Luke Taylor
4063a87dbf
Changed to use parent method for Mock creation rather than new operator.
2006-01-04 23:25:40 +00:00
Luke Taylor
f9d0ee209b
Changed FilterInvocationDefinitionSourceEditor to complain if the parsed URL or the config attribute is empty or null. Plus some comment tidying.
2006-01-04 21:35:10 +00:00
Luke Taylor
56bccf6070
Added MessageSource support for LDAP provider classes.
2006-01-03 20:31:19 +00:00
Luke Taylor
e81be72bd7
Changed test to use tested class rather than interface name. Added test for service detection style URLs.
2006-01-01 15:11:54 +00:00
Carlos Sanchez
1dfc42550f
Add spring-mock to dependency management
...
Add ldap dependencies
Simplify spring dependencies
2005-12-25 00:21:49 +00:00
Ben Alex
6b1f97a381
Resolve compiler warnings.
2005-12-24 10:03:18 +00:00
Carlos Sanchez
b0d65259b6
Changed groupId to org.acegisecurity
2005-12-22 16:40:22 +00:00
Carlos Sanchez
f226dfb67f
Use ISO encoding to avoid problems
2005-12-22 16:27:44 +00:00
Carlos Sanchez
0c9e1769a4
Improved m2 poms
2005-12-22 15:54:37 +00:00
Carlos Sanchez
f662ed5890
Ignore eclipse project files
2005-12-22 13:41:33 +00:00
Luke Taylor
9b5aa159aa
Correct screwy formatting.
2005-12-22 01:42:27 +00:00
Luke Taylor
3977e3b822
Refactored to remove unnecessary null check in createSuccessAuthentication. Removed several legacy references to AuthenticationDao in Javadoc.
2005-12-22 01:30:53 +00:00
Luke Taylor
5b076c79d1
Changed to use a Set rather than array index to check for the presence of granted authorities as the ordering of the latter couldn't be guaranteed.
2005-12-22 01:22:09 +00:00
Luke Taylor
41a95b11cd
Corrected wrong package name in Javadoc.
2005-12-22 01:18:32 +00:00
Luke Taylor
8f725f7a74
Removed no-arg constructor from UsernamePasswordAuthenticationToken.
2005-12-22 01:16:16 +00:00
Luke Taylor
c378779610
Removed printStackTrace from expected exception.
2005-12-22 01:15:25 +00:00
Luke Taylor
09cef7adc2
Refactoring to remove encodeInternal method. Same as recent changes to SHA encoder.
2005-12-21 16:41:52 +00:00
Luke Taylor
2d1dd7b292
Restoring author/version tags, some minor comments.
2005-12-21 00:48:57 +00:00
Luke Taylor
20d69e2734
Tidying up some Jalopy weirdness.
2005-12-21 00:39:36 +00:00
Luke Taylor
dc728987f4
Changed LdapDataAccessException to extend AuthenticationServiceException.
2005-12-21 00:14:15 +00:00
Luke Taylor
0f678d53ba
Javadoc typo in tag.
2005-12-21 00:00:02 +00:00
Luke Taylor
911be66513
Move LdapUserSearch into main provider package and separate out its current implementation as it may be used for more than authentication.
2005-12-20 23:58:35 +00:00
Luke Taylor
b01bf0b878
Expanded Javadoc.
2005-12-20 23:26:38 +00:00
Luke Taylor
1549ec55b1
Switch to embedded context version of apache DS (no socket nonsense etc.)
2005-12-20 23:08:54 +00:00
Luke Taylor
9554dc50bc
Pull functionality for hiding UsernameNotFoundException's up into AbstractUserDetailsAuthenticationProvider.
2005-12-19 17:23:34 +00:00
Luke Taylor
929b08c085
Spring config for ApacheDS is no longer used.
2005-12-19 17:04:09 +00:00
Luke Taylor
069f78c00b
Move the apacheDS working directory to java.io.tmpdir
2005-12-19 17:01:25 +00:00
Luke Taylor
1f66750e24
Added support for multiple DN patterns. Changes to favour constructor injection for mandatory properties. Renamed LdapUserInfo to prevent confusion with UserDetails interface.
2005-12-18 21:14:27 +00:00
Luke Taylor
e3b728cc9a
Javadoc typos.
2005-12-18 15:02:17 +00:00
Luke Taylor
40f50498b2
Re-enable some tests which partially work with embedded ApacheDS.
2005-12-16 18:26:23 +00:00
Luke Taylor
bfb4fb81d4
Remove messages about existing data.
2005-12-16 02:47:47 +00:00
Luke Taylor
f9c88adfa9
Switch to embedded server and disable tests which cause problems with apacheDS for the time being.
2005-12-16 02:23:06 +00:00
Luke Taylor
53252d258f
Set extra properties on InitialDirContextFactory and corrected group search filter.
2005-12-16 01:28:29 +00:00
Luke Taylor
1db1a3cd62
Changes try to get Ldap tests working with the possibility of using a non-networked embedded server.
