Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-09 06:50:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,676 Commits 35 Branches 337 Tags
Commit Graph

893 Commits

Author SHA1 Message Date
Luke Taylor
1918c50fd7 SEC-1039: Deprecated HttpSessionContextIntegrationFilter and made it extend SecurityContextPersistenceFilter. 2008-11-28 18:01:34 +00:00
Luke Taylor
843d0e6910 SEC-985: Added hideUsernameNotFoundException property to LdapAuthenticationProvider and set default to true. 2008-11-27 21:08:01 +00:00
Luke Taylor
4d81d750cd SEC-1039: Created new filter SecurityContextPersistenceFilter and SecurityContextRepository strategy to replace HttpSessionContextIntegrationFilter functionality. 2008-11-27 20:18:54 +00:00
Luke Taylor
789be71d8c SEC-398: Rolled back addition of erroneous test method for this issue (the fix was incorrect and the test method does nothing useful). 2008-11-27 10:41:08 +00:00
Luke Taylor
2dfd006665 SEC-1012: Converted Groupsmanager to use List<String> 2008-11-26 11:17:15 +00:00
Luke Taylor
05e753de61 Converted to use jmock for mocks. 2008-11-21 12:26:56 +00:00
Luke Taylor
6b24637fbc Further SavedRequestWrapper related tests and tidying up. 2008-11-21 12:17:43 +00:00
Luke Taylor
1cf59b249a Added test class for DefaultLoginPageGeneratingFilter. 2008-11-16 05:07:33 +00:00
Luke Taylor
13caa48a24 Added clearContext() in @After. Test was leaving a TestingAuthenticationToken in the context. 2008-11-16 00:09:35 +00:00
Luke Taylor
18e74e7d3f Import cleaning. 2008-11-16 00:03:42 +00:00
Luke Taylor
22cca49d4a Added clearContext() call in @Before method. Test class appears to be failing on the build server because of a left over security context from a previous test 2008-11-16 00:03:01 +00:00
Luke Taylor
67c06d3d52 SEC-1012: Adding generics and general tidying up of tests etc 2008-11-15 13:00:38 +00:00
Luke Taylor
e259fe43a9 SEC-1034: Removed classes for converting a FilterInvocationDefinitionSource to a map for use in FilterChainProxy 2008-11-15 10:26:35 +00:00
Luke Taylor
31375b7212 SEC-1012: Futher generification. Also changed method signature of ObjectDefinitionSource.getAllConfigAtributes to return a single collection 2008-11-15 09:35:11 +00:00
Luke Taylor
fa630a430d Removed unused test files 2008-11-14 06:23:34 +00:00
Luke Taylor
3ce5ea7710 Add missing @Test attributes 2008-11-14 06:22:43 +00:00
Luke Taylor
bd9b199599 Import cleaning. 2008-11-14 00:28:54 +00:00
Luke Taylor
648ba1c43a SEC-1034: Fix broken tests. 2008-11-13 08:57:43 +00:00
Luke Taylor
7a8bd8a673 SEC-1034: Removed FilterInvocationDefinitionSourceEditor. 2008-11-13 07:46:21 +00:00
Luke Taylor
3ef34122fc Converted to using JMock. 2008-11-13 06:50:55 +00:00
Luke Taylor
e18971fdf0 Fix test. BasicProcessingFilter doesn't work with TestingAuthenticationToken. 2008-11-13 06:30:39 +00:00
Luke Taylor
3acd515c6c SEC-999: Refactored expression security classes for better separation of concerns and of method vs web authorization expressions. 2008-11-12 04:07:56 +00:00
Luke Taylor
0bbab88504 SEC-1031: LdapShaPasswordEncoder.isPasswordValid startOfHash off by one 
http://jira.springframework.org/browse/SEC-1031. Fixed startOfHash value and added tests to check full length of password is used.
 2008-11-11 23:34:40 +00:00
Luke Taylor
0ba690fb0e SEC-1015: Removed acl package from core and also related taglib declaration and implementation class (AclTag). 2008-11-11 09:21:51 +00:00
Luke Taylor
e5b1073501 SEC-1012: Added more generics and warning suppression 2008-11-11 09:06:50 +00:00
Luke Taylor
be34724207 Matchers for use with JMock expectations 2008-11-11 08:43:17 +00:00
Luke Taylor
e11114ce77 SEC-1023: Add hasPermission() support to SecurityExpressionRoot 
http://jira.springframework.org/browse/SEC-1023.

