89eb74b1b2
Refer to 1.0.0 final.
2006-05-28 00:49:38 +00:00
f8545f4dc2
Added extra commenting to Ldap classes
2006-05-26 22:48:21 +00:00
a130b65937
Add package.html.
2006-05-23 14:04:33 +00:00
ab12817b7a
SEC-97: Format Acegi Security source code in accordance with latest Jalopy configuration.
2006-05-23 13:38:33 +00:00
49800018e9
SEC-173: Expand on JavaDocs for ACLs which have no permission records.
2006-05-23 12:15:43 +00:00
92dbf836a1
SEC-259: Correct JavaDoc error.
2006-05-23 12:02:44 +00:00
563ac1324c
SEC-263: Stop polling voters after first one votes to deny.
2006-05-23 11:11:21 +00:00
07e805e342
SEC-262: Refactor common method into superclass.
2006-05-23 11:03:30 +00:00
d795836bf1
SEC-266: Handle -1 allowing unlimited logins, as per JavaDocs.
2006-05-23 10:49:23 +00:00
501eaadd09
SEC-267: Bug when working with CGLIB-generated classes.
2006-05-23 10:42:01 +00:00
a5d74ca2e1
SEC-260: Remove disused loggers.
2006-05-23 10:37:30 +00:00
4d24c88d1e
Enforce the setting of a LdapUserDetailsMapper on authenticators (rather than a general mapper) to make sure the correct type is returned and that the username is set before it is returned.
2006-05-22 23:40:29 +00:00
3eaed3ad44
Added additionalAuthenticationChecks implementation to make sure password is rechecked if Ldap is used with a user cache.
2006-05-22 23:37:54 +00:00
e30c3d7bd2
SEC-270: Make SavedRequest serializable.
2006-05-22 19:07:57 +00:00
e5b79f1f95
Make getGroupMembershipRoles method public for convenience.
2006-05-22 19:06:19 +00:00
53b6735c3e
Make sure the username and password are set on the final UserDetails object returned by the provider.
2006-05-21 03:03:50 +00:00
e1eac8f0ca
Added setters for rolePrefix and convertToUpperCase
2006-05-21 02:19:42 +00:00
c1e76b64bc
Chnaged to use setters in essence "copy constructor"
2006-05-21 02:17:14 +00:00
360e9908b7
Added test for empty or null username
2006-05-21 01:40:00 +00:00
d8a28d6068
Add call for setDerefLinkFlag
2006-05-21 01:32:37 +00:00
016ac8016c
Minor changes to increase coverage of methods
2006-05-21 01:23:34 +00:00
0d6b3ab9f3
Renamed 'execute' method in LdapCallback in line with Spring equivalents. Added some extra tests.
2006-05-21 01:06:37 +00:00
9623eb3d04
Correct log category package name
2006-05-20 23:45:54 +00:00
b5e9690735
Removed duplicate file.
2006-05-20 18:14:05 +00:00
577cc17764
Removed individual search controls setter methods in favour of supplying complete search controls object. Added comment for 'compare' method.
2006-05-20 18:02:04 +00:00
b8fa1ad906
Delete deprecated ldap classes (from previous package move)
2006-05-20 17:53:16 +00:00
316798ef9e
Made mock context factory a standalone class
2006-05-20 17:47:36 +00:00
859185eebd
Removed unused methods and added some extra tests.
2006-05-20 17:46:10 +00:00
2a24e4faf8
Deleted old version of LdapDataAccessException
2006-05-20 00:21:17 +00:00
7794ebf84b
Now extends Spring's DataAccessException
2006-05-20 00:18:01 +00:00
3583470a49
Now extends Spring's DataAccessException
2006-05-20 00:14:24 +00:00
3eea670efc
Exception translator IF for use in LdapTemplate
2006-05-19 23:22:55 +00:00
983afec70c
Added license.
2006-05-19 23:20:27 +00:00
ce1c59e924
Make template and search controls member variables.
2006-05-19 23:02:37 +00:00
d3e42c6f3f
Move conversion of roles to Strings into LdapTemplate
2006-05-19 22:29:17 +00:00
3239cd139e
SEC-251: use username as parameter {2} in group searches
2006-05-19 22:10:05 +00:00
46cc1bec1e
SEC-268: allow for delayed obtaining of app context reference
2006-05-19 21:38:26 +00:00
5d811c4a94
Removed "==true" in boolean conditional.
2006-05-19 19:29:59 +00:00
f546e2bbad
Remove default constructor as class is now only responsible for group searches which need the args version.
2006-05-16 23:38:48 +00:00
30d878b22e
Change essence class to use a new ArrayList for the authorities (list from Arrays.asList() doesn't support add method).
2006-05-16 23:35:15 +00:00
fc8ead3c54
Make sure populator roles are added rather than overwriting any roles loaded with the user entry.
2006-05-16 23:33:02 +00:00
f8db6a4c78
Switch LDAP tests back to embedded server and comment out apacheds-broken ones.
2006-05-15 21:20:50 +00:00
9219c6548e
SEC-264: Delete classes which are no longer used after LDAP changes.
2006-05-15 21:14:38 +00:00
65fe641900
SEC-264: changes to LDAP services.
2006-05-15 20:53:10 +00:00
db042046e9
Introduce LDAPUserDetails.
2006-05-15 19:34:57 +00:00
ab05cb95ff
SEC-239: changed order url is created in to reflect new processing filter url order
2006-05-04 19:31:28 +00:00
aee934812a
SEC-239: switched to encoding a url with response.encodeURL to get the jsession.
2006-05-04 19:27:57 +00:00
76ce826345
Remove spring transitive deps, add log4j
2006-05-03 17:38:19 +00:00
a7d7631f2f
Fixed potential problem with multiple userDn patterns.