2005-12-16 01:07:31 +00:00
Luke Taylor
45e2f9dac4
Removed internal encoding method to make subclassing work.
2005-12-16 00:59:29 +00:00
Luke Taylor
781ed0f380
Switch to local url.
2005-12-15 03:45:48 +00:00
Luke Taylor
d014411d48
Corrections to DIT for apache-ds tests.
2005-12-15 02:16:13 +00:00
Luke Taylor
ce3d6f2129
Initial LDAP provider checkin.
2005-12-15 00:18:13 +00:00
Ben Alex
a1037ddc87
Prepare 1.0.0 RC1.
2005-12-04 11:20:52 +00:00
Ben Alex
d89c6c0a74
SEC-118: Wrong logger class corrected.
2005-12-04 10:48:33 +00:00
Ben Alex
ee48f38ff0
SEC-116: Correct JavaDocs.
2005-12-02 12:14:38 +00:00
Ben Alex
75a9784028
SEC-58: Initial commit of Velocity helper.
2005-12-01 09:38:50 +00:00
Ben Alex
b16ce31c5b
Prove placeholders work correctly.
2005-12-01 00:30:18 +00:00
Ben Alex
2c28ff4fd1
SEC-56: Further improvements to localization.
2005-11-30 01:23:36 +00:00
Ben Alex
62fde4ede3
SEC-107: Finalize rename of AuthenticationDao to UserDetailsService with corresponding change in package from .providers.dao to .userdetails.
2005-11-30 00:20:13 +00:00
Ben Alex
a6e23d79ae
SEC-107: Rename AuthenticationDao to UserDetailsService.
2005-11-29 13:10:15 +00:00
Ben Alex
6144e1664e
SEC-108: Make fields protected.
2005-11-29 02:43:35 +00:00
Ben Alex
6585c2b391
Allow subclasses to make modifications to GrantedAuthority[].
2005-11-26 13:27:30 +00:00
Ben Alex
fddcd6112e
SEC-56: Add localisation support.
2005-11-26 05:11:53 +00:00
Ben Alex
f4c3e2ff8c
Use Spring Assert for cleaner code.
2005-11-26 04:18:21 +00:00
Ben Alex
e53a00371c
Use logger instead of System.out.println().
2005-11-26 04:10:05 +00:00
Ben Alex
218fcf5b24
SEC-3: Add static method so digest-compatible passwords can be stored in database.
2005-11-25 05:20:57 +00:00
Ben Alex
bb2ac126b7
SEC-47: AbstractSecurityInterceptor to reject secure object invocations which do not have configuration attributes defined.
2005-11-25 04:56:01 +00:00
Ben Alex
27f47673ad
SEC-106: Use getMethod() instead of getDeclaredMethod() so that methods defined in principal Object superclasses are accessible.
2005-11-25 04:40:27 +00:00
Ben Alex
9ccaf05cc7
SEC-112: Bug when SecurityEnforcementFilter used with disabled Authentication and remember-me services.
2005-11-25 04:38:18 +00:00
Ben Alex
47166fe078
SEC-110: ProviderManager to properly handle ConcurrentLoginException.
2005-11-25 04:33:40 +00:00
Ben Alex
58b8b840b3
SEC-105: Correct incorrect JavaDocs.
2005-11-25 04:29:32 +00:00
Ben Alex
969bbff00c
SEC-18: Preemptive method invocation security checking helper.
2005-11-25 04:18:34 +00:00
Ben Alex
731d7b2e89
SEC-113 Provide MethodInvocationUtils.
2005-11-25 04:17:25 +00:00
Ben Alex
72256a225f
SEC-73: Support storage and retrieval of actual Principal object (such as UserDetails) from PrnicipalAcegiUserToken.
2005-11-25 00:26:30 +00:00
Luke Taylor
7847af2664
Fix for SEC-111. Added a try/finally block to make sure context is always reset after the invocation.
2005-11-23 16:09:44 +00:00
Ben Alex
6a1a4abb1d
SEC-104: Move to org.acegisecurity package.
2005-11-17 00:56:49 +00:00
Scott McCrory
79c3ba521b
Resolved and/or inhibit build warnings as seen in Eclipse 3.1. Please refer to http://opensource2.atlassian.com/projects/spring/browse/SEC-93 for more info.
2005-11-11 22:37:38 +00:00
Ben Alex
b1d247835a
Stop causing an exception when there is no AuthenticationException to ApplicationEvent mapping. Requested by Brian Moseley on acegisecurity-developer 10 November 2005.
2005-11-10 00:41:54 +00:00
Ben Alex
c167e9fd87
Change SecurityContextHolder to ThreadLocal due to IBM JDK 1.3 issues as described at http://tinyurl.com/8zhka and reported by Scott McCrory on acegisecurity-developer 8 November 2005.
2005-11-08 22:07:33 +00:00
Scott McCrory
b938b6b363
Increased SiteminderAuthenticationProcessinfFilter test coverage from 70% to 93%.
