Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,663 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

315 Commits

Author SHA1 Message Date
Rob Winch 6af3e1958b Update to Groovy 1.8 2012-09-04 09:48:29 -05:00
Rob Winch a19cc8f1c7 SEC-2020: Set eraseCredentialsAfterAuthentication when using http@authentication-manager-ref 
Previously the namespace configuration did not properly set the eraseCredentialsAfterAuthentication
property on the parent AuthenticationProvider when using http@authentication-manager-ref.

Now the ProviderManager that is created by the namespace consults the original
AuthenticationManager to determine if eraseCredentialsAfterAuthentication should
be set on the wrapped instance. If the original is not a ProviderManager the
eraseCredentialsAfterAuthentication is set to false since we should not "magically"
add behavior to the custom AuthenticationManager without knowing the desired behavior.
 2012-07-31 14:04:11 -05:00
Rob Winch d2a5ad6fd1 SEC-2016: Update config integration tests to use specific ldif to work in Eclipse 
Due to Eclipse restrictions the classpath adding an project as a dependency picks up
the test dependencies of other projects. This caused problems when running the
config integration tests within Eclipse.

Now the tests specify a specific ldif to load. There is also one new test that ensures
that the ldif is defaulted properly, but does not rely on the ldif that is loaded.
 2012-07-31 14:03:38 -05:00
Rob Winch a547f6922a SEC-1996: Fix javadoc to work with jdk 1.5 
The javadoc did not work with JDK 1.5 due to a JDK bug fixed in JDK 1.6.

This changed the javadoc that had a tag that started with <a and was not
closed to escape the < >. This resolves the issue with the JDK 1.5 javadoc
bug.
 2012-07-20 16:38:27 -05:00
Rob Winch 7f9938c8e2 Organize imports on RememberMeConfigTests 2012-07-18 14:45:05 -05:00
Rob Winch c7c41ced84 Added test to verify LogoutHandlers added to LogoutFilter 2012-07-18 14:45:05 -05:00
Rob Winch 3ce06333c5 SEC-1850: Namespace adds all LogoutHandlers to ConcurrentSessionFilter 
Previously the namespace configuration only populated ConcurrentSessionFilter
with SecurityContextLogoutHandler. This means that there was an inconsistency
with LogoutFilter.

Now the namespace will configure the same LogoutHandlers as it would for
LogoutFilter (i.e. RememberMeServices, SecurityContextLogoutHandler, and
CookieClearingLogoutHandler.
 2012-07-18 14:44:35 -05:00
Rob Winch 06638db289 SEC-1909: Namespace configuration no longer uses deprecated API's 
Previously the namespace configuration used deprecated API's
causing warnings to show up in Spring Tool suite when editing
Spring configuration files.