2006-05-01 00:43:42 +00:00
f0b11109b4
Added tests for nameExists method
2006-05-01 00:41:07 +00:00
9f385eb1e0
Typo in Javadoc.
2006-05-01 00:40:18 +00:00
a468f03cae
Add functionality to LdapTemplate for checking that an entry exists, and for retrieving an entry as an object, mapped from its attributes.
2006-05-01 00:28:27 +00:00
3f0f45706c
Update Javadoc to include SSHA info.
2006-04-30 22:14:27 +00:00
def8a849a2
Added String-only 'compare' operation tests which now work with ApacheDS RC2 (unlike byte[] comparisons which are still broken).
2006-04-30 21:53:05 +00:00
98887f37da
Change to more appropriate inline inner class name.
2006-04-30 21:40:53 +00:00
0b2be28def
Added search method which will be used for finding roles.
2006-04-30 21:37:18 +00:00
91f5fc30be
SEC-258: Removed use of URI class
2006-04-30 19:45:37 +00:00
25c643970a
Change package names to match apacheds RC1.
2006-04-29 22:45:19 +00:00
a50695a1a8
Upgrade apacheds to RC1
2006-04-29 22:41:21 +00:00
890864ed00
SEC-194: Allow remember-me services to be used with BASIC authentication.
2006-04-28 08:54:54 +00:00
9b63051149
SEC-204: Improve startup time detection of errors by FilterInvocationDefinitionSourceEditor.
2006-04-28 08:41:55 +00:00
cc07f620df
SEC-257: ExceptionTranslationFilter to use AccessDeniedHandler.
2006-04-28 06:52:50 +00:00
21aaf2b9db
SEC-256: Contacts sample not displaying localized exceptions correctly.
2006-04-28 06:43:50 +00:00
d125569bd6
SEC-29: Save POST parameters on AuthenticationEntryPoint redirect.
2006-04-28 05:05:35 +00:00
22aa0e898f
SEC-243: SessionRegistry.getAllSessions() now accepts an "includeExpiredSessions" argument.
2006-04-27 23:26:19 +00:00
0648c65b0b
SEC-243: SessionRegistry.getAllSessions() now accepts an "includeExpiredSessions" argument.
2006-04-27 23:25:00 +00:00
d8a56d4e60
SEEC-255: Always create HttpSession before calling AuthenticationDetailsSource.
2006-04-27 23:11:56 +00:00
2af791a801
Error in javadoc concerning the default keyword
...
REQUIRES_CAPTCHA_BELOW_AVERAGE_TIME_IN_MILLIS_REQUESTS
2006-04-27 08:56:42 +00:00
81603832be
SEC-152: Strategy pattern for SecurityContextHoldder.
2006-04-27 08:31:32 +00:00
b05709df6a
SEC-152: Strategy pattern for SecurityContextHoldder.
2006-04-27 08:30:29 +00:00
88ff43017d
Added unit test for the overridden requiresAuthentication method
2006-04-27 02:24:30 +00:00
481a9377e4
Added NPE check for defaultTargetUrl in requiresAuthentication
2006-04-27 02:23:46 +00:00
8cc5dcde30
SEC-249: Support logout filter.
2006-04-26 23:36:03 +00:00
8400341399
Tidy up screwy formatting.
2006-04-26 21:19:20 +00:00
a7d0f88e01
Fixed no authority check so that it is after addCustomAuthorities
...
http://opensource.atlassian.com/projects/spring/browse/SEC-253
Also removed the unused logger
2006-04-26 16:22:38 +00:00
a47a342ce6
SEC-234: Allow pluggable AuthenticationDetailsSource strategy interface.
2006-04-26 05:24:49 +00:00
b1becf9277
SEC-242: Make logger reflect subclass, not superclass.
2006-04-26 04:56:46 +00:00
f4156a22bd
SEC-246: Enable late binding on DaoAuthenticationProvider.userDetailsService field.
2006-04-26 04:54:44 +00:00
d541c8e257
SEC-238: Add AuthenticationException to onUnsuccessfulAuthentication method signature.
2006-04-26 04:42:16 +00:00
540c7b2e6a
SEC-229: Allow external URLs from AbstractProcessingFilter.
2006-04-26 04:36:54 +00:00
97ac9f7e98
SEC-191: Look in parent bean factories for AclManager.
2006-04-26 04:26:04 +00:00
f6b7429947
SEC-187: Tidy up URL composition logic basedon default HTTP(S) ports.
2006-04-26 04:19:35 +00:00
307ac99ec5
SEC-199: Use ServletException.getRootCause() to extract any Acegi Security exceptions.
2006-04-26 04:11:05 +00:00
4e09777dec
SEC-247: Allow #NONE# to be used to specify paths that shouldn't have any filters fire.
2006-04-26 03:55:39 +00:00
185d63f23c
SEC-221: AbstractProcessingFilter.onPreAuthentication() should have exceptions caught.
2006-04-26 03:40:24 +00:00
6bae43d380
SEC-206: Include context root when generating cookies.
2006-04-26 03:35:33 +00:00
5d9ed78b50
SEC-147: Add processDomainObjectClass property to AfterInvocationProviders.
2006-04-26 03:30:27 +00:00
de4af379cc
SEC-252: Stop NPE if principal object is null.
2006-04-26 03:00:14 +00:00
fba45cb19e
SEC-208: Fix threading issue.
2006-04-26 02:54:18 +00:00
88e8e60861
[SEC-240] Moved log4j.properties to test folder to avoid including it in jar
2006-04-26 02:39:56 +00:00
5f79a25860
SEC-243: SessionRegistryImpl no longer incorrectly includes expired sessions.
2006-04-26 02:36:37 +00:00
948f79e2e2
SEC-219: Support complex tokenization scenarios.
2006-04-26 02:23:19 +00:00
14683dcbc7
SEC-190: Add hashCode() and equals() methods.
