086056f191
SEC-2289: Make compatible with Spring 4 as well
...
There are a few subtle changes in Spring 4 that this commit addresses
2013-08-27 16:43:10 -05:00
e88800cd9b
SEC-2187: Polish
...
Create private utf8UrlEncode method to improve readability
2013-07-05 10:24:10 -05:00
54c1c20c69
SEC-2187: Encode query parameter names and values in return_to URL
2013-07-05 09:47:18 -05:00
a573e7b395
SEC-1820: Added null check for attributesToFetch in OpenID4JavaConsumer.
2011-09-20 21:46:21 +01:00
0120643721
SEC-1794: Convert OpenIDAuthenticationStatus to an enum.
2011-08-10 17:09:33 +01:00
89fa771093
SEC-1753: Cater for missing DiscoveryInformation object in OpenID4JavaConsumer.endConsumption.
2011-07-13 22:29:47 +01:00
ae5b402651
SEC-1729: Revert "SEC-1710: Added shutdown method to OpenID4JavaConsumer that invokes MultiThreadedHttpConnectionManager.shutdownAll()" since it is superseded by SEC-1729
...
This reverts commit 62ba0fca5c
2011-04-26 19:53:32 -05:00
a6b0c265db
SEC-1729: Revert "SEC-1711: Support verifying that attribute exchange parameters were signed" since it is superseded by SEC-1729
...
This reverts commit 68ba11ba7b
2011-04-26 19:52:44 -05:00
8178371927
SEC-1700: Add fixed serializationVersionUID values to security context, authentication tokens and related classes
2011-04-21 19:55:32 +01:00
4dc5d7d16e
Typo.
2011-04-14 18:04:38 +01:00
5c05575c0d
Cleaned up warnings in openid module
2011-04-07 23:28:34 -05:00
68ba11ba7b
SEC-1711: Support verifying that attribute exchange parameters were signed
2011-04-07 23:28:34 -05:00
62ba0fca5c
SEC-1710: Added shutdown method to OpenID4JavaConsumer that invokes MultiThreadedHttpConnectionManager.shutdownAll()
2011-04-07 23:28:05 -05:00
4a1908188a
SEC-1701: Trim claimed identity parameter value before submitting to OpenID4Java.
2011-03-25 19:13:06 +00:00
84ba7a0ea9
Additional tests for OpenID classes and minor refactoring of OpenID4JavaConsumer for easier testing.
2011-02-10 19:56:28 +00:00
43be9ea2a4
SEC-1430: Removed caching of username in session upon failed authentication. Improved Javadoc.
2010-11-26 13:58:49 +00:00
d64efe9747
SEC-1492: Added GrantedAuthoritiesMapper to provide mapping of loaded authorities to those which are eventually stored in the user Authentication object.
2010-11-25 15:19:37 +00:00
265cdaf2a6
SEC-1595: Added extra constructor to OpenID4JavaConsumer which takes a ConsumerManager to allow a version compatible with GAE to be injected.
2010-11-02 20:19:16 +00:00
85c4c91e0e
IDEA inspection refactorings.
2010-08-05 23:28:07 +01:00
0e57ce2dc3
SEC-1481: Updated constructors of Authentication types to use a generic wildcard for authorities collection.
2010-05-21 15:59:50 +01:00
2f025fba6c
SEC-1460: Added AxFetchListFactory which matches OpenID identifiers to lists of attributes to use in a fetch-request.
...
This allows different configurations to be used based on the identity-provider (google, yahoo etc). The default implementation iterates through a map of regex patterns to attribute lists. The namespace has also been extended to support this facility, with the "identifier-match" attribute being added to the attribute-exchange element. Multiple attribute-exchange elements can now be defined, each matching a different identifier.
2010-04-20 23:47:48 +01:00
f5468087c2
Remove cached DiscoveryInformation from session in OpenID4JavaConsumer's endConsumption method.
2010-04-20 23:47:47 +01:00
d3d9c5db59
Refactoring of UserDetailsService injection (for X509, OpenID and RememberMeServices) to use a factory bean rather than a post-processor.
2010-04-20 23:47:47 +01:00
c12c43da9e
Javadoc fixes.
2010-02-14 23:27:09 +00:00
36612377e2
Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents.
2010-02-14 23:23:23 +00:00
8720966d20
SEC-1390: Added null check on claimedIdentifier returned by DiscoveryInformation to prevent NPE.
