4717b64b83
Updated Siteminder auth processing filter and added test case. As of this weekend, this version is in production at a large financial org.
2005-09-25 22:48:33 +00:00
0f5e9ad372
Fix NPE. Thanks to Tom Dunstan.
2005-09-22 01:49:12 +00:00
f5741962ed
Add createSessionAllowed property, which should be set to false to avoid unnecessary session creation.
2005-09-22 00:54:27 +00:00
60d3b6505b
Finalizing the validation, entry point and channel processor concerning captchas. Replacing the Thread.sleep() in captchaChannelProcessorTest to avoid the build break issue.
2005-09-20 12:24:47 +00:00
fb3f4af3b2
when extracting the original user, fix by referencing by the interface (UserDetail) rather than the concrete class (User)
2005-09-20 02:28:01 +00:00
24394b7b2b
added fix to preserve custom UserDetails implementations (Matt DeHoust fix recommendation)
2005-09-19 02:22:44 +00:00
d44b570087
Disable failing tests until Marc-Antoine has a chance to look at them.
2005-09-18 22:38:37 +00:00
ae9e7733db
Fix broken tests.
2005-09-18 22:38:05 +00:00
35ca25f085
BasicAuthenticationProcessingFilter no longer creates HttpSession via WebAuthenticationDetails call.
2005-09-08 11:15:48 +00:00
c7dcceb05c
Do not setAuthenticated(false) in the event of a public (unsecured) invocation. Thanks to Joseph Dane for reporting this issue on acegisecurity-developer on 3 September 2005.
2005-09-08 09:32:24 +00:00
486bbee35d
added context path to redirect
2005-09-03 21:43:08 +00:00
9d359780d9
finish user context switch event publishing
2005-09-03 20:24:35 +00:00
20ebb668a6
Added event for user context switching and updated switch user filter
2005-08-25 02:59:19 +00:00
55f5c3397a
Relocated JdbcDaoExtendedImpl.convertAclObjectIdentityToString to superclass (pursuant to suggestion made by Tim Kettering on acegisecurity-developer).
2005-08-23 22:45:17 +00:00
2bda6ec25c
Fix: SEC-48 http://opensource2.atlassian.com/projects/spring/browse/SEC-48
...
If the principal is an instanceof UserDetails, UserDetails.getUsername();
2005-08-23 15:15:06 +00:00
40a81ed220
Revisit synchonization issue and correct problem identified by Volker Malzahn.
2005-08-21 10:10:16 +00:00
ec5e39c2e8
Initial checkin of user security context switching (see SEC-15). This is the first cut of the SwitchUserProcessingFilter that handles switching to a target uesr and exiting back to the original user. Note: This is going to be used for the common use-case of an Administrator 'switching' to another user (i.e. ROLE_ADMIN -> ROLE_USER). This is the initial cut of a Unix 'su' for Acegi managed web applications.
2005-08-04 05:49:12 +00:00
725ec767b6
Javadoc typo corrected (as suggested on mailing list)
2005-08-01 20:05:02 +00:00
c2c48b905b
Added package.html files to reamining java packages (see http://opensource.atlassian.com/projects/spring/browse/SEC-41 )
2005-07-26 01:54:18 +00:00
f5975dcf30
Whoops, almost forgot to remove System.out debug lines :-/
2005-07-26 00:55:53 +00:00
891cd7380c
Mirrored Ben's FilterChainProxy.java 1.5 spelling fix to its corresponding test class, which depended on equality of the exception message. All JUnit tests pass now.
2005-07-26 00:50:43 +00:00
dc31553f2a
Syntax
2005-07-25 22:49:05 +00:00
db4ed4bc44
Added debug statement to AbstractTicketValidator to help with Acegi+CAS+SSL setup (thanks Seth Ladd for the patch) (see http://opensource.atlassian.com/projects/spring/browse/SEC-34 )
2005-07-25 03:46:23 +00:00
c66c5dfab5
AuthorizeTag no longer depends on JDK 1.4. Tested on Websphere 5.0 w/JDK 1.3 (see http://opensource.atlassian.com/projects/spring/browse/SEC-11 )
2005-07-25 00:52:15 +00:00
32f62d1ef1
Added SiteminderAuthenticationProcessingFilter for Ben's review. <Untested>.