2006-04-26 01:41:10 +00:00
36c096858d
SEC-223: Improve hashCode() performance.
2006-04-26 01:31:17 +00:00
57aee4e605
SEC-218: Fix authentication exception cleanup of SecurityContextHolder.
2006-04-26 01:28:06 +00:00
8cff715599
SEC-222: Improve hashCode() to use XOR.
2006-04-26 01:18:42 +00:00
e39bd43541
SEC-217 - Improve Siteminder Filter - now authenticates on calls to both j_security_check and the default target URL if the user isn't already authenticated. Thanks Paul Garvey for determining this and providing solution code.
2006-04-25 23:19:30 +00:00
e44c5e66d3
As per SEC-193, removed unnecessarily overridden methods.
2006-04-25 23:01:04 +00:00
465f76cb22
Resolve some compilation problems with m2
2006-04-25 16:31:48 +00:00
7d250eda78
Use latest directory server version
...
Set test scope to spring mock
2006-04-25 04:46:19 +00:00
719d3af879
SVN updates.
2006-04-25 00:22:00 +00:00
4d9f99acc4
Added getter for authoritiesPopulator. Fix for SEC-227.
2006-04-18 23:44:07 +00:00
596882804f
First commit of LdapTemplate class, a la Spring JdbcTemplate, as suggested by Ben to simplify Ldap connection handling etc.
2006-04-18 22:34:04 +00:00
3d51c46575
Added license header.
2006-04-18 22:27:17 +00:00
f61a58d98b
Added a couple more tests.
2006-04-16 21:18:12 +00:00
7a0a87a167
Added support for LDAP SSHA (salted SHA) encoded passwords.
2006-04-16 21:12:39 +00:00
c6dd545de0
Javadoc change.
2006-04-16 17:11:44 +00:00
e5bef3f31b
Added doc for @throws
2006-04-16 17:11:06 +00:00
9c8a4c2f74
Fix for SEC-237. Make LDAP Provider reject empty username.
2006-04-16 16:41:08 +00:00
743cc9fec7
Fix for SEC-215. Check for empty nameInNameSpace before appending.
2006-04-16 16:11:02 +00:00
d5885baf6b
Added some comments.
2006-04-16 16:00:32 +00:00
3f06c51379
Fix for SEC-225. Allow empty search base in authorities populator.
2006-04-16 15:37:48 +00:00
48716af20a
Removed unnecessary package names left over from refactoring.
2006-04-16 15:25:33 +00:00
072a4c3d18
Fix for SEC-226. Added ability to set derefLinkFlag property.
2006-04-16 15:15:55 +00:00
267c846e12
Sort out LDAP tests to match up with moved production classes.
2006-04-16 14:31:13 +00:00
bf4fca9126
Move non security-specific LDAP classes to org.acegisecurity.ldap package
2006-04-16 14:26:46 +00:00
7c69668589
Deprecated, pending deletion.
2006-04-16 14:12:23 +00:00
bbd250e442
Modified to use classes from org.acegisecurity.ldap package
2006-04-16 14:05:28 +00:00
7f24e209a6
Move non security-specific LDAP classes to org.acegisecurity.ldap package
2006-04-16 13:56:36 +00:00
0c1ab7f98c
Corrected a couple of Javadoc typos.
2006-04-15 12:32:50 +00:00
9a8fdcd269
SEC-196
...
updated references to Yale CAS to JA-SIG CAS
2006-03-28 15:41:20 +00:00
b0d4cbceac
updated javadoc to reflect proper value of getPrincipal
2006-03-28 14:05:57 +00:00
3d0f746719
SEC-224
...
updated CasAuthenticationToken to be consistant with approach taken by other providers with regards to authentication.getPrincipal()
2006-03-14 16:15:51 +00:00
51f1b33af9
SEC-209: Make eventPublisher protected.
2006-03-07 13:04:12 +00:00
7e7920ce00
Fix for SEC-202. Intialize manager password to default "manager_password_not_set".
2006-02-28 17:47:55 +00:00
5607da8d67
updated references from Yale CAS to JA-SIG CAS
2006-02-27 13:52:41 +00:00
6abceb7ab0
Additional changes related to SEC-192 (avoiding session creation when creating WebAuthenticationDetails). Also fixed Jalopy chaos in SwitchUserProcessingFilter.
2006-02-20 00:37:39 +00:00
52a212e609
Removed "== true" in boolean.
2006-02-20 00:27:36 +00:00
5475ab0575
Modify AbstractAuthenticationManager to transfer the details object from authentication request to the resulting authentication token, provided it has not already been set on the latter by an authentication provider.
2006-02-19 23:50:21 +00:00
c88b9093c0
Remove unnecessary check for null.
2006-02-19 22:35:37 +00:00
ee41d24447
Javadoc correction.
2006-02-19 22:23:04 +00:00
e12c8310eb
Remove unnecessary default constructors which throw IllegalArgumentException. Favours compile time over runtime errors.
2006-02-16 16:44:35 +00:00
4b4d4d3332
Added some uses of Spring Assert class and removed one to prevent unnecessary StringBuffer creation.
2006-02-16 01:11:31 +00:00
84ccd89061
More readable javadoc.
2006-02-15 19:06:04 +00:00
cd7efaf567
Fix for SEC-189. Added getter for initialDirContextFactory.
2006-02-13 16:20:42 +00:00
6c29a6d17e
Added test for immutability of authorities array. Refactored standard authorities array into an instance field.
2006-02-13 16:16:43 +00:00
2ab5af0a69
SEC-188: Fix JavaDocs.
2006-02-12 06:29:53 +00:00
a28a932598
SEC-183: Minimise session creation as a consequence of SEC-168 and SEC-182 changes.
2006-02-09 23:04:29 +00:00
0282696202
SEC-182: Remember-me compatibility with concurrent session support.
