5ba31dfd56
Use AspectJMethodSecurityInterceptor in reference
...
Change reference to use AspectJMethodSecurityInterceptor instead of
undefined AspectJSecurityInterceptor.
2012-12-04 10:06:27 -06:00
373fe3a9f1
SEC-2074: Update reference to use <method-security-metadata-source>
2012-12-04 10:05:22 -06:00
6cea2694dc
SEC-2069: Update doc to use FilterInvocationSecurityMetadataSource
2012-10-22 14:24:05 -05:00
4f741bc914
SEC-2057: ConcurrentSessionFilter is now after SecurityContextPersistenceFilter
...
Previously, ConcurrentSessionFilter was placed after SecurityContextPersistenceFilter
which meant that the SecurityContextHolder was empty when ConcurrentSessionFilter was
invoked. This caused the Authentication to be null when performing a logout. It also
caused complications with LogoutHandler implementations that would be accessing the
SecurityContextHolder and potentially clear it out expecting that
SecurityContextPersistenceFilter would then clear the SecurityContextRepository.
The ConcurrentSessionFilter is now positioned after the
SecurityContextPersistenceFilter to ensure that the SecurityContextHolder is populated
and cleared out appropriately.
2012-10-03 09:27:24 -05:00
8ad0e0e8e8
SEC-1995: Use Gradle Artifactory integration for releases
2012-08-09 14:20:57 -05:00
095dcb3a74
SEC-2010: Include missing <value> tag in Hierarchical Roles section of the reference
2012-07-19 10:18:12 -05:00
b196d70f99
SEC-1905: Added para tag to the digest encoded password footnote
2012-07-11 13:12:57 -05:00
bfd09f7603
SEC-1905: Added footnote to password encoding for digest authentication
...
Technically digest authentication can allow for encoded passwords, but
it needs to be in the correct format. This update adds a footnote to clarify this.
Previously the documentation stated that passwords must be in clear text.
2012-07-11 13:00:06 -05:00
3e4da4f60f
Updated to next snapshot version
2012-07-06 11:28:21 -05:00
f46a5bab40
Set to 3.1.1 Release
2012-07-06 10:32:55 -05:00
a2452ab514
SEC-1906: Update to Gradle 1.0
2012-07-05 12:41:56 -05:00
18230259b8
SEC-1985: Removed WebSecurityExpessionHandler from reference
2012-06-28 11:35:07 -05:00
954ba57cf2
SEC-1970: Cleanup of pre authentication documentation
...
* Removed custom-authentication-provider from documentation
* Rephrased to make the pre authentication documentation a little more concise
* Removed nested () within text (not code)
* Removed user which should have been use
2012-06-15 14:44:16 -05:00
ca741ab18f
SEC-1943: Corrected namespace doc to state SecurityContextHolderAwareRequestFilter instead of SecurityContextHolderAwareFilter
2012-03-20 19:18:26 -05:00
2434564d6c
SEC-1904: Fixed LDAP object class name in docs.
2012-02-01 14:37:32 +00:00
b493afa18c
SEC-1888: Improving the doc on (not) using multiple annotation types in the same class.
2012-01-31 19:05:43 +00:00
9b423a7726
Set 3.1.0 release version.
2011-12-05 23:42:39 +00:00
53483df1f5
SEC-1678: Added What's new section to reference
2011-11-18 13:52:37 -06:00
041cb1dcc3
SEC-1858: Included the updates for logout-success-url documentation
2011-11-18 11:22:22 -06:00
f88b6f75ff
SEC-1858: Overhall the namespace appendix of the reference to include missing elements and attributes
2011-11-11 09:00:53 -05:00
2fd0a65049
SEC-1839: Updated preauth example to use </security:authentication-manager> instead of </security-authentication-manager>
2011-10-18 19:18:56 -05:00
503ac9ae7c
SEC-1798: Remove internal evaluation of EL in JSP tag implementations.
2011-08-12 19:44:27 +01:00
a1c714cff4
SEC-1754: Added an InvalidSessionStrategy to allow SessionManagementFilter to delegate out the behaviour when an invalid session identifier is submitted.
2011-07-14 16:43:02 +01:00
ac3d8b25f2
Expand LDAP authentication FAQ with information about bind authentication and unreadable password attributes.
2011-07-14 13:13:39 +01:00
d5946b81b4
Added FAQ on how to add ApacheDS entries to pom.
