Commit Graph

864 Commits

Author SHA1 Message Date
Martin Stockhammer e9bc481884 Adding port check for Referer header 2017-01-30 22:42:33 +01:00
Martin Stockhammer 95f1b3e430 Implementing Header verification for REST API calls
Implementing header verification techniques mentioned in:
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Verifying_Same_Origin_with_Standard_Headers
2017-01-30 20:37:15 +01:00
olivier lamy d45870b377 bump spring version to 4.3.5
Signed-off-by: olivier lamy <olamy@apache.org>
2017-01-01 09:43:41 +01:00
olivier lamy 90d8515ff4 add used dependency spring-aop
Signed-off-by: olivier lamy <olamy@apache.org>
2017-01-01 09:33:48 +01:00
olivier lamy 0537b8562e get rid of all jdo jpox dependencies
Signed-off-by: olivier lamy <olamy@apache.org>
2016-12-31 10:21:49 +01:00
olivier lamy effc4a280b format pom
Signed-off-by: olivier lamy <olamy@apache.org>
2016-12-31 10:08:30 +01:00
olivier lamy 9b2f812568 simplify pom
Signed-off-by: olivier lamy <olamy@apache.org>
2016-12-31 10:07:19 +01:00
Martin Stockhammer 2add792524 Set JPA as default and only database backend
Remove JDO dependencies and set the JPA implementations as only implementation
for database backend providers. Uses the same database as JDO before.
2016-12-30 15:33:17 +01:00
Martin Stockhammer 96b6771e7f Remove schema types in annotation 2016-12-28 19:52:28 +01:00
olivier lamy 09b5fab0d2 fix duplicate dependency
Signed-off-by: olivier lamy <olamy@apache.org>
2016-12-05 21:14:56 +11:00
Martin Stockhammer e55262c8cc Add schema changes for compatibility with JDO implementation 2016-11-19 23:26:08 +01:00
Martin Stockhammer 7482c06fcd Fix schema settings 2016-11-16 21:07:08 +01:00
Martin Stockhammer 78e37f700a Change comments 2016-11-06 12:47:23 +01:00
Martin Stockhammer 13aa63a4e5 Add JPA Key Provider 2016-11-04 08:02:57 +01:00
Martin Stockhammer 5420374314 Override method to activate transaction handling 2016-10-25 15:55:59 +02:00
Martin Stockhammer b6a3d01360 Add exception handler 2016-10-25 15:53:59 +02:00
Martin Stockhammer 45b429e778 Add jpa config to test spring contexts 2016-10-25 15:52:26 +02:00
Martin Stockhammer 994c7cb42f Fix maven dependencies 2016-10-21 22:09:32 +02:00
Martin Stockhammer 6f7fa90562 Add transaction annotation and dependencies 2016-10-21 20:11:47 +02:00
Martin Stockhammer c4fc7ffc73 Adding Transaction annotation and fixing tests 2016-10-19 23:28:28 +02:00
Martin Stockhammer a2441c5e41 Merge branch 'master' into jpa 2016-10-16 20:09:01 +02:00
Martin Stockhammer 78d822d145 Fixing validation error in unit tests 2016-10-16 17:18:42 +02:00
Martin Stockhammer 2aa6cdf6c6 Adding flag for authenticator to avoid autowiring exceptions
Adds a isValid() method to the authenticator to avoid exceptions during
initialization.
2016-10-16 17:18:42 +02:00
Martin Stockhammer 8fd7112762 Changing transaction handling 2016-10-14 21:39:36 +02:00
Martin Stockhammer 8d9f47436e JPA bytecode enhancement 2016-10-09 21:13:18 +02:00
Martin Stockhammer e2581cd127 Merge branch 'validauth' into jpa 2016-10-04 20:46:28 +02:00
Martin Stockhammer 7e83bebcec Adding flag for authenticator to avoid autowiring exceptions
Adds a isValid() method to the authenticator to avoid exceptions during
initialization.
2016-10-03 19:36:13 +02:00
Ciprian Ciubotariu c9ca73b94c Use NamingManager instead of LdapCtxFactory
Fixes deprecation warnings on LdapCtxFactory
2016-10-03 18:32:52 +03:00
Martin Stockhammer e217190250 Adding version for dependencies 2016-10-02 20:15:49 +02:00
Martin Stockhammer d785f13635 Adding spring context for rbac module 2016-10-02 20:15:26 +02:00
Martin Stockhammer f8ee2af825 Adding explicit dependencies for JPA user/rbac implementations 2016-10-02 20:14:34 +02:00
Martin Stockhammer ac89b6bb2d Adding final flag to jpa implementations 2016-10-02 20:14:10 +02:00
Martin Stockhammer 4586b826d9 Fixing path of spring context file 2016-10-02 19:25:20 +02:00
Martin Stockhammer 30c3441cd4 Adding order columns to persistence schema 2016-09-30 22:38:08 +02:00
Martin Stockhammer f3bcedfdf8 Setting database schema names from JDO 2016-09-30 22:37:22 +02:00
Martin Stockhammer 9e09e8f0cf Removing datasource from test persistence config 2016-09-30 22:36:39 +02:00
olivier lamy c49cb230eb unused imports
Signed-off-by: olivier lamy <olamy@apache.org>
2016-09-28 12:44:40 +10:00
Martin Stockhammer 62efc70bd2 Adding JPA implementation of users and rbac provider
Uses OpenJPA
2016-09-27 23:13:03 +02:00
olivier lamy d17c6ffb9d use last parent snapshot
Signed-off-by: olivier lamy <olamy@apache.org>
2016-09-14 22:00:41 +10:00
olivier lamy 11b2cdbae0 Merge branch 'pr/10'
[MRM-1923] merge pr
2016-09-13 10:55:00 +10:00
olivier lamy 8e98a8aa9e Merge branch 'pr/9'
closed #9
[MRM-1908] Logged on users can write any repository
2016-09-13 10:49:27 +10:00
olivier lamy 87e1950057 Merge branch 'pr/7'
close #7
2016-09-09 21:47:52 +10:00
olivier lamy 780b1b7bb7 Merge branch 'pr/6' #6
close #6
2016-09-09 21:46:39 +10:00
Martin Stockhammer 5ce2714a37 Fixing bind issue with certain ldap servers, when user not found
Subsequent calls of NamingResult#hasMoreElements returns different values in some
environments and situations.
e.g. it occured on IBM JDK 7 with Windows Active Directory LDAP when the first value of 'hasMoreElements'
was false.
The first value is cached now.
2016-09-09 10:03:27 +02:00
Martin Stockhammer 796af57be2 Adding parameter references in authorization resource
In certain cases the resource must be dynamically set by parameter values.
This patch allows to add a reference into the resource field of the redback
annotation '{parameterName}' that fills the resource of the permission dynamically
with the parameter value, if found.
2016-09-09 09:40:29 +02:00
Ciprian Ciubotariu 3ef0e5931e Beautify case of default ldap group attribute
More of a style issue, since attribute descriptions are case insensitive
according to RFC4512.
2016-09-07 16:28:04 +03:00
Ciprian Ciubotariu 0dc00492ed Ignore Netbeans artifacts 2016-09-07 00:30:14 +03:00
olivier lamy c02519d5a6 change target back to 1.6 2016-07-20 23:54:43 +02:00
olivier lamy e2909f2956 [MRM-1827] Redback core fail with jdk 1.7 (compiler target 1.7) use new bcel 6.0 2016-07-20 23:37:47 +02:00
olivier lamy 3d266df48d [maven-release-plugin] prepare for next development iteration 2016-05-20 12:55:38 +10:00