2005-07-24 23:59:08 +00:00
f625d06cd9
Avoid expense of HttpSession when working with anonymous users.
2005-07-23 09:52:42 +00:00
4ad98a7df3
Spelling correction, thanks to Zack Chandler.
2005-07-23 07:40:43 +00:00
c5ba30b001
Comment how to make a signing certificate.
2005-07-23 07:39:56 +00:00
4b98d357ff
SecureContextLoginModuleTest has been renamed to ...Tests as per Acegi project.
...
SecureContextLoginModule now throws a LoginException if there is no authentication present, if the ignoreMissingAuthentication option is true, the login() method will simply return false.
2005-07-22 04:35:31 +00:00
e51c38aec9
Removed reference in Javadoc to obtaining and validating the SecureContext (checking for null etc), as this is no longer relevant.
2005-07-21 22:59:30 +00:00
c89d4a8add
Added trimming of whitespace to tokens and use of Springs StringUtils.hasText() to check for content in the string passed to setAsText.
2005-07-21 22:55:27 +00:00
3287439421
Initial commit for captcha adapter
2005-07-19 12:35:50 +00:00
74588c8e53
Move acegifier code from core.
2005-07-16 19:35:30 +00:00
5bbc54ac42
Javadoc typo corrected
2005-07-15 14:28:44 +00:00
d9b1a8e83c
Fix typo in InteractiveAuthenticationSucces(s)Event
2005-07-11 01:23:20 +00:00
c7bfeeaf58
Clarify local variable name given it was the same as a member variable.
2005-07-11 01:19:41 +00:00
ab065923d4
Correct doctype for generated web.xml files and add declaration to test file.
2005-07-09 23:32:08 +00:00
22a28f3b39
Separate InMemoryResource class for use in Acegifier web application.
2005-07-09 21:37:50 +00:00
7268c81192
Fix for SEC-27. Now checks for a null authentication before proceeding to fire the success event.
2005-07-08 21:16:12 +00:00
f1656ee7fd
Tidying: removed unused intermediate variable.
2005-07-08 21:10:26 +00:00
6f467def90
Added conversion of URLs ending in '*' to the ant '**' form.
2005-07-06 17:22:19 +00:00
9e1a773cc7
Add xsl resources to build.
2005-07-06 15:22:52 +00:00
d13faf0815
Renaming and refactoring of web.xml converter.
2005-06-30 21:23:50 +00:00
118f6401d8
XSL file for converting web.xml to acegified version.
2005-06-29 23:00:54 +00:00
a2bc398915
Refactoring and commenting XSL
2005-06-27 21:56:13 +00:00
3e4a29eae9
FilterSecurityInterceptor now has an observeOncePerRequest boolean property, allowing multiple fragments of the HTTP request to be individually authorized (see http://opensource.atlassian.com/projects/spring/browse/SEC-14 ).
2005-06-27 03:57:31 +00:00
5c883e639f
Add InteractiveAuthenticationSuccessEvent handling to authentication mechanisms.
2005-06-27 03:34:36 +00:00
60f8095cf2
Make Authenticated.isAuthenticated() behaviour switchable. See http://opensource.atlassian.com/projects/spring/browse/SEC-13 .
2005-06-27 03:05:26 +00:00
ef8281f534
HttpSessionContextIntegrationFilter elegantly handles IOExceptions and ServletExceptions within filter chain (see http://opensource.atlassian.com/projects/spring/browse/SEC-20 ).
2005-06-27 02:55:01 +00:00
25fa471779
First version of web.xml to acegi translator
2005-06-26 17:30:36 +00:00
a312fede74
Refactor DAO authentication failure events under a consistent abstract superclass (thanks to Mark St Godard for suggestion).
2005-06-22 08:07:52 +00:00
c0f1d4e19d
Remove getters and setters from JdbcDaoImpl so IoC container cannot modify MappingSqlQuerys (thanks to David Durham for bug report).
2005-06-22 08:06:28 +00:00
a15691d9d7
Silently catch NotSerializableException in AbstractProcessingFilter if rootCause is not Serializable (thanks to Joseph Dane for reporting this bug).
2005-06-22 07:03:53 +00:00
5f75e9bf9a
Refactor Authentication.isAuthenticated() handling to be more performance (as per developer list discussion).
