Rob Winch
706e7fd7a2
SEC-2863: Update to Spring 4.1.5
2015-02-20 11:43:04 -06:00
Rob Winch
5b0f8918ce
Fix Eclipse import
2015-01-23 17:29:54 -06:00
Rob Winch
8f0001f59a
Next Development Version
2014-12-11 20:39:26 -06:00
Spring Buildmaster
49b69196de
Release version 4.0.0.RC1
2014-12-11 20:36:55 -06:00
Rob Winch
a36c4bcb04
Consistent configureGlobal in samples
2014-12-10 21:10:27 -06:00
Rob Winch
8b1f5f7cd7
SEC-2789: Polish
...
Remove unnecessary "extends WebSecurityConfigurerAdapter"
2014-12-10 21:10:27 -06:00
Rob Winch
1677836d53
SEC-2790: Deprecate @EnableWebMvcConfig
2014-12-10 21:10:27 -06:00
Rob Winch
62e127e978
SEC-2789: Add Default WebSecurityConfigurerAdapter
2014-12-10 21:10:26 -06:00
Rob Winch
3171cc4364
SEC-2788: Add @Configuration as meta annotation to @Enable* annotations
2014-12-10 21:10:15 -06:00
Rob Winch
11116c2b80
SEC-2787: Update Versions
2014-12-10 16:37:19 -06:00
Rob Winch
c67ff42b8a
SEC-2783: XML Configuration Defaults Should Match JavaConfig
...
* j_username -> username
* j_password -> password
* j_spring_security_check -> login
* j_spring_cas_security_check -> login/cas
* j_spring_cas_security_proxyreceptor -> login/cas/proxyreceptor
* j_spring_openid_security_login -> login/openid
* j_spring_security_switch_user -> login/impersonate
* j_spring_security_exit_user -> logout/impersonate
* login_error -> error
* use-expressions=true by default
2014-12-08 15:09:15 -06:00
Rob Winch
b56e5edbbd
SEC-2784: Fix build plugins
2014-12-08 14:24:34 -06:00
Rob Winch
6e204fff72
SEC-2781: Remove deprecations
2014-12-04 15:28:40 -06:00
Rob Winch
09f6210c73
SEC-2347: Polish
2014-11-21 22:31:03 -06:00
Rob Winch
3b8f7fdd67
SEC-2732: ehcache-core -> ehcache
2014-11-18 17:14:30 -06:00
Rob Winch
02c3565e22
Fix compiling in Eclipse
2014-09-16 10:18:46 -05:00
Rob Winch
6321665353
SEC-2676: Update to Spring Data Evans RC1
2014-08-15 20:46:59 -05:00
Rob Winch
3f30529039
SEC-2179: Add Spring Security Messaging Support
2014-08-15 20:46:58 -05:00
Rob Winch
939df5f0f9
SEC-2547: Update to cas-client-core-3.3.3
2014-08-15 16:41:33 -05:00
Rob Winch
3187ee8bf3
SEC-2700: Register WithSecurityContextTestExecutionListener by default
2014-08-15 16:41:33 -05:00
Rob Winch
1eaa621619
SEC-2676: Fix data and sample data poms
2014-08-15 16:40:51 -05:00
Rob Winch
4f936c4c51
Remove @Version from created since it should not be updated
...
This also works around DATAJPA-582
2014-08-01 14:03:27 -05:00
Rob Winch
3e8c879cea
SEC-2676: Fix data-jc sample's classpath
2014-08-01 10:33:33 -05:00
Rob Winch
1f861f512a
SEC-2676: Add SpEL Spring Security Integration
2014-07-29 20:04:37 -05:00
Rob Winch
8a2a1b7a5b
SEC-2595: Polish
2014-07-25 16:27:19 -05:00
Rob Winch
b2d66e2a78
SEC-2595: @EnableGlobalMethodSecurity AspectJ fixes
2014-07-25 16:03:18 -05:00
Rob Winch
b72c1ad314
SEC-2686: Create SecurityMockMvcConfigurer
2014-07-22 15:11:37 -05:00
Rob Winch
906a0cb0e2
SEC-2684: Correct spelling of WithSecurityContextTestExecutionListener
2014-07-18 13:53:41 -05:00
Rob Winch
66c926f2c7
SEC-2653: Remove explicit port for ldap-xml so can be dynamic for ci
2014-06-18 08:27:39 -05:00
Rob Winch
6b121c7543
SEC-2637: Add Geb integration tests for ldap-xml
2014-06-13 13:53:33 -05:00
Rob Winch
19ce54e4ff
SEC-2653: ldap-xml logout is post with CSRF token
2014-06-13 13:53:19 -05:00
Rob Winch
f7d09c6b62
SEC-2633: Remove springSecurityFilterChain from insecuremvc tests
2014-06-13 13:09:59 -05:00
Rob Winch
025c0857f4
SEC-2635: Add Geb integration tests for jdbc-jc
2014-06-13 12:24:03 -05:00
Rob Winch
0e9999e429
Fix jdbc-jc to work with tomcat gradle plugin
...
It is necessary to ensure that src/main/webapp exists to ensure the
application starts with the Tomcat Gradle Plugin.
This commit adds a Manifest file to src/main/webapp/META-INF to ensure
that git contains the otherwise empty directory.
