Commit Graph

757 Commits

Author SHA1 Message Date
Luke Taylor 4063a87dbf Changed to use parent method for Mock creation rather than new operator. 2006-01-04 23:25:40 +00:00
Luke Taylor f9d0ee209b Changed FilterInvocationDefinitionSourceEditor to complain if the parsed URL or the config attribute is empty or null. Plus some comment tidying. 2006-01-04 21:35:10 +00:00
Luke Taylor 56bccf6070 Added MessageSource support for LDAP provider classes. 2006-01-03 20:31:19 +00:00
Luke Taylor e81be72bd7 Changed test to use tested class rather than interface name. Added test for service detection style URLs. 2006-01-01 15:11:54 +00:00
Carlos Sanchez 1dfc42550f Add spring-mock to dependency management
Add ldap dependencies
Simplify spring dependencies
2005-12-25 00:21:49 +00:00
Ben Alex 6b1f97a381 Resolve compiler warnings. 2005-12-24 10:03:18 +00:00
Carlos Sanchez b0d65259b6 Changed groupId to org.acegisecurity 2005-12-22 16:40:22 +00:00
Carlos Sanchez f226dfb67f Use ISO encoding to avoid problems 2005-12-22 16:27:44 +00:00
Carlos Sanchez 0c9e1769a4 Improved m2 poms 2005-12-22 15:54:37 +00:00
Carlos Sanchez f662ed5890 Ignore eclipse project files 2005-12-22 13:41:33 +00:00
Luke Taylor 9b5aa159aa Correct screwy formatting. 2005-12-22 01:42:27 +00:00
Luke Taylor 3977e3b822 Refactored to remove unnecessary null check in createSuccessAuthentication. Removed several legacy references to AuthenticationDao in Javadoc. 2005-12-22 01:30:53 +00:00
Luke Taylor 5b076c79d1 Changed to use a Set rather than array index to check for the presence of granted authorities as the ordering of the latter couldn't be guaranteed. 2005-12-22 01:22:09 +00:00
Luke Taylor 41a95b11cd Corrected wrong package name in Javadoc. 2005-12-22 01:18:32 +00:00
Luke Taylor 8f725f7a74 Removed no-arg constructor from UsernamePasswordAuthenticationToken. 2005-12-22 01:16:16 +00:00
Luke Taylor c378779610 Removed printStackTrace from expected exception. 2005-12-22 01:15:25 +00:00
Luke Taylor 09cef7adc2 Refactoring to remove encodeInternal method. Same as recent changes to SHA encoder. 2005-12-21 16:41:52 +00:00
Luke Taylor 2d1dd7b292 Restoring author/version tags, some minor comments. 2005-12-21 00:48:57 +00:00
Luke Taylor 20d69e2734 Tidying up some Jalopy weirdness. 2005-12-21 00:39:36 +00:00
Luke Taylor dc728987f4 Changed LdapDataAccessException to extend AuthenticationServiceException. 2005-12-21 00:14:15 +00:00
Luke Taylor 0f678d53ba Javadoc typo in tag. 2005-12-21 00:00:02 +00:00
Luke Taylor 911be66513 Move LdapUserSearch into main provider package and separate out its current implementation as it may be used for more than authentication. 2005-12-20 23:58:35 +00:00
Luke Taylor b01bf0b878 Expanded Javadoc. 2005-12-20 23:26:38 +00:00
Luke Taylor 1549ec55b1 Switch to embedded context version of apache DS (no socket nonsense etc.) 2005-12-20 23:08:54 +00:00
Luke Taylor 9554dc50bc Pull functionality for hiding UsernameNotFoundException's up into AbstractUserDetailsAuthenticationProvider. 2005-12-19 17:23:34 +00:00
Luke Taylor 929b08c085 Spring config for ApacheDS is no longer used. 2005-12-19 17:04:09 +00:00
Luke Taylor 069f78c00b Move the apacheDS working directory to java.io.tmpdir 2005-12-19 17:01:25 +00:00
Luke Taylor 1f66750e24 Added support for multiple DN patterns. Changes to favour constructor injection for mandatory properties. Renamed LdapUserInfo to prevent confusion with UserDetails interface. 2005-12-18 21:14:27 +00:00
Luke Taylor e3b728cc9a Javadoc typos. 2005-12-18 15:02:17 +00:00
Luke Taylor 40f50498b2 Re-enable some tests which partially work with embedded ApacheDS. 2005-12-16 18:26:23 +00:00
Luke Taylor bfb4fb81d4 Remove messages about existing data. 2005-12-16 02:47:47 +00:00
Luke Taylor f9c88adfa9 Switch to embedded server and disable tests which cause problems with apacheDS for the time being. 2005-12-16 02:23:06 +00:00
Luke Taylor 53252d258f Set extra properties on InitialDirContextFactory and corrected group search filter. 2005-12-16 01:28:29 +00:00
