0974e21fb6
SEC-1379: Added creation of a session if session timeout is detected (requested session ID is invalid).
...
This prevents problems with repeated detection of the same invalid session when the redirected request comes in.
2010-01-23 02:12:30 +00:00
a5dde8b28f
Updated doc on invalid session detection.
...
Invalid session URL must typically be omitted from the filter chain to prevent an infinite loop.
2010-01-17 14:41:24 +00:00
51dfc0fb39
Set versions to 3.0.2-CI-SNAPSHOT, post release.
2010-01-15 18:15:19 +00:00
05634f97dc
Updated version numbers for 3.0.1 release.
2010-01-15 18:04:28 +00:00
b323098167
Added gradle build files for taglibs, tutorial, contacts and openid.
...
Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).
2010-01-10 23:31:23 +00:00
e211f9b35f
SEC-1349: Allow configuration of OpenID with parameters which should be transferred to the return_to URL.
...
The OpenIDAuthenticationFilter now has a returnToUrlParameters property (a Set). If this is set, the named parameters will be copied from the incoming submitted request to the return_to URL. If not set, it defaults to the "parameter" property of the AbstractRememberMeServices of the parent class. If remember-me is not in use, it defaults to the empty set.
Enabled remember-me in the OpenID sample.
2010-01-09 01:04:13 +00:00
052537c8b0
Removing $Id$ markers and stripping trailing whitespace from the codebase.
2010-01-08 21:05:13 +00:00
be72ed1350
Remove commented out beans from contacts sample app context.
...
These were left when the app was updated to use Spring MVC @Controller syntax and scanning.
2010-01-06 22:21:34 +00:00
893f212fa5
Tidying
2010-01-02 19:53:19 +00:00
115d5b84ff
[maven-release-plugin] prepare for next development iteration
2009-12-22 22:20:01 +00:00
6c6ef08353
[maven-release-plugin] prepare release spring-security-3.0.0.RELEASE
2009-12-22 22:19:38 +00:00
a7770a64d3
Update cas server version in runall.sh
2009-12-22 21:31:26 +00:00
aad7d01c84
Updated CAS server version for sample use to 3.3.5
2009-12-22 19:35:20 +00:00
fcce29f8df
SEC-1326: Updating dependencies to match Spring versions. Removing unused deps.
2009-12-21 17:32:38 +00:00
aeed49393c
Switching StringBuffer to StringBuilder throughout the codebase (APIs permitting).
2009-12-18 18:44:42 +00:00
fac07ba8ff
Schema updates to Spring 3.0
2009-12-18 18:44:17 +00:00
85a58fd473
SEC-1331: Modify namespace to allow omission of user passwords in user-service element and generate random ones internally, preventing authentication against the data..
2009-12-18 15:39:13 +00:00
520e733cb2
[maven-release-plugin] prepare for next development iteration
2009-12-08 21:19:41 +00:00
f2cf17bd49
[maven-release-plugin] prepare release spring-security-3.0.0.RC2
2009-12-08 21:19:20 +00:00
94d185a6be
Updated slf4j version in ldap sample
2009-12-08 20:24:12 +00:00
5546698fef
SEC-1253: Decouple spring-security-config module from spring-security-web. Added ClassUtils.isPresent() check for FilterChainProxy before attempting to register web-related parsers and decorators. Added use of namespace to dms sample for testing.
2009-11-17 23:39:42 +00:00
4d8956a227
SEC-1288: Changed claimedIdentityFieldName in OpenIDAuthenticationFilter to "openid_identifier", as recommended by the 2.0 spec.
2009-11-17 22:05:38 +00:00
8f5c414b00
Improve cleanup in sample script
2009-10-17 13:00:24 +00:00
3f963ef8ca
Restore versions and svn URLs in trunk (release plugin fail)
2009-10-11 21:59:38 +00:00
af563e826c
[maven-release-plugin] prepare release spring-security-3.0.0.RC1
2009-10-11 21:43:42 +00:00
5f3ff97ce0
Disable aspectj sample
2009-10-11 21:39:14 +00:00
cf5e713812
Fixes to samples and improved test workout script
2009-10-10 23:50:33 +00:00
cb643f73de
Tidying up.
2009-10-07 21:08:57 +00:00
1286741c7c
SEC-1259: Improve consistency of authentication filter names.
2009-10-07 14:43:55 +00:00
1042305cfe
Renamed web.wrapper to web.servletapi. Added some package.html files.
2009-10-05 16:59:37 +00:00
7247902911
SEC-1229: Updated sample and itest namespace concurrency configs.
2009-09-29 16:18:01 +00:00
aa153681bf
SEC-1229: Added session-management element to namespace and refactored existing session-related attributes and concurrency control. Refactored <http> parsing code to split it up into more manageable units.
2009-09-29 00:29:09 +00:00
3f70d79df5
SEC-1022: Remove use of static methods/initializers in Acl Permissions. Converted PermissionFactory to a strategy which is used to convert integers and names to Permission instances.
2009-09-16 12:45:53 +00:00
731402e9f5
SEC-525: [PATCH] Add AccessCheckerTag based on URL resource access permissions. Added functionality to "authorize" tag to allow evaluation of whether a particual url is accessible to the user. Uses a WebInvocationPrivilegeEvaluator registered in the application context.
2009-09-16 00:23:13 +00:00
b531a81176
SEC-1246: Introduce EL-based authorization tag. Added optional access expression to authorize tag.
2009-09-15 16:34:05 +00:00
1d00b92d25
Removed portlet sample
2009-09-09 20:53:19 +00:00
aec730ae7e
SEC-1238: Disable portlet module
2009-09-09 20:03:00 +00:00
5bdfd8cd77
Tidying imports etc to remove compiler warnings.
2009-09-05 14:14:58 +00:00
ed0686cacf
Upgraded to AspectJ 1.6.5 and fixes some maven plugin config bugs
2009-09-04 15:25:23 +00:00
a1751aec2c
SEC-1232: Added the aspect library needed for <global-method-security mode="aspectj"/> and a small sample
2009-09-04 13:53:55 +00:00
0d7b990e0a
SEC-1184: Moved ACL cache classes and interface out of jdbc package.
2009-08-31 22:15:37 +00:00
092d7b5c2b
Fix CAS filter configuration.
2009-08-25 20:26:12 +00:00
5a8772df5b
Reset pom versions post release
2009-08-21 12:02:49 +00:00
0e5aa7008d
[maven-release-plugin] prepare release spring-security-3.0.0.M2
2009-08-20 15:51:26 +00:00
984b2835d6
Update CAS sample to use new namespace syntax for authentication providers.
2009-08-20 14:58:59 +00:00
48988bde84
SEC-935: Support for OpenID attribute exchange and changes to namespace syntax to allow simple configuration of attributes to request.
2009-08-13 23:55:25 +00:00
faa6be2011
SEC-935: Updated to OpenID4Java 0.9.5 release
2009-08-10 16:06:19 +00:00
5953af0f6b
SEC-1196: Change use of <authentication-manager> to actually register the global ProviderManager instance. This element now registers the global ProviderManager instance and must contain any authentication-provider elements (or ldap-authentication-provider elements).
2009-08-03 00:21:11 +00:00
0a37aed4b9
SEC-1207. Fixed class name in jsp
2009-07-22 16:37:22 +00:00
1afa67c954
SEC-1195: Added internal AuthenticationManager for use by beans which are generated by the <http> block.
2009-07-15 23:09:47 +00:00
Luke Taylor
Mike Wiesner