2006-02-09 10:32:49 +00:00
b1dd784dee
SEC-180: BasicProcessingFilter should configurably ignore authentication failures.
2006-02-09 06:41:31 +00:00
e63b2ec9e6
Cleanup unused imports.
2006-02-09 06:00:25 +00:00
96196bd637
SEC-179: Upgrade to Spring 2.0-M2.
2006-02-09 05:36:06 +00:00
ae29498f75
SEC-158: X509 to support Authentication.isAuthenticated() as per usual contract.
2006-02-09 04:25:07 +00:00
79287999dc
SEC-178: Refactor AbstractAuthenticationToken.
2006-02-09 04:16:50 +00:00
74de83e5f1
SEC-177: Add hashCode() method.
2006-02-09 03:45:47 +00:00
c9cee6651c
SEC-176: Add hashCode() method.
2006-02-09 03:36:47 +00:00
ac457021b8
Inheritance doesn't seem to work, so added the groupId manually.
2006-02-09 03:13:58 +00:00
77be0009ad
Correct equals(Object) method handling if both objects have null getDetails().
2006-02-09 02:54:40 +00:00
78df09db8a
SEC-175: Add equals(Object) method.
2006-02-09 02:53:27 +00:00
dc959b1847
Fix for SEC-159. Added clearContext() method to SecurityContextHolder and refactored code to use it instead of putting an empty context into the holder.
2006-02-08 23:27:46 +00:00
8c0ce12332
SEC-169: Add SessionRegistry.getAllPrincipals() method.
2006-02-08 05:22:48 +00:00
3a01e48b17
SEC-174: Correct IE6 bug with AuthenticationProcessingFilterEntryPoint.
2006-02-08 04:58:50 +00:00
9d213f46a4
SEC-168: Prevent errors with concurrent session support.
2006-02-08 04:42:03 +00:00
1fa6ac0975
SEC-164: Copy Authentication.getDetails() to returned Authentication object.
2006-02-08 02:19:43 +00:00
2daea069f9
Refactoring of BindAuthenticator to allow an extended version which uses ppolicy controls. Added no-cause constructor in LdapDataAccessException for use in data parsing errors.
2006-02-08 02:17:44 +00:00
ca1bf5cc21
SEC-170: AbstractAclVoter to support JoinPoint.
2006-02-08 02:06:55 +00:00
eb7964f6e5
Clean imports.
2006-02-08 01:54:03 +00:00
fe88d6ec17
SEC-134 fix. Authorities array is now copied on access. Also refactored token classes to move authorities to the base class.
2006-02-08 01:24:38 +00:00
842ad929a4
Change search object to use constructor injection (SEC-165) .
2006-02-03 19:53:08 +00:00
436fcde10b
Change apacheds to version 0.9.4-SNAPSHOT, add slf4j-log4j12 dep
2006-02-02 19:58:46 +00:00
3036b5d46b
Spring mock is required for compilation
2006-02-01 19:16:46 +00:00
9771b7817a
SEC-144: Separate SecurityEnforcementFilter from FilterSecurityInterceptor.
2006-01-28 22:54:23 +00:00
fa4c2a6ade
Correct bug with SEC-120 location of where filter chain proceeds.
2006-01-28 22:52:17 +00:00
823f93fe3b
SEC-163: Fix ClassCastException bug in MethodInvocationUtils, and add test to prove correct functionality.
2006-01-28 21:33:35 +00:00
ce907f2ddc
SEC-153: Improve toString() method.
2006-01-28 01:30:46 +00:00
484b0e3a51
SEC-126: Initial commit of WebInvocationPrivilegeEvaluator feature.
2006-01-28 01:26:58 +00:00
0c89822c56
SEC-162: Properly handle null Authentication.
2006-01-28 01:24:52 +00:00
c8c7c24822
SEC-120: Remember-me to delegate to AuthenticationManager so authentication-specific behaviour (such as concurrent user management) can be applied.
2006-01-28 01:22:36 +00:00
9062b4c352
Improved solution to 1.4-compatible IllegalArgumentException with "cause" exception (as suggested on dev list).
2006-01-27 18:53:37 +00:00
fbe5957c23
Add support for ldaps:// urls. (Fix for SEC-146).
2006-01-27 18:28:13 +00:00
82be52cea0
SEC-123: Remove exception from no-arg constructor.
2006-01-27 05:26:46 +00:00
ea182f73fe
SEC-145: Include nested exception.
2006-01-27 05:17:13 +00:00
2459858f48
SEC-132: Refactor out getSessionId() to interface, so different Authentication.getDetails() implementations can be used.
2006-01-27 05:10:30 +00:00
07ed2ca2f0
Initial commit.
2006-01-27 05:09:57 +00:00
ab223b8423
SEC-156: Use getName() instead of toString() as getName() is always the username whereas toString() contains extra information if the Authentication.getPrincipal() has been converted to a UserDetails.
2006-01-27 04:52:46 +00:00
8f6275ab3e
SEC-155: BasicaclEntryCache to provide "remove from cache" support.
2006-01-27 04:42:39 +00:00
449e395181
Reformat code.
2006-01-27 04:42:15 +00:00
e675c89e28
Remove unused imports.
2006-01-27 04:41:32 +00:00
5e258cc201
SEC-161: Truncate everything after ? in URL.
2006-01-27 03:30:01 +00:00
49a917b08d
Remove extra dependency on Commons Lang. This dependency is only required by the domain subproject, not the core security project.
2006-01-27 03:18:34 +00:00
13a0784736
Replaced use of Java 1.5 IllegalArgumentException constructor.
2006-01-27 01:20:15 +00:00
2b0a65983d
Removed unused logger.
2006-01-26 20:48:49 +00:00
f9e043d43a
added commons lang dependency
2006-01-26 20:02:26 +00:00
17b3424b85
Javadoc typos.