Luke Taylor 1db1a3cd62 Changes try to get Ldap tests working with the possibility of using a non-networked embedded server. 2005-12-16 01:07:31 +00:00
Luke Taylor 45e2f9dac4 Removed internal encoding method to make subclassing work. 2005-12-16 00:59:29 +00:00
Luke Taylor 781ed0f380 Switch to local url. 2005-12-15 03:45:48 +00:00
Luke Taylor d014411d48 Corrections to DIT for apache-ds tests. 2005-12-15 02:16:13 +00:00
Luke Taylor ce3d6f2129 Initial LDAP provider checkin. 2005-12-15 00:18:13 +00:00
Ben Alex a1037ddc87 Prepare 1.0.0 RC1. 2005-12-04 11:20:52 +00:00
Ben Alex d89c6c0a74 SEC-118: Wrong logger class corrected. 2005-12-04 10:48:33 +00:00
Ben Alex ee48f38ff0 SEC-116: Correct JavaDocs. 2005-12-02 12:14:38 +00:00
Ben Alex 75a9784028 SEC-58: Initial commit of Velocity helper. 2005-12-01 09:38:50 +00:00
Ben Alex b16ce31c5b Prove placeholders work correctly. 2005-12-01 00:30:18 +00:00
Ben Alex 2c28ff4fd1 SEC-56: Further improvements to localization. 2005-11-30 01:23:36 +00:00
Ben Alex 62fde4ede3 SEC-107: Finalize rename of AuthenticationDao to UserDetailsService with corresponding change in package from .providers.dao to .userdetails. 2005-11-30 00:20:13 +00:00
Ben Alex a6e23d79ae SEC-107: Rename AuthenticationDao to UserDetailsService. 2005-11-29 13:10:15 +00:00
Ben Alex 6144e1664e SEC-108: Make fields protected. 2005-11-29 02:43:35 +00:00
Ben Alex 6585c2b391 Allow subclasses to make modifications to GrantedAuthority[]. 2005-11-26 13:27:30 +00:00
Ben Alex fddcd6112e SEC-56: Add localisation support. 2005-11-26 05:11:53 +00:00
Ben Alex f4c3e2ff8c Use Spring Assert for cleaner code. 2005-11-26 04:18:21 +00:00
Ben Alex e53a00371c Use logger instead of System.out.println(). 2005-11-26 04:10:05 +00:00
Ben Alex 218fcf5b24 SEC-3: Add static method so digest-compatible passwords can be stored in database. 2005-11-25 05:20:57 +00:00
Ben Alex bb2ac126b7 SEC-47: AbstractSecurityInterceptor to reject secure object invocations which do not have configuration attributes defined. 2005-11-25 04:56:01 +00:00
Ben Alex 27f47673ad SEC-106: Use getMethod() instead of getDeclaredMethod() so that methods defined in principal Object superclasses are accessible. 2005-11-25 04:40:27 +00:00
Ben Alex 9ccaf05cc7 SEC-112: Bug when SecurityEnforcementFilter used with disabled Authentication and remember-me services. 2005-11-25 04:38:18 +00:00
Ben Alex 47166fe078 SEC-110: ProviderManager to properly handle ConcurrentLoginException. 2005-11-25 04:33:40 +00:00
Ben Alex 58b8b840b3 SEC-105: Correct incorrect JavaDocs. 2005-11-25 04:29:32 +00:00
Ben Alex 969bbff00c SEC-18: Preemptive method invocation security checking helper. 2005-11-25 04:18:34 +00:00
Ben Alex 731d7b2e89 SEC-113 Provide MethodInvocationUtils. 2005-11-25 04:17:25 +00:00
Ben Alex 72256a225f SEC-73: Support storage and retrieval of actual Principal object (such as UserDetails) from PrnicipalAcegiUserToken. 2005-11-25 00:26:30 +00:00
Luke Taylor 7847af2664 Fix for SEC-111. Added a try/finally block to make sure context is always reset after the invocation. 2005-11-23 16:09:44 +00:00
Ben Alex 6a1a4abb1d SEC-104: Move to org.acegisecurity package. 2005-11-17 00:56:49 +00:00
Scott McCrory 79c3ba521b Resolved and/or inhibit build warnings as seen in Eclipse 3.1. Please refer to http://opensource2.atlassian.com/projects/spring/browse/SEC-93 for more info. 2005-11-11 22:37:38 +00:00
Ben Alex b1d247835a Stop causing an exception when there is no AuthenticationException to ApplicationEvent mapping. Requested by Brian Moseley on acegisecurity-developer 10 November 2005. 2005-11-10 00:41:54 +00:00
Ben Alex c167e9fd87 Change SecurityContextHolder to ThreadLocal due to IBM JDK 1.3 issues as described at http://tinyurl.com/8zhka and reported by Scott McCrory on acegisecurity-developer 8 November 2005. 2005-11-08 22:07:33 +00:00
Scott McCrory b938b6b363 Increased SiteminderAuthenticationProcessinfFilter test coverage from 70% to 93%. 2005-11-08 02:55:48 +00:00