2010-02-06 14:38:44 +00:00
e211f9b35f
SEC-1349: Allow configuration of OpenID with parameters which should be transferred to the return_to URL.
...
The OpenIDAuthenticationFilter now has a returnToUrlParameters property (a Set). If this is set, the named parameters will be copied from the incoming submitted request to the return_to URL. If not set, it defaults to the "parameter" property of the AbstractRememberMeServices of the parent class. If remember-me is not in use, it defaults to the empty set.
Enabled remember-me in the OpenID sample.
2010-01-09 01:04:13 +00:00
052537c8b0
Removing $Id$ markers and stripping trailing whitespace from the codebase.
2010-01-08 21:05:13 +00:00
8571571eaa
SEC-1306: OpenIDAttribute class is not marked as Serializable. Added Serializable interface.
2009-11-24 14:50:01 +00:00
4d8956a227
SEC-1288: Changed claimedIdentityFieldName in OpenIDAuthenticationFilter to "openid_identifier", as recommended by the 2.0 spec.
2009-11-17 22:05:38 +00:00
e94c7739d2
Remove dependency on MockAuthenticationManager
2009-10-14 22:14:01 +00:00
1286741c7c
SEC-1259: Improve consistency of authentication filter names.
2009-10-07 14:43:55 +00:00
caff3ee9ba
SEC-1231: Authentication.getAuthorities should be of type Collection<GrantedAuthority> and not List<GrantedAuthority>. Refactored the interface and related classes to match (UserDetails etc).
2009-10-05 19:28:53 +00:00
07d7c0ddae
Renamed form and openID filters to shorten names
2009-10-05 17:33:34 +00:00
ab0d66071a
SEC-1226: Introduce RedirectStrategy to replace RedirectUtils. Implemented strategy and applied throughout relevant classes.
2009-08-27 10:42:11 +00:00
48988bde84
SEC-935: Support for OpenID attribute exchange and changes to namespace syntax to allow simple configuration of attributes to request.
2009-08-13 23:55:25 +00:00
f536c80020
SEC-1202: Removed SpringSecurityFilter and replaced with use of GenericFilterBean from spring-web
2009-08-10 14:18:18 +00:00
3e9983c744
SEC-1186: Removed 'order' from openid filter
2009-06-26 12:48:36 +00:00
a8215fa2cb
SEC-1160: Renaming of authentication filters and entry points and associated doc changes
2009-05-12 05:37:11 +00:00
e94baf38b3
Tidying up to remove warnings (generics, use of deprecated test classes etc).
2009-04-28 06:49:43 +00:00
d7f202a111
Addition of final to constructor set fields to improve immutability of authentication and user objects
2009-04-22 04:11:38 +00:00
93bdcccaee
SEC-1132: Moved userdetails into core and added core/authority sub-package
2009-04-15 07:39:21 +00:00
ca7d055c2b
SEC-1132: Created core and authentication packages within core module.
2009-04-13 13:43:23 +00:00
9efb5a7007
SEC-1132: Moved access-control/authorization specific code to org.sf.security.access package. Created provisioning package for user management classes to remove cyclical deps. Some other moving of classes to remove code tangles. Restructuring of portlet module under org.sf.security.portlet
2009-04-12 12:23:23 +00:00
f746a20ab4
SEC-1132: package refactoring of non-core modules
2009-03-27 05:01:03 +00:00
bec84f874a
SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples.
2009-03-26 07:18:36 +00:00
2a9a8a41db
SEC-1125: Created separate web module spring-security-web
2009-03-25 06:28:18 +00:00
ddffdf1699
SEC-745: Renamed failureHandler and successHandler to have prefix 'authentication'
2008-12-28 17:32:25 +00:00
40ccd3be11
SEC-1058: Further refactoring to remove use of getDefaultTargetUrl(). Subclasses now pass the default value as a constructor argument.
2008-12-15 01:25:12 +00:00
2927b8464f
SEC-1058: Substantial refactoring of AbstractProcessingFilter to use AuthenticationFailureHandler strategy. Also changed attemptAuthentication method to take a response object and have the option of returning null, to allow OpenIDAuthenticationProcessingFilter to work without having to throw exceptions between the template methods (which made the logic very hard to follow). The OpenID filter now redirects to the OpenID provider service from this method, rather than treating it as a temporary failure and throwing OpenIDAuthenticationRequiredException.
2008-12-14 22:20:21 +00:00
Rob Winch
Tom Boettcher
Luke Taylor
Rob Winch