2011-07-13 17:50:29 +01:00
2e83d98c8f
SEC-1776: Corrected typo in manual
2011-07-09 19:24:12 -05:00
2861a951aa
Minor FAQ update on version info.
2011-06-17 11:45:56 +01:00
ecfffaaa3f
Make aspectj dependencies optional throughout and spring-jdbc/tx optional in core poms. Reduces exclusions required in third-party poms (e.g. spring-social).
2011-06-09 22:57:49 +01:00
132163ec2e
Add FAQ on accessing password from a UserDetailsService.
2011-05-26 18:38:45 +01:00
b53d430798
Doc update to reflect change in cas integration module name since 3.0.
2011-05-23 21:29:40 +01:00
3541099634
Correct typo in FAQ.
2011-05-17 18:23:48 +01:00
295ea27526
SEC-1743: Separate remoting from core into separate module.
2011-05-16 00:19:30 +01:00
6e91786f92
SEC-1734: AbstractRememberMeServices will now default to using a secure cookie if the connection is secure. The behaviour can be overridden by setting the useSecureCookie property in which case the cookie will either always be secure (true) or never (false).
2011-05-09 13:36:23 +01:00
bd74185e41
SEC-1729: Updated openid module and sample to openid4java 0.9.6 and httpclient 4.1.1
2011-04-26 23:39:51 -05:00
e473897fd9
SEC-1181: Add docs for ActiveDirectoryLdapAuthenticationProvider. Minor fix to initialization checks.
2011-04-26 18:39:01 +01:00
c4a1ce9f1a
SEC-1725: Update docs to remove references to filter-chain-map.
2011-04-25 23:38:44 +01:00
f28a09dfa4
Formatting changes to CAS documentation
2011-04-17 18:17:16 -05:00
01fb4bdb6d
SEC-1718: Update documentation and sample application to demonstrate how to use a PGT to authenticate to stateless services using a PT
2011-04-17 18:17:14 -05:00
11331d34d9
SEC-1717: Document how to perform Single Logout with CAS and added integration test for sample application to test Single Logout
2011-04-17 18:14:16 -05:00
04f1df2a1b
SEC-965: Updated CAS documentation to describe authenticating proxy tickets
2011-04-17 18:14:16 -05:00
74b0c1780e
SEC-1707: Added metadata-source-ref attribute to namespace appendix.
2011-04-05 15:25:49 +01:00
79e17e22bc
SEC-1703: Updated namespace for intercept-url
2011-03-29 21:58:29 -05:00
d9d5ee1114
SEC-1703: Updated cas custom-filter@ref to match example bean id and custom-filter@position to be CAS_FILTER
2011-03-29 20:13:07 -05:00
9c88576992
Added extra FAQ on "Bad Credentials" message and on testing LDAP authentication. Minor mods to LDAP doc.
2011-03-29 15:30:08 +01:00
236efadfb7
SEC-1698: Update documentation to use correct package for RequestHeaderAuthenticationFilter
2011-03-16 23:53:29 -05:00
1dc309b041
SEC-1689: Minor doc updates related to use of password encoding and the crypto package.
2011-03-17 01:45:19 +00:00
3a3b2df1c5
Minor rewording of "child web context" FAQ.
2011-03-13 20:45:22 +00:00
a25d131f21
Some doc clarifications on the use of UserDetailService vs AuthenticationProvider.
2011-03-10 16:12:16 +00:00
b26f2309f4
Add paragraph to manual database appendix to clarify that the standard schema is completely optional if you aren't using JdbcDaoImpl.
2011-03-10 13:41:44 +00:00
9cf8ba02ba
Adding some extra section IDs in namespace appendix to provide bookmarkable URLs.
2011-03-10 13:15:58 +00:00
57c3afd31a
SEC-1689: Adjust manual to remove references to separate crypto module.
2011-03-08 12:58:28 +00:00
3fe49dfae5
Added JDK and Spring links to Javadoc generation task.
2011-02-08 16:43:34 +00:00
12561660b1
Add Javadoc groups to build.
2011-02-08 16:13:12 +00:00
5f58108717
Typo.
2011-02-06 15:31:36 +00:00
83050f96cb
SEC-1656: Document potential need for pre-emptive session creation if writing the security context manuall.
2011-02-06 14:58:36 +00:00
4e349904e5
Add missing language attributes to programlisting tags for highlighting.
2011-02-01 16:54:18 +00:00
6a62b51870
Fix typo in FAQ.
2011-01-31 12:32:05 +00:00
347a2a91a9
SEC-1494: Document the use of system properties for disabling authorize tag functionality.