Ben Alex df9deea4de Only clear SecurityContextHolder if the Authentication object has not changed. 2005-11-08 01:39:27 +00:00
Scott McCrory 97f3ad79cb Removed unused imports & organized the remnants. 2005-11-07 03:32:18 +00:00
Ben Alex 55f5093ec7 SEC-94: DaoAuthenticationProvider to include UserDetails in BadCredentialsException. 2005-11-07 03:04:47 +00:00
Scott McCrory 309b559a8f Removed unused imports. 2005-11-06 23:00:31 +00:00
Luke Taylor e02dbd5c34 Changed class names to match new context classes. 2005-11-06 22:00:27 +00:00
Luke Taylor 0aef31d302 Converted ApplicationContextAware classes to ApplicationEventPublisherAware (SEC-69). 2005-11-06 21:11:25 +00:00
Luke Taylor 6511677f93 Moved duplicate setting of null authentication to setUp method. 2005-11-06 21:06:53 +00:00
Luke Taylor bba77b64e9 Corrected javadoc 2005-11-06 21:01:21 +00:00
Luke Taylor 5cb7575b2b Corrected references to old context class names in Javadoc and logging. 2005-11-05 18:49:55 +00:00
Ben Alex 5a51f391a4 Add UsernameNotFoundException to default exception to event mappings list. 2005-11-05 09:20:14 +00:00
Ben Alex aa4fd8586c Fix concurrent session interaction bug where UserDetails.getUsername() may have been override to be a different value than the original login request, as per email from Herryanto Siatono on acegisecurity-developer 5 November 2005. 2005-11-05 03:50:22 +00:00
Ray Krueger 0aa4989dad JaasAuthenticationProvider no longer supports the useSystemProperty setting.This is because it no longer uses the java.security.auth.login.config system property for configuring Jaas. Custom Jaas configuration needs can be implemented in a subclass that overrides the configureJaas method.
JaasAuthenticationProvider now handles logout by associating the LoginContext with a new JaasAuthenticationToken
2005-11-04 15:02:27 +00:00
Ray Krueger 6049e9ac65 Removed string concatenation from buffer.append methods 2005-11-04 14:54:25 +00:00
Ben Alex 9be82a3d8f SEC-67: Enhance taglib to allow retrieval of custom UserDetails methods. 2005-11-03 13:51:55 +00:00
Ben Alex 31a1f0be1a SEC-52: Move potentially useful methods to an abstract superclass so that other voters can use them. 2005-11-03 13:47:44 +00:00
Ben Alex 6e389ca1b8 SEC-51: Use long instead of int for ACL primary keys. 2005-11-03 13:38:45 +00:00
Ben Alex 633f2cfe66 SEC-39: Add equals(Object) method to User. 2005-11-03 13:20:26 +00:00
Ben Alex 7faf2741f1 SEC-32: Patches to move isPermissable(int) method to the BasicAclEntry interface. Thanks to Andres March for this patch. 2005-11-03 13:08:43 +00:00
Ben Alex a42dec6fbf SEC-21: Initial commit. 2005-11-03 12:56:27 +00:00
Ben Alex e9b1d9452f SEC-9 and SEC-55: Refactor DaoAuthenticationProvider and deprecate PasswordDaoAuthenticationProvider. 2005-11-03 11:31:23 +00:00
Ben Alex f50cbd31ba SEC-38: Make InMemoryDaoImpl support external Properties objects. 2005-11-03 10:05:02 +00:00
Ben Alex 0d77abb9c1 SEC-64: Correct operation with Orion Web Application Server. Patch thanks to Paul Brooks. 2005-11-03 09:48:52 +00:00
Ben Alex d9be0f86fd SEC-53: BasicProcessingFilter only to reauthenticate if the SecurityContextHolder contains an unauthenticated Authentication, or an Authentication with a different username. 2005-11-03 09:45:30 +00:00
Ben Alex 690ab27a52 SEC-70 and SEC-71: Refactor event publishing. 2005-11-03 09:23:49 +00:00
Ben Alex b6dbfde55c SEC-70: Refactor event publishing. 2005-11-03 06:55:47 +00:00
Ben Alex 3811200599 Improve debug output. 2005-11-03 06:51:30 +00:00
Ben Alex 2cbe42f493 SEC-7: Allow better chaining of authentication providers. 2005-11-03 04:14:12 +00:00
Ben Alex 42c47c086a JavaDocs formatting. 2005-11-03 04:13:56 +00:00
Luke Taylor f8b0de3459 Corrected Javadoc link to interface name. 2005-11-01 14:22:08 +00:00
Marc-Antoine Garrigue 5235727d23 SEC-2
Refactor the CaptchaChannelProcessor and extract a CaptchaChannelProcessor that is an abstract class and add its implementations.
Jalopy on all java files.