2005-06-22 06:30:46 +00:00
a7b5299e77
Correct synchronization issue with FilterToBeanProxy initialization (thanks to George Franciscus and Volker Malzahn as per acegisecurity-developer discussion 4 June 2005).
2005-06-22 05:22:05 +00:00
c699f7d40e
Support non-username as primary key.
2005-05-29 09:46:51 +00:00
25cb085df7
More JavaDocs.
2005-05-29 08:30:28 +00:00
3401072368
Made Serializable as per acegisecurity-developer list discussion on 20 May 2005.
2005-05-22 03:56:37 +00:00
4e55780e7c
Performance optimisations thanks to Paulo Neves.
2005-05-20 00:00:22 +00:00
cfb8271826
Reorder DaoAuthenticationProvider exception logic as per developer list discussion.
2005-05-18 01:40:45 +00:00
ecbfac2ff8
Made AclEntry Serializable (correct issue with BasicAclEntryCache).
2005-05-17 11:07:00 +00:00
fa6924a373
Update project workspace settings to Java 1.5. NB: Maven remains at 1.3 compatibility for all subprojects except "domain". It is recommended the Eclipse "Problems" view be customised to not display items containing "Type Safety:" in their description. Developers should NOT introduce 1.5+ dependencies to any projects apart from "domain".
2005-05-09 01:18:31 +00:00
e08e66dec6
Refactor SecurityContextHolder to return a SecurityContext instead of Authentication.
2005-05-08 23:42:14 +00:00
6a9abe5d90
Remove ContextHolder and introduce SecurityContext.
2005-05-07 09:11:37 +00:00
47989c11bd
HttpSessionEventPublisher now verifies that the ApplicationContext is not null
2005-05-02 20:31:18 +00:00
d169829f27
AbstractAuthenticationToken.getName() now returns username alone if UserDetails present.
2005-04-29 22:29:00 +00:00
54ccbf5617
The SecurityEnforcementFilter was forced to catch Throwable by the FilterInvocation.invoke(...) method. Therefore it was wrapping the throwable in ServletException, which left it wrapping SevletException and IOException in ServletException.
2005-04-29 02:53:02 +00:00
2c23c75f91
SecureContextLoginModule as requested from list with Test
2005-04-27 04:47:41 +00:00
6f286e2054
AuthorityGranter.grant now returns a java.util.Set of role names, instead of a single role name
2005-04-27 03:39:06 +00:00
c29a5731be
Moved credential expiry checking after password check. If the wrong password is presented, BadCredentialsException will now be thrown even if the password has expired.
2005-04-25 23:11:12 +00:00
cff9ba4988
AnonymousProcessingFilter offers protected method to control when it should execute as per http://forum.springframework.org/viewtopic.php?p=19766 .
2005-04-21 23:02:58 +00:00
4e1649c2b7
Fix NullPointerException caused by unit tests.
2005-04-20 12:39:14 +00:00
1fc79f04f1
Added AntPathMatcher member to bring into line with recent Spring refactoring which breaks the build.
2005-04-18 23:10:54 +00:00
48ad6496e4
Javadoc typo corrected
2005-04-18 16:24:33 +00:00
ee32874308
Added X509 EhCache tests and fixed glaring bug in X509 EhCache implementation.
2005-04-17 22:18:01 +00:00
ec80ae22c1
Templated out event publishing. Added getApplicationContext(). Fixed javadoc formatting
2005-04-17 14:13:13 +00:00
1a78f9e15f
Refactored to use Spring Assert class (thanks IntelliJ :).
2005-04-15 01:21:41 +00:00
fdf5c63033
Add obtainUsername method as per http://forum.springframework.org/viewtopic.php?t=4757 .
2005-04-13 22:17:05 +00:00
8091b60194
Improve Javadocs.
2005-04-12 04:19:09 +00:00
f2788c7cb6
Refactored to use Spring Assert class. Corrected some typos.
2005-04-11 01:18:46 +00:00
3d4f8eed31
Refactoring to use Spring mock web classes.
2005-04-11 01:07:04 +00:00
d6f2b136ec
Refactored to use Spring mock classes.
2005-04-09 23:37:18 +00:00
458a2c9e39
Refactored to use Spring mock classes.