2006-01-26 14:55:13 +00:00
4024f124b9
SEC-154: Support Hibernate/CGLIB modified domain objects.
2006-01-26 10:27:32 +00:00
a7ebe51fc8
SEC-135: Additional logging of votes in BasicAclEntryVoter.
2006-01-26 10:04:36 +00:00
f4c1b81a9c
SEC-150: Expand exception message.
2006-01-26 10:00:59 +00:00
37802e3748
SEC-138: Make exception output to Commons Logging, not system console.
2006-01-26 09:36:48 +00:00
10541fc9db
SEC-137: Correct stack overflow with MethodInvocation.createFromClass(Class, Method).
2006-01-26 09:28:30 +00:00
e5c538d1a5
SEC-125: Provide hashCode() method for AbstractAuthenticationToken.
2006-01-26 09:23:03 +00:00
63682a9c5d
Javadoc typos.
2006-01-25 17:04:58 +00:00
fe2f4e4a3b
Added setter method to allow connection pooling to be disabled.
2006-01-25 17:04:02 +00:00
b20c0a674a
Fixed NPE see SEC-143
2006-01-16 23:56:04 +00:00
38629f159a
Added default role option to authorities populator.
2006-01-13 21:13:53 +00:00
63dcdec1b7
Corrected more Jalopy screwy formatting.
2006-01-06 02:00:41 +00:00
22b0e1613c
Addition of package.html files. Minor formatting.
2006-01-05 19:59:04 +00:00
2f53f0e7d7
Message string changed to reflect class name changes.
2006-01-05 01:11:45 +00:00
affa500778
Message string changed to reflect class name changes.
2006-01-05 01:02:49 +00:00
d7ae1ad21b
Refactoring to reduce code duplication, remove config files and use JMock to enforce expectations on whether FilterChain proceeds or not.
2006-01-05 00:59:10 +00:00
0202b47346
Switched to using JMock methods for dummy objects.
2006-01-04 23:31:34 +00:00
4063a87dbf
Changed to use parent method for Mock creation rather than new operator.
2006-01-04 23:25:40 +00:00
f9d0ee209b
Changed FilterInvocationDefinitionSourceEditor to complain if the parsed URL or the config attribute is empty or null. Plus some comment tidying.
2006-01-04 21:35:10 +00:00
56bccf6070
Added MessageSource support for LDAP provider classes.
2006-01-03 20:31:19 +00:00
e81be72bd7
Changed test to use tested class rather than interface name. Added test for service detection style URLs.
2006-01-01 15:11:54 +00:00
1dfc42550f
Add spring-mock to dependency management
...
Add ldap dependencies
Simplify spring dependencies
2005-12-25 00:21:49 +00:00
6b1f97a381
Resolve compiler warnings.
2005-12-24 10:03:18 +00:00
b0d65259b6
Changed groupId to org.acegisecurity
2005-12-22 16:40:22 +00:00
f226dfb67f
Use ISO encoding to avoid problems
2005-12-22 16:27:44 +00:00
0c9e1769a4
Improved m2 poms
2005-12-22 15:54:37 +00:00
f662ed5890
Ignore eclipse project files
2005-12-22 13:41:33 +00:00
9b5aa159aa
Correct screwy formatting.
2005-12-22 01:42:27 +00:00
3977e3b822
Refactored to remove unnecessary null check in createSuccessAuthentication. Removed several legacy references to AuthenticationDao in Javadoc.
2005-12-22 01:30:53 +00:00
5b076c79d1
Changed to use a Set rather than array index to check for the presence of granted authorities as the ordering of the latter couldn't be guaranteed.
2005-12-22 01:22:09 +00:00
41a95b11cd
Corrected wrong package name in Javadoc.
2005-12-22 01:18:32 +00:00
8f725f7a74
Removed no-arg constructor from UsernamePasswordAuthenticationToken.
2005-12-22 01:16:16 +00:00
c378779610
Removed printStackTrace from expected exception.
2005-12-22 01:15:25 +00:00
09cef7adc2
Refactoring to remove encodeInternal method. Same as recent changes to SHA encoder.
2005-12-21 16:41:52 +00:00
2d1dd7b292
Restoring author/version tags, some minor comments.
2005-12-21 00:48:57 +00:00
20d69e2734
Tidying up some Jalopy weirdness.
2005-12-21 00:39:36 +00:00
dc728987f4
Changed LdapDataAccessException to extend AuthenticationServiceException.
2005-12-21 00:14:15 +00:00
0f678d53ba
Javadoc typo in tag.
2005-12-21 00:00:02 +00:00
911be66513
Move LdapUserSearch into main provider package and separate out its current implementation as it may be used for more than authentication.
2005-12-20 23:58:35 +00:00
b01bf0b878
Expanded Javadoc.
2005-12-20 23:26:38 +00:00
1549ec55b1
Switch to embedded context version of apache DS (no socket nonsense etc.)
2005-12-20 23:08:54 +00:00
9554dc50bc
Pull functionality for hiding UsernameNotFoundException's up into AbstractUserDetailsAuthenticationProvider.
2005-12-19 17:23:34 +00:00
929b08c085
Spring config for ApacheDS is no longer used.
2005-12-19 17:04:09 +00:00
069f78c00b
Move the apacheDS working directory to java.io.tmpdir
2005-12-19 17:01:25 +00:00
1f66750e24
Added support for multiple DN patterns. Changes to favour constructor injection for mandatory properties. Renamed LdapUserInfo to prevent confusion with UserDetails interface.
2005-12-18 21:14:27 +00:00
e3b728cc9a
Javadoc typos.
2005-12-18 15:02:17 +00:00
40f50498b2
Re-enable some tests which partially work with embedded ApacheDS.