2005-11-08 02:55:48 +00:00
Ben Alex
df9deea4de
Only clear SecurityContextHolder if the Authentication object has not changed.
2005-11-08 01:39:27 +00:00
Scott McCrory
97f3ad79cb
Removed unused imports & organized the remnants.
2005-11-07 03:32:18 +00:00
Ben Alex
55f5093ec7
SEC-94: DaoAuthenticationProvider to include UserDetails in BadCredentialsException.
2005-11-07 03:04:47 +00:00
Scott McCrory
309b559a8f
Removed unused imports.
2005-11-06 23:00:31 +00:00
Luke Taylor
e02dbd5c34
Changed class names to match new context classes.
2005-11-06 22:00:27 +00:00
Luke Taylor
0aef31d302
Converted ApplicationContextAware classes to ApplicationEventPublisherAware (SEC-69).
2005-11-06 21:11:25 +00:00
Luke Taylor
6511677f93
Moved duplicate setting of null authentication to setUp method.
2005-11-06 21:06:53 +00:00
Luke Taylor
bba77b64e9
Corrected javadoc
2005-11-06 21:01:21 +00:00
Luke Taylor
5cb7575b2b
Corrected references to old context class names in Javadoc and logging.
2005-11-05 18:49:55 +00:00
Ben Alex
5a51f391a4
Add UsernameNotFoundException to default exception to event mappings list.
2005-11-05 09:20:14 +00:00
Ben Alex
aa4fd8586c
Fix concurrent session interaction bug where UserDetails.getUsername() may have been override to be a different value than the original login request, as per email from Herryanto Siatono on acegisecurity-developer 5 November 2005.
2005-11-05 03:50:22 +00:00
Ray Krueger
0aa4989dad
JaasAuthenticationProvider no longer supports the useSystemProperty setting.This is because it no longer uses the java.security.auth.login.config system property for configuring Jaas. Custom Jaas configuration needs can be implemented in a subclass that overrides the configureJaas method.
...
JaasAuthenticationProvider now handles logout by associating the LoginContext with a new JaasAuthenticationToken
2005-11-04 15:02:27 +00:00
Ray Krueger
6049e9ac65
Removed string concatenation from buffer.append methods
2005-11-04 14:54:25 +00:00
Ben Alex
9be82a3d8f
SEC-67: Enhance taglib to allow retrieval of custom UserDetails methods.
2005-11-03 13:51:55 +00:00
Ben Alex
31a1f0be1a
SEC-52: Move potentially useful methods to an abstract superclass so that other voters can use them.
2005-11-03 13:47:44 +00:00
Ben Alex
6e389ca1b8
SEC-51: Use long instead of int for ACL primary keys.
2005-11-03 13:38:45 +00:00
Ben Alex
633f2cfe66
SEC-39: Add equals(Object) method to User.
2005-11-03 13:20:26 +00:00
Ben Alex
7faf2741f1
SEC-32: Patches to move isPermissable(int) method to the BasicAclEntry interface. Thanks to Andres March for this patch.
2005-11-03 13:08:43 +00:00
Ben Alex
a42dec6fbf
SEC-21: Initial commit.
2005-11-03 12:56:27 +00:00
Ben Alex
e9b1d9452f
SEC-9 and SEC-55: Refactor DaoAuthenticationProvider and deprecate PasswordDaoAuthenticationProvider.
2005-11-03 11:31:23 +00:00
Ben Alex
f50cbd31ba
SEC-38: Make InMemoryDaoImpl support external Properties objects.
2005-11-03 10:05:02 +00:00
Ben Alex
0d77abb9c1
SEC-64: Correct operation with Orion Web Application Server. Patch thanks to Paul Brooks.
2005-11-03 09:48:52 +00:00
Ben Alex
d9be0f86fd
SEC-53: BasicProcessingFilter only to reauthenticate if the SecurityContextHolder contains an unauthenticated Authentication, or an Authentication with a different username.
2005-11-03 09:45:30 +00:00
Ben Alex
690ab27a52
SEC-70 and SEC-71: Refactor event publishing.
2005-11-03 09:23:49 +00:00
Ben Alex
b6dbfde55c
SEC-70: Refactor event publishing.
2005-11-03 06:55:47 +00:00
Ben Alex
3811200599
Improve debug output.
2005-11-03 06:51:30 +00:00
Ben Alex
2cbe42f493
SEC-7: Allow better chaining of authentication providers.
2005-11-03 04:14:12 +00:00
Ben Alex
42c47c086a
JavaDocs formatting.
2005-11-03 04:13:56 +00:00
Luke Taylor
f8b0de3459
Corrected Javadoc link to interface name.
2005-11-01 14:22:08 +00:00
Marc-Antoine Garrigue
5235727d23
SEC-2
...
Refactor the CaptchaChannelProcessor and extract a CaptchaChannelProcessor that is an abstract class and add its implementations.
Jalopy on all java files.