2014-06-13 12:23:26 -05:00
Rob Winch
6964c2e3de
SEC-2633: Add MockMvc tests for insecuremvc
2014-06-13 11:26:28 -05:00
Rob Winch
8f84921713
SEC-2632: Add Geb Integration Tests for insecure sample
2014-06-13 11:20:57 -05:00
Rob Winch
11d83cdce1
SEC-2651: Fix hellojs-jc after Thymeleaf Spring 4 changes
2014-06-13 09:43:32 -05:00
Rob Winch
80c0f5fa17
SEC-2626: Add Geb integration tests for form-jc
2014-06-12 17:06:05 -05:00
Rob Winch
2aea199001
SEC-2636: Added Geb integration tests for ldap-jc
2014-06-12 16:49:12 -05:00
Rob Winch
10c4d8f1af
SEC-2651: Update Thymeleaf to Spring 4 variants in samples
2014-06-12 16:48:04 -05:00
Rob Winch
cb94fb2c99
SEC-2631: Add spring-security-test to inmemory-jc pom
2014-06-12 15:08:53 -05:00
Rob Winch
ac712f9f17
SEC-2617: Add JSTL to sample poms
2014-06-12 15:07:25 -05:00
Rob Winch
5953a35c95
SEC-2624: Add Geb integration tests to contacts-xml
2014-06-12 15:05:54 -05:00
Rob Winch
91b2b7f875
SEC-2634: Add Geb integration tests for jaas-xml
2014-06-12 12:18:56 -05:00
Rob Winch
1bff58577c
SEC-2631: Add inmemory-jc MockMvc integration tests
2014-06-12 12:18:04 -05:00
Rob Winch
15ab3316b3
SEC-2630: Add helloworld-jc Gebintegration tests
2014-06-12 12:18:04 -05:00
Rob Winch
fb25273672
SEC-2617: Fix JSTL Samples
2014-06-12 12:01:04 -05:00
Rob Winch
dd0253048e
SEC-2650: Fix Jetty Warn NoInitialContextException on shutdown
2014-06-12 11:53:22 -05:00
Rob Winch
e9d9a83df4
SEC-2607: CAS Server logouts out synchronously
2014-05-21 15:43:56 -05:00
Rob Winch
76bf378077
SEC-2580: Include ApacheDS in samples/ldap-xml
2014-05-01 11:28:27 -05:00
Rob Winch
00e1094178
Add springio-platform plugin
2014-04-23 14:35:22 -05:00
Rob Winch
8baf82532c
SEC-2015: Add spring-security-test
2014-04-22 16:47:48 -05:00
Rob Winch
1c75d33adb
SEC-2560: Remove samples from .gitignore and add missing sample files
2014-04-16 21:17:02 -05:00
Rob Winch
5b216bd0b2
Revert "SEC-2547: Consistent CAS client version"
...
This reverts commit f6cc9d87d5
.
2014-04-15 10:36:37 -05:00
Hans-Joachim Kliemeck
f6cc9d87d5
SEC-2547: Consistent CAS client version
2014-04-14 22:48:55 -05:00
Rob Winch
ccf96a4d69
SEC-2542: Polish dependency exclusions
...
This cleans up exclusions so the pom.xml are not as cluttered.
2014-04-02 09:47:29 -05:00
Rob Winch
3118e39de8
SEC-2542: Use exclusions to remove duplicate dependencies
...
A number of projects had duplicate dependencies on their classpaths
as a result of the same classes being available in more than one
artifact, each with different Maven coordinates. Typically this only
affected the tests, but meant that the actual classes that were
loaded was somewhat unpredictable and had the potential to vary
between an IDE and the command line depending on the order in which
the aritfacts appeared on the classpath. This commit adds a number of
exclusions to remove such duplicates.
In addition to the new exclusions, notable other changes are:
- Spring Data JPA has been updated to 1.4.1. This brings its
transitive dependency upon spring-data-commons into line with
Spring LDAP's and prevents both spring-data-commons-core and
spring-data-commons from being on the classpath
- All Servlet API dependencies have been updated to use the official
artifact with all transitive dependencies on unofficial servlet API
artifacts being excluded.
- In places, groovy has been replaced with groovy-all. This removes
some duplicates caused by groovy's transitive dependencies.
- JUnit has been updated to 4.11 which brings its transitive Hamcrest
dependency into line with other components.