hasPermission() now delegates to a PermissionEvaluator interface, with a default implementation provided by the Acl module. The contacts sample now uses expressions on the ContactManager interface. The permission-evaluator element on global-method-security can be used to set the instance to an AclPermissionEvaluator. If not set, all hasPermission() expressions will evaluate to 'false'.
 2008-11-10 04:27:25 +00:00
Luke Taylor
d33b13e52e SEC-1023: Added support for hasPermission() based on Id and type 2008-11-05 22:44:46 +00:00
Luke Taylor
b42fc7221f Upgraded to jmock 2.5.1 2008-11-04 05:37:56 +00:00
Luke Taylor
514bca669f SEC-999: Introduced custom SecurityExpressionEvaluationContext which is responsible for lazy initialization of parameter values in the context. Also some further conversion of code using GrantedAuthority arrays. 2008-10-31 11:40:11 +00:00
Luke Taylor
ec44f2bdfe SEC-1012: Refactoring of use of GrantedAuthority[] to generified collections 2008-10-31 03:53:00 +00:00
Luke Taylor
e891b334e6 SEC-1009: removed additional container adapter specific code 2008-10-30 05:45:13 +00:00
Luke Taylor
3521af4cae Added missing test class. 2008-10-30 04:32:22 +00:00
Luke Taylor
a7d046357b SEC-1013: Refactored out use of ConfigAttributeDefinition from remaining interfaces 2008-10-30 04:10:54 +00:00
Luke Taylor
c7abdadc06 SEC-999: Moved caching from AbstractFallbackMethodDefinitionSource to DelegatingMethodDefinitionSource, to allow ExpressionBasedMethodDefinitionSource to take advantage of it. The latter no-longer uses the fallback approach as it requires its own strategy to combine annotations which may be defined at method-on-class, class, method-on-interface or interface level. 2008-10-28 06:37:04 +00:00
Luke Taylor
f2ec8c978a Moved MethodDefinitionSource to standalone class. 2008-10-27 21:51:58 +00:00
Luke Taylor
f592357c27 SEC-999,SEC-1013: removed ConfigAtributeDefinition from ObjectDefinitionSource and implementations. Modified el-authz to allow methods which use an annotation without explicitly specifying a PreAuthorize condition 2008-10-27 09:04:22 +00:00
Luke Taylor
5174693c64 SEC-999: Expression language based access decision support 
http://jira.springframework.org/browse/SEC-999. Added missing test class.
 2008-10-24 00:57:52 +00:00
Luke Taylor
4aa32f7d06 SEC-999: First commit of expression-based authorization implementation 2008-10-24 00:38:36 +00:00
Luke Taylor
c947d42146 SEC-1010: Moved TestingAuthenticationProvider and token to main core src tree and updated poms to match 2008-10-15 06:35:11 +00:00
Luke Taylor
7cc0965383 SEC-1001: Move core tiger code into core and adjust pom files 2008-10-03 15:23:31 +00:00
Luke Taylor
4542f00b14 SEC-975: Namespace security syntax does not interpret properties 
http://jira.springframework.org/browse/SEC-975. Changed creation of AccessDeniedHandler to use a BeanDefinition to make sure placeholders work OK.
 2008-09-12 19:06:53 +00:00
Luke Taylor
8661e17df9 OPEN - issue SEC-960: DN Encoding in LDAPUserDetailsManager.changePassword() causes bind errors 
http://jira.springframework.org/browse/SEC-960. Replaced call to toUrl() with toString() to prevent URL encoding when setting up principal name for reconnect() in changePassword() method.
 2008-09-05 13:49:38 +00:00
Luke Taylor
83868a7334 SEC-955: ability to externalize port mapping for secured channel to a property file 
http://jira.springframework.org/browse/SEC-955. Changed schema to make port-mapping type xsd:string to allow placeholders.
 2008-08-26 13:20:01 +00:00
Luke Taylor
55d357f42d OPEN - issue SEC-905: <protect-pointcut /> pointcuts do not respect method arguments 
http://jira.springframework.org/browse/SEC-905. Added extra registration method to MapBasedMethodDefinitionSource which takes a Method instance rather than the method name.
 2008-08-12 17:11:38 +00:00
Luke Taylor
d9ab0758ee SEC-954: Removed test dependency on AbstractMethodDefinitionSource. 2008-08-12 17:08:55 +00:00
Luke Taylor
39a656eb78 OPEN - issue SEC-953: Query string isn't ignored while url - filterchain pattern matching 
http://jira.springframework.org/browse/SEC-953. Added stripQueryStringFromUrls parameter to FilterChainProxy which works the same as the one on DefaultFilterInvocationDefinitionSource. This defaults to true when used with ant path matching.
 2008-08-11 19:15:33 +00:00
Luke Taylor
b6dec19e90 SEC-932: Added supplied class and test class. 2008-08-11 16:36:01 +00:00
Luke Taylor
3a9eb018ba SEC-950: Added test to attempt to reproduce problem. 2008-08-08 15:41:14 +00:00
Luke Taylor
1af7eed433 SEC-883: RoleHierarchyVoter 
http://jira.springframework.org/browse/SEC-883. Added RoleHierarchyVoter and deprecated existing approach. Also moved TestingAuthenticationToken to test package structure.
 2008-08-04 13:08:03 +00:00