2005-10-24 17:08:18 +00:00
Ben Alex
1ae07779a2
SEC-710: Refactor concurrent session handling support.
2005-10-22 01:53:03 +00:00
Ben Alex
a5ffda7369
SEC-63: Do not return an absolute URL unless switching from HTTP to HTTPS.
2005-10-21 08:00:15 +00:00
Ben Alex
c6d5363e5d
SEC-60: Make method more friendly towards Hibernate detached object. Please note my comments in the JIRA task, as I believing calling toString() is not an unreasonable expectation.
2005-10-21 07:53:34 +00:00
Ben Alex
d49198a944
SEC-43: Eliminate id column.
2005-10-21 07:32:48 +00:00
Ben Alex
41202112bc
SEC-37: Only update HttpSession if SecurityContext has actually been changed.
2005-10-21 07:26:16 +00:00
Ben Alex
494e35f009
Jalopy styling.
2005-10-21 07:23:33 +00:00
Luke Taylor
24a78be159
Corrected link in Javadoc.
2005-10-19 21:19:16 +00:00
Luke Taylor
c065c46668
Javadoc correction: ContextHolder -> SecurityContextHolder
2005-10-18 15:44:22 +00:00
Luke Taylor
df4b8f602f
Javadoc correction: SecureContext -> SecurityContext
2005-10-18 15:43:41 +00:00
Carlos Sanchez
b2363dfe07
SEC-62 Add maven 2 support
2005-10-06 20:53:08 +00:00
Ray Krueger
a39339674e
login.config.url should be set to a url, not a file path
...
The System property java.security.auth.login.config will only be used if the useSystemProperty option is enabled. This is the default.
2005-09-26 14:14:42 +00:00
Scott McCrory
bc14dd62db
Fixed CVS line break
2005-09-25 22:49:45 +00:00
Scott McCrory
4717b64b83
Updated Siteminder auth processing filter and added test case. As of this weekend, this version is in production at a large financial org.
2005-09-25 22:48:33 +00:00
Ben Alex
0f5e9ad372
Fix NPE. Thanks to Tom Dunstan.
2005-09-22 01:49:12 +00:00
Ben Alex
f5741962ed
Add createSessionAllowed property, which should be set to false to avoid unnecessary session creation.
2005-09-22 00:54:27 +00:00
Marc-Antoine Garrigue
60d3b6505b
Finalizing the validation, entry point and channel processor concerning captchas. Replacing the Thread.sleep() in captchaChannelProcessorTest to avoid the build break issue.
2005-09-20 12:24:47 +00:00
Mark St. Godard
fb3f4af3b2
when extracting the original user, fix by referencing by the interface (UserDetail) rather than the concrete class (User)
2005-09-20 02:28:01 +00:00
Mark St. Godard
24394b7b2b
added fix to preserve custom UserDetails implementations (Matt DeHoust fix recommendation)
2005-09-19 02:22:44 +00:00
Ben Alex
d44b570087
Disable failing tests until Marc-Antoine has a chance to look at them.
2005-09-18 22:38:37 +00:00
Ben Alex
ae9e7733db
Fix broken tests.
2005-09-18 22:38:05 +00:00
Ben Alex
35ca25f085
BasicAuthenticationProcessingFilter no longer creates HttpSession via WebAuthenticationDetails call.
2005-09-08 11:15:48 +00:00
Ben Alex
c7dcceb05c
Do not setAuthenticated(false) in the event of a public (unsecured) invocation. Thanks to Joseph Dane for reporting this issue on acegisecurity-developer on 3 September 2005.
2005-09-08 09:32:24 +00:00
Mark St. Godard
486bbee35d
added context path to redirect
2005-09-03 21:43:08 +00:00
Mark St. Godard
9d359780d9
finish user context switch event publishing
2005-09-03 20:24:35 +00:00
Mark St. Godard
20ebb668a6
Added event for user context switching and updated switch user filter
2005-08-25 02:59:19 +00:00
Ben Alex
55f5c3397a
Relocated JdbcDaoExtendedImpl.convertAclObjectIdentityToString to superclass (pursuant to suggestion made by Tim Kettering on acegisecurity-developer).
2005-08-23 22:45:17 +00:00
Ray Krueger
2bda6ec25c
Fix: SEC-48 http://opensource2.atlassian.com/projects/spring/browse/SEC-48
...
If the principal is an instanceof UserDetails, UserDetails.getUsername();
2005-08-23 15:15:06 +00:00
Ben Alex
40a81ed220
Revisit synchonization issue and correct problem identified by Volker Malzahn.
2005-08-21 10:10:16 +00:00
Mark St. Godard
ec5e39c2e8
Initial checkin of user security context switching (see SEC-15). This is the first cut of the SwitchUserProcessingFilter that handles switching to a target uesr and exiting back to the original user. Note: This is going to be used for the common use-case of an Administrator 'switching' to another user (i.e. ROLE_ADMIN -> ROLE_USER). This is the initial cut of a Unix 'su' for Acegi managed web applications.
