alex
fddcd6112e
SEC-56: Add localisation support.
2005-11-26 05:11:53 +00:00
Ben Alex
f4c3e2ff8c
Use Spring Assert for cleaner code.
2005-11-26 04:18:21 +00:00
Ben Alex
e53a00371c
Use logger instead of System.out.println().
2005-11-26 04:10:05 +00:00
Ben Alex
218fcf5b24
SEC-3: Add static method so digest-compatible passwords can be stored in database.
2005-11-25 05:20:57 +00:00
Ben Alex
bb2ac126b7
SEC-47: AbstractSecurityInterceptor to reject secure object invocations which do not have configuration attributes defined.
2005-11-25 04:56:01 +00:00
Ben Alex
27f47673ad
SEC-106: Use getMethod() instead of getDeclaredMethod() so that methods defined in principal Object superclasses are accessible.
2005-11-25 04:40:27 +00:00
Ben Alex
9ccaf05cc7
SEC-112: Bug when SecurityEnforcementFilter used with disabled Authentication and remember-me services.
2005-11-25 04:38:18 +00:00
Ben Alex
47166fe078
SEC-110: ProviderManager to properly handle ConcurrentLoginException.
2005-11-25 04:33:40 +00:00
Ben Alex
58b8b840b3
SEC-105: Correct incorrect JavaDocs.
2005-11-25 04:29:32 +00:00
Ben Alex
969bbff00c
SEC-18: Preemptive method invocation security checking helper.
2005-11-25 04:18:34 +00:00
Ben Alex
731d7b2e89
SEC-113 Provide MethodInvocationUtils.
2005-11-25 04:17:25 +00:00
Ben Alex
72256a225f
SEC-73: Support storage and retrieval of actual Principal object (such as UserDetails) from PrnicipalAcegiUserToken.
2005-11-25 00:26:30 +00:00
Luke Taylor
7847af2664
Fix for SEC-111. Added a try/finally block to make sure context is always reset after the invocation.
2005-11-23 16:09:44 +00:00
Ben Alex
6a1a4abb1d
SEC-104: Move to org.acegisecurity package.
2005-11-17 00:56:49 +00:00
Scott McCrory
79c3ba521b
Resolved and/or inhibit build warnings as seen in Eclipse 3.1. Please refer to http://opensource2.atlassian.com/projects/spring/browse/SEC-93 for more info.
2005-11-11 22:37:38 +00:00
Ben Alex
b1d247835a
Stop causing an exception when there is no AuthenticationException to ApplicationEvent mapping. Requested by Brian Moseley on acegisecurity-developer 10 November 2005.
2005-11-10 00:41:54 +00:00
Ben Alex
c167e9fd87
Change SecurityContextHolder to ThreadLocal due to IBM JDK 1.3 issues as described at http://tinyurl.com/8zhka and reported by Scott McCrory on acegisecurity-developer 8 November 2005.
2005-11-08 22:07:33 +00:00
Scott McCrory
b938b6b363
Increased SiteminderAuthenticationProcessinfFilter test coverage from 70% to 93%.
2005-11-08 02:55:48 +00:00
Ben Alex
df9deea4de
Only clear SecurityContextHolder if the Authentication object has not changed.
2005-11-08 01:39:27 +00:00
Scott McCrory
97f3ad79cb
Removed unused imports & organized the remnants.
2005-11-07 03:32:18 +00:00
Ben Alex
55f5093ec7
SEC-94: DaoAuthenticationProvider to include UserDetails in BadCredentialsException.
2005-11-07 03:04:47 +00:00
Scott McCrory
309b559a8f
Removed unused imports.
2005-11-06 23:00:31 +00:00
Luke Taylor
e02dbd5c34
Changed class names to match new context classes.
2005-11-06 22:00:27 +00:00
Luke Taylor
0aef31d302
Converted ApplicationContextAware classes to ApplicationEventPublisherAware (SEC-69).
2005-11-06 21:11:25 +00:00
Luke Taylor
6511677f93
Moved duplicate setting of null authentication to setUp method.
2005-11-06 21:06:53 +00:00
Luke Taylor
bba77b64e9
Corrected javadoc
2005-11-06 21:01:21 +00:00
Luke Taylor
5cb7575b2b
Corrected references to old context class names in Javadoc and logging.
2005-11-05 18:49:55 +00:00
Ben Alex
5a51f391a4
Add UsernameNotFoundException to default exception to event mappings list.