There appears to be a bug in Gradle which means that some exclusions
applied to an artifact do not work reliably. To work around this
problem it has been necessary to apply some exclusions at the
configuration level
Conflicts:
samples/messages-jc/pom.xml
2014-04-02 09:47:26 -05:00
Rob Winch
9988fa141c
Update Spring Security version in pom.xml
2014-03-06 08:13:52 -06:00
Rob Winch
8afa8d8588
Fix integration tests
2014-03-06 07:56:40 -06:00
Rob Winch
6dfdb10e31
Fix move to 4.0
2014-03-05 16:52:19 -06:00
Rob Winch
7f99a2dfbb
SEC-2487: Update to Spring 3.2.8.RELEASE
2014-02-19 09:30:40 -06:00
Rob Winch
ec8b48150d
SEC-2474: Update poms
2014-02-07 17:01:11 -06:00
Rob Winch
8c580dc170
SEC-2444: Polish Thymeleaf for samples
2013-12-16 09:51:00 -06:00
Rob Winch
b7041ed00e
SEC-2436: Add @EnableWebMvcSecurity
2013-12-14 14:40:01 -06:00
Rob Winch
2df5541905
SEC-2448: Update to HSQL 2.3.1
2013-12-14 10:19:06 -06:00
Rob Winch
4708287ad3
SEC-2444: Convert Java Config samples to thymeleaf and tiles
2013-12-13 15:47:28 -06:00
Rob Winch
a34178bc40
SEC-2434: Update to Spring 3.2.6 and Spring 4.0 GA
2013-12-12 08:16:59 -06:00
Rob Winch
4460e84b29
Updates to pom.xml author and repo
2013-12-09 08:57:30 -06:00
Rob Winch
feeb380b51
Polish Guides
2013-12-06 11:12:07 -06:00
Rob Winch
ec524da6cb
SEC-2416: Fix Hello MVC guide
2013-12-05 15:47:38 -06:00
Rob Winch
fc6fc19eed
Fix guides
2013-12-05 13:16:59 -06:00
Rob Winch
2c8946c406
Next development version
2013-11-01 14:20:55 -05:00
Spring Buildmaster
9c703a3051
Release version 3.2.0.RC2
2013-11-01 14:20:49 -05:00
Rob Winch
348e3a22b6
SEC-2365: registerAuthentication->configure
2013-10-16 13:59:56 -05:00
Rob Winch
0978c12c47
SEC-2361: Java Config Sampels use @Autowired AuthenticationManagerBuilder
2013-10-15 12:35:32 -05:00
Rob Winch
0b0e7dbea9
SEC-2359: Merge DefaultLoginPageViewFilter w/ DefaultLoginPageGeneratingFilter
2013-10-14 15:00:24 -05:00
Rob Winch
4ef0460ef6
SEC-2321: Improve Java Config defaults for JavaScript clients
2013-10-11 14:53:11 -05:00
Rob Winch
76a8bbe98d
SEC-2354: Add failOnMissingWebXml=false to sample pom.xml
2013-10-07 08:12:35 -05:00
Rob Winch
88f41cdf62
SEC-2341: Update to Gradle 1.8
...
Some dependencies were necessary to update due to issues with JUnit
integration.
2013-09-24 15:35:51 -05:00
Rob Winch
3d2f23602f
SEC-2294: Update Spring Version to 3.2.4.RELEASE
2013-08-31 11:26:43 -05:00
Rob Winch
658a93178c
SEC-2252: Add custom form guide
2013-08-19 15:22:04 -05:00
Rob Winch
51b9c4a19a
Hide logout in main.jsp if not logged in
2013-08-17 14:38:39 -05:00
Rob Winch
d62c2e0835
SEC-2244: Defaults based on loginPage are now updated when loginPage changes
2013-08-16 14:48:45 -05:00
Rob Winch
e9bb9e766e
SEC-1574: Add CSRF Support
2013-08-15 14:49:21 -05:00
Rob Winch
54c2166567
SEC-2194: Remove unnecessary MessageSecurityWebApplicationInitializer from helloworld
2013-08-15 12:50:41 -05:00
Rob Winch
fea4d01aad
SEC-2194: hello samples displays username and logout properly
2013-08-15 12:50:41 -05:00
Rob Winch
b5ecaf61ed
SEC-2194: Remove samples errors/tabs folders
2013-08-15 12:50:41 -05:00
Rob Winch
f036970f8b
SEC-2194: Add margin to links in header of samples
2013-08-15 12:50:41 -05:00
Rob Winch
2feded5fc5
SEC-2194: Update samples to have jsp-api
2013-08-15 12:50:40 -05:00
Rob Winch
22e4d1646a
SEC-2194: Remove login page from hellomvc and insecuremvc
2013-08-15 12:50:40 -05:00
Rob Winch
e8278f3b9b
SEC-2249: AbstractSecurityWebApplicationInitializer allows register config
2013-08-08 14:33:54 -05:00
Rob Winch
976d9a9016
SEC-2194: Polish java config sample apps
2013-08-08 14:33:54 -05:00
Rob Winch
1f86d5dad9
SEC-2097: Add Tomcat Gradle plugin
2013-08-05 16:49:34 -05:00
Rob Winch
388a4dd9db
SEC-2194: Add Java Config samples
2013-08-05 16:49:33 -05:00
Rob Winch
36418b964d
Remove samples/runall.sh
2013-08-01 13:19:21 -05:00
Rob Winch
e242aeff3e
SEC-2230: Polish and clickjacking demo
2013-08-01 10:19:36 -05:00
Rob Winch
8c3ac719bb
SEC-2230: Added testing certificates
2013-08-01 09:48:09 -05:00
Rob Winch
0bc08f8a23
SEC-2230: Update contacts sample to use <headers> with no child elements
2013-08-01 09:47:57 -05:00
Marten Deinum
0adf5aea91
SEC-2098, SEC-2099: Created HeadersFilter
...
Created HeadersFilter for setting security headers added including a
bean definition parser for easy configuration of the headers. Enables
easy configuration for the X-Frame-Options, X-XSS-Protection and
X-Content-Type-Options headers. Also allows for additional headers to
be added.
