Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-07 03:02:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,597 Commits 44 Branches 348 Tags
Commit Graph

2949 Commits

Author SHA1 Message Date
Luke Taylor
5bb558bd6a SEC-777: The disabled status cannot be set in <user-service> 
http://jira.springframework.org/browse/SEC-777. Added the disabled flag to the relax grammar file.
 2008-04-21 15:59:08 +00:00
Luke Taylor
993fdd7a32 Added better toString() method to OrderedFilterDecorator to make it report the delegate filter information. 2008-04-21 12:53:54 +00:00
Luke Taylor
469f55ce05 SEC-773: global-method-security fails with JPA 
http://jira.springframework.org/browse/SEC-773. Added extra constructor to MethodDefinitionSourceAdvisor to allow for lazy initialization of the advice (MethodSecurityInterceptor), and in turn the AuthenticationManager and ay referenced UserDetailsService implementations.
 2008-04-18 13:15:56 +00:00
Luke Taylor
7238097310 OPEN - issue SEC-775: CLONE -impossible to specify "observeOncePerRequest" property in the namespace based configuration. 
http://jira.springframework.org/browse/SEC-775. Corrected check for value of observe-once-per-request attribute. Should be a check for "false" as it is true by default.
 2008-04-15 16:57:47 +00:00
Ben Alex
4d714b33e0 SEC-770: Mark old org.springframework.security.acl module as @deprecated. 2008-04-14 06:50:01 +00:00
Luke Taylor
57b5f38df1 OPEN - issue SEC-769: Remember-Me functionality not available in namespace configuration 
http://jira.springframework.org/browse/SEC-769. I've added a check in FormLoginBeanDefintionParser to see if RememberMeServices is registered. If so, it will inject the bean into the filter. Also added a check in HttpSecurityBeanDefinitionParserTests that the field has been set.
 2008-04-13 22:11:09 +00:00
Luke Taylor
4ae40150c9 SEC-752: ClassLoading in GlobalMethodSecurityBeanDefinitionParser doesn't work in tooling 
http://jira.springframework.org/browse/SEC-752. Removed check for JSR-250 class.
 2008-04-13 20:59:39 +00:00
Luke Taylor
552dc6486a SEC-703: Expose customization of SQL used by <jdbc-user-service> 
http://jira.springframework.org/browse/SEC-703. Added suggested attributes for sql queries.
 2008-04-13 20:51:40 +00:00
Luke Taylor
d6e5dbbcfd SEC-767: Added override for flushBuffer in response wrapper. 2008-04-13 20:22:31 +00:00
Luke Taylor
9d54c2d22b OPEN - issue SEC-637: Dependency on RequestUtils 
http://jira.springframework.org/browse/SEC-637. Removed use of ServletRequestUtils in AbstractRememberMeServices
 2008-04-13 12:53:01 +00:00
Luke Taylor
83c152e379 SEC-768: Changed exception to error reported through parser context. Added entry-point-ref to cas config 2008-04-13 00:02:46 +00:00
Luke Taylor
a2f4ee1c58 SEC-767: Added check for committed response before attempting to create a new session 2008-04-12 23:18:03 +00:00
Luke Taylor
d0ae8e072d Refactored out safeGetHttpSession method to remove multiple try/catch IllegalArgumentException blocks round request.getSession() calls. 2008-04-12 15:01:52 +00:00
Luke Taylor
6b86b05a0a Removed autoboxing 2008-04-11 23:22:36 +00:00
Luke Taylor
d288f722a8 OPEN - issue SEC-759: GrantedAuthoritiesContainer should extend Serializable 
http://jira.springframework.org/browse/SEC-759. Added Serializable to interface.
 2008-04-11 17:25:41 +00:00
Luke Taylor
3b3d339393 SEC-764: Added support for "position" attribute. Also added "LAST" as an option for filter position. 2008-04-11 17:01:08 +00:00
Luke Taylor
7145198e5a OPEN - issue SEC-763: Allow setting of alwaysUseDirectTargetUrl via form-login namespace URL 
http://jira.springframework.org/browse/SEC-763. Added always-use-default target attribute to namespace.
 2008-04-11 12:03:55 +00:00
Luke Taylor
a3de51ea51 Fixed typo in constant name. 2008-04-09 23:41:27 +00:00
Luke Taylor
029f8a2409 Made test method getFilters on FilterChainProxy default access. 2008-04-07 22:41:50 +00:00
Luke Taylor
a2d2c6b67a Corrected element name. 2008-04-07 22:28:47 +00:00
Luke Taylor
243b5f4a2a SEC-746: impossible to specify errorPage for the AccessDeniedHandlerImp when using namespace based configuration 
http://jira.springframework.org/browse/SEC-746. Added access-denied-page to http element.
 2008-04-07 22:17:09 +00:00
Luke Taylor
f57ba43780 SEC-673: Reinstated a bean registration that had accidentally bean removed by the last patch, breaking core-tiger tests. 2008-04-07 21:05:13 +00:00
Luke Taylor
80dbc4fd75 SEC-673: Applied patch from Christian. 2008-04-07 20:20:58 +00:00
Luke Taylor
594b69b7ef SEC-754: Changed tests to use unicode escapes rather than explicit UTF-8. 2008-04-07 18:05:45 +00:00
Luke Taylor
236e310ea7 SEC-747: impossible to specify "observeOncePerRequest" property in the namespace based configuration. 
http://jira.springframework.org/browse/SEC-747. Added once-per-request attribute to http element.