2005-10-24 17:08:18 +00:00
Ben Alex 1ae07779a2 SEC-710: Refactor concurrent session handling support. 2005-10-22 01:53:03 +00:00
Ben Alex a5ffda7369 SEC-63: Do not return an absolute URL unless switching from HTTP to HTTPS. 2005-10-21 08:00:15 +00:00
Ben Alex c6d5363e5d SEC-60: Make method more friendly towards Hibernate detached object. Please note my comments in the JIRA task, as I believing calling toString() is not an unreasonable expectation. 2005-10-21 07:53:34 +00:00
Ben Alex d49198a944 SEC-43: Eliminate id column. 2005-10-21 07:32:48 +00:00
Ben Alex 41202112bc SEC-37: Only update HttpSession if SecurityContext has actually been changed. 2005-10-21 07:26:16 +00:00
Ben Alex 494e35f009 Jalopy styling. 2005-10-21 07:23:33 +00:00
Luke Taylor 24a78be159 Corrected link in Javadoc. 2005-10-19 21:19:16 +00:00
Luke Taylor c065c46668 Javadoc correction: ContextHolder -> SecurityContextHolder 2005-10-18 15:44:22 +00:00
Luke Taylor df4b8f602f Javadoc correction: SecureContext -> SecurityContext 2005-10-18 15:43:41 +00:00
Carlos Sanchez b2363dfe07 SEC-62 Add maven 2 support 2005-10-06 20:53:08 +00:00
Ray Krueger a39339674e login.config.url should be set to a url, not a file path
The System property java.security.auth.login.config will only be used if the useSystemProperty option is enabled. This is the default.
2005-09-26 14:14:42 +00:00
Scott McCrory bc14dd62db Fixed CVS line break 2005-09-25 22:49:45 +00:00
Scott McCrory 4717b64b83 Updated Siteminder auth processing filter and added test case. As of this weekend, this version is in production at a large financial org. 2005-09-25 22:48:33 +00:00
Ben Alex 0f5e9ad372 Fix NPE. Thanks to Tom Dunstan. 2005-09-22 01:49:12 +00:00
Ben Alex f5741962ed Add createSessionAllowed property, which should be set to false to avoid unnecessary session creation. 2005-09-22 00:54:27 +00:00
Marc-Antoine Garrigue 60d3b6505b Finalizing the validation, entry point and channel processor concerning captchas. Replacing the Thread.sleep() in captchaChannelProcessorTest to avoid the build break issue. 2005-09-20 12:24:47 +00:00
Mark St. Godard fb3f4af3b2 when extracting the original user, fix by referencing by the interface (UserDetail) rather than the concrete class (User) 2005-09-20 02:28:01 +00:00
Mark St. Godard 24394b7b2b added fix to preserve custom UserDetails implementations (Matt DeHoust fix recommendation) 2005-09-19 02:22:44 +00:00
Ben Alex d44b570087 Disable failing tests until Marc-Antoine has a chance to look at them. 2005-09-18 22:38:37 +00:00
Ben Alex ae9e7733db Fix broken tests. 2005-09-18 22:38:05 +00:00
Ben Alex 35ca25f085 BasicAuthenticationProcessingFilter no longer creates HttpSession via WebAuthenticationDetails call. 2005-09-08 11:15:48 +00:00
Ben Alex c7dcceb05c Do not setAuthenticated(false) in the event of a public (unsecured) invocation. Thanks to Joseph Dane for reporting this issue on acegisecurity-developer on 3 September 2005. 2005-09-08 09:32:24 +00:00
Mark St. Godard 486bbee35d added context path to redirect 2005-09-03 21:43:08 +00:00
Mark St. Godard 9d359780d9 finish user context switch event publishing 2005-09-03 20:24:35 +00:00
Mark St. Godard 20ebb668a6 Added event for user context switching and updated switch user filter 2005-08-25 02:59:19 +00:00
Ben Alex 55f5c3397a Relocated JdbcDaoExtendedImpl.convertAclObjectIdentityToString to superclass (pursuant to suggestion made by Tim Kettering on acegisecurity-developer). 2005-08-23 22:45:17 +00:00
Ray Krueger 2bda6ec25c Fix: SEC-48 http://opensource2.atlassian.com/projects/spring/browse/SEC-48
If the principal is an instanceof UserDetails, UserDetails.getUsername();
2005-08-23 15:15:06 +00:00
Ben Alex 40a81ed220 Revisit synchonization issue and correct problem identified by Volker Malzahn. 2005-08-21 10:10:16 +00:00
Mark St. Godard ec5e39c2e8 Initial checkin of user security context switching (see SEC-15). This is the first cut of the SwitchUserProcessingFilter that handles switching to a target uesr and exiting back to the original user. Note: This is going to be used for the common use-case of an Administrator 'switching' to another user (i.e. ROLE_ADMIN -> ROLE_USER). This is the initial cut of a Unix 'su' for Acegi managed web applications. 2005-08-04 05:49:12 +00:00