2013-07-25 16:22:43 -05:00
Rob Winch
5e6ca12b01
SEC-2097: Update integrationTestCompile to use optional and provided
...
Also update slf4j version and remove explicit commons-logging from pom generation
2013-07-16 15:59:06 -05:00
Rob Winch
02551e1b7a
SEC-2214: Update Spring Version
2013-07-16 15:15:47 -05:00
Rob Winch
faa8b354b7
SEC-2209: add pom.xml
2013-07-16 15:15:47 -05:00
Rob Winch
e5fc063680
SEC-2206: Gradle Propdeps
2013-07-16 15:15:42 -05:00
Rob Winch
07c3fdf8a7
SEC-2195: Update Groovy, Geb, Spock, httpcomponents, and Jetty
2013-07-16 15:02:39 -05:00
Luke Taylor
896339087f
SEC-2122: Update samples to use bcrypt.
...
Data sources modified to store bcrypt hashes and configs now
use BCryptPassworEncoder.
2013-05-17 18:44:30 +01:00
Rob Winch
e8661913d1
SEC-2119: Update to 3.2 schema and use default schema version when available
2013-03-01 16:29:27 -06:00
Rob Winch
22e333b9c6
SEC-2092: Add servlet api example
2012-12-11 17:44:57 -06:00
Rob Winch
1ed643ca1f
SEC-1998: Provide integration with WebAsyncManager#startCallableProcessing
...
Support integration of the Spring SecurityContext on Callable's used with
WebAsyncManager by registering SecurityContextCallableProcessingInterceptor.
2012-11-28 17:56:03 -06:00
Rob Winch
78cbdd2c93
Reserve Server Ports in integrationTests
...
Previously the build would look up a server port dynamically, but since
it closed the port immediately it may not be reserved by the time jetty
started up.
We now reserve the port and do not close it till just before Jetty starts.
While there is still a race condition, it is much smaller window of time
than it was previously.
2012-11-01 11:14:50 -05:00
Rob Winch
6af3e1958b
Update to Groovy 1.8
2012-09-04 09:48:29 -05:00
Rob Winch
a2452ab514
SEC-1906: Update to Gradle 1.0
2012-07-05 12:41:56 -05:00
Abdull
dec44811fc
Gave correct role name
2012-02-28 14:41:14 +01:00
Abdull
0e413cedcb
Gave correct role name
2012-02-28 14:39:30 +01:00
Rob Winch
044861eb20
Renamed **/*Spec.groovy to **/*Tests.groovy to better follow conventions
2011-12-29 12:59:24 -06:00
Luke Taylor
b60367e30c
Upgrade to validater 4.2
2011-11-01 00:20:45 +00:00
Luke Taylor
9d66e1fac3
Exclude static resources from filter chain in tutorial sample.
2011-09-25 22:30:14 +01:00
Luke Taylor
7e44580c75
Minor refactoring of aspects tests.
2011-07-20 17:42:05 +01:00
Luke Taylor
dc92baa257
Remove truststore settings from tutorial sample as they aren't required.
2011-06-13 15:03:51 +01:00
Luke Taylor
e4ecdd55f6
Enable https in tutorial sample.
2011-06-13 13:45:09 +01:00
Luke Taylor
80fd96df6d
SEC-1650: Updates and corrections to tutorial sample to fit better with new tutorial.
2011-06-07 16:46:38 +01:00
Rob Winch
c9b328d8c7
SEC-1757: Updated tutorial sample to state that listing of accounts is allowed by anyone and to display accounts for the different types of access to posting to Accounts
2011-06-02 21:19:01 -05:00
Luke Taylor
e8a1a6e40b
Added spring-expression to config module testCompile to fix build.
2011-05-19 23:50:35 +01:00
Rob Winch
3de0041874
Reverted cas Readme.txt from instructing to run from samples/cas/sample
2011-05-16 22:09:58 -05:00
Rob Winch
076a75d8c3
Cleaned up cas task dependency declarations
2011-05-15 22:09:28 -05:00
Rob Winch
11dc3363cc
Moved cas server and cas sample into common parent folder (samples/cas)
2011-05-15 22:09:08 -05:00
Rob Winch
1c1ffe2f0f
Added CA's to server.jks from cacerts included with Sun JDK
...
- Allow handshake to succeed for the build to upload to amazon
- Allows the same trust store to work for openid and CAS sample applications
2011-05-13 18:05:16 -05:00
Rob Winch
e1f4c3d325
Created a casserver module to better isolate it from the cas sample application now that an overlay is being done
2011-05-12 22:17:43 -05:00
Rob Winch
4d786d74cf
Reworded CASSampleSpec test method to reflect single logout
2011-05-12 22:17:43 -05:00
Rob Winch
4c43bde064
Set log levels to ERROR level when running CAS integration tests
2011-05-12 22:17:43 -05:00
Rob Winch
9525403385
Added CAS Server overlay to make single logout be synchronous and enabled itests for the cas sample
2011-05-12 22:17:43 -05:00
Luke Taylor
d2175468ee
Disable CAS interation tests until CI problems are resolved.
2011-04-28 19:17:29 +01:00
Luke Taylor
06faea8cfc
Typos.