2005-08-04 05:49:12 +00:00
Luke Taylor
725ec767b6
Javadoc typo corrected (as suggested on mailing list)
2005-08-01 20:05:02 +00:00
Scott McCrory
c2c48b905b
Added package.html files to reamining java packages (see http://opensource.atlassian.com/projects/spring/browse/SEC-41 )
2005-07-26 01:54:18 +00:00
Scott McCrory
f5975dcf30
Whoops, almost forgot to remove System.out debug lines :-/
2005-07-26 00:55:53 +00:00
Scott McCrory
891cd7380c
Mirrored Ben's FilterChainProxy.java 1.5 spelling fix to its corresponding test class, which depended on equality of the exception message. All JUnit tests pass now.
2005-07-26 00:50:43 +00:00
Scott McCrory
dc31553f2a
Syntax
2005-07-25 22:49:05 +00:00
Scott McCrory
db4ed4bc44
Added debug statement to AbstractTicketValidator to help with Acegi+CAS+SSL setup (thanks Seth Ladd for the patch) (see http://opensource.atlassian.com/projects/spring/browse/SEC-34 )
2005-07-25 03:46:23 +00:00
Scott McCrory
c66c5dfab5
AuthorizeTag no longer depends on JDK 1.4. Tested on Websphere 5.0 w/JDK 1.3 (see http://opensource.atlassian.com/projects/spring/browse/SEC-11 )
2005-07-25 00:52:15 +00:00
Scott McCrory
32f62d1ef1
Added SiteminderAuthenticationProcessingFilter for Ben's review. <Untested>.
2005-07-24 23:59:08 +00:00
Ben Alex
f625d06cd9
Avoid expense of HttpSession when working with anonymous users.
2005-07-23 09:52:42 +00:00
Ben Alex
4ad98a7df3
Spelling correction, thanks to Zack Chandler.
2005-07-23 07:40:43 +00:00
Ben Alex
c5ba30b001
Comment how to make a signing certificate.
2005-07-23 07:39:56 +00:00
Ray Krueger
4b98d357ff
SecureContextLoginModuleTest has been renamed to ...Tests as per Acegi project.
...
SecureContextLoginModule now throws a LoginException if there is no authentication present, if the ignoreMissingAuthentication option is true, the login() method will simply return false.
2005-07-22 04:35:31 +00:00
Luke Taylor
e51c38aec9
Removed reference in Javadoc to obtaining and validating the SecureContext (checking for null etc), as this is no longer relevant.
2005-07-21 22:59:30 +00:00
Luke Taylor
c89d4a8add
Added trimming of whitespace to tokens and use of Springs StringUtils.hasText() to check for content in the string passed to setAsText.
2005-07-21 22:55:27 +00:00
Marc-Antoine Garrigue
3287439421
Initial commit for captcha adapter
2005-07-19 12:35:50 +00:00
Luke Taylor
74588c8e53
Move acegifier code from core.
2005-07-16 19:35:30 +00:00
Luke Taylor
5bbc54ac42
Javadoc typo corrected
2005-07-15 14:28:44 +00:00
Ben Alex
d9b1a8e83c
Fix typo in InteractiveAuthenticationSucces(s)Event
2005-07-11 01:23:20 +00:00
Ben Alex
c7bfeeaf58
Clarify local variable name given it was the same as a member variable.
2005-07-11 01:19:41 +00:00
Luke Taylor
ab065923d4
Correct doctype for generated web.xml files and add declaration to test file.
2005-07-09 23:32:08 +00:00
Luke Taylor
22a28f3b39
Separate InMemoryResource class for use in Acegifier web application.
2005-07-09 21:37:50 +00:00
Luke Taylor
7268c81192
Fix for SEC-27. Now checks for a null authentication before proceeding to fire the success event.
2005-07-08 21:16:12 +00:00
Luke Taylor
f1656ee7fd
Tidying: removed unused intermediate variable.
2005-07-08 21:10:26 +00:00
Luke Taylor
6f467def90
Added conversion of URLs ending in '*' to the ant '**' form.
2005-07-06 17:22:19 +00:00
Luke Taylor
9e1a773cc7
Add xsl resources to build.
2005-07-06 15:22:52 +00:00
Luke Taylor
d13faf0815
Renaming and refactoring of web.xml converter.
2005-06-30 21:23:50 +00:00
Luke Taylor
118f6401d8
XSL file for converting web.xml to acegified version.
2005-06-29 23:00:54 +00:00
Luke Taylor
a2bc398915
Refactoring and commenting XSL
2005-06-27 21:56:13 +00:00
Ben Alex
3e4a29eae9
FilterSecurityInterceptor now has an observeOncePerRequest boolean property, allowing multiple fragments of the HTTP request to be individually authorized (see http://opensource.atlassian.com/projects/spring/browse/SEC-14 ).
2005-06-27 03:57:31 +00:00
Ben Alex
5c883e639f
Add InteractiveAuthenticationSuccessEvent handling to authentication mechanisms.