Luke Taylor 725ec767b6 Javadoc typo corrected (as suggested on mailing list) 2005-08-01 20:05:02 +00:00
Scott McCrory c2c48b905b Added package.html files to reamining java packages (see http://opensource.atlassian.com/projects/spring/browse/SEC-41) 2005-07-26 01:54:18 +00:00
Scott McCrory f5975dcf30 Whoops, almost forgot to remove System.out debug lines :-/ 2005-07-26 00:55:53 +00:00
Scott McCrory 891cd7380c Mirrored Ben's FilterChainProxy.java 1.5 spelling fix to its corresponding test class, which depended on equality of the exception message. All JUnit tests pass now. 2005-07-26 00:50:43 +00:00
Scott McCrory dc31553f2a Syntax 2005-07-25 22:49:05 +00:00
Scott McCrory db4ed4bc44 Added debug statement to AbstractTicketValidator to help with Acegi+CAS+SSL setup (thanks Seth Ladd for the patch) (see http://opensource.atlassian.com/projects/spring/browse/SEC-34) 2005-07-25 03:46:23 +00:00
Scott McCrory c66c5dfab5 AuthorizeTag no longer depends on JDK 1.4. Tested on Websphere 5.0 w/JDK 1.3 (see http://opensource.atlassian.com/projects/spring/browse/SEC-11) 2005-07-25 00:52:15 +00:00
Scott McCrory 32f62d1ef1 Added SiteminderAuthenticationProcessingFilter for Ben's review. <Untested>. 2005-07-24 23:59:08 +00:00
Ben Alex f625d06cd9 Avoid expense of HttpSession when working with anonymous users. 2005-07-23 09:52:42 +00:00
Ben Alex 4ad98a7df3 Spelling correction, thanks to Zack Chandler. 2005-07-23 07:40:43 +00:00
Ben Alex c5ba30b001 Comment how to make a signing certificate. 2005-07-23 07:39:56 +00:00
Ray Krueger 4b98d357ff SecureContextLoginModuleTest has been renamed to ...Tests as per Acegi project.
SecureContextLoginModule now throws a LoginException if there is no authentication present, if the ignoreMissingAuthentication option is true, the login() method will simply return false.
2005-07-22 04:35:31 +00:00
Luke Taylor e51c38aec9 Removed reference in Javadoc to obtaining and validating the SecureContext (checking for null etc), as this is no longer relevant. 2005-07-21 22:59:30 +00:00
Luke Taylor c89d4a8add Added trimming of whitespace to tokens and use of Springs StringUtils.hasText() to check for content in the string passed to setAsText. 2005-07-21 22:55:27 +00:00
Marc-Antoine Garrigue 3287439421 Initial commit for captcha adapter 2005-07-19 12:35:50 +00:00
Luke Taylor 74588c8e53 Move acegifier code from core. 2005-07-16 19:35:30 +00:00
Luke Taylor 5bbc54ac42 Javadoc typo corrected 2005-07-15 14:28:44 +00:00
Ben Alex d9b1a8e83c Fix typo in InteractiveAuthenticationSucces(s)Event 2005-07-11 01:23:20 +00:00
Ben Alex c7bfeeaf58 Clarify local variable name given it was the same as a member variable. 2005-07-11 01:19:41 +00:00
Luke Taylor ab065923d4 Correct doctype for generated web.xml files and add declaration to test file. 2005-07-09 23:32:08 +00:00
Luke Taylor 22a28f3b39 Separate InMemoryResource class for use in Acegifier web application. 2005-07-09 21:37:50 +00:00
Luke Taylor 7268c81192 Fix for SEC-27. Now checks for a null authentication before proceeding to fire the success event. 2005-07-08 21:16:12 +00:00
Luke Taylor f1656ee7fd Tidying: removed unused intermediate variable. 2005-07-08 21:10:26 +00:00
Luke Taylor 6f467def90 Added conversion of URLs ending in '*' to the ant '**' form. 2005-07-06 17:22:19 +00:00
Luke Taylor 9e1a773cc7 Add xsl resources to build. 2005-07-06 15:22:52 +00:00
Luke Taylor d13faf0815 Renaming and refactoring of web.xml converter. 2005-06-30 21:23:50 +00:00
Luke Taylor 118f6401d8 XSL file for converting web.xml to acegified version. 2005-06-29 23:00:54 +00:00
Luke Taylor a2bc398915 Refactoring and commenting XSL 2005-06-27 21:56:13 +00:00
Ben Alex 3e4a29eae9 FilterSecurityInterceptor now has an observeOncePerRequest boolean property, allowing multiple fragments of the HTTP request to be individually authorized (see http://opensource.atlassian.com/projects/spring/browse/SEC-14). 2005-06-27 03:57:31 +00:00