2011-04-28 18:55:38 +01:00
Rob Winch
97afb0c9ac
SEC-965: Added assert to LoginPage.at
2011-04-18 23:52:20 -05:00
Rob Winch
01fb4bdb6d
SEC-1718: Update documentation and sample application to demonstrate how to use a PGT to authenticate to stateless services using a PT
2011-04-17 18:17:14 -05:00
Rob Winch
abfa558c3c
Removed Dummy.java from cas sample
2011-04-17 18:14:16 -05:00
Rob Winch
11331d34d9
SEC-1717: Document how to perform Single Logout with CAS and added integration test for sample application to test Single Logout
2011-04-17 18:14:16 -05:00
Rob Winch
761d5af6ec
SEC-965: Added integration tests for CAS Sample Application
2011-04-17 18:14:14 -05:00
Rob Winch
f1c064b3b9
SEC-965: Updated CAS Sample application for proxy authentication
...
* Configured for proxy authentication
* Cleaned up the jsps
* Changed the cas sample context root to cas-sample so the CAS Server's JSESSIONID cookie doesn't remove the cas samples
2011-04-17 18:00:37 -05:00
Luke Taylor
ddaf9eb64f
SEC-1705: Make sure a single OpenIDAuthenticationFilter bean is created by the namespace. Likewise for UsernamePasswordAuthenticationFilter.
2011-03-31 21:09:54 +01:00
Rob Winch
a50c9afbab
Modified jaas sample's LoginModule to prevent empty string username/password
2011-03-07 22:25:19 -06:00
Rob Winch
9e5d35235c
Made the principal for jaas sample serializable
2011-03-07 22:25:16 -06:00
Luke Taylor
72f031253f
Remove unnecessary dependency repos and update GAE version.
2011-02-28 15:43:25 +00:00
Luke Taylor
d58dd79a52
SEC-1494: Updated the tutorial webapp to use CSS and make use of the securityHiddenUI element when UI security is disabled.
2011-01-25 13:16:46 +00:00
Luke Taylor
19e56f4397
Stripping out unnecessary dependencies from sample jars.
2011-01-10 17:27:58 +00:00
Luke Taylor
7316bcff75
Updated outdated CAS sample readme with instructions for running CAS using gradle
2010-12-20 22:22:19 +00:00
Luke Taylor
bbcc611af5
CAS server version upgrade and minor tweaks to CAS sample build file.
2010-12-20 22:12:35 +00:00
Luke Taylor
4a40d80da1
SEC-1418: Deprecate GrantedAuthorityImpl in favour of final SimpleGrantedAuthority.
...
It should be noted that equality checks or lookups with Strings or other authority types will now fail where they would have succeeded before.
2010-12-03 16:41:46 +00:00
Luke Taylor
51a53ddbaa
Minor refactoring of GAE code to use specific GrantedAuthority type.
2010-11-17 14:15:11 +00:00
Luke Taylor
fc00d7ef1d
Move the unix scripts for the tutorial sample into a subdirectory
2010-11-12 15:19:46 +00:00
Luke Taylor
37810a19c4
SEC-1619: Added check in GAE sample for change of Google user while still logged into the app.
...
Also updated GAE version and build script. Uploading to GAE now works when run from the gradle build file using the command 'gradle gaeDeploy'.
2010-11-10 15:37:42 +00:00
Rob Winch
ffccc5f446
SEC-1617: Added spring-security-taglibs as a runtime dependency to jaas.gradle
2010-11-08 19:27:44 -06:00
Luke Taylor
685e0417a7
SEC-1544: Update the tutorial sample to attempt to delete the JSESSIONID cookie on logout.
2010-09-19 18:30:52 +01:00
rwinch
de819378fc
SEC-1536: added JAAS API Integration, updated doc, updated jaas sample
2010-09-13 13:12:45 -05:00
rwinch
58d9903ebc
SEC-1564: JAAS Configuration can now be injected into DefaultJaasAuthenticationProvider
2010-09-10 20:17:22 -05:00
Luke Taylor
f4d57ab5e8
SEC-1456: Remove maven poms as we are now using gradle for the build.
2010-08-30 19:02:19 +01:00
Luke Taylor
bdb906e588
Enable parameterization for log levels in logback files to allow the use of command-line options for controlling log output.
2010-08-24 18:25:39 +01:00
Luke Taylor
b39b63bf3d
Add logback configuration for contacts sample.
2010-08-22 22:43:49 +01:00
Luke Taylor
b2fc1d8491
Fix namespace schema version in CAS sample.
2010-08-22 22:43:10 +01:00
Luke Taylor
07d8275ee6
Modify order of saxon and xerces deps in dependency list to prevent Aelfred parser from being used in build.
2010-08-22 22:31:01 +01:00
Luke Taylor
102bc2d6a0
Reduce unnecessary use of aspectj as a build dependency
2010-08-19 23:23:03 +01:00
Luke Taylor
c37ca1c2a9
Sample app build adjustments to remove unwanted deps such as jsp-api, tidy up use of JSTL, make sure all are using servlet 2.5 etc.
2010-08-19 22:41:51 +01:00
Luke Taylor
6abfa2e887
Update minimum required schema to 3.1.
