Commit Graph

3966 Commits

Author SHA1 Message Date
Luke Taylor 0849dd93e9 Minor correction to namespace appendix 2010-03-24 21:02:51 +00:00
Luke Taylor 472c1fac84 SEC-1450: Replace use of ClassUtils.getMostSpecificMethod() in AbstractFallbackMethodDefinitionSource with AopUtils.getMostSpecificMethod() equivalent.
Ensures protect-pointcut expressions match methods with generic parameters.
2010-03-24 20:57:03 +00:00
Luke Taylor bf91f2ca67 SEC-524: Added "var" attribute to authorize and accesscontrollist JSP tags.
Allows the result of the boolean condition granting/denying access to be stored in the page context for later use, without having to duplicate the tag.
2010-03-24 18:35:17 +00:00
Luke Taylor 2e2625873c SEC-1446: Modified BasicAuthenticationFilter to treat invalid base64 and invalid Basic authentication tokens as a failed authentication (raising a BadCredentialsException, without calling the AuthenticationManager).
This solves the problem in this issue (invalid Base64 not resulting in a 401) and also prevents unnecessary calls to the AuthenticationManager.
2010-03-23 00:45:06 +00:00
Luke Taylor e60108ca8c SEC-1443: Modify Jsr250Voter to handle multiple "RolesAllowed" roles.
It now votes to abstain if there are no Jsr250 attributes present. If any are found, it will either deny or grant access. For multiple "RoleAllowed" attributes, access will be granted if any user authority matches or denied if no match is found.
2010-03-22 16:26:04 +00:00
Luke Taylor d5df53f1db SEC-1439: Make getters and setters public on HttpRequestResponseHolder.
Necessary to allow use of custom SecurityContextRepository.
2010-03-12 15:53:05 +00:00
Luke Taylor 111d49d68a Added build file for itest-context. 2010-03-12 01:40:27 +00:00
Luke Taylor 9e049dfef4 SEC-1438: Removed JoinPoint support from AbstractMethodSecurityMetadataSource 2010-03-11 21:51:19 +00:00
Luke Taylor 1be44ecd18 SEC-1262: Added extra test for PostFilter with AspectJ interceptor. 2010-03-11 20:55:06 +00:00
Luke Taylor c09cd3a9cb Remove unused inner class in MethodSecurityMetadataSourceAdvisor 2010-03-11 01:52:07 +00:00
Luke Taylor 55de2cfcb1 SEC-1262: Added new (replacement) AspectJ interceptor which wraps the JoinPoint in a MethodInvocation adapter to provide compatibility with classes which only support MethodInvocation instances.
Also deprecated the existing AspectJ interceptors. This will also allow future simplification of the AbstractMethodSecurityMetadataSource, as it no longer needs to support JoinPoints.
2010-03-11 01:51:59 +00:00
Luke Taylor 2b8b8819e4 Added gradle support for aspects project. 2010-03-09 19:22:50 +00:00
Luke Taylor 6fcaba2c46 Moved setting of 'provided' scope mapping on pom out of whenConfigured() so that the mapping is in place when the pom dependencies are assembled. Added 'skipTests' option. 2010-03-07 23:53:33 +00:00
Luke Taylor f3264ba9ab Addition of commons-logging exclusions and adjustments to pom generation. 2010-03-07 21:58:25 +00:00
Hans Dockter b64a3fa725 Hans Dockter's refactoring of gradle build, plus simplification of docbook plugin. 2010-03-05 23:23:43 +00:00
Luke Taylor d66ff32a1d Added taglib dependency to itest-web project. Needed by additional test for SEC-1420. 2010-03-05 23:23:01 +00:00
Luke Taylor b7aaa3447c Updated aws-maven to 3.0.0.RELEASE 2010-03-05 23:23:01 +00:00
Luke Taylor b38b8e55ac SEC-1432: Convert map keys to lower-case in UserMap.setUsers().
Otherwise the lookup on mixed-case fails, since the lookup is performed with a lower-case key.
2010-03-05 17:55:29 +00:00
Luke Taylor 43f0e11106 SEC-1429: Removed cached authentication from session after successful authentication. 2010-03-05 00:07:35 +00:00
Luke Taylor 89d8c8cc83 Additional test classes for authentication and logout success/failure handling. 2010-03-04 23:18:46 +00:00
Luke Taylor a3263753d9 Fix to Javadoc for AbstractAuthenticationProcessingFilter. 2010-03-04 22:06:04 +00:00
Luke Taylor 530ab3ae30 SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect. 2010-03-04 21:21:07 +00:00
Luke Taylor 4d70f88285 SEC-1420: JSP for itest of authentication tags with and without escaping. 2010-03-04 01:44:27 +00:00
Luke Taylor 0551dd89ac SEC-1420: Add htmlEscape attribute to authentication JSP tag.
This allows HTML escaping to be disabled if required.