2005-12-16 18:26:23 +00:00
bfb4fb81d4
Remove messages about existing data.
2005-12-16 02:47:47 +00:00
f9c88adfa9
Switch to embedded server and disable tests which cause problems with apacheDS for the time being.
2005-12-16 02:23:06 +00:00
53252d258f
Set extra properties on InitialDirContextFactory and corrected group search filter.
2005-12-16 01:28:29 +00:00
1db1a3cd62
Changes try to get Ldap tests working with the possibility of using a non-networked embedded server.
2005-12-16 01:07:31 +00:00
45e2f9dac4
Removed internal encoding method to make subclassing work.
2005-12-16 00:59:29 +00:00
781ed0f380
Switch to local url.
2005-12-15 03:45:48 +00:00
d014411d48
Corrections to DIT for apache-ds tests.
2005-12-15 02:16:13 +00:00
ce3d6f2129
Initial LDAP provider checkin.
2005-12-15 00:18:13 +00:00
a1037ddc87
Prepare 1.0.0 RC1.
2005-12-04 11:20:52 +00:00
d89c6c0a74
SEC-118: Wrong logger class corrected.
2005-12-04 10:48:33 +00:00
ee48f38ff0
SEC-116: Correct JavaDocs.
2005-12-02 12:14:38 +00:00
75a9784028
SEC-58: Initial commit of Velocity helper.
2005-12-01 09:38:50 +00:00
b16ce31c5b
Prove placeholders work correctly.
2005-12-01 00:30:18 +00:00
2c28ff4fd1
SEC-56: Further improvements to localization.
2005-11-30 01:23:36 +00:00
62fde4ede3
SEC-107: Finalize rename of AuthenticationDao to UserDetailsService with corresponding change in package from .providers.dao to .userdetails.
2005-11-30 00:20:13 +00:00
a6e23d79ae
SEC-107: Rename AuthenticationDao to UserDetailsService.
2005-11-29 13:10:15 +00:00
6144e1664e
SEC-108: Make fields protected.
2005-11-29 02:43:35 +00:00
6585c2b391
Allow subclasses to make modifications to GrantedAuthority[].
2005-11-26 13:27:30 +00:00
fddcd6112e
SEC-56: Add localisation support.
2005-11-26 05:11:53 +00:00
f4c3e2ff8c
Use Spring Assert for cleaner code.
2005-11-26 04:18:21 +00:00
e53a00371c
Use logger instead of System.out.println().
2005-11-26 04:10:05 +00:00
218fcf5b24
SEC-3: Add static method so digest-compatible passwords can be stored in database.
2005-11-25 05:20:57 +00:00
bb2ac126b7
SEC-47: AbstractSecurityInterceptor to reject secure object invocations which do not have configuration attributes defined.
2005-11-25 04:56:01 +00:00
27f47673ad
SEC-106: Use getMethod() instead of getDeclaredMethod() so that methods defined in principal Object superclasses are accessible.
2005-11-25 04:40:27 +00:00
9ccaf05cc7
SEC-112: Bug when SecurityEnforcementFilter used with disabled Authentication and remember-me services.
2005-11-25 04:38:18 +00:00
47166fe078
SEC-110: ProviderManager to properly handle ConcurrentLoginException.
2005-11-25 04:33:40 +00:00
58b8b840b3
SEC-105: Correct incorrect JavaDocs.
2005-11-25 04:29:32 +00:00
969bbff00c
SEC-18: Preemptive method invocation security checking helper.
2005-11-25 04:18:34 +00:00
731d7b2e89
SEC-113 Provide MethodInvocationUtils.
2005-11-25 04:17:25 +00:00
72256a225f
SEC-73: Support storage and retrieval of actual Principal object (such as UserDetails) from PrnicipalAcegiUserToken.
2005-11-25 00:26:30 +00:00
7847af2664
Fix for SEC-111. Added a try/finally block to make sure context is always reset after the invocation.
2005-11-23 16:09:44 +00:00
6a1a4abb1d
SEC-104: Move to org.acegisecurity package.
2005-11-17 00:56:49 +00:00
79c3ba521b
Resolved and/or inhibit build warnings as seen in Eclipse 3.1. Please refer to http://opensource2.atlassian.com/projects/spring/browse/SEC-93 for more info.
2005-11-11 22:37:38 +00:00
b1d247835a
Stop causing an exception when there is no AuthenticationException to ApplicationEvent mapping. Requested by Brian Moseley on acegisecurity-developer 10 November 2005.
2005-11-10 00:41:54 +00:00
c167e9fd87
Change SecurityContextHolder to ThreadLocal due to IBM JDK 1.3 issues as described at http://tinyurl.com/8zhka and reported by Scott McCrory on acegisecurity-developer 8 November 2005.
2005-11-08 22:07:33 +00:00
b938b6b363
Increased SiteminderAuthenticationProcessinfFilter test coverage from 70% to 93%.
2005-11-08 02:55:48 +00:00
df9deea4de
Only clear SecurityContextHolder if the Authentication object has not changed.
2005-11-08 01:39:27 +00:00
97f3ad79cb
Removed unused imports & organized the remnants.
2005-11-07 03:32:18 +00:00
55f5093ec7
SEC-94: DaoAuthenticationProvider to include UserDetails in BadCredentialsException.
2005-11-07 03:04:47 +00:00
309b559a8f
Removed unused imports.
2005-11-06 23:00:31 +00:00
e02dbd5c34
Changed class names to match new context classes.
2005-11-06 22:00:27 +00:00
0aef31d302
Converted ApplicationContextAware classes to ApplicationEventPublisherAware (SEC-69).
2005-11-06 21:11:25 +00:00
6511677f93
Moved duplicate setting of null authentication to setUp method.
2005-11-06 21:06:53 +00:00
bba77b64e9
Corrected javadoc
2005-11-06 21:01:21 +00:00
5cb7575b2b
Corrected references to old context class names in Javadoc and logging.