2010-08-17 02:19:55 +01:00
Luke Taylor
992566b6cb
SEC-1527: Internationalization of contacts sample (Adding message resource bundle and RequestContextFilter). Re-working of L12n section of manual to mention existing localized message files and use of RequestContextFilter.
2010-08-14 01:07:51 +01:00
Luke Taylor
281d77271e
SEC-1486, SEC-1538, SEC-1537: Generification of AuthenticationDetailsSource. Deprecation of non-web pre-authentication classes and other unnecessary classes. Removal of reflection in WebAuthenticationDetailsSource.
2010-08-13 15:51:05 +01:00
Luke Taylor
1a838c2049
SEC-1533: AclAuthorizationStrategyImpl can now take either one or three GrantedAuthority arguments. If only one is supplied, it will be used for all 3 of the permissions supported by the class.
2010-08-07 14:41:25 +01:00
Luke Taylor
85c4c91e0e
IDEA inspection refactorings.
2010-08-05 23:28:07 +01:00
Luke Taylor
413b2a06e3
Improvements in up-to-date checking and use of parallel tests where possible.
2010-08-05 02:11:00 +01:00
Luke Taylor
64375484a1
More build and logging tuning.
2010-08-04 22:55:17 +01:00
Luke Taylor
c4ee46824c
Removing log4j.properties files and adding logback config ones.
2010-08-04 21:16:05 +01:00
Luke Taylor
d1279aeda2
Logging adjustments for gae sample.
2010-08-02 19:51:24 +01:00
Luke Taylor
6ba8257cab
Renamed file to fix case-sensitivity issue.
2010-08-02 12:13:58 +01:00
Luke Taylor
52edf115ce
Workaround for repeated attempt to download CAS server poms (GRADLE-1072)
2010-07-28 20:04:15 +01:00
Luke Taylor
2d9a848265
Added missing gradle build files for remaining samples. Some related reordering, dependency fixing etc. CAS sample no longer requires two separate subprojects as both client and server app can be run from a single gradle build.
2010-07-27 02:20:36 +01:00
Luke Taylor
a74077f9b1
SEC-1490: Minor changes to GAE sample. Simplification of redirect to registration page (only needs to be done after authentication).
2010-07-25 20:46:00 +01:00
Luke Taylor
e659e15f90
Tidying.
2010-07-23 01:57:45 +01:00
Luke Taylor
2afccfc633
Remove commons-logging dependency properly and switch tutorial sample to logback/slf4j.
2010-07-23 01:57:31 +01:00
Luke Taylor
a681dee0e1
Minor sample build changes. JSTL dependency update.
2010-07-20 23:45:20 +01:00
Luke Taylor
e5a302b5c4
SEC-1490: Correct loggedout URL.
2010-07-20 23:43:43 +01:00
Luke Taylor
5d35919ca3
SEC-1490: Code for GAE Sample webapp
2010-07-20 23:41:31 +01:00
Luke Taylor
c1c8fd1874
SEC-1171: Changed attribute name/value from secured="false" to security="none" to allow future extension by adding extra options (e.g. contextOnly to provide security context information during the request).
2010-07-20 19:46:47 +01:00
Scott Battaglia
565ef7383d
SEC-1513
...
upgraded to latest version of cas client
2010-07-06 22:09:24 -04:00
Luke Taylor
026517f674
Removal of deprecated methods and classes.
2010-06-26 16:23:42 +01:00
Luke Taylor
5939f17708
Fix openid sample configuration.
2010-06-09 22:52:43 +01:00
Luke Taylor
6a37e4be86
Fix OpenID sample to use new syntax for excluding requests.
2010-06-05 16:53:01 +01:00
Luke Taylor
efb600166a
SEC-1488: Remove commons-logging dependencies from maven poms.
2010-05-28 13:10:59 +01:00
Luke Taylor
080430150a
SEC-187: Refactoring contact Dao to use JdbcTemplate, and removing unused query objects (which have been there since 2004!)
2010-05-25 16:47:57 +01:00
Luke Taylor
64d59e1d32
Some extra FAQs and added comment to samples runall.sh script to explain that it's for dev only.
2010-05-03 14:56:22 +01:00
Luke Taylor
a421370a3d
SEC-1465: Change DelegatingMethodSecurityMetadataSource to use constructor injection to get round the problem of it being invoked before it has been initialized properly. Also changed the contacts tests to use the same app context and loading order as the actual webapp, to give better reassurance that the app will run successfully.
2010-04-25 22:00:25 +01:00
Luke Taylor
def5f88c8c
SEC-1431: Added openid-selector to openid sample, plus AX configuration for myopenid.com.
2010-04-21 17:16:03 +01:00
Luke Taylor
2f025fba6c
SEC-1460: Added AxFetchListFactory which matches OpenID identifiers to lists of attributes to use in a fetch-request.
...
This allows different configurations to be used based on the identity-provider (google, yahoo etc). The default implementation iterates through a map of regex patterns to attribute lists. The namespace has also been extended to support this facility, with the "identifier-match" attribute being added to the attribute-exchange element. Multiple attribute-exchange elements can now be defined, each matching a different identifier.
