Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-31 06:38:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,904 Commits 48 Branches 362 Tags
Commit Graph

3130 Commits

Author SHA1 Message Date
Luke Taylor
648ba1c43a SEC-1034: Fix broken tests. 2008-11-13 08:57:43 +00:00
Luke Taylor
ae05e74085 Replace use of deprecated Spring methods (addConstructorArg) with non-deprecated versions. 2008-11-13 08:56:59 +00:00
Luke Taylor
7a8bd8a673 SEC-1034: Removed FilterInvocationDefinitionSourceEditor. 2008-11-13 07:46:21 +00:00
Luke Taylor
464da0f0df SEC-999: Refactored namespace to take an expression handler instead of a permission evaluator, allowig fo greater cusomtomization and for a single handler to be used in both web and method security expressions. 2008-11-13 07:41:21 +00:00
Luke Taylor
ee13be47b7 Call setAuthenticated() in constructor with authorities to mimic behaviour of UsernamePasswordAuthenticationToken 2008-11-13 07:29:43 +00:00
Luke Taylor
3ef34122fc Converted to using JMock. 2008-11-13 06:50:55 +00:00
Luke Taylor
e18971fdf0 Fix test. BasicProcessingFilter doesn't work with TestingAuthenticationToken. 2008-11-13 06:30:39 +00:00
Luke Taylor
3acd515c6c SEC-999: Refactored expression security classes for better separation of concerns and of method vs web authorization expressions. 2008-11-12 04:07:56 +00:00
Luke Taylor
0bbab88504 SEC-1031: LdapShaPasswordEncoder.isPasswordValid startOfHash off by one 
http://jira.springframework.org/browse/SEC-1031. Fixed startOfHash value and added tests to check full length of password is used.
 2008-11-11 23:34:40 +00:00
Luke Taylor
0ba690fb0e SEC-1015: Removed acl package from core and also related taglib declaration and implementation class (AclTag). 2008-11-11 09:21:51 +00:00
Luke Taylor
e5b1073501 SEC-1012: Added more generics and warning suppression 2008-11-11 09:06:50 +00:00
Luke Taylor
be34724207 Matchers for use with JMock expectations 2008-11-11 08:43:17 +00:00
Luke Taylor
62986c700b SEC-1027: Removed bnd plugin and 'bundle' package types from pom.xml files 2008-11-11 01:09:37 +00:00
Luke Taylor
e11114ce77 SEC-1023: Add hasPermission() support to SecurityExpressionRoot 
http://jira.springframework.org/browse/SEC-1023.