2010-03-04 00:47:22 +00:00
Luke Taylor 43f3568b16 SEC-1407: Removed original URL matching classes and updated Javadoc of new RequestMatcher versions. 2010-03-03 23:11:49 +00:00
Luke Taylor 90caf1bb37 Manual formatting. 2010-03-03 23:08:05 +00:00
Luke Taylor ae8027fa47 SEC-1425: Replace use of Java 1.6 String.isEmpty(). 2010-03-01 13:49:42 +00:00
Luke Taylor e5a875d752 SEC-1407: Correct logger category in MatcherType. 2010-03-01 02:03:32 +00:00
Luke Taylor 90a7f1f00e SEC-1383: Namespace support for MethodSecurityMetadataSource. Initial commit. 2010-03-01 01:45:43 +00:00
Luke Taylor 93438defff SEC-1407: Use RequestMatcher instances as the FilterInvocationSecurityMetadataSource keys and in the FilterChainMap use by FilterChainProxy.
This greatly simplifies the code and opens up possibilities for other matching strategies (e.g. EL). This also means that matching is now completely strict - the order of the matchers is all that matters (not whether an HTTP method is included or not). The first matcher that returns true will be used.
2010-03-01 01:21:06 +00:00
Luke Taylor 962a2d5272 Tone down Apache DS log level in itest-web 2010-03-01 01:20:11 +00:00
Luke Taylor d39e93ec23 Add maven pom customization options to build.gradle 2010-03-01 01:17:57 +00:00
Luke Taylor b147652193 Make hsqldb a testRuntime/runtime dependency. 2010-03-01 01:10:58 +00:00
Luke Taylor cb0f3f677f SEC-1425: Add check for empty cookie in AbstractRememberMeServices.
Prevents ArrayOutOfBoundsException later when processing the tokeniszed cookie.
2010-02-28 14:08:27 +00:00
Luke Taylor f0466b6488 SEC-1424: Added support for "stateless" option for create-session attribute, designed for applications which do not use sessions at all. 2010-02-27 00:22:21 +00:00
Luke Taylor 6a34807a07 SEC-1423: Cache PointcutExpression instances in ProtectPointcutPostProcessor for more efficient startup. 2010-02-26 17:21:25 +00:00
Luke Taylor e2f9be9015 SEC-1307: Modify context saving logic in HttpSessionSecurityContextRepository to check the SecurityContext and its contents (the Authentication) against the respective values when the request first arrived at the SecurityContextPersistenceFilter. As explained in the issue, this allows a definite decision to be made about whether the current thread has modified the context information during the request, indicating that it should be saved.
Also removed deprecated HttpSessionContextIntegrationFilter and tests.
2010-02-26 16:01:40 +00:00
Luke Taylor 5aae545949 SEC-1232: Re-enable aspects module and aspectj sample in maven build. 2010-02-25 20:09:01 +00:00
Luke Taylor 4dd10cd266 Refactor overly large doFilter() method in DigestAuthenticationFilter. 2010-02-22 01:48:53 +00:00
Luke Taylor 2f1479785e Refactoring to remove remaining circular dependencies indicated by structure101. 2010-02-22 01:48:22 +00:00
Luke Taylor f3f84da625 Increase upper bounds of Spring and Spring Security versions in bundlor templates to 3.2.0. 2010-02-21 23:25:36 +00:00
Luke Taylor b0bea8356f Minor gradle 0.9 syntax change. 2010-02-21 20:42:32 +00:00
Luke Taylor 025ab4ce1a Tweaking of table size in namespace chapter and PDF page margins to try to reduce overlapping of text 2010-02-21 20:41:44 +00:00
Luke Taylor 26cf6f5528 SEC-1399: Remove MockAuthenticationManager in app context file for FilterChainProxy tests. 2010-02-20 21:59:44 +00:00
Luke Taylor ea7ccc718d SEC-1399: Removed AbstractAuthenticationManager.
MockAuthenticationManager was the only other subclass (apart from the main ProviderManager) and has been removed also.
2010-02-20 21:35:39 +00:00
Luke Taylor dacb8dd25a SEC-1382: Removed deprecated label-based voter and related classes. 2010-02-20 20:50:16 +00:00
Luke Taylor 68f6afd905 SEC-1383: Added namespace support for method-security-metadata-source 2010-02-20 19:05:25 +00:00
Luke Taylor b7fc5bc455 Update schema version to 3.1 2010-02-20 18:58:00 +00:00
Luke Taylor e2a8f81ae8 Update aspectj version in sample to 1.6.8 2010-02-20 18:50:36 +00:00
Luke Taylor b37d2ed978 SEC-593: Added PermissionCacheOptimizer strategy interface and implementation in Acl module.
This is used by DefaultMethodSecurityExpressionHandler to allow permissions to be cached before repeatedly evaluating an expression for a collection of domain objects.
2010-02-20 18:02:12 +00:00