2005-11-05 09:20:14 +00:00
Ben Alex
aa4fd8586c
Fix concurrent session interaction bug where UserDetails.getUsername() may have been override to be a different value than the original login request, as per email from Herryanto Siatono on acegisecurity-developer 5 November 2005.
2005-11-05 03:50:22 +00:00
Ray Krueger
0aa4989dad
JaasAuthenticationProvider no longer supports the useSystemProperty setting.This is because it no longer uses the java.security.auth.login.config system property for configuring Jaas. Custom Jaas configuration needs can be implemented in a subclass that overrides the configureJaas method.
...
JaasAuthenticationProvider now handles logout by associating the LoginContext with a new JaasAuthenticationToken
2005-11-04 15:02:27 +00:00
Ray Krueger
6049e9ac65
Removed string concatenation from buffer.append methods
2005-11-04 14:54:25 +00:00
Ben Alex
9be82a3d8f
SEC-67: Enhance taglib to allow retrieval of custom UserDetails methods.
2005-11-03 13:51:55 +00:00
Ben Alex
31a1f0be1a
SEC-52: Move potentially useful methods to an abstract superclass so that other voters can use them.
2005-11-03 13:47:44 +00:00
Ben Alex
6e389ca1b8
SEC-51: Use long instead of int for ACL primary keys.
2005-11-03 13:38:45 +00:00
Ben Alex
633f2cfe66
SEC-39: Add equals(Object) method to User.
2005-11-03 13:20:26 +00:00
Ben Alex
7faf2741f1
SEC-32: Patches to move isPermissable(int) method to the BasicAclEntry interface. Thanks to Andres March for this patch.
2005-11-03 13:08:43 +00:00
Ben Alex
a42dec6fbf
SEC-21: Initial commit.
2005-11-03 12:56:27 +00:00
Ben Alex
e9b1d9452f
SEC-9 and SEC-55: Refactor DaoAuthenticationProvider and deprecate PasswordDaoAuthenticationProvider.
2005-11-03 11:31:23 +00:00
Ben Alex
f50cbd31ba
SEC-38: Make InMemoryDaoImpl support external Properties objects.
2005-11-03 10:05:02 +00:00
Ben Alex
0d77abb9c1
SEC-64: Correct operation with Orion Web Application Server. Patch thanks to Paul Brooks.
2005-11-03 09:48:52 +00:00
Ben Alex
d9be0f86fd
SEC-53: BasicProcessingFilter only to reauthenticate if the SecurityContextHolder contains an unauthenticated Authentication, or an Authentication with a different username.
2005-11-03 09:45:30 +00:00
Ben Alex
690ab27a52
SEC-70 and SEC-71: Refactor event publishing.
2005-11-03 09:23:49 +00:00
Ben Alex
b6dbfde55c
SEC-70: Refactor event publishing.
2005-11-03 06:55:47 +00:00
Ben Alex
3811200599
Improve debug output.
2005-11-03 06:51:30 +00:00
Ben Alex
2cbe42f493
SEC-7: Allow better chaining of authentication providers.
2005-11-03 04:14:12 +00:00
Ben Alex
42c47c086a
JavaDocs formatting.
2005-11-03 04:13:56 +00:00
Luke Taylor
f8b0de3459
Corrected Javadoc link to interface name.
2005-11-01 14:22:08 +00:00
Marc-Antoine Garrigue
5235727d23
SEC-2
...
Refactor the CaptchaChannelProcessor and extract a CaptchaChannelProcessor that is an abstract class and add its implementations.
Jalopy on all java files.
2005-10-24 17:08:18 +00:00
Ben Alex
1ae07779a2
SEC-710: Refactor concurrent session handling support.
2005-10-22 01:53:03 +00:00
Ben Alex
a5ffda7369
SEC-63: Do not return an absolute URL unless switching from HTTP to HTTPS.
2005-10-21 08:00:15 +00:00
Ben Alex
c6d5363e5d
SEC-60: Make method more friendly towards Hibernate detached object. Please note my comments in the JIRA task, as I believing calling toString() is not an unreasonable expectation.
2005-10-21 07:53:34 +00:00
Ben Alex
d49198a944
SEC-43: Eliminate id column.
2005-10-21 07:32:48 +00:00
Ben Alex
41202112bc
SEC-37: Only update HttpSession if SecurityContext has actually been changed.
2005-10-21 07:26:16 +00:00
Ben Alex
494e35f009
Jalopy styling.