hasPermission() now delegates to a PermissionEvaluator interface, with a default implementation provided by the Acl module. The contacts sample now uses expressions on the ContactManager interface. The permission-evaluator element on global-method-security can be used to set the instance to an AclPermissionEvaluator. If not set, all hasPermission() expressions will evaluate to 'false'.
 2008-11-10 04:27:25 +00:00
Luke Taylor
d6bb6ccbf5 Removed .cvsignore files 2008-11-06 01:11:08 +00:00
Luke Taylor
d33b13e52e SEC-1023: Added support for hasPermission() based on Id and type 2008-11-05 22:44:46 +00:00
Luke Taylor
a207acf7cb SEC-999: Fix broken test which was failing due to use of incorrect authentication object. 2008-11-05 01:09:14 +00:00
Luke Taylor
56141e9c5f SEC-999: Refactoring out specific dependencies on Spring EL into SecurityExpressionHandler. 
SEC:1023: Updates to expression root to allow evaluationof permissions.
 2008-11-04 23:30:56 +00:00
Luke Taylor
dabb719456 SEC-1023: Add hasPermission() support to SecurityExpressionRoot 
http://jira.springframework.org/browse/SEC-1023. PermissionEvaluator interface for use by expressions when evaluating hasPermisson() expressions.
 2008-11-04 22:46:21 +00:00
Luke Taylor
b42fc7221f Upgraded to jmock 2.5.1 2008-11-04 05:37:56 +00:00
Luke Taylor
514bca669f SEC-999: Introduced custom SecurityExpressionEvaluationContext which is responsible for lazy initialization of parameter values in the context. Also some further conversion of code using GrantedAuthority arrays. 2008-10-31 11:40:11 +00:00
Luke Taylor
ec44f2bdfe SEC-1012: Refactoring of use of GrantedAuthority[] to generified collections 2008-10-31 03:53:00 +00:00
Luke Taylor
e891b334e6 SEC-1009: removed additional container adapter specific code 2008-10-30 05:45:13 +00:00
Luke Taylor
09cc58d7ac SEC-1009: removed additional container adapter specific code 2008-10-30 05:44:38 +00:00
Luke Taylor
3521af4cae Added missing test class. 2008-10-30 04:32:22 +00:00
Luke Taylor
a7d046357b SEC-1013: Refactored out use of ConfigAttributeDefinition from remaining interfaces 2008-10-30 04:10:54 +00:00
Luke Taylor
c7abdadc06 SEC-999: Moved caching from AbstractFallbackMethodDefinitionSource to DelegatingMethodDefinitionSource, to allow ExpressionBasedMethodDefinitionSource to take advantage of it. The latter no-longer uses the fallback approach as it requires its own strategy to combine annotations which may be defined at method-on-class, class, method-on-interface or interface level. 2008-10-28 06:37:04 +00:00
Luke Taylor
f2ec8c978a Moved MethodDefinitionSource to standalone class. 2008-10-27 21:51:58 +00:00
Luke Taylor
f592357c27 SEC-999,SEC-1013: removed ConfigAtributeDefinition from ObjectDefinitionSource and implementations. Modified el-authz to allow methods which use an annotation without explicitly specifying a PreAuthorize condition 2008-10-27 09:04:22 +00:00
Luke Taylor
5174693c64 SEC-999: Expression language based access decision support 
http://jira.springframework.org/browse/SEC-999. Added missing test class.
 2008-10-24 00:57:52 +00:00
Luke Taylor
4aa32f7d06 SEC-999: First commit of expression-based authorization implementation 2008-10-24 00:38:36 +00:00
Luke Taylor
91c44a47fd SEC-999: Added spel-annotations to newly created 2.5 schema file. 
http://jira.springframework.org/browse/SEC-999
 2008-10-21 05:54:42 +00:00
Luke Taylor
b031124f61 SEC-991: Removed deprecated getAttributes() method from LdapUserDetails interface 2008-10-17 05:12:11 +00:00
Luke Taylor
b589f78918 SEC-954: Deprecate AbstractMethodDefinitionSource 2008-10-17 01:06:21 +00:00
Luke Taylor
c947d42146 SEC-1010: Moved TestingAuthenticationProvider and token to main core src tree and updated poms to match 2008-10-15 06:35:11 +00:00
Luke Taylor
6c8a82fa13 Updated poms to Spring 2.5 and fixed up sandbox to work with latest build 2008-10-15 05:52:40 +00:00
Luke Taylor
7cc0965383 SEC-1001: Move core tiger code into core and adjust pom files 2008-10-03 15:23:31 +00:00
Luke Taylor
97381fb448 SEC-974: Made getExceptionMappings() protected. 2008-10-01 16:25:20 +00:00
Luke Taylor
4542f00b14 SEC-975: Namespace security syntax does not interpret properties 
http://jira.springframework.org/browse/SEC-975. Changed creation of AccessDeniedHandler to use a BeanDefinition to make sure placeholders work OK.
 2008-09-12 19:06:53 +00:00
Luke Taylor
5e4634d216 Minor Javadoc improvement. 2008-09-12 14:57:21 +00:00
Luke Taylor
d291def963 Removed invalid comment. 2008-09-12 10:18:40 +00:00
Luke Taylor
df59cb9dcd Import cleaning. 2008-09-11 14:41:00 +00:00
Luke Taylor
ef0389ae79 SEC-976: Removed checks for presence of core-tiger classes. 2008-09-11 14:37:55 +00:00
Luke Taylor
5b9bb8ba54 [maven-release-plugin] prepare for next development iteration 2008-09-05 19:04:22 +00:00
Luke Taylor
73eed2656d [maven-release-plugin] prepare release spring-security-parent-2.0.4 2008-09-05 18:57:43 +00:00
Luke Taylor
8661e17df9 OPEN - issue SEC-960: DN Encoding in LDAPUserDetailsManager.changePassword() causes bind errors 
http://jira.springframework.org/browse/SEC-960. Replaced call to toUrl() with toString() to prevent URL encoding when setting up principal name for reconnect() in changePassword() method.
 2008-09-05 13:49:38 +00:00
Luke Taylor
5102be3a59 SEC-971: getter for cookieName in AbstractRememberMeServices 
http://jira.springframework.org/browse/SEC-971. Added getCookieName() method.
 2008-09-04 16:05:34 +00:00
Luke Taylor
4e2d6f8b2e SEC-967: TextUtils.java does not escape ampersand character 
http://jira.springframework.org/browse/SEC-967. Added escaping of '&' character
 2008-08-29 12:01:45 +00:00
Luke Taylor
d781deffe7 OPEN - issue SEC-966: Consider adding escapeXml attribute to security:authentication 
http://jira.springframework.org/browse/SEC-966.  Added escaping of rendered text as default.
 2008-08-26 16:21:29 +00:00
Luke Taylor
a4e4120443 SEC-963: LDAP Group Search Root 
http://jira.springframework.org/browse/SEC-963. Changed namespace instances of DefaultAuthoritiesPopulator to use the root as the default search location.
 2008-08-26 13:51:01 +00:00