660b408e6e
SEC-1181: added import to template.mf for the DNS classes
2009-09-02 15:20:26 +00:00
58ee9a364e
SEC-1181: DNS helper classes, will primarily be use for lookup of Active Directory servers.
2009-09-02 14:29:35 +00:00
bfd421016e
SEC-1228
...
added constructor so a wrapper can be instanciated in one line of code.
2009-09-01 19:52:43 +00:00
471206a29d
SEC-1229: Redesign Concurrent Session Control implementation. Added ConcurrentSessionControlAuthenticatedSessionStrategy
2009-08-27 10:43:01 +00:00
9bf8656d66
SEC-1201: PropertyPlaceholderConfigurer does not work for intercept-url attributes. Added use of ManagedMaps and BeanDefinitions to support placeholders in the pattern and access attributes.
2009-08-22 21:09:34 +00:00
bb4d818862
SEC-1188: Added "getContexHolderStrategy" method to SecurityContextHolder.
2009-08-22 13:31:13 +00:00
5a8772df5b
Reset pom versions post release
2009-08-21 12:02:49 +00:00
0e5aa7008d
[maven-release-plugin] prepare release spring-security-3.0.0.M2
2009-08-20 15:51:26 +00:00
b807f7cbdd
Added comment to pom to explain spring-web requirement
2009-08-10 14:05:16 +00:00
972cd0a53c
javadoc
2009-08-10 12:10:04 +00:00
d65b1b3581
SEC-1200: Ukranian messages file
2009-08-10 11:41:24 +00:00
0f6642d3ab
SEC-1216: Replacement of custom-after-invocation-provider with after-invocation-provider element. Some changes to help prevent proxying of aop infrastructure classes (use of AopInfrastructureBean marker interface)
2009-08-04 00:18:07 +00:00
5953af0f6b
SEC-1196: Change use of <authentication-manager> to actually register the global ProviderManager instance. This element now registers the global ProviderManager instance and must contain any authentication-provider elements (or ldap-authentication-provider elements).
2009-08-03 00:21:11 +00:00
fdb7325cbc
Javadoc update
2009-07-24 15:21:59 +00:00
efd1dbf54a
Removed public modifier from getSessionController() method on ProviderManager.
2009-07-17 23:37:45 +00:00
1afa67c954
SEC-1195: Added internal AuthenticationManager for use by beans which are generated by the <http> block.
2009-07-15 23:09:47 +00:00
6346e31517
SEC-1195: Change <http> parsing behaviour to use an internal AuthenticationManager instance. Implemented "parent" AuthenticationManager in ProviderManager which is delegated to when no authentication is returned by the instances list of authentication providers. Extracted the Authentication success/failure publishing into a separate strategy.
2009-07-15 01:28:28 +00:00
1ca2e6e6fc
Tidying.
2009-07-13 23:12:32 +00:00
5d389d953d
RoleVoter test class.
2009-07-13 23:11:15 +00:00
946f3d1067
Converted to use mockito.
2009-07-13 23:10:52 +00:00
3b1cdc3ab4
Tidying.
2009-07-08 23:27:53 +00:00
8a3930e673
Refactoring of ProviderManager to ensure that any AuthenticationException from the ConcurrentSessionController will prevent further polling of providers.
2009-07-08 23:20:46 +00:00
6b53703e37
SEC-1187: Moved pre-authentication status check inside try/catch block and repeated the call after reloading the user during the "cacheWasUsed" logic.
2009-07-07 17:09:44 +00:00
980b9b73b8
deprecate property editor
2009-06-26 12:49:23 +00:00
c6b9371029
Updated to latest Spring build snapshot. Required minor EL changes to parser class name
2009-06-15 23:41:20 +00:00
db3f08cce4
SEC-1156: Added check for enableAuthorities setting in deleteUser method of JdbcUserDetailsManager.
2009-06-14 22:31:14 +00:00
ab7f06c108
SEC-1156: Modified JdbcUserDetailsManager to only save/update authorities if enableAuthorities is set
2009-06-14 22:26:44 +00:00
05ba2ff3f3
Improved Javadoc
2009-06-14 20:50:29 +00:00
3f603dfdd8
Removed invalid Javadoc reference to HttpSCIF
2009-06-10 12:44:06 +00:00
4e0d3c644f
Committed deletion of previous AuthorityUtilsTests
2009-06-09 01:50:35 +00:00
4768e4b13c
Removed methods relating to current context from AuthorityUtils, making it a simple factory for GrantedAuthority lists etc.
2009-06-09 01:42:37 +00:00
ab69a0a101
SEC-884: As per discussion in this issue. Added Javadoc to specify that Authentication object passed to decide method must not be null.
2009-06-09 01:14:55 +00:00
d2a8e43a55
SEC-1170: Some updates to UserDetails-related Javadoc.
2009-06-09 00:57:34 +00:00
cb6aa81701
Forgot to remove file
2009-06-08 19:21:22 +00:00
5808da12ff
SEC-1094: Simplified WebXml attribute mapping. Removed generic jaxen-based implementation on which it was based in favour of simple DOM model traversal. Updated sample.
2009-06-08 15:23:41 +00:00
43144cd75d
Javadoc updates.
2009-05-31 21:29:36 +00:00
67ad0456a1
Javadoc updates.
2009-05-31 21:28:50 +00:00
206598172c
Javadoc updates.
2009-05-31 21:26:03 +00:00
d1efb4eeed
generifying RowMappers in JdbcDaoImpl.
2009-05-30 13:52:39 +00:00
131ba5c62e
Reset poms to 3.0.0.CI-SNAPSHOT after tagging M1 release
2009-