2005-11-05 18:49:55 +00:00
5a51f391a4
Add UsernameNotFoundException to default exception to event mappings list.
2005-11-05 09:20:14 +00:00
aa4fd8586c
Fix concurrent session interaction bug where UserDetails.getUsername() may have been override to be a different value than the original login request, as per email from Herryanto Siatono on acegisecurity-developer 5 November 2005.
2005-11-05 03:50:22 +00:00
0aa4989dad
JaasAuthenticationProvider no longer supports the useSystemProperty setting.This is because it no longer uses the java.security.auth.login.config system property for configuring Jaas. Custom Jaas configuration needs can be implemented in a subclass that overrides the configureJaas method.
...
JaasAuthenticationProvider now handles logout by associating the LoginContext with a new JaasAuthenticationToken
2005-11-04 15:02:27 +00:00
6049e9ac65
Removed string concatenation from buffer.append methods
2005-11-04 14:54:25 +00:00
9be82a3d8f
SEC-67: Enhance taglib to allow retrieval of custom UserDetails methods.
2005-11-03 13:51:55 +00:00
31a1f0be1a
SEC-52: Move potentially useful methods to an abstract superclass so that other voters can use them.
2005-11-03 13:47:44 +00:00
6e389ca1b8
SEC-51: Use long instead of int for ACL primary keys.
2005-11-03 13:38:45 +00:00
633f2cfe66
SEC-39: Add equals(Object) method to User.
2005-11-03 13:20:26 +00:00
7faf2741f1
SEC-32: Patches to move isPermissable(int) method to the BasicAclEntry interface. Thanks to Andres March for this patch.
2005-11-03 13:08:43 +00:00
a42dec6fbf
SEC-21: Initial commit.
2005-11-03 12:56:27 +00:00
e9b1d9452f
SEC-9 and SEC-55: Refactor DaoAuthenticationProvider and deprecate PasswordDaoAuthenticationProvider.
2005-11-03 11:31:23 +00:00
f50cbd31ba
SEC-38: Make InMemoryDaoImpl support external Properties objects.
2005-11-03 10:05:02 +00:00
0d77abb9c1
SEC-64: Correct operation with Orion Web Application Server. Patch thanks to Paul Brooks.
2005-11-03 09:48:52 +00:00
d9be0f86fd
SEC-53: BasicProcessingFilter only to reauthenticate if the SecurityContextHolder contains an unauthenticated Authentication, or an Authentication with a different username.
2005-11-03 09:45:30 +00:00
690ab27a52
SEC-70 and SEC-71: Refactor event publishing.
2005-11-03 09:23:49 +00:00
b6dbfde55c
SEC-70: Refactor event publishing.
2005-11-03 06:55:47 +00:00
3811200599
Improve debug output.
2005-11-03 06:51:30 +00:00
2cbe42f493
SEC-7: Allow better chaining of authentication providers.
2005-11-03 04:14:12 +00:00
42c47c086a
JavaDocs formatting.
2005-11-03 04:13:56 +00:00
f8b0de3459
Corrected Javadoc link to interface name.
2005-11-01 14:22:08 +00:00
5235727d23
SEC-2
...
Refactor the CaptchaChannelProcessor and extract a CaptchaChannelProcessor that is an abstract class and add its implementations.
Jalopy on all java files.
2005-10-24 17:08:18 +00:00
1ae07779a2
SEC-710: Refactor concurrent session handling support.
2005-10-22 01:53:03 +00:00
a5ffda7369
SEC-63: Do not return an absolute URL unless switching from HTTP to HTTPS.
2005-10-21 08:00:15 +00:00
c6d5363e5d
SEC-60: Make method more friendly towards Hibernate detached object. Please note my comments in the JIRA task, as I believing calling toString() is not an unreasonable expectation.
2005-10-21 07:53:34 +00:00
d49198a944
SEC-43: Eliminate id column.
2005-10-21 07:32:48 +00:00
41202112bc
SEC-37: Only update HttpSession if SecurityContext has actually been changed.
2005-10-21 07:26:16 +00:00
494e35f009
Jalopy styling.
2005-10-21 07:23:33 +00:00
24a78be159
Corrected link in Javadoc.
2005-10-19 21:19:16 +00:00
c065c46668
Javadoc correction: ContextHolder -> SecurityContextHolder
2005-10-18 15:44:22 +00:00
df4b8f602f
Javadoc correction: SecureContext -> SecurityContext
2005-10-18 15:43:41 +00:00
b2363dfe07
SEC-62 Add maven 2 support
2005-10-06 20:53:08 +00:00
a39339674e
login.config.url should be set to a url, not a file path
...
The System property java.security.auth.login.config will only be used if the useSystemProperty option is enabled. This is the default.
2005-09-26 14:14:42 +00:00
bc14dd62db
Fixed CVS line break
2005-09-25 22:49:45 +00:00
4717b64b83
Updated Siteminder auth processing filter and added test case. As of this weekend, this version is in production at a large financial org.
2005-09-25 22:48:33 +00:00
0f5e9ad372
Fix NPE. Thanks to Tom Dunstan.
2005-09-22 01:49:12 +00:00
f5741962ed
Add createSessionAllowed property, which should be set to false to avoid unnecessary session creation.
2005-09-22 00:54:27 +00:00
60d3b6505b
Finalizing the validation, entry point and channel processor concerning captchas. Replacing the Thread.sleep() in captchaChannelProcessorTest to avoid the build break issue.
2005-09-20 12:24:47 +00:00
fb3f4af3b2
when extracting the original user, fix by referencing by the interface (UserDetail) rather than the concrete class (User)
2005-09-20 02:28:01 +00:00
24394b7b2b
added fix to preserve custom UserDetails implementations (Matt DeHoust fix recommendation)
2005-09-19 02:22:44 +00:00
d44b570087
Disable failing tests until Marc-Antoine has a chance to look at them.