Ben Alex 5c883e639f Add InteractiveAuthenticationSuccessEvent handling to authentication mechanisms. 2005-06-27 03:34:36 +00:00
Ben Alex 60f8095cf2 Make Authenticated.isAuthenticated() behaviour switchable. See http://opensource.atlassian.com/projects/spring/browse/SEC-13. 2005-06-27 03:05:26 +00:00
Ben Alex ef8281f534 HttpSessionContextIntegrationFilter elegantly handles IOExceptions and ServletExceptions within filter chain (see http://opensource.atlassian.com/projects/spring/browse/SEC-20). 2005-06-27 02:55:01 +00:00
Luke Taylor 25fa471779 First version of web.xml to acegi translator 2005-06-26 17:30:36 +00:00
Ben Alex a312fede74 Refactor DAO authentication failure events under a consistent abstract superclass (thanks to Mark St Godard for suggestion). 2005-06-22 08:07:52 +00:00
Ben Alex c0f1d4e19d Remove getters and setters from JdbcDaoImpl so IoC container cannot modify MappingSqlQuerys (thanks to David Durham for bug report). 2005-06-22 08:06:28 +00:00
Ben Alex a15691d9d7 Silently catch NotSerializableException in AbstractProcessingFilter if rootCause is not Serializable (thanks to Joseph Dane for reporting this bug). 2005-06-22 07:03:53 +00:00
Ben Alex 5f75e9bf9a Refactor Authentication.isAuthenticated() handling to be more performance (as per developer list discussion). 2005-06-22 06:30:46 +00:00
Ben Alex a7b5299e77 Correct synchronization issue with FilterToBeanProxy initialization (thanks to George Franciscus and Volker Malzahn as per acegisecurity-developer discussion 4 June 2005). 2005-06-22 05:22:05 +00:00
Ben Alex c699f7d40e Support non-username as primary key. 2005-05-29 09:46:51 +00:00
Ben Alex 25cb085df7 More JavaDocs. 2005-05-29 08:30:28 +00:00
Ben Alex 3401072368 Made Serializable as per acegisecurity-developer list discussion on 20 May 2005. 2005-05-22 03:56:37 +00:00
Ben Alex 4e55780e7c Performance optimisations thanks to Paulo Neves. 2005-05-20 00:00:22 +00:00
Ben Alex cfb8271826 Reorder DaoAuthenticationProvider exception logic as per developer list discussion. 2005-05-18 01:40:45 +00:00
Ben Alex ecbfac2ff8 Made AclEntry Serializable (correct issue with BasicAclEntryCache). 2005-05-17 11:07:00 +00:00
Ben Alex fa6924a373 Update project workspace settings to Java 1.5. NB: Maven remains at 1.3 compatibility for all subprojects except "domain". It is recommended the Eclipse "Problems" view be customised to not display items containing "Type Safety:" in their description. Developers should NOT introduce 1.5+ dependencies to any projects apart from "domain". 2005-05-09 01:18:31 +00:00
Ben Alex e08e66dec6 Refactor SecurityContextHolder to return a SecurityContext instead of Authentication. 2005-05-08 23:42:14 +00:00
Ben Alex 6a9abe5d90 Remove ContextHolder and introduce SecurityContext. 2005-05-07 09:11:37 +00:00
Ray Krueger 47989c11bd HttpSessionEventPublisher now verifies that the ApplicationContext is not null 2005-05-02 20:31:18 +00:00
Ben Alex d169829f27 AbstractAuthenticationToken.getName() now returns username alone if UserDetails present. 2005-04-29 22:29:00 +00:00
Ray Krueger 54ccbf5617 The SecurityEnforcementFilter was forced to catch Throwable by the FilterInvocation.invoke(...) method. Therefore it was wrapping the throwable in ServletException, which left it wrapping SevletException and IOException in ServletException. 2005-04-29 02:53:02 +00:00
Ray Krueger 2c23c75f91 SecureContextLoginModule as requested from list with Test 2005-04-27 04:47:41 +00:00
Ray Krueger 6f286e2054 AuthorityGranter.grant now returns a java.util.Set of role names, instead of a single role name 2005-04-27 03:39:06 +00:00
Luke Taylor c29a5731be Moved credential expiry checking after password check. If the wrong password is presented, BadCredentialsException will now be thrown even if the password has expired. 2005-04-25 23:11:12 +00:00
Ben Alex cff9ba4988 AnonymousProcessingFilter offers protected method to control when it should execute as per http://forum.springframework.org/viewtopic.php?p=19766. 2005-04-21 23:02:58 +00:00
Ben Alex 4e1649c2b7 Fix NullPointerException caused by unit tests. 2005-04-20 12:39:14 +00:00