2005-04-09 23:24:22 +00:00
021abb7369
Added check for "path parameters" to ensure the filterProcessesUrl matches rewritten URLs with a jsessionid included. Refactored property checking to use Spring Assert class.
2005-04-09 22:50:06 +00:00
eaa5feb5f8
Refactored to use Spring mock objects for HttpRequest etc.
2005-04-09 21:48:47 +00:00
204da55a0b
PasswordDaoAuthenticationProvider no longer stores String against Authentication.setDetails().
2005-04-03 21:48:45 +00:00
9649003d57
AbstractProcessingFilter no longer uses a set*FailureUrl approach for every exception, it now uses a properties object that maps authenticationExceptions to failure urls
2005-03-28 17:42:21 +00:00
798ebb1a3d
Correct NullPointerException as fixture missing an ApplicationContext and attempting to publish an event.
2005-03-27 08:40:09 +00:00
684d5bc10e
Handle null Authentication.getAuthorities() in AuthorizeTag.
2005-03-27 06:36:41 +00:00
8ae2276843
TokenBasedRememberMeServices changed to use long instead of int for tokenValiditySeconds.
2005-03-25 22:07:00 +00:00
10c1926385
Added the ConcurrentSessionViolationEvent that will be published by the ConcurrentSessionControllerImpl before throwing the ConcurrentSessionViolationException
2005-03-25 00:53:46 +00:00
8884ca51af
Add credentialsExpiredFailureUrl getter/setter to AbstractProcessingFilter.
2005-03-23 23:22:51 +00:00
9f66c0eae9
Update to current Spring JAR dependencies.
2005-03-22 11:17:22 +00:00
c936801842
DigestProcessingFilter now provides userCache getter and setter.
2005-03-21 08:03:11 +00:00
0530351f0d
Provide toString() method on User.
2005-03-21 05:33:51 +00:00
a2b9da7e22
StringSplitUtils.split() ignored delimiter argument.
2005-03-21 05:14:48 +00:00
6f31ecb04b
UserDetails now indicates locked accounts.
2005-03-21 03:22:59 +00:00
ae47fb722d
sendError now returns less informative forbidden message rather than the exception message.
2005-03-20 19:12:51 +00:00
944d11bb1a
Changed to using DN in cache log messages rather than entire certificate.
2005-03-19 18:07:24 +00:00
918fc7c15a
License header added.
2005-03-18 01:00:36 +00:00
e755687a19
Updated to use Spring Assert class.
2005-03-18 00:59:32 +00:00
2a6c68deb6
Entry point tests
2005-03-18 00:52:23 +00:00
a056946c49
HttpSessionContextIntegrationFilter now handles HttpSession invalidation without redirection.
2005-03-18 00:50:12 +00:00
8592e3bcbf
Added tearDown method which resets the Context to null
2005-03-18 00:45:48 +00:00
04366d2b12
Corrected Javadoc
2005-03-18 00:33:30 +00:00
07e46fe4d5
Proper handling if the account is no longer allowed login.
2005-03-18 00:06:09 +00:00
748f427a80
Prove SecureContextImpl.equals works as we want it to, in light of HttpSessionContextIntegrationFilter's attempts to avoid unnecessary HttpSession creation.
2005-03-17 23:35:29 +00:00
abe9dfd234
Added caching and use of Spring's Assert to X509 provider
2005-03-17 21:43:42 +00:00
90914be3c2
Import cleaning
2005-03-17 19:58:08 +00:00
7db94cb5b7
X509 UserDetails cache interface and implementation
2005-03-17 19:57:12 +00:00
7c6a2911c9
Added package.html files
2005-03-17 19:49:18 +00:00
562a015aeb
Javadoc typo corrected.
2005-03-17 14:14:18 +00:00
cacc31004f
Javadoc typo corrected.
2005-03-16 23:31:19 +00:00
bb7d428617
Commence method now returns 403 error
2005-03-16 18:26:41 +00:00
452604ff3b
Minor Javadoc corrections.
2005-03-16 16:57:28 +00:00
52c42a7a40
Corrected Authz parsing of whitespace in GrantedAuthoritys. Contributed by Francois Beausoleil.
2005-03-14 06:09:33 +00:00
632617f693
Test that the ConcurrentSessioncontrollerImpl implements ApplicationListener. This is critical and was left out once.