2010-04-20 23:47:48 +01:00
Luke Taylor
ee1fd1bc50
SEC-1431: Modify OpenID sample to use a custom UserDetailsService which allows any user to authenticate, allocating them a standard role and "registers" their ID in a map, allowing it to be retrieved in subsequent logins.
2010-04-20 23:47:48 +01:00
Luke Taylor
12a6ae2ffa
SEC-1232: Add config dependency to maven build for aspectj sample.
2010-03-31 19:58:59 +01:00
Luke Taylor
a3ef8255d8
SEC-1232: GlobalMethodSecurityBeanDefinitionParser support for mode='aspectj'
...
Also added this syntax to the aspectj sample.
2010-03-31 18:31:28 +01:00
Luke Taylor
d334f6fa09
Latest gradle syntax updates.
2010-03-28 23:54:41 +01:00
Luke Taylor
55de2cfcb1
SEC-1262: Added new (replacement) AspectJ interceptor which wraps the JoinPoint in a MethodInvocation adapter to provide compatibility with classes which only support MethodInvocation instances.
...
Also deprecated the existing AspectJ interceptors. This will also allow future simplification of the AbstractMethodSecurityMetadataSource, as it no longer needs to support JoinPoints.
2010-03-11 01:51:59 +00:00
Luke Taylor
f3264ba9ab
Addition of commons-logging exclusions and adjustments to pom generation.
2010-03-07 21:58:25 +00:00
Luke Taylor
b147652193
Make hsqldb a testRuntime/runtime dependency.
2010-03-01 01:10:58 +00:00
Luke Taylor
5aae545949
SEC-1232: Re-enable aspects module and aspectj sample in maven build.
2010-02-25 20:09:01 +00:00
Luke Taylor
e2a8f81ae8
Update aspectj version in sample to 1.6.8
2010-02-20 18:50:36 +00:00
Luke Taylor
b37d2ed978
SEC-593: Added PermissionCacheOptimizer strategy interface and implementation in Acl module.
...
This is used by DefaultMethodSecurityExpressionHandler to allow permissions to be cached before repeatedly evaluating an expression for a collection of domain objects.
2010-02-20 18:02:12 +00:00
Luke Taylor
2ee7696bf4
Update version number to 3.1.0.CI-SNAPSHOT.
2010-02-19 17:35:19 +00:00
Luke Taylor
44f45d21f0
3.0.2 release. Update version in build files.
2010-02-19 01:22:21 +00:00
Luke Taylor
2f40088fe7
Change spring-aop dep to compile scope in contacts sample
2010-02-08 12:34:19 +00:00
Luke Taylor
15c309a2ed
Add spring-aop to acl and contacts compile dependencies following changes for SEC-1390.
...
AopInfrastructureBean interface is now required.
2010-02-06 21:22:12 +00:00
Luke Taylor
0974e21fb6
SEC-1379: Added creation of a session if session timeout is detected (requested session ID is invalid).
...
This prevents problems with repeated detection of the same invalid session when the redirected request comes in.
2010-01-23 02:12:30 +00:00
Luke Taylor
a5dde8b28f
Updated doc on invalid session detection.
...
Invalid session URL must typically be omitted from the filter chain to prevent an infinite loop.
2010-01-17 14:41:24 +00:00
Luke Taylor
51dfc0fb39
Set versions to 3.0.2-CI-SNAPSHOT, post release.
2010-01-15 18:15:19 +00:00
Luke Taylor
05634f97dc
Updated version numbers for 3.0.1 release.
2010-01-15 18:04:28 +00:00
Luke Taylor
b323098167
Added gradle build files for taglibs, tutorial, contacts and openid.
...
Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).
2010-01-10 23:31:23 +00:00
Luke Taylor
e211f9b35f
SEC-1349: Allow configuration of OpenID with parameters which should be transferred to the return_to URL.
...
The OpenIDAuthenticationFilter now has a returnToUrlParameters property (a Set). If this is set, the named parameters will be copied from the incoming submitted request to the return_to URL. If not set, it defaults to the "parameter" property of the AbstractRememberMeServices of the parent class. If remember-me is not in use, it defaults to the empty set.
Enabled remember-me in the OpenID sample.
2010-01-09 01:04:13 +00:00
Luke Taylor
052537c8b0
Removing $Id$ markers and stripping trailing whitespace from the codebase.
2010-01-08 21:05:13 +00:00
Luke Taylor
be72ed1350
Remove commented out beans from contacts sample app context.
...
These were left when the app was updated to use Spring MVC @Controller syntax and scanning.
2010-01-06 22:21:34 +00:00
Luke Taylor
893f212fa5
Tidying
2010-01-02 19:53:19 +00:00
Luke Taylor
115d5b84ff
[maven-release-plugin] prepare for next development iteration
2009-12-22 22:20:01 +00:00
Luke Taylor
6c6ef08353
[maven-release-plugin] prepare release spring-security-3.0.0.RELEASE
2009-12-22 22:19:38 +00:00
Luke Taylor
a7770a64d3
Update cas server version in runall.sh
2009-12-22 21:31:26 +00:00
Luke Taylor
aad7d01c84
Updated CAS server version for sample use to 3.3.5
2009-12-22 19:35:20 +00:00
Luke Taylor
fcce29f8df
SEC-1326: Updating dependencies to match Spring versions. Removing unused deps.