Luke Taylor 1fc79f04f1 Added AntPathMatcher member to bring into line with recent Spring refactoring which breaks the build. 2005-04-18 23:10:54 +00:00
Luke Taylor 48ad6496e4 Javadoc typo corrected 2005-04-18 16:24:33 +00:00
Luke Taylor ee32874308 Added X509 EhCache tests and fixed glaring bug in X509 EhCache implementation. 2005-04-17 22:18:01 +00:00
Ray Krueger ec80ae22c1 Templated out event publishing. Added getApplicationContext(). Fixed javadoc formatting 2005-04-17 14:13:13 +00:00
Luke Taylor 1a78f9e15f Refactored to use Spring Assert class (thanks IntelliJ :). 2005-04-15 01:21:41 +00:00
Ben Alex fdf5c63033 Add obtainUsername method as per http://forum.springframework.org/viewtopic.php?t=4757. 2005-04-13 22:17:05 +00:00
Ben Alex 8091b60194 Improve Javadocs. 2005-04-12 04:19:09 +00:00
Luke Taylor f2788c7cb6 Refactored to use Spring Assert class. Corrected some typos. 2005-04-11 01:18:46 +00:00
Luke Taylor 3d4f8eed31 Refactoring to use Spring mock web classes. 2005-04-11 01:07:04 +00:00
Luke Taylor d6f2b136ec Refactored to use Spring mock classes. 2005-04-09 23:37:18 +00:00
Luke Taylor 458a2c9e39 Refactored to use Spring mock classes. 2005-04-09 23:24:22 +00:00
Luke Taylor 021abb7369 Added check for "path parameters" to ensure the filterProcessesUrl matches rewritten URLs with a jsessionid included. Refactored property checking to use Spring Assert class. 2005-04-09 22:50:06 +00:00
Luke Taylor eaa5feb5f8 Refactored to use Spring mock objects for HttpRequest etc. 2005-04-09 21:48:47 +00:00
Ben Alex 204da55a0b PasswordDaoAuthenticationProvider no longer stores String against Authentication.setDetails(). 2005-04-03 21:48:45 +00:00
Ray Krueger 9649003d57 AbstractProcessingFilter no longer uses a set*FailureUrl approach for every exception, it now uses a properties object that maps authenticationExceptions to failure urls 2005-03-28 17:42:21 +00:00
Ben Alex 798ebb1a3d Correct NullPointerException as fixture missing an ApplicationContext and attempting to publish an event. 2005-03-27 08:40:09 +00:00
Ben Alex 684d5bc10e Handle null Authentication.getAuthorities() in AuthorizeTag. 2005-03-27 06:36:41 +00:00
Ben Alex 8ae2276843 TokenBasedRememberMeServices changed to use long instead of int for tokenValiditySeconds. 2005-03-25 22:07:00 +00:00
Ray Krueger 10c1926385 Added the ConcurrentSessionViolationEvent that will be published by the ConcurrentSessionControllerImpl before throwing the ConcurrentSessionViolationException 2005-03-25 00:53:46 +00:00
Ben Alex 8884ca51af Add credentialsExpiredFailureUrl getter/setter to AbstractProcessingFilter. 2005-03-23 23:22:51 +00:00
Ben Alex 9f66c0eae9 Update to current Spring JAR dependencies. 2005-03-22 11:17:22 +00:00
Ben Alex c936801842 DigestProcessingFilter now provides userCache getter and setter. 2005-03-21 08:03:11 +00:00
Ben Alex 0530351f0d Provide toString() method on User. 2005-03-21 05:33:51 +00:00
Ben Alex a2b9da7e22 StringSplitUtils.split() ignored delimiter argument. 2005-03-21 05:14:48 +00:00
Ben Alex 6f31ecb04b UserDetails now indicates locked accounts. 2005-03-21 03:22:59 +00:00
Luke Taylor ae47fb722d sendError now returns less informative forbidden message rather than the exception message. 2005-03-20 19:12:51 +00:00
Luke Taylor 944d11bb1a Changed to using DN in cache log messages rather than entire certificate. 2005-03-19 18:07:24 +00:00
Luke Taylor 918fc7c15a License header added. 2005-03-18 01:00:36 +00:00
Luke Taylor e755687a19 Updated to use Spring Assert class. 2005-03-18 00:59:32 +00:00
Luke Taylor 2a6c68deb6 Entry point tests 2005-03-18 00:52:23 +00:00
Ben Alex a056946c49 HttpSessionContextIntegrationFilter now handles HttpSession invalidation without redirection. 2005-03-18 00:50:12 +00:00
Luke Taylor 8592e3bcbf Added tearDown method which resets the Context to null 2005-03-18 00:45:48 +00:00
Luke Taylor 04366d2b12 Corrected Javadoc 2005-03-18 00:33:30 +00:00
Ben Alex 07e46fe4d5 Proper handling if the account is no longer allowed login. 2005-03-18 00:06:09 +00:00
Ben Alex 748f427a80 Prove SecureContextImpl.equals works as we want it to, in light of HttpSessionContextIntegrationFilter's attempts to avoid unnecessary HttpSession creation. 2005-03-17 23:35:29 +00:00