Now the namespace configuration uses the replacement API's for
those that have been deprecated. The tests have also been updated
to ensure the new constructors are used and that the updates did
not break anything.
 2012-07-17 14:08:36 -05:00
Rob Winch 42b72bcbc4 SEC-1980: Prevent parser warning when URL's in configuration start with # 
Previously a warning would be logged to the parser when a URL was
configured with a SpEL expression. These changes prevent warnings from
being logged when using SpEL for URL configuration.
 2012-07-10 14:24:42 -05:00
Rob Winch a2452ab514 SEC-1906: Update to Gradle 1.0 2012-07-05 12:41:56 -05:00
Rob Winch 254333ce82 SEC-1957: DefaultFilterChainValidator no longer casts to DefaultFilterInvocationSecurityMetadataSource 2012-04-29 15:59:24 -05:00
Rob Winch 488efbc97e SEC-1901: Changed DebugFilter to no longer extend OncePerRequesetFilter so that the FilterChainProxy is invoked on forwards 2012-03-17 11:16:21 -05:00
Rob Winch f78c11650f SEC-1893: Namespace now register PortMapper with custom mappings for all components that use a PortMapper 2012-03-11 20:52:17 -05:00
Rob Winch 2d556c7b4f SEC-1885: Change SecurityDebugBeanFactoryPostProcessor to only interact with BeanDefinitions rather than instances to prevent premature instatiation of FilterChainProxy and its dependencies 
This issue occurred because the AutowiredAnnotationBeanPostProcessor had not been registered when the SecurityDebugBeanFactoryPostProcessor tried to obtain the FilterChainProxy. This caused
all of the FilterChainProxy's dependant beans to be resolved and if they used @Autowired they would not get processed properly.
 2012-01-07 13:52:50 -06:00
Rob Winch 448a42916d SEC-1880: Corrected error message when using both logout-success-url and success-handler-ref 2011-12-30 11:31:24 -06:00
Rob Winch ea56a98883 SEC-1868: Remove error level logs from SecurityNamespaceHandler when the web classes are not available and not required 
To get the detailed errors the FilterChainProxy is loaded again in reportMissingWebClasses
and included in the readerContext fatal log.
 2011-12-30 10:51:17 -06:00
Rob Winch 044861eb20 Renamed **/*Spec.groovy to **/*Tests.groovy to better follow conventions 2011-12-29 12:59:24 -06:00
Rob Winch aabb16912f SEC-1878: DefaultFilterChainValidator properly handles AccessDecisionManager throwing exceptions other than AccessDeniedException 2011-12-28 16:43:19 -06:00
Rob Winch 999adbc6ee SEC-1827: If use-secure-cookie is set to false explicitly set useSecureCookie to false on AbstractRememberMeServices 2011-11-21 09:11:17 -06:00
Rob Winch ff495b698e SEC-1858: Removed methods for generating docbook for xsd 
Not squashing so this is around if needed again
 2011-11-11 11:45:02 -06:00
Rob Winch c8b847f1ed SEC-1858: Added integration tests to validate that the xsd is documented in the reference 2011-11-11 11:44:55 -06:00
Rob Winch de397bc0ce SEC-1858: Updated xsd documentation to have documentation for all elements/attributes and added documentation of default values where appropriate 2011-11-11 09:00:53 -05:00
Luke Taylor 3b13a3fb25 SEC-1812: Replace assertion with warning message when overriding the global AuthenticationManager. 2011-11-02 14:23:59 +00:00
Luke Taylor 30088f19ae SEC-1806: Log that bean definition is being created rather than bean in LdapServerBDP. 2011-10-31 23:50:06 +00:00
Luke Taylor 2f67bb3032 SEC-1847: Add authentication-manager-ref attribute to http and global-method-security namespace elements. 2011-10-30 21:51:02 +00:00
Luke Taylor 44e2543015 Minor changes to make filter chain validation more robust with custom request matchers. 2011-10-24 21:21:10 +01:00
Luke Taylor f2786805e6 SEC-1841: Added request-matcher-ref attribute to namespace for defining a filter chain. 2011-10-21 20:04:35 +01:00
Luke Taylor 58f7d3acc6 SEC-1835: Changed xsd:ID to xsd:token. 2011-10-21 18:35:06 +01:00
Luke Taylor ac6ed671a1 SEC-1830: Use constructor injection in namespace parsing code for creation of ProviderManager 2011-09-26 18:24:36 +01:00
Luke Taylor a1c714cff4 SEC-1754: Added an InvalidSessionStrategy to allow SessionManagementFilter to delegate out the behaviour when an invalid session identifier is submitted. 2011-07-14 16:43:02 +01:00
Luke Taylor f92589f051 Extract a SecurityFilterChain interface and create a default implementation to facilitate other configuration options. 2011-07-06 00:12:48 +01:00
Luke Taylor 73442125de SEC-1775: Removed internal use of UserAttribute class in AnonymousAuthenticationFilter. 2011-07-04 21:09:48 +01:00
Luke Taylor 5d20f57fa8 Import cleaning. 2011-07-02 20:36:42 +01:00
Rob Winch 85807fdfd0 Removed @Overrides from method that implements interface instead of overriding superclass to resolve Java 1.5 error 2011-06-21 07:22:35 -05:00
Luke Taylor 5a1ddc660b SEC-1768: Added tests to reproduce "double-proxying" issue combining intercept-methods and tx-annotation-driven. Problem is caused by use of ProxyFactoryBean with auto-proxying. 2011-06-18 14:32:31 +01:00
Luke Taylor 52c0ee6756 Improve error reporting of missing web classes in namespace handler. Now catches and logs the class-loading error. 2011-06-13 13:39:55 +01:00
Luke Taylor e8a1a6e40b Added spring-expression to config module testCompile to fix build. 2011-05-19 23:50:35 +01:00
Luke Taylor 27caecd53f SEC-1452: Added namespace support for custom expression handler for use with web access expressions. 2011-05-19 15:27:58 +01:00
Luke Taylor 1b8eee6f07 Improve "missing web classes" message in SecurityNamespaceHandler, by indicating that a missing transitive dependency may also be the problem. 2011-05-16 00:19:30 +01:00
Rob Winch 92face623a SEC-1738: removed accidental commit of writeNewPom task 2011-05-10 23:23:13 -05:00
Rob Winch 3d24d6f672 SEC-1738: Changed openid4java to be testCompile dependency of spring security config 2011-05-10 23:17:36 -05:00
Luke Taylor 6e91786f92 SEC-1734: AbstractRememberMeServices will now default to using a secure cookie if the connection is secure. The behaviour can be overridden by setting the useSecureCookie property in which case the cookie will either always be secure (true) or never (false). 2011-05-09 13:36:23 +01:00
Luke Taylor 25ebc5e5f4 Fix openid dep in config.gradle. Should be a testCompile dep. 2011-04-29 14:04:32 +01:00
Rob Winch bd74185e41 SEC-1729: Updated openid module and sample to openid4java 0.9.6 and httpclient 4.1.1 2011-04-26 23:39:51 -05:00
Luke Taylor c4a1ce9f1a SEC-1725: Update docs to remove references to filter-chain-map. 2011-04-25 23:38:44 +01:00
Luke Taylor b5924db74d SEC-1725: Add option to filter-chain to use an explicit request-matcher-ref instead of a "path" attribute. 2011-04-25 23:20:15 +01:00
Luke Taylor 04dc65c8fe SEC-1657: Corresponding namespace updates to use SecurityFilterChain list in place of filterChainMap. 2011-04-25 13:48:47 +01:00
Luke Taylor 71ed6d7964 SEC-1720: Avoid bean-creation side-effects in ContextSourceSettingPostProcessor. 2011-04-20 11:58:00 +01:00
Luke Taylor 8d702a4f98 SEC-1699: Make sure a FilterInvocation is passed to the AccessDecisionManager when checking the login page access in DefaultFilterChainValidator. 2011-04-14 18:04:29 +01:00
Luke Taylor 160fed1bfe SEC-1713: Fix typo in schema RNC file. 2011-04-08 17:22:57 +01:00