2005-09-18 22:38:37 +00:00
ae9e7733db
Fix broken tests.
2005-09-18 22:38:05 +00:00
35ca25f085
BasicAuthenticationProcessingFilter no longer creates HttpSession via WebAuthenticationDetails call.
2005-09-08 11:15:48 +00:00
c7dcceb05c
Do not setAuthenticated(false) in the event of a public (unsecured) invocation. Thanks to Joseph Dane for reporting this issue on acegisecurity-developer on 3 September 2005.
2005-09-08 09:32:24 +00:00
486bbee35d
added context path to redirect
2005-09-03 21:43:08 +00:00
9d359780d9
finish user context switch event publishing
2005-09-03 20:24:35 +00:00
20ebb668a6
Added event for user context switching and updated switch user filter
2005-08-25 02:59:19 +00:00
55f5c3397a
Relocated JdbcDaoExtendedImpl.convertAclObjectIdentityToString to superclass (pursuant to suggestion made by Tim Kettering on acegisecurity-developer).
2005-08-23 22:45:17 +00:00
2bda6ec25c
Fix: SEC-48 http://opensource2.atlassian.com/projects/spring/browse/SEC-48
...
If the principal is an instanceof UserDetails, UserDetails.getUsername();
2005-08-23 15:15:06 +00:00
40a81ed220
Revisit synchonization issue and correct problem identified by Volker Malzahn.
2005-08-21 10:10:16 +00:00
ec5e39c2e8
Initial checkin of user security context switching (see SEC-15). This is the first cut of the SwitchUserProcessingFilter that handles switching to a target uesr and exiting back to the original user. Note: This is going to be used for the common use-case of an Administrator 'switching' to another user (i.e. ROLE_ADMIN -> ROLE_USER). This is the initial cut of a Unix 'su' for Acegi managed web applications.
2005-08-04 05:49:12 +00:00
725ec767b6
Javadoc typo corrected (as suggested on mailing list)
2005-08-01 20:05:02 +00:00
c2c48b905b
Added package.html files to reamining java packages (see http://opensource.atlassian.com/projects/spring/browse/SEC-41 )
2005-07-26 01:54:18 +00:00
f5975dcf30
Whoops, almost forgot to remove System.out debug lines :-/
2005-07-26 00:55:53 +00:00
891cd7380c
Mirrored Ben's FilterChainProxy.java 1.5 spelling fix to its corresponding test class, which depended on equality of the exception message. All JUnit tests pass now.
2005-07-26 00:50:43 +00:00
dc31553f2a
Syntax
2005-07-25 22:49:05 +00:00
db4ed4bc44
Added debug statement to AbstractTicketValidator to help with Acegi+CAS+SSL setup (thanks Seth Ladd for the patch) (see http://opensource.atlassian.com/projects/spring/browse/SEC-34 )
2005-07-25 03:46:23 +00:00
c66c5dfab5
AuthorizeTag no longer depends on JDK 1.4. Tested on Websphere 5.0 w/JDK 1.3 (see http://opensource.atlassian.com/projects/spring/browse/SEC-11 )
2005-07-25 00:52:15 +00:00
32f62d1ef1
Added SiteminderAuthenticationProcessingFilter for Ben's review. <Untested>.
2005-07-24 23:59:08 +00:00
f625d06cd9
Avoid expense of HttpSession when working with anonymous users.
2005-07-23 09:52:42 +00:00
4ad98a7df3
Spelling correction, thanks to Zack Chandler.
2005-07-23 07:40:43 +00:00
c5ba30b001
Comment how to make a signing certificate.
2005-07-23 07:39:56 +00:00
4b98d357ff
SecureContextLoginModuleTest has been renamed to ...Tests as per Acegi project.
...
SecureContextLoginModule now throws a LoginException if there is no authentication present, if the ignoreMissingAuthentication option is true, the login() method will simply return false.
2005-07-22 04:35:31 +00:00
e51c38aec9
Removed reference in Javadoc to obtaining and validating the SecureContext (checking for null etc), as this is no longer relevant.
2005-07-21 22:59:30 +00:00
c89d4a8add
Added trimming of whitespace to tokens and use of Springs StringUtils.hasText() to check for content in the string passed to setAsText.
2005-07-21 22:55:27 +00:00
3287439421
Initial commit for captcha adapter
2005-07-19 12:35:50 +00:00
74588c8e53
Move acegifier code from core.
2005-07-16 19:35:30 +00:00
5bbc54ac42
Javadoc typo corrected
2005-07-15 14:28:44 +00:00
d9b1a8e83c
Fix typo in InteractiveAuthenticationSucces(s)Event
2005-07-11 01:23:20 +00:00
c7bfeeaf58
Clarify local variable name given it was the same as a member variable.
2005-07-11 01:19:41 +00:00
ab065923d4
Correct doctype for generated web.xml files and add declaration to test file.
2005-07-09 23:32:08 +00:00
22a28f3b39
Separate InMemoryResource class for use in Acegifier web application.
2005-07-09 21:37:50 +00:00
7268c81192
Fix for SEC-27. Now checks for a null authentication before proceeding to fire the success event.
2005-07-08 21:16:12 +00:00
f1656ee7fd
Tidying: removed unused intermediate variable.
2005-07-08 21:10:26 +00:00
6f467def90
Added conversion of URLs ending in '*' to the ant '**' form.
2005-07-06 17:22:19 +00:00
9e1a773cc7
Add xsl resources to build.
2005-07-06 15:22:52 +00:00
Ben Alex
Luke Taylor
Scott Battaglia
Carlos Sanchez
Marc-Antoine Garrigue
Scott McCrory
Ray Krueger
Mark St. Godard