2005-03-13 22:35:17 +00:00
ff45047f5a
This MUST implement ApplicationListener in order to receive the HttpSessionDestroyedEvents
2005-03-13 22:30:06 +00:00
169449bf24
In response to: http://forum.springframework.org/viewtopic.php?t=3874
...
JaasAuthenticationProvider now checks that the java.security.auth.login.config is null before attempting to use it.
Also, The loginConfig resource is attempted as a file first as spaces in the path name can cause FileNotFoundExceptions for URLs
2005-03-13 22:26:56 +00:00
df91d352cb
AbstractBasicAclEntry improved compatibility with Hibernate, as per http://forum.springframework.org/viewtopic.php?t=3949 .
2005-03-13 21:01:16 +00:00
f594fdf751
Tidying and tests to bring Dao populator up to full coverage.
2005-03-12 21:56:04 +00:00
76f868c777
More tests.
2005-03-12 21:27:22 +00:00
765cc02599
Tidying.
2005-03-12 21:24:55 +00:00
9f62da7d1c
Better test method names.
2005-03-12 21:20:43 +00:00
0a4fc1731a
Tests added to bring X509ProcessingFilter up to full coverage.
2005-03-12 20:47:58 +00:00
c3c5487b93
Now sets WebAuthenticationDetails on authentication request token.
2005-03-12 20:46:58 +00:00
acee1ef696
Added "details" property
2005-03-12 20:40:05 +00:00
5d1cd29dfb
Added tearDown method which resets the context to null to prevent occasional breaking of other test classes.
2005-03-12 13:44:00 +00:00
f578915728
Test class for X509 filter.
2005-03-11 17:42:39 +00:00
af02c42e9f
First version that works.
2005-03-11 03:15:54 +00:00
fbb4bc0873
Added regexp matching within the DN to extract the user name.
2005-03-11 02:47:43 +00:00
29050b29b2
Dao populator tests for X.509. Tests matching of regexps in the certificate Subject to extract the user name.
2005-03-11 02:08:07 +00:00
4763f953d3
FilterChainProxy now supports replacement of ServletRequest and ServetResponse by Filter beans.
2005-03-11 01:41:43 +00:00
5c86b97f37
First working (kind of) version.
2005-03-11 00:39:36 +00:00
c5fe428400
Patch by Matt Raible which returns null if Authentication is anonymous.
2005-03-10 12:00:30 +00:00
b898b87ffb
Enhance test coverage as part of diagnosis of reported bug at http://forum.springframework.org/viewtopic.php?p=15751 .
2005-03-10 11:39:32 +00:00
15535fff41
SecurityEnforcementFilter caused NullPointerException when anonymous authentication used with BasicProcessingFilterEntryPoint.
2005-03-10 11:11:25 +00:00
08dbf66880
(Currently functionless) entry point implementation for X.509
2005-03-10 03:21:25 +00:00
aabcef4c69
Dao populator for X509, mirroring the CAS one.
2005-03-10 03:20:25 +00:00
fea1725f39
Removed inappropriate inheritance from AbstractProcessingFilter (doesn't make sense for X509 case).
2005-03-10 03:16:45 +00:00
ae91b58685
First stab at X509 authentication provider
2005-03-09 02:14:30 +00:00
da3801b914
Javadoc improvements.
2005-03-09 02:02:05 +00:00
559f480f4b
Corrected Javadoc typos.
2005-03-07 22:35:28 +00:00
ab6d43ff08
Corrected Javadoc typo.
2005-03-07 16:53:42 +00:00
051a34f859
Support credentialsExpiredUrl as per request made in http://forum.springframework.org/viewtopic.php?t=3862 .
2005-03-07 12:23:48 +00:00
5c3799cd16
Changed "opal ticket" to "opaque ticket" in Javadoc.
2005-03-05 19:48:02 +00:00
124f33bb09
Corrected Javadoc typo
2005-03-05 18:27:05 +00:00
6b12779902
Minor Javadoc corrections
2005-03-05 18:23:04 +00:00
4ef54828c0
corrected javadoc link
2005-03-05 01:05:23 +00:00
f1e071b0f1
Added remember-me services.
2005-03-01 02:30:38 +00:00
Scott McCrory
Ben Alex
Marc-Antoine Garrigue
Mark St. Godard
Ray Krueger
Luke Taylor