2005-06-27 03:34:36 +00:00
Ben Alex
60f8095cf2
Make Authenticated.isAuthenticated() behaviour switchable. See http://opensource.atlassian.com/projects/spring/browse/SEC-13 .
2005-06-27 03:05:26 +00:00
Ben Alex
ef8281f534
HttpSessionContextIntegrationFilter elegantly handles IOExceptions and ServletExceptions within filter chain (see http://opensource.atlassian.com/projects/spring/browse/SEC-20 ).
2005-06-27 02:55:01 +00:00
Luke Taylor
25fa471779
First version of web.xml to acegi translator
2005-06-26 17:30:36 +00:00
Ben Alex
a312fede74
Refactor DAO authentication failure events under a consistent abstract superclass (thanks to Mark St Godard for suggestion).
2005-06-22 08:07:52 +00:00
Ben Alex
c0f1d4e19d
Remove getters and setters from JdbcDaoImpl so IoC container cannot modify MappingSqlQuerys (thanks to David Durham for bug report).
2005-06-22 08:06:28 +00:00
Ben Alex
a15691d9d7
Silently catch NotSerializableException in AbstractProcessingFilter if rootCause is not Serializable (thanks to Joseph Dane for reporting this bug).
2005-06-22 07:03:53 +00:00
Ben Alex
5f75e9bf9a
Refactor Authentication.isAuthenticated() handling to be more performance (as per developer list discussion).
2005-06-22 06:30:46 +00:00
Ben Alex
a7b5299e77
Correct synchronization issue with FilterToBeanProxy initialization (thanks to George Franciscus and Volker Malzahn as per acegisecurity-developer discussion 4 June 2005).
2005-06-22 05:22:05 +00:00
Ben Alex
c699f7d40e
Support non-username as primary key.
2005-05-29 09:46:51 +00:00
Ben Alex
25cb085df7
More JavaDocs.
2005-05-29 08:30:28 +00:00
Ben Alex
3401072368
Made Serializable as per acegisecurity-developer list discussion on 20 May 2005.
2005-05-22 03:56:37 +00:00
Ben Alex
4e55780e7c
Performance optimisations thanks to Paulo Neves.
2005-05-20 00:00:22 +00:00
Ben Alex
cfb8271826
Reorder DaoAuthenticationProvider exception logic as per developer list discussion.
2005-05-18 01:40:45 +00:00
Ben Alex
ecbfac2ff8
Made AclEntry Serializable (correct issue with BasicAclEntryCache).
2005-05-17 11:07:00 +00:00
Ben Alex
fa6924a373
Update project workspace settings to Java 1.5. NB: Maven remains at 1.3 compatibility for all subprojects except "domain". It is recommended the Eclipse "Problems" view be customised to not display items containing "Type Safety:" in their description. Developers should NOT introduce 1.5+ dependencies to any projects apart from "domain".
2005-05-09 01:18:31 +00:00
Ben Alex
e08e66dec6
Refactor SecurityContextHolder to return a SecurityContext instead of Authentication.
2005-05-08 23:42:14 +00:00
Ben Alex
6a9abe5d90
Remove ContextHolder and introduce SecurityContext.
2005-05-07 09:11:37 +00:00
Ray Krueger
47989c11bd
HttpSessionEventPublisher now verifies that the ApplicationContext is not null
2005-05-02 20:31:18 +00:00
Ben Alex
d169829f27
AbstractAuthenticationToken.getName() now returns username alone if UserDetails present.
2005-04-29 22:29:00 +00:00
Ray Krueger
54ccbf5617
The SecurityEnforcementFilter was forced to catch Throwable by the FilterInvocation.invoke(...) method. Therefore it was wrapping the throwable in ServletException, which left it wrapping SevletException and IOException in ServletException.
2005-04-29 02:53:02 +00:00
Ray Krueger
2c23c75f91
SecureContextLoginModule as requested from list with Test
2005-04-27 04:47:41 +00:00
Ray Krueger
6f286e2054
AuthorityGranter.grant now returns a java.util.Set of role names, instead of a single role name
2005-04-27 03:39:06 +00:00
Luke Taylor
c29a5731be
Moved credential expiry checking after password check. If the wrong password is presented, BadCredentialsException will now be thrown even if the password has expired.
2005-04-25 23:11:12 +00:00
Ben Alex
cff9ba4988
AnonymousProcessingFilter offers protected method to control when it should execute as per http://forum.springframework.org/viewtopic.php?p=19766 .
2005-04-21 23:02:58 +00:00
Ben Alex
4e1649c2b7
Fix NullPointerException caused by unit tests.
2005-04-20 12:39:14 +00:00
Luke Taylor
1fc79f04f1
Added AntPathMatcher member to bring into line with recent Spring refactoring which breaks the build.
2005-04-18 23:10:54 +00:00
Luke Taylor
48ad6496e4
Javadoc typo corrected
2005-04-18 16:24:33 +00:00
Luke Taylor
ee32874308
Added X509 EhCache tests and fixed glaring bug in X509 EhCache implementation.
