Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,260 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

3260 Commits

Author SHA1 Message Date
Luke Taylor 00125cddee SEC-1016: Moved the MapBasedDefinitionSource to the top of the list of delegates (before expressions), but changed the code to only add it if there are pointcuts defined, so there should be no unnecessary overhead. 2008-12-17 00:48:32 +00:00
Luke Taylor 585e5f393a Added warning suppression for deprecation. 2008-12-17 00:32:21 +00:00
Luke Taylor d8b5f770e9 Added warning suppression for deprecation. 2008-12-17 00:31:17 +00:00
Luke Taylor e86c76f555 Updated Spring version. 2008-12-17 00:20:55 +00:00
Luke Taylor db5f1e69f1 SEC-949: Added the option of specifying -1 as the token-validity-seconds value in order to set the cookie maxAge to expire when the browser closes. 2008-12-17 00:14:48 +00:00
Luke Taylor c2e688610c SEC-1011: Introduced methods for extracting the remember-me cookie and for creating the returned token. 2008-12-16 23:25:44 +00:00
Luke Taylor 7fa9a959b5 Added webAppRootKey context-param to samples to prevent conflicts when run together in Tomcat. 2008-12-16 21:13:03 +00:00
Luke Taylor 998f0b3ea1 SEC-993: Updated retrievePassword method to return null if an Authentication object with null credentials is presented (e.g. with OpenID). Prevents NPE when toString() is called. 2008-12-16 20:35:18 +00:00
Luke Taylor d0fcbd9baf Tidying up Javadoc. 2008-12-16 20:29:53 +00:00
Luke Taylor a1bd48733a Minor Javadoc correction. 2008-12-16 20:16:56 +00:00
Luke Taylor 681f1ee00c Fix duplicate logging. 2008-12-16 19:07:31 +00:00
Luke Taylor 74fd5fe8a4 Finish refactoring JdbcDaoIml to remove MappingSqlQuery objects. Updated Javadoc to avoid user confusion. 2008-12-16 18:55:38 +00:00
Luke Taylor b24cc17dea SEC-1052: Added "disableUrlRewriting" parameter to HttpSessionSecurityContextRepository. 2008-12-16 17:35:34 +00:00
Scott Battaglia 717fdcfec3 SEC-1046 
upgrade to CAS Client for Java 3.1.4
 2008-12-16 13:22:21 +00:00
Luke Taylor bf409b5b25 Improvements to Javadoc. 2008-12-16 02:06:26 +00:00
Luke Taylor 55cc98ab54 SEC-1006: Fixed Javadoc. 2008-12-16 00:06:56 +00:00
Luke Taylor f54d7ee6bc SEC-535: Added "postOnly" flag to AuthenticationProcessingFilter, defaulting to "true" so that only POST requests are allowed by default. 2008-12-15 23:58:40 +00:00
Luke Taylor 224c86a0b3 Tidying. 2008-12-15 23:51:46 +00:00
Luke Taylor 898ef36d02 SEC-959: Converted SwitchUserFilter to use new Authentication success and failure strategies from SEC-745 for managing redirects. 2008-12-15 19:50:53 +00:00
Luke Taylor c3181d9db0 SEC-1063: Moved the justUseSavedRequestOnGet property to ExceptionTranslationFilter. If set, it will not store the SavedRequest for unless the request is a GET. 2008-12-15 02:48:32 +00:00
Luke Taylor c564a879d4 Some tests used for obtaining performance data. 2008-12-15 01:34:37 +00:00
Luke Taylor 40ccd3be11 SEC-1058: Further refactoring to remove use of getDefaultTargetUrl(). Subclasses now pass the default value as a constructor argument. 2008-12-15 01:25:12 +00:00
Luke Taylor fcc68e636e SEC-1062: Added authentication-success-handler-ref and authentication-failure-handler-ref to the namespace definition. 2008-12-15 00:56:17 +00:00
Luke Taylor a0bcf7184c SEC-1061: Renamed serverSideRedirect property. 2008-12-14 23:56:30 +00:00
Luke Taylor cf3cac90ad SEC-1058, SEC-745: Updating comments 2008-12-14 23:53:44 +00:00
Luke Taylor 3f38035057 SEC-1058: Renamed "forwardToDestination" to "useForward" for simplicity and consistency with the namespace. 2008-12-14 22:53:31 +00:00