2005-10-21 07:23:33 +00:00
Luke Taylor
24a78be159
Corrected link in Javadoc.
2005-10-19 21:19:16 +00:00
Luke Taylor
c065c46668
Javadoc correction: ContextHolder -> SecurityContextHolder
2005-10-18 15:44:22 +00:00
Luke Taylor
df4b8f602f
Javadoc correction: SecureContext -> SecurityContext
2005-10-18 15:43:41 +00:00
Carlos Sanchez
b2363dfe07
SEC-62 Add maven 2 support
2005-10-06 20:53:08 +00:00
Ray Krueger
a39339674e
login.config.url should be set to a url, not a file path
...
The System property java.security.auth.login.config will only be used if the useSystemProperty option is enabled. This is the default.
2005-09-26 14:14:42 +00:00
Scott McCrory
bc14dd62db
Fixed CVS line break
2005-09-25 22:49:45 +00:00
Scott McCrory
4717b64b83
Updated Siteminder auth processing filter and added test case. As of this weekend, this version is in production at a large financial org.
2005-09-25 22:48:33 +00:00
Ben Alex
0f5e9ad372
Fix NPE. Thanks to Tom Dunstan.
2005-09-22 01:49:12 +00:00
Ben Alex
f5741962ed
Add createSessionAllowed property, which should be set to false to avoid unnecessary session creation.
2005-09-22 00:54:27 +00:00
Marc-Antoine Garrigue
60d3b6505b
Finalizing the validation, entry point and channel processor concerning captchas. Replacing the Thread.sleep() in captchaChannelProcessorTest to avoid the build break issue.
2005-09-20 12:24:47 +00:00
Mark St. Godard
fb3f4af3b2
when extracting the original user, fix by referencing by the interface (UserDetail) rather than the concrete class (User)
2005-09-20 02:28:01 +00:00
Mark St. Godard
24394b7b2b
added fix to preserve custom UserDetails implementations (Matt DeHoust fix recommendation)
2005-09-19 02:22:44 +00:00
Ben Alex
d44b570087
Disable failing tests until Marc-Antoine has a chance to look at them.
2005-09-18 22:38:37 +00:00
Ben Alex
ae9e7733db
Fix broken tests.
2005-09-18 22:38:05 +00:00
Ben Alex
35ca25f085
BasicAuthenticationProcessingFilter no longer creates HttpSession via WebAuthenticationDetails call.
2005-09-08 11:15:48 +00:00
Ben Alex
c7dcceb05c
Do not setAuthenticated(false) in the event of a public (unsecured) invocation. Thanks to Joseph Dane for reporting this issue on acegisecurity-developer on 3 September 2005.
2005-09-08 09:32:24 +00:00
Mark St. Godard
486bbee35d
added context path to redirect
2005-09-03 21:43:08 +00:00
Mark St. Godard
9d359780d9
finish user context switch event publishing
2005-09-03 20:24:35 +00:00
Mark St. Godard
20ebb668a6
Added event for user context switching and updated switch user filter
2005-08-25 02:59:19 +00:00
Ben Alex
55f5c3397a
Relocated JdbcDaoExtendedImpl.convertAclObjectIdentityToString to superclass (pursuant to suggestion made by Tim Kettering on acegisecurity-developer).
2005-08-23 22:45:17 +00:00
Ray Krueger
2bda6ec25c
Fix: SEC-48 http://opensource2.atlassian.com/projects/spring/browse/SEC-48
...
If the principal is an instanceof UserDetails, UserDetails.getUsername();
2005-08-23 15:15:06 +00:00
Ben Alex
40a81ed220
Revisit synchonization issue and correct problem identified by Volker Malzahn.
2005-08-21 10:10:16 +00:00
Mark St. Godard
ec5e39c2e8
Initial checkin of user security context switching (see SEC-15). This is the first cut of the SwitchUserProcessingFilter that handles switching to a target uesr and exiting back to the original user. Note: This is going to be used for the common use-case of an Administrator 'switching' to another user (i.e. ROLE_ADMIN -> ROLE_USER). This is the initial cut of a Unix 'su' for Acegi managed web applications.
2005-08-04 05:49:12 +00:00
Luke Taylor
725ec767b6
Javadoc typo corrected (as suggested on mailing list)
2005-08-01 20:05:02 +00:00
Scott McCrory
c2c48b905b
Added package.html files to reamining java packages (see http://opensource.atlassian.com/projects/spring/browse/SEC-41 )
2005-07-26 01:54:18 +00:00