2005-04-17 22:18:01 +00:00
Ray Krueger
ec80ae22c1
Templated out event publishing. Added getApplicationContext(). Fixed javadoc formatting
2005-04-17 14:13:13 +00:00
Luke Taylor
1a78f9e15f
Refactored to use Spring Assert class (thanks IntelliJ :).
2005-04-15 01:21:41 +00:00
Ben Alex
fdf5c63033
Add obtainUsername method as per http://forum.springframework.org/viewtopic.php?t=4757 .
2005-04-13 22:17:05 +00:00
Ben Alex
8091b60194
Improve Javadocs.
2005-04-12 04:19:09 +00:00
Luke Taylor
f2788c7cb6
Refactored to use Spring Assert class. Corrected some typos.
2005-04-11 01:18:46 +00:00
Luke Taylor
3d4f8eed31
Refactoring to use Spring mock web classes.
2005-04-11 01:07:04 +00:00
Luke Taylor
d6f2b136ec
Refactored to use Spring mock classes.
2005-04-09 23:37:18 +00:00
Luke Taylor
458a2c9e39
Refactored to use Spring mock classes.
2005-04-09 23:24:22 +00:00
Luke Taylor
021abb7369
Added check for "path parameters" to ensure the filterProcessesUrl matches rewritten URLs with a jsessionid included. Refactored property checking to use Spring Assert class.
2005-04-09 22:50:06 +00:00
Luke Taylor
eaa5feb5f8
Refactored to use Spring mock objects for HttpRequest etc.
2005-04-09 21:48:47 +00:00
Ben Alex
204da55a0b
PasswordDaoAuthenticationProvider no longer stores String against Authentication.setDetails().
2005-04-03 21:48:45 +00:00
Ray Krueger
9649003d57
AbstractProcessingFilter no longer uses a set*FailureUrl approach for every exception, it now uses a properties object that maps authenticationExceptions to failure urls
2005-03-28 17:42:21 +00:00
Ben Alex
798ebb1a3d
Correct NullPointerException as fixture missing an ApplicationContext and attempting to publish an event.
2005-03-27 08:40:09 +00:00
Ben Alex
684d5bc10e
Handle null Authentication.getAuthorities() in AuthorizeTag.
2005-03-27 06:36:41 +00:00
Ben Alex
8ae2276843
TokenBasedRememberMeServices changed to use long instead of int for tokenValiditySeconds.
2005-03-25 22:07:00 +00:00
Ray Krueger
10c1926385
Added the ConcurrentSessionViolationEvent that will be published by the ConcurrentSessionControllerImpl before throwing the ConcurrentSessionViolationException
2005-03-25 00:53:46 +00:00
Ben Alex
8884ca51af
Add credentialsExpiredFailureUrl getter/setter to AbstractProcessingFilter.
2005-03-23 23:22:51 +00:00
Ben Alex
9f66c0eae9
Update to current Spring JAR dependencies.
2005-03-22 11:17:22 +00:00
Ben Alex
c936801842
DigestProcessingFilter now provides userCache getter and setter.
2005-03-21 08:03:11 +00:00
Ben Alex
0530351f0d
Provide toString() method on User.
2005-03-21 05:33:51 +00:00
Ben Alex
a2b9da7e22
StringSplitUtils.split() ignored delimiter argument.
2005-03-21 05:14:48 +00:00
Ben Alex
6f31ecb04b
UserDetails now indicates locked accounts.
2005-03-21 03:22:59 +00:00
Luke Taylor
ae47fb722d
sendError now returns less informative forbidden message rather than the exception message.
2005-03-20 19:12:51 +00:00
Luke Taylor
944d11bb1a
Changed to using DN in cache log messages rather than entire certificate.
2005-03-19 18:07:24 +00:00
Luke Taylor
918fc7c15a
License header added.
2005-03-18 01:00:36 +00:00
Luke Taylor
e755687a19
Updated to use Spring Assert class.
2005-03-18 00:59:32 +00:00
Luke Taylor
2a6c68deb6
Entry point tests
2005-03-18 00:52:23 +00:00
Ben Alex
a056946c49
HttpSessionContextIntegrationFilter now handles HttpSession invalidation without redirection.
2005-03-18 00:50:12 +00:00
Luke Taylor
8592e3bcbf
Added tearDown method which resets the Context to null
2005-03-18 00:45:48 +00:00
Luke Taylor
04366d2b12
Corrected Javadoc
2005-03-18 00:33:30 +00:00
Ben Alex
07e46fe4d5
Proper handling if the account is no longer allowed login.
2005-03-18 00:06:09 +00:00
Ben Alex
748f427a80
Prove SecureContextImpl.equals works as we want it to, in light of HttpSessionContextIntegrationFilter's attempts to avoid unnecessary HttpSession creation.