Luke Taylor 2927b8464f SEC-1058: Substantial refactoring of AbstractProcessingFilter to use AuthenticationFailureHandler strategy. Also changed attemptAuthentication method to take a response object and have the option of returning null, to allow OpenIDAuthenticationProcessingFilter to work without having to throw exceptions between the template methods (which made the logic very hard to follow). The OpenID filter now redirects to the OpenID provider service from this method, rather than treating it as a temporary failure and throwing OpenIDAuthenticationRequiredException. 2008-12-14 22:20:21 +00:00
Luke Taylor 839279161d SEC-745: Added concrete failure handling strategies. 2008-12-13 23:34:15 +00:00
Luke Taylor 6664f57ff6 SEC-992: Removed the line setting returningObj to false. 2008-12-12 23:22:26 +00:00
Luke Taylor 10e4d1fe1a SEC-1058: Partial refactoring of AbstractProcessingFilter. It now uses the injected SuccssfulAuthenticationHandler strategy instead of managing everything itself. The default implementation is SavedRequestAwareSuccessfulAuthenticationHandler which encapsulates most of the filter's success logic along with the code which was previously in TargetUrlResolver. Removed TargetUrlResolver. 2008-12-12 22:30:57 +00:00
Luke Taylor 6c7d15ee44 Removed unused logger and imports. 2008-12-12 17:45:54 +00:00
Luke Taylor df771038b4 SEC-1051: Fixed class names in dms sample app context. 2008-12-12 17:43:09 +00:00
Luke Taylor 615194710e SEC-745: Created AuthenticationFailureHandler and AuthenticationSuccessHandler strategy interfaces. 2008-12-12 17:25:09 +00:00
Luke Taylor 48dce501ce SEC-942: Added createEmptyContext() method to SecurityContextHolderStrategy and SecurityContextHolder to encapsulate the context implemetentation in one place. HttpSessionSecurityContextRepository calls this method when it needs a new context to store in the session. 2008-12-12 14:27:23 +00:00
Luke Taylor aec23749d7 SEC-1056: Remove deprecated FilterToBeanProxy: It's gone 2008-12-12 13:04:37 +00:00
Luke Taylor 3fcc7b5403 SEC-1051: Moved voter and afterinvocation packages into acl package. Also moved filterer classes fom core, as they are used in the acl after-invocation classes 2008-12-12 12:47:42 +00:00
Luke Taylor a443e55832 SEC-1057: Refactored TargetUrlResolver to remove SavedRequest from determineTargetUrl method. 2008-12-11 17:00:13 +00:00
Luke Taylor 093365b2f4 Removed unnecessary cast. 2008-12-11 16:42:25 +00:00
Luke Taylor 30f9b3e72c SEC-995: AbstractSecurityInterceptor exception message improvement. Added the secured object to the exception message to make it easier to track down the originating method which causes a problem with public invocations. 2008-12-10 16:57:40 +00:00
Luke Taylor 3f40604b82 SEC-1055: Converted interfaces and methods using ServletRequest/Response to HttpServletRequest/Response where appropriate. 2008-12-10 13:48:25 +00:00
Luke Taylor acfcac4594 SEC-996: AccessDeniedhandlerimpl doesn't write response code if used with errorPage 
Applied supplied patch which checks the committed flag before forwarding to the error page.
 2008-12-10 12:36:59 +00:00
Luke Taylor 7fe6a0fc0d SEC-1033: Added support for web IP ranges based on an address and netmask. 2008-12-09 23:14:44 +00:00
Luke Taylor 7767a9ed60 SEC-1033: Add basic equality support for hasIpAddress() expression. 2008-12-09 18:04:08 +00:00
Luke Taylor 3da68a7a82 Java5 stuff 2008-12-09 18:02:58 +00:00
Luke Taylor 046456c142 Removed unused constants. 2008-12-09 14:33:31 +00:00
Luke Taylor 3e8de229be Java5 updates. 2008-12-09 14:30:37 +00:00
Luke Taylor 98422b69a8 Java5 updates. 2008-12-09 14:27:31 +00:00
Luke Taylor 6ccdcec629 SEC-1033: Added web expressions to tutorial sample configuration. 2008-12-08 21:56:44 +00:00
Luke Taylor c2ac125719 Tidying up. 2008-12-08 21:55:33 +00:00
Luke Taylor a2ef10e65f SEC-1033: Fixed missing AuthenticationTrustResolver in web SecurityExpressionRoot. Converted some logging to trace level. 2008-12-08 21:54:47 +00:00