2011-01-30 14:04:32 +00:00
95b416b0e7
SEC-1660: Minor addition to FAQ text.
2011-01-21 16:26:14 +00:00
b542c73907
SEC-1660: Updated FAQ to explain that session-fixation protection may cause problems if switching between HTTP and HTTPS, and also updated information to advise against switching in the first place.
2011-01-21 16:24:18 +00:00
60befb063a
SEC-1659: Added crypto module to list of project modules in reference manual intro and to dependencies appendix.
2011-01-19 18:26:30 +00:00
38327d1b16
SEC-1659: crypto docs
2011-01-19 18:17:03 +00:00
afd586c96e
Re-instate the CAS integration sequence description in the CAS chapter, with corrections (and minus proxying).
2011-01-18 16:50:18 +00:00
075b30ab44
SEC-1651: Added paragraph to FAQ mentioning dependencies appendix.
2011-01-12 15:27:30 +00:00
8da0de459b
SEC-1651: Added remaining module information to dependencies appendix.
2011-01-12 15:09:01 +00:00
b858b23927
SEC-1651: Added first draft of dependencies appendix to reference manual.
2011-01-07 19:23:06 +00:00
8d7830a1ee
SEC-1603: Add support in namespace for use of AuthenticationSuccessHandler with remember-me.
2011-01-06 15:16:13 +00:00
48ea0a6249
SEC-1638: Added paragraph to docs explaining that for complete security, an app should not switch out of HTTPS at all.
2010-12-17 17:34:08 +00:00
7cf9740fd4
SEC-1638: Added an example configuration to the Javadoc for ChannelProcessingFilter and a pointer from the reference manual.
2010-12-17 17:09:20 +00:00
ce421f22bf
SEC-1635: Stop security interceptors from calling AfterInvocationManager if exception occurs during invocation
2010-12-14 16:24:51 +00:00
4a40d80da1
SEC-1418: Deprecate GrantedAuthorityImpl in favour of final SimpleGrantedAuthority.
...
It should be noted that equality checks or lookups with Strings or other authority types will now fail where they would have succeeded before.
2010-12-03 16:41:46 +00:00
89f80659a1
Move docs on request matching to correct file and delete unused one
2010-11-24 00:30:37 +00:00
49242729e4
Added imgSrcPath parameter for use in docbookFopPdf task.
2010-11-24 00:28:59 +00:00
6b691f6fc0
SEC-1613: Corrected preauth docs.
2010-11-04 14:32:06 +00:00
cf0289bc02
SEC-1598: Removed invalid properties from SessionFixationProtectionStrategy bean declaration in Session Management chapter docbook.
2010-10-27 13:25:40 +01:00
fabadff5f1
SEC-1597: Corrected bean class name for RememberMeAuthenticationProvider in docbook source.
2010-10-27 13:25:40 +01:00
31afb9c76d
Deleted superseded dao-auth-provider.xml chapter.
2010-10-27 13:25:40 +01:00
07b9ded126
SEC-1599: Corrected docbook source.
2010-10-27 13:25:40 +01:00
173537f4f2
SEC-1584: Added namespace support for injecting custom HttpFirewall instance into FilterChainProxy.
2010-10-27 13:25:39 +01:00
f455e9a5a4
SEC-1584: Documentation of request-checking and matching process. Logging of servletPath and and pathInfo in DebugFilter for comparison.
2010-10-27 13:25:39 +01:00
7258abbbf4
SEC-1585: changed spring-beans-3.1.xsd to spring-beans-3.0.xsd
2010-10-10 19:51:37 -05:00
1b2b371970
SEC-1544: Added CookieClearingLogoutHandler and 'delete-cookies' attribute to the 'logout' namespace element.
...
When the user logs out, the handler will attempt to delete the named cookies (which it is constructor-injected with) by expiring them in the response.
Also added documentation on the feature and a suggestion for deleting JSESSIONID through an Apache proxy server, if the servlet container doesn't allow clearing the session cookie.
2010-09-16 16:03:24 +01:00
de819378fc
SEC-1536: added JAAS API Integration, updated doc, updated jaas sample
2010-09-13 13:12:45 -05:00
c5231fc213
SEC-1538: Deprecate PreAuthenticatedGrantedAuthoritiesAuthenticationDetails (forgot originally) and update documentation to remove reference to AbstractPreAuthenticationAuthenticationDetailsSource.