2005-03-17 23:35:29 +00:00
Luke Taylor
abe9dfd234
Added caching and use of Spring's Assert to X509 provider
2005-03-17 21:43:42 +00:00
Luke Taylor
90914be3c2
Import cleaning
2005-03-17 19:58:08 +00:00
Luke Taylor
7db94cb5b7
X509 UserDetails cache interface and implementation
2005-03-17 19:57:12 +00:00
Luke Taylor
7c6a2911c9
Added package.html files
2005-03-17 19:49:18 +00:00
Luke Taylor
562a015aeb
Javadoc typo corrected.
2005-03-17 14:14:18 +00:00
Luke Taylor
cacc31004f
Javadoc typo corrected.
2005-03-16 23:31:19 +00:00
Luke Taylor
bb7d428617
Commence method now returns 403 error
2005-03-16 18:26:41 +00:00
Luke Taylor
452604ff3b
Minor Javadoc corrections.
2005-03-16 16:57:28 +00:00
Ben Alex
52c42a7a40
Corrected Authz parsing of whitespace in GrantedAuthoritys. Contributed by Francois Beausoleil.
2005-03-14 06:09:33 +00:00
Ray Krueger
632617f693
Test that the ConcurrentSessioncontrollerImpl implements ApplicationListener. This is critical and was left out once.
2005-03-13 22:35:17 +00:00
Ray Krueger
ff45047f5a
This MUST implement ApplicationListener in order to receive the HttpSessionDestroyedEvents
2005-03-13 22:30:06 +00:00
Ray Krueger
169449bf24
In response to: http://forum.springframework.org/viewtopic.php?t=3874
...
JaasAuthenticationProvider now checks that the java.security.auth.login.config is null before attempting to use it.
Also, The loginConfig resource is attempted as a file first as spaces in the path name can cause FileNotFoundExceptions for URLs
2005-03-13 22:26:56 +00:00
Ben Alex
df91d352cb
AbstractBasicAclEntry improved compatibility with Hibernate, as per http://forum.springframework.org/viewtopic.php?t=3949 .
2005-03-13 21:01:16 +00:00
Luke Taylor
f594fdf751
Tidying and tests to bring Dao populator up to full coverage.
2005-03-12 21:56:04 +00:00
Luke Taylor
76f868c777
More tests.
2005-03-12 21:27:22 +00:00
Luke Taylor
765cc02599
Tidying.
2005-03-12 21:24:55 +00:00
Luke Taylor
9f62da7d1c
Better test method names.
2005-03-12 21:20:43 +00:00
Luke Taylor
0a4fc1731a
Tests added to bring X509ProcessingFilter up to full coverage.
2005-03-12 20:47:58 +00:00
Luke Taylor
c3c5487b93
Now sets WebAuthenticationDetails on authentication request token.
2005-03-12 20:46:58 +00:00
Luke Taylor
acee1ef696
Added "details" property
2005-03-12 20:40:05 +00:00
Luke Taylor
5d1cd29dfb
Added tearDown method which resets the context to null to prevent occasional breaking of other test classes.
2005-03-12 13:44:00 +00:00
Luke Taylor
f578915728
Test class for X509 filter.
2005-03-11 17:42:39 +00:00
Luke Taylor
af02c42e9f
First version that works.
2005-03-11 03:15:54 +00:00
Luke Taylor
fbb4bc0873
Added regexp matching within the DN to extract the user name.
2005-03-11 02:47:43 +00:00
Luke Taylor
29050b29b2
Dao populator tests for X.509. Tests matching of regexps in the certificate Subject to extract the user name.
2005-03-11 02:08:07 +00:00
Ben Alex
4763f953d3
FilterChainProxy now supports replacement of ServletRequest and ServetResponse by Filter beans.
2005-03-11 01:41:43 +00:00
Luke Taylor
5c86b97f37
First working (kind of) version.
2005-03-11 00:39:36 +00:00
Ben Alex
c5fe428400
Patch by Matt Raible which returns null if Authentication is anonymous.
2005-03-10 12:00:30 +00:00
Ben Alex
b898b87ffb
Enhance test coverage as part of diagnosis of reported bug at http://forum.springframework.org/viewtopic.php?p=15751 .
2005-03-10 11:39:32 +00:00
Ben Alex
15535fff41
SecurityEnforcementFilter caused NullPointerException when anonymous authentication used with BasicProcessingFilterEntryPoint.
2005-03-10 11:11:25 +00:00
Luke Taylor
08dbf66880
(Currently functionless) entry point implementation for X.509
2005-03-10 03:21:25 +00:00
Luke Taylor
aabcef4c69
Dao populator for X509, mirroring the CAS one.
2005-03-10 03:20:25 +00:00
Luke Taylor
fea1725f39
Removed inappropriate inheritance from AbstractProcessingFilter (doesn't make sense for X509 case).
2005-03-10 03:16:45 +00:00
Luke Taylor
ae91b58685
First stab at X509 authentication provider
2005-03-09 02:14:30 +00:00
Luke Taylor
da3801b914
Javadoc improvements.
2005-03-09 02:02:05 +00:00