2009-12-21 17:32:38 +00:00
Luke Taylor
aeed49393c
Switching StringBuffer to StringBuilder throughout the codebase (APIs permitting).
2009-12-18 18:44:42 +00:00
Luke Taylor
fac07ba8ff
Schema updates to Spring 3.0
2009-12-18 18:44:17 +00:00
Luke Taylor
85a58fd473
SEC-1331: Modify namespace to allow omission of user passwords in user-service element and generate random ones internally, preventing authentication against the data..
2009-12-18 15:39:13 +00:00
Luke Taylor
520e733cb2
[maven-release-plugin] prepare for next development iteration
2009-12-08 21:19:41 +00:00
Luke Taylor
f2cf17bd49
[maven-release-plugin] prepare release spring-security-3.0.0.RC2
2009-12-08 21:19:20 +00:00
Luke Taylor
94d185a6be
Updated slf4j version in ldap sample
2009-12-08 20:24:12 +00:00
Luke Taylor
5546698fef
SEC-1253: Decouple spring-security-config module from spring-security-web. Added ClassUtils.isPresent() check for FilterChainProxy before attempting to register web-related parsers and decorators. Added use of namespace to dms sample for testing.
2009-11-17 23:39:42 +00:00
Luke Taylor
4d8956a227
SEC-1288: Changed claimedIdentityFieldName in OpenIDAuthenticationFilter to "openid_identifier", as recommended by the 2.0 spec.
2009-11-17 22:05:38 +00:00
Luke Taylor
8f5c414b00
Improve cleanup in sample script
2009-10-17 13:00:24 +00:00
Luke Taylor
3f963ef8ca
Restore versions and svn URLs in trunk (release plugin fail)
2009-10-11 21:59:38 +00:00
Luke Taylor
af563e826c
[maven-release-plugin] prepare release spring-security-3.0.0.RC1
2009-10-11 21:43:42 +00:00
Luke Taylor
5f3ff97ce0
Disable aspectj sample
2009-10-11 21:39:14 +00:00
Luke Taylor
cf5e713812
Fixes to samples and improved test workout script
2009-10-10 23:50:33 +00:00
Luke Taylor
cb643f73de
Tidying up.
2009-10-07 21:08:57 +00:00
Luke Taylor
1286741c7c
SEC-1259: Improve consistency of authentication filter names.
2009-10-07 14:43:55 +00:00
Luke Taylor
1042305cfe
Renamed web.wrapper to web.servletapi. Added some package.html files.
2009-10-05 16:59:37 +00:00
Luke Taylor
7247902911
SEC-1229: Updated sample and itest namespace concurrency configs.
2009-09-29 16:18:01 +00:00
Luke Taylor
aa153681bf
SEC-1229: Added session-management element to namespace and refactored existing session-related attributes and concurrency control. Refactored <http> parsing code to split it up into more manageable units.
2009-09-29 00:29:09 +00:00
Luke Taylor
3f70d79df5
SEC-1022: Remove use of static methods/initializers in Acl Permissions. Converted PermissionFactory to a strategy which is used to convert integers and names to Permission instances.
2009-09-16 12:45:53 +00:00
Luke Taylor
731402e9f5
SEC-525: [PATCH] Add AccessCheckerTag based on URL resource access permissions. Added functionality to "authorize" tag to allow evaluation of whether a particual url is accessible to the user. Uses a WebInvocationPrivilegeEvaluator registered in the application context.
2009-09-16 00:23:13 +00:00
Luke Taylor
b531a81176
SEC-1246: Introduce EL-based authorization tag. Added optional access expression to authorize tag.
2009-09-15 16:34:05 +00:00
Luke Taylor
1d00b92d25
Removed portlet sample
2009-09-09 20:53:19 +00:00
Luke Taylor
aec730ae7e
SEC-1238: Disable portlet module
2009-09-09 20:03:00 +00:00
Luke Taylor
5bdfd8cd77
Tidying imports etc to remove compiler warnings.
2009-09-05 14:14:58 +00:00
Mike Wiesner
ed0686cacf
Upgraded to AspectJ 1.6.5 and fixes some maven plugin config bugs
2009-09-04 15:25:23 +00:00
Mike Wiesner
a1751aec2c
SEC-1232: Added the aspect library needed for <global-method-security mode="aspectj"/> and a small sample
2009-09-04 13:53:55 +00:00
Luke Taylor
0d7b990e0a
SEC-1184: Moved ACL cache classes and interface out of jdbc package.
2009-08-31 22:15:37 +00:00
Luke Taylor
092d7b5c2b
Fix CAS filter configuration.
2009-08-25 20:26:12 +00:00
Luke Taylor
5a8772df5b
Reset pom versions post release
2009-08-21 12:02:49 +00:00
Luke Taylor
0e5aa7008d
[maven-release-plugin] prepare release spring-security-3.0.0.M2
2009-08-20 15:51:26 +00:00
Luke Taylor
984b2835d6
Update CAS sample to use new namespace syntax for authentication providers.
2009-08-20 14:58:59 +00:00
Luke Taylor
48988bde84
SEC-935: Support for OpenID attribute exchange and changes to namespace syntax to allow simple configuration of attributes to request.
2009-08-13 23:55:25 +00:00