2010-09-13 12:19:21 +01:00
58d9903ebc
SEC-1564: JAAS Configuration can now be injected into DefaultJaasAuthenticationProvider
2010-09-10 20:17:22 -05:00
7a3892556c
Added a "docs" convenience task
2010-08-30 19:03:15 +01:00
c1418c7536
Minor change in doc information about samples since these are no longer in maven repo.
2010-08-23 14:58:27 +01:00
35335e84b3
Reset post-release build version.
2010-08-23 00:13:20 +01:00
23c4d1ec28
Set version to 3.1.0.M1.
2010-08-22 23:54:33 +01:00
837771537f
Tweak docs build to only prevent "assemble" from depending on the archive/upload tasks.
2010-08-22 22:42:54 +01:00
d04e37c0c4
Minor changes to doc on version numbering. It's not true that minor versions are source/binary compatible.
2010-08-19 23:24:12 +01:00
992566b6cb
SEC-1527: Internationalization of contacts sample (Adding message resource bundle and RequestContextFilter). Re-working of L12n section of manual to mention existing localized message files and use of RequestContextFilter.
2010-08-14 01:07:51 +01:00
4935aa07c7
SEC-1535: Added suggested doc fixes.
2010-08-12 20:41:29 +01:00
bb7165ac6e
SEC-1530: Added information on calling getAllPrincipals() on SessionRegistry for direct use in an application to provide currently logged in users.
2010-08-07 15:43:55 +01:00
e2ba500c3c
SEC-1529: More user-friendly expressions on method annotations in EL chapter.
2010-08-05 18:14:11 +01:00
74b66591e9
Build refactoring.
2010-08-04 02:09:07 +01:00
5de68cb18f
SEC-1499: Additional doc paragraph that escaped the commit.
2010-07-23 23:03:54 +01:00
9dd6a5eb8f
SEC-1499: Added some Javadoc and doc on the problems of using session-fixation protection with attributes that implement HttpSessionBindingListener.
2010-07-23 16:27:57 +01:00
d7d8448120
SEC-1521: Add check for null SecurityContextRepository and clarify related docs on use of null implementation (NullSecurityContextRepository).
2010-07-23 15:59:53 +01:00
c1c8fd1874
SEC-1171: Changed attribute name/value from secured="false" to security="none" to allow future extension by adding extra options (e.g. contextOnly to provide security context information during the request).
2010-07-20 19:46:47 +01:00
080710e023
Minor doc updates on default filters created by namespace.
2010-07-06 13:29:11 +01:00
06368f956a
Minor doc/javadoc updates to clarify use of UserDetailsContextapper.
2010-07-04 15:13:27 +01:00
d6159e884a
Some minor doc fixes.
2010-07-03 13:11:39 +01:00
8ad6cbbe85
SEC-1508: Update docbook processing to use Docbook 5 namespaces.
2010-07-03 13:10:48 +01:00
8615369697
Added information on config jar to instructions on getting started using namespace.
2010-06-30 13:45:13 +01:00
4da4734750
Minor doc link updates and tidying.
2010-06-26 13:20:48 +01:00
ad82e6a575
SEC-1493: Documentation of support for erasing credentials.
2010-06-26 12:27:49 +01:00
1dd4787194
Added note in namespace chapter clarifying that method security only applies to Spring beans, plus aspectj mode info to appendix.
2010-06-10 22:17:58 +01:00
8bddc8f820
SEC-1484: Documentation for some namespace attributes.
2010-06-05 17:35:24 +01:00
0d94e75a93
SEC-1171: Documentation of changes related to use of multiple <http> elements.
2010-06-05 17:12:33 +01:00
01308f8308
Added FAQ on using BeanPostProcessor to customize namespace-created beans.
2010-05-24 17:01:55 +01:00
a097a47246
Refactored ssh uploading into a separate gradle task. Added "uploadFaq" task
2010-05-23 00:05:30 +01:00
ca91b9abc5
Corrected section layout in DB schema appendix of ref manual.
2010-05-23 00:05:29 +01:00
12fc73f046
Added faqs on accessing the HttpSession from a UDS andon the use of URLs with fragments.
2010-05-22 14:31:28 +01:00
5aab06775e
SEC-1106: Added section on hierarchical roles to manual.
2010-05-18 16:43:55 +01:00
e0d06b2b53
Added documentation on RequestCache functionality.
2010-05-16 15:18:03 +01:00
f0c4cccb0d
SEC-1479: Clarify that matching is against servletPath + pathInfo for ant pattern matching. Added some extra pointers to request-matching info in namespace doc.