 2008-04-07 15:30:27 +00:00
Luke Taylor
6612d0f729 SEC-754: Fixed wrong array length and added tests for encoding non-ascii password. 2008-04-07 14:13:40 +00:00
Luke Taylor
92ad1ecf81 Typo in Javadoc. 2008-04-06 00:08:41 +00:00
Luke Taylor
67d5a5b814 SEC-750: Support for JPA PersistenceContext annotation broken 
http://jira.springframework.org/browse/SEC-750. Updates to prevent the HttpSecurityPostProcessor from causing beans to be instantiated. Added a simplified test case to HttpSecurityBeanDefinitionParserTests.
 2008-04-06 00:04:50 +00:00
Luke Taylor
a43d054bd7 Removed comment about status checking as it is not entirely correct and misleads people. 2008-04-04 19:40:28 +00:00
Luke Taylor
3cb504fa95 Fixed jdk 1.4 compatibility issues 2008-04-01 14:32:31 +00:00
Luke Taylor
e05d1da102 Refactored AuthenticationUserDetailsService to userdetails package as it isn't preauth specific 2008-03-31 23:08:30 +00:00
Luke Taylor
f898bec370 OPEN - issue SEC-742: IllegalArgumentException if namespace configuration defines RememberMeServices without BasicProcessingFilter 
http://jira.springframework.org/browse/SEC-742. Fix. Post processor was assuming there was a BasicProcessinFilter in the app context when a remember-me services was present.
 2008-03-31 22:44:11 +00:00
Luke Taylor
c347834401 OPEN - issue SEC-605: JdbcDaoImpl of UserDetailsService should provide a method for customizing creation of the final UserDetails object 
http://jira.springframework.org/browse/SEC-605. Added a createUserDetails method and also some other methods which are responsible for executing the individual queries for loading the userinformation and authorities.
 2008-03-31 18:01:07 +00:00
Luke Taylor
40e51dd5fe OPEN - issue SEC-649: Add user-service-ref attribute to remember-me namespace element 
http://jira.springframework.org/browse/SEC-649. Added attribute to namespace and parsing support.
 2008-03-31 17:27:58 +00:00
Luke Taylor
cc752cfc28 OPEN - issue SEC-732: Encapsulate query objects in JdbcDaoImpl and JdbcUserDetailsManager 
http://jira.springframework.org/browse/SEC-732. Updated these classes to hide the internal query and update objects to allow future refactoring.
 2008-03-31 16:52:31 +00:00
Luke Taylor
53b084e2f9 Simple tests to detect invalid configurations, particularly when the namespace has been updated without applying the spring-security.xsl transformation, which prevents certain elements from appearing at top level. 2008-03-31 16:30:28 +00:00
Luke Taylor
b1ae4922d2 SEC-726: Added entry-point-ref to <http> namespace element to allow customization of authentication process. 2008-03-31 16:22:40 +00:00
Luke Taylor
9db55f336c SEC-739: Removed siteminder provider code. 2008-03-31 12:23:32 +00:00
Luke Taylor
512c64fb98 SEC-738: Add session-registry-alias attribute to concurrent-session-control 
http://jira.springframework.org/browse/SEC-738. Added this attribute. Also various bugfixes in handling of attribute names for concurrent session control.
 2008-03-31 12:01:37 +00:00
Luke Taylor
07f820f1a6 Minor portlet-related changes suggested by John Lewis: Javadoc and default values of booleans. 2008-03-31 10:10:13 +00:00
Luke Taylor
c9b6fe9555 OPEN - issue SEC-657: Create pre-authenticated processing filter which obtains username from request header 
http://jira.springframework.org/browse/SEC-657. Added filter and test class.
 2008-03-30 13:37:13 +00:00
Luke Taylor
b98c72056a SEC-728: Change use of String.getBytes() in password encoders to use UTF-8 2008-03-29 15:21:31 +00:00
Luke Taylor
1463b9769d SEC-629: authentication-provider doesn't support caching. 
http://jira.springframework.org/browse/SEC-629. Added support for cache-ref elements on jdbc-user-service and ldap-user-service
 2008-03-28 17:55:12 +00:00
Luke Taylor
db6fafaf56 SEC-629: authentication-provider doesn't support caching. Refactored MockUserCache class to top level 2008-03-28 14:17:05 +00:00
Luke Taylor
1fece47b49 SEC-691: Applied patch to allow setting of returned user attributes from LDAP search. 2008-03-27 14:41:11 +00:00
Luke Taylor
350a626587 SEC-477: Added preauthenticated websphere contribution. 2008-03-27 14:25:17 +00:00
Luke Taylor
584853bbcb Tidied imports. 2008-03-26 21:49:26 +00:00
Luke Taylor
ef5b3e2f9c SEC-733: Changed names of <global-method-security> attributes as discussed with Ben and updated sample to reflect the changes. Also changed explicit instantiation of Jsr250 and Secured annotation MethodDefinitionSource beans in GlobalMethodSecurityBDP into bean definitions to make more tooling friendly. 2008-03-26 21:48:24 +00:00
Luke Taylor
9ea2408ac6 Fixed error in choosing main entry point (it's an alias not a bean name, so doesn't appear in the entry map - you have to get it direct from the bean factory). 2008-03-26 17:34:42 +00:00
Luke Taylor
1b8a3c5673 SEC-689: Updated session fixation protection namespace support to set session registry on SessionFixationProtectionFilter. 2008-03-26 14:51:16 +00:00