2023ca283e
SEC-1358: Support empty context path in DefaultWebInvocationPrivilegeEvaluator
...
This class was failing when an application was deployed at the root context because of an assertion which checked that the contexPath was not empty. An empty context path doesn't actually cause problems for the class so I've removed the assertion.
2010-01-12 00:30:27 +00:00
b323098167
Added gradle build files for taglibs, tutorial, contacts and openid.
...
Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).
2010-01-10 23:31:23 +00:00
e211f9b35f
SEC-1349: Allow configuration of OpenID with parameters which should be transferred to the return_to URL.
...
The OpenIDAuthenticationFilter now has a returnToUrlParameters property (a Set). If this is set, the named parameters will be copied from the incoming submitted request to the return_to URL. If not set, it defaults to the "parameter" property of the AbstractRememberMeServices of the parent class. If remember-me is not in use, it defaults to the empty set.
Enabled remember-me in the OpenID sample.
2010-01-09 01:04:13 +00:00
bc02fc2de1
Corrected "incorrect numer of tokens" error message in TokenBasedRememberMeServices.
2010-01-08 23:57:27 +00:00
51abedcbef
Parameterize getFilter() method in HttpSecurityBeanDefinitionParserTests.
...
Removes the need for casting to specific filter type.
2010-01-08 23:20:16 +00:00
f40a1fda34
SEC-1357: Use getClass().getClassLoader() in SecurityNamespaceHandler to check for web classes.
...
This is used in preference to ClassUtils.getDefaultClassLoader() which fails to find the web classes in some situations.
2010-01-08 21:12:36 +00:00
052537c8b0
Removing $Id$ markers and stripping trailing whitespace from the codebase.
2010-01-08 21:05:13 +00:00
9a323f15bc
Bring versions in itext module up-to-date
2010-01-07 17:56:32 +00:00
68ae49ebe1
SEC-1355: Update manual code snippet to cast to OpenIDAuthenticationToken.
2010-01-07 17:22:45 +00:00
4e4242d010
SEC-1354: Added integration tests for combinations of @PreAuthorize and @Secured annotations.
2010-01-06 22:23:01 +00:00
846aa40a7b
Updated "heavyduty" sample version information.
2010-01-06 22:21:59 +00:00
be72ed1350
Remove commented out beans from contacts sample app context.
...
These were left when the app was updated to use Spring MVC @Controller syntax and scanning.
2010-01-06 22:21:34 +00:00
9730600777
Revert bundlor version update.
...
Config was wrong, but even with the correct config
the maven jar plugin generates its own manifest
file and ignores the one generated by bundlor.
2010-01-05 23:47:27 +00:00
3c97d68346
Upgrade to bundlor RC1
2010-01-05 22:34:27 +00:00
dc5417f1d5
SEC-1352: Added support for placeholders in <user-service>
...
The username, password and authorities attributes can now be placeholders.
2010-01-05 22:34:10 +00:00
f5d36aef65
SEC-1350: Improved Javadoc for AbstractPreAuthenticatedProcessingFilter
...
Added clarification that the credentials returned
by the subclass should not be null or they will
typically be rejected by the provider. Also added
some general overview.
2010-01-05 16:01:55 +00:00
93973a4b75
SEC-1304: Removed compareTo method from GrantedAuthorityImpl
...
This method had been left by mistake when the Comparable
interface was removed. See also SEC-1347.
2010-01-04 19:13:49 +00:00
c6b8fe5e55
SEC-1346: Added missing 'return' statements after redirects.
...
ConcurrentSessionFilter and SessionManagementFilter now return immediately after redirecting to the expired URL and invalid session URLs respectively. Extra tests added to check.
2010-01-03 19:06:58 +00:00
80aacf447f
Refactored JaasAuthenticationProvider
...
The toUrl() method on File gives a deprecation warning with Java 6, so I reimplemented
the logic for building the Jaas config URL.
2010-01-03 16:28:44 +00:00
893f212fa5
Tidying
2010-01-02 19:53:19 +00:00
b737fa451d
SEC-1344: Minor CAS doc updates
2009-12-29 14:45:29 +00:00
0aab19ed4b
Added additional info on concurrent session usage
2009-12-28 14:32:54 +00:00
744ed95b51
SEC-1343: ref manual typos
2009-12-28 13:59:21 +00:00
7e817b9640
NOJIRA formatting fix
2009-12-24 14:40:24 +00:00
4afe6c2c6a
SEC-1341
...
made it more extensible
2009-12-24 14:39:40 +00:00
3bb5ca5d4b
NOJIRA
...
upgraded to latest CAS client (3.1.10)
2009-12-24 14:26:58 +00:00
bcb1ff8921
SEC-1342: Introduced extra factory method in SecurityConfig to get round problem with Spring converting a string with commas to an array
2009-12-23 14:12:59 +00:00
115d5b84ff
[maven-release-plugin] prepare for next development iteration
2009-12-22 22:20:01 +00:00
6c6ef08353
[maven-release-plugin] prepare release spring-security-3.0.0.RELEASE
2009-12-22 22:19:38 +00:00
d695c85ad8
Removed maven structure from sandbox, and 'other' module, which is out of date.
2009-12-22 22:00:34 +00:00
a7770a64d3
Update cas server version in runall.sh
2009-12-22 21:31:26 +00:00
48be79108a
Gradle build file for 'heavyduty' sample
2009-12-22 19:55:53 +00:00
aad7d01c84
Updated CAS server version for sample use to 3.3.5
2009-12-22 19:35:20 +00:00
b96b14c5d0
Changed 'Advanced Topics' to more general 'Additional Topics'
2009-12-22 19:02:34 +00:00
1af9f8efea
SEC-1327: Minor doc update
2009-12-22 13:40:05 +00:00
be56d72912
SEC-1340: Minor doc corrections
2009-12-22 13:25:10 +00:00
e64866ae6a
Updated bundlor templates and introduced spring.version variable
2009-12-22 01:10:04 +00:00
052685e154
Add taglibs chapter to manual
2009-12-22 01:09:56 +00:00
3418aab46e
SEC-1327: Javadoc additions to clarify some behaviour
2009-12-21 17:32:54 +00:00
dd90f9332c
SEC-1326: Removed unncecessary exclusions
2009-12-21 17:32:45 +00:00
fcce29f8df
SEC-1326: Updating dependencies to match Spring versions. Removing unused deps.
2009-12-21 17:32:38 +00:00
89809e9029
SEC-1329: Added info on attribute-exchange configuration to the namespace chapter
2009-12-19 18:32:57 +00:00
97a31cae04
SEC-1333: Added error message for invalid redirect URL assertion
2009-12-18 19:29:36 +00:00
aeed49393c
Switching StringBuffer to StringBuilder throughout the codebase (APIs permitting).
2009-12-18 18:44:42 +00:00
fac07ba8ff
Schema updates to Spring 3.0
2009-12-18 18:44:17 +00:00
75311bad9a
LDAP API correction in ref manual
2009-12-18 18:04:08 +00:00
76731254c0
SEC-1328: Fixed issue with redirect to context relative URLs where the context name is part of the domain name.
2009-12-18 18:04:03 +00:00
85a58fd473
SEC-1331: Modify namespace to allow omission of user passwords in user-service element and generate random ones internally, preventing authentication against the data..
2009-12-18 15:39:13 +00:00
fabe03ba33
Doc updates
2009-12-18 15:39:02 +00:00
354b043fd1
SEC-1337: Add Serializable interface to internal comparator
2009-12-18 14:12:32 +00:00
Luke Taylor
Scott Battaglia