2010-05-16 14:14:13 +01:00
705f896209
SEC-1478: Added 'use-expressions' attribute to namespace appendix.
2010-05-11 02:25:45 +01:00
e5b0aa6850
Typo.
2010-05-07 02:07:03 +01:00
a567e32c69
Re-laying out of FAQ, plus some new questions.
2010-05-07 01:46:36 +01:00
64d59e1d32
Some extra FAQs and added comment to samples runall.sh script to explain that it's for dev only.
2010-05-03 14:56:22 +01:00
2c44461264
SEC-1473: Remove references to ContactSecurityVoter.
...
Replaced with reference to Oleg's blog article as an example of custom voter use
2010-05-03 14:53:06 +01:00
c95fe8af28
Adjust section in namespace chapter and increase section depth in manual TOC for easier reference.
2010-04-28 20:14:08 +01:00
bca6c1aeac
SEC-1468: Doc and Javadoc updates.
2010-04-26 23:26:07 +01:00
82bbd09b71
SEC-1460: Documentation of changes.
2010-04-24 15:49:47 +01:00
def5f88c8c
SEC-1431: Added openid-selector to openid sample, plus AX configuration for myopenid.com.
2010-04-21 17:16:03 +01:00
3af75afec1
Clarify that multiple authentication-provider elements can be used in combination.
2010-04-20 23:47:48 +01:00
d334f6fa09
Latest gradle syntax updates.
2010-03-28 23:54:41 +01:00
2a0aae1904
SEC-524: Document addition of "var" attribute in authorization tags.
2010-03-25 19:48:26 +00:00
0849dd93e9
Minor correction to namespace appendix
2010-03-24 21:02:51 +00:00
b64a3fa725
Hans Dockter's refactoring of gradle build, plus simplification of docbook plugin.
2010-03-05 23:23:43 +00:00
90caf1bb37
Manual formatting.
2010-03-03 23:08:05 +00:00
025ab4ce1a
Tweaking of table size in namespace chapter and PDF page margins to try to reduce overlapping of text
2010-02-21 20:41:44 +00:00
7c99361c26
Reduce length of long lines in the reference manual.
...
Some are too long for the PDF version.
2010-02-20 01:00:14 +00:00
40d3f726d6
Update manual version to 3.0.2.RELEASE
2010-02-19 19:00:06 +00:00
9bdc012c69
Minor corrections to Session Management chapter of ref manual.
2010-02-18 00:32:48 +00:00
c0579230b2
Correct package names in ref manual docbook. Minor change to namespace appendix.
2010-02-18 00:32:48 +00:00
e729819ce0
Updated incorrect package names in docbook
2010-02-12 15:18:01 +00:00
017dad8f5d
Added support for fop extensions in PDF generation.
2010-02-11 00:19:18 +00:00
81657d0efc
SEC-1403: Corrected interface name.
2010-02-10 15:24:46 +00:00
f54831f2b5
SEC-1398: Minor changes to method security annotation information in namespace chapter.
...
Added some explanation of the different annotation types and their suitability.
2010-02-06 18:03:05 +00:00
b1243416fc
Minor corrections to aspectj interceptor docs
2010-02-05 20:24:05 +00:00
38837775a5
Minor corrections to aspectj interceptor docs.
2010-02-05 17:10:27 +00:00
c4d2f59eec
SEC-1381: Update source repo information in docs to point to git rather than subversion.
2010-01-27 01:37:45 +00:00
dcf9ea25a6
Updated access-decision and after-invocation diagrams in manual.
2010-01-23 02:12:30 +00:00
dbf673ec37
Build updates to include uploading of distro and docs, plus addition of admon graphics path to docbook plugin.
2010-01-21 20:12:12 +00:00
56849dc41e
Added tasks for apidocs, doc and distro archive generation to the build file.
2010-01-21 19:59:48 +00:00
51dfc0fb39
Set versions to 3.0.2-CI-SNAPSHOT, post release.
2010-01-15 18:15:19 +00:00
05634f97dc
Updated version numbers for 3.0.1 release.
2010-01-15 18:04:28 +00:00
e1d41177bb
Update docbook plugin use to new gradle 0.9+ syntax.
2010-01-14 15:49:05 +00:00
Rob Winch
Rob Winch
Luke Taylor
Florian Fankhauser
Keith Donald
Luke Taylor
Hans Dockter