Luke Taylor abe9dfd234 Added caching and use of Spring's Assert to X509 provider 2005-03-17 21:43:42 +00:00
Luke Taylor 90914be3c2 Import cleaning 2005-03-17 19:58:08 +00:00
Luke Taylor 7db94cb5b7 X509 UserDetails cache interface and implementation 2005-03-17 19:57:12 +00:00
Luke Taylor 7c6a2911c9 Added package.html files 2005-03-17 19:49:18 +00:00
Luke Taylor 562a015aeb Javadoc typo corrected. 2005-03-17 14:14:18 +00:00
Luke Taylor cacc31004f Javadoc typo corrected. 2005-03-16 23:31:19 +00:00
Luke Taylor bb7d428617 Commence method now returns 403 error 2005-03-16 18:26:41 +00:00
Luke Taylor 452604ff3b Minor Javadoc corrections. 2005-03-16 16:57:28 +00:00
Ben Alex 52c42a7a40 Corrected Authz parsing of whitespace in GrantedAuthoritys. Contributed by Francois Beausoleil. 2005-03-14 06:09:33 +00:00
Ray Krueger 632617f693 Test that the ConcurrentSessioncontrollerImpl implements ApplicationListener. This is critical and was left out once. 2005-03-13 22:35:17 +00:00
Ray Krueger ff45047f5a This MUST implement ApplicationListener in order to receive the HttpSessionDestroyedEvents 2005-03-13 22:30:06 +00:00
Ray Krueger 169449bf24 In response to: http://forum.springframework.org/viewtopic.php?t=3874
JaasAuthenticationProvider now checks that the java.security.auth.login.config is null before attempting to use it.

Also, The loginConfig resource is attempted as a file first as spaces in the path name can cause FileNotFoundExceptions for URLs
2005-03-13 22:26:56 +00:00
Ben Alex df91d352cb AbstractBasicAclEntry improved compatibility with Hibernate, as per http://forum.springframework.org/viewtopic.php?t=3949. 2005-03-13 21:01:16 +00:00
Luke Taylor f594fdf751 Tidying and tests to bring Dao populator up to full coverage. 2005-03-12 21:56:04 +00:00
Luke Taylor 76f868c777 More tests. 2005-03-12 21:27:22 +00:00
Luke Taylor 765cc02599 Tidying. 2005-03-12 21:24:55 +00:00
Luke Taylor 9f62da7d1c Better test method names. 2005-03-12 21:20:43 +00:00
Luke Taylor 0a4fc1731a Tests added to bring X509ProcessingFilter up to full coverage. 2005-03-12 20:47:58 +00:00
Luke Taylor c3c5487b93 Now sets WebAuthenticationDetails on authentication request token. 2005-03-12 20:46:58 +00:00
Luke Taylor acee1ef696 Added "details" property 2005-03-12 20:40:05 +00:00
Luke Taylor 5d1cd29dfb Added tearDown method which resets the context to null to prevent occasional breaking of other test classes. 2005-03-12 13:44:00 +00:00
Luke Taylor f578915728 Test class for X509 filter. 2005-03-11 17:42:39 +00:00
Luke Taylor af02c42e9f First version that works. 2005-03-11 03:15:54 +00:00
Luke Taylor fbb4bc0873 Added regexp matching within the DN to extract the user name. 2005-03-11 02:47:43 +00:00
Luke Taylor 29050b29b2 Dao populator tests for X.509. Tests matching of regexps in the certificate Subject to extract the user name. 2005-03-11 02:08:07 +00:00
Ben Alex 4763f953d3 FilterChainProxy now supports replacement of ServletRequest and ServetResponse by Filter beans. 2005-03-11 01:41:43 +00:00
Luke Taylor 5c86b97f37 First working (kind of) version. 2005-03-11 00:39:36 +00:00
Ben Alex c5fe428400 Patch by Matt Raible which returns null if Authentication is anonymous. 2005-03-10 12:00:30 +00:00
Ben Alex b898b87ffb Enhance test coverage as part of diagnosis of reported bug at http://forum.springframework.org/viewtopic.php?p=15751. 2005-03-10 11:39:32 +00:00
Ben Alex 15535fff41 SecurityEnforcementFilter caused NullPointerException when anonymous authentication used with BasicProcessingFilterEntryPoint. 2005-03-10 11:11:25 +00:00
Luke Taylor 08dbf66880 (Currently functionless) entry point implementation for X.509 2005-03-10 03:21:25 +00:00
Luke Taylor aabcef4c69 Dao populator for X509, mirroring the CAS one. 2005-03-10 03:20:25 +00:00
Luke Taylor fea1725f39 Removed inappropriate inheritance from AbstractProcessingFilter (doesn't make sense for X509 case). 2005-03-10 03:16:45 +00:00
Luke Taylor ae91b58685 First stab at X509 authentication provider 2005-03-09 02:14:30 +00:00
Luke Taylor da3801b914 Javadoc improvements. 2005-03-09 02:02:05 +00:00