2441ab6d9a
Move "realm" attribute to be on <http> element rather than <http-basic>.
...
This faciltiates reuse with other mechanisms (like Digest) whilst also
moving towards the <http-auto-configure> element (which benefits from
having shared configuration in <http> as opposed to mechanism-specific
elements).
2007-12-04 08:02:40 +00:00
d9ec944579
Refactor strings to static fields. To facilitate unit testing, package
...
protected visibility was adopted for all element names, attribute names,
and attribute default values. A public access modifier was used for all
bean IDs assigned to bean definitions created by the
BeanDefinitionParsers.
2007-12-04 07:12:08 +00:00
4e55bd0117
Make extend Spring Security's exception, for consistency with all other Spring Security exceptions.
2007-12-04 06:58:43 +00:00
9b4bb0ffd8
<repository> element and JdbcUserDetailsManager support.
2007-12-04 05:58:54 +00:00
5f98ee6817
<repository> element and JdbcUserDetailsManager support.
2007-12-04 05:54:58 +00:00
0b0b174eda
Support <repository> and JbcUserDetailsManager.
2007-12-04 05:27:17 +00:00
8cf46ad0f8
Remove, as not used.
2007-12-04 05:12:39 +00:00
8c9138b443
Typos.
2007-12-04 02:11:16 +00:00
021f03487e
Enhancements to correctly handle authentication failures.
2007-12-04 01:50:45 +00:00
2a83843e7d
Correct username key.
2007-12-04 01:46:26 +00:00
75391e89de
Tidied up Id tag.
2007-12-04 00:01:09 +00:00
794795712d
Parameter renamed.
2007-12-04 00:00:50 +00:00
97030e8942
Changed LDAP namespace parsing to make sure LDAP provider is registered with ProviderManager.
2007-12-03 23:58:38 +00:00
248d97c9d6
SEC-513: Added support for cache flushing after updating or deleting data in JdbcUserDetailsManager.
2007-12-03 22:12:02 +00:00
d086815d75
Add namespace support for anonymous requests. Also minor improvements to .rnc file as Trang didn't appear to be properly translating multi-line comments to the XSD (all multi-line comments were made single lines).
2007-12-03 07:46:52 +00:00
5c9009a391
Use new SpringSecurityFilter so compatible with enhanced FilterChainProxy class.
2007-12-03 07:44:32 +00:00
239fd05d37
Mark the unused Servlet Container callback methods as final to ensure subclasses do not rely upon them.
2007-12-03 07:33:18 +00:00
a53357778f
Remove superfluous method.
2007-12-03 07:32:23 +00:00
cb765bc34b
SEC-615: Automatically focus on login name HTML element on page load.
2007-12-03 06:34:43 +00:00
86fb6f2dea
Remove OrderedUtils (was used for old namespace testing).
2007-12-03 05:06:11 +00:00
f04f9097b1
Make name consistent with other MVN modules.
2007-12-03 04:10:19 +00:00
47229be5cb
Make samples and tests use username "rod".
2007-12-03 02:56:52 +00:00
3123d24337
SEC-613: Rename tag libraries.
2007-12-03 01:46:11 +00:00
c24958d7b8
Spelling correction.
2007-12-03 01:33:19 +00:00
08db4a1358
SEC-610: Reauthenticate even if AnonymousAuthenticationToken is present.
2007-12-02 02:15:43 +00:00
843a20e691
Changed default namespace in config files to "security" for clarity.
2007-11-29 13:14:15 +00:00
09c588a138
Removed unecessary check in additionalAuthenticationChecks() for null credentials in authentication object. Previous line already throws an exception if null is found.
2007-11-28 19:20:33 +00:00
88e01624eb
SEC-560: Removed local password comparison form PasswordComparisonAuthenticator.
2007-11-28 18:29:04 +00:00
0e1ae11fca
Tidying.
2007-11-28 18:00:43 +00:00
292320bd33
SEC-607: Changed NtlmUsernamePasswordAuthenticationToken to make authenticated=true the default state when an instance is created. NtlmAwareLdapAuthenticator now rejects tokens with authenticated=false (e.g. if the token has been passed remotely).
2007-11-24 20:13:29 +00:00
4f3a1739aa
Changed Ntlm filter to use SpringSecurityFilter base class.
2007-11-24 20:08:17 +00:00
9e2f372bad
SEC-607: Deprecated InitialDirContextFactory and replaced it with SpringSecurityContextSource.
...
Also some refactoring of LdapUserDetailsManager to use a strategy for creating DNs from usernames.
2007-11-20 20:54:48 +00:00
6d5773d177
Replaced creation of new list with Collections.EMPTY_LIST reference.
2007-11-17 23:06:32 +00:00
1196381220
Remove "controls" property as it doesn't really make sense and has never been used.
2007-11-17 20:55:39 +00:00
91e0a329f9
Upgrade to Spring LDAP 1.2 final.
2007-11-17 20:53:26 +00:00
b1b3f585e4
Moved setter methods out of inner classes area.
2007-11-13 22:55:01 +00:00
c485664ee7
Removed accidental use of autoboxing.
2007-11-13 22:16:52 +00:00
3e3dac4050
SEC-600: Added extra test assertions on authentication details object after password change.
2007-11-13 17:17:25 +00:00
cb237055ac
SEC-600: Added Jdbc implementation of UserDetailsManager
2007-11-13 17:11:29 +00:00
81067840ef
SEC-485: Added calculateLoginLifetime method.
2007-11-13 01:16:27 +00:00
b681952933
SEC-545: Added utility methods for checking if user has a particular role to existing AuthorityUtils class. Class may be renamed at some point as more functionality is added.
2007-11-11 23:37:32 +00:00
315d4a247f
Added method to clear datasource field after use.
2007-11-11 23:10:21 +00:00
910e63f83c
SEC-586: Implemented secure channel support in namespace configuration.
2007-11-11 22:07:46 +00:00
c214f4a9bc
Simplified initialization of datasource.
2007-11-11 22:06:22 +00:00
4f3bbb52f6
Pulled methods and fields up into AbstractFilterInvocationDefinitionSource to make it easier to query the map size etc, regardless of the specific type.
2007-11-11 19:29:11 +00:00
28a138f8ec
Converted to use guard clause to reduce nesting.
2007-11-11 19:22:51 +00:00
756be6fed3
Removed unnecessary constructor.
2007-11-11 19:10:47 +00:00
964e6911a7
Added RememberMeServices to list of logout handlers.
2007-11-11 18:11:18 +00:00
2856a6ba43
Allow configuration of embedded ldap server port through ldap namespace configuration. Changed default port from 3389 to avoid conflict with windows remote desktop (as reported by Ray Krueger in dev list).
2007-11-11 16:10:30 +00:00
0e7dac6ca5
SEC-565: Refactoring of TokenBasedRememberMeServices. Changed arguments to makeValidSignature so that it could be used from both places where a signature is required and refactored the class to extend AbstractRememberMeServices. The method processAutoLoginCookie now returns a UserDetails, rather than username, as the UserDetails is needed in TokenBasedRememberMeServices.
2007-11-10 19:20:36 +00:00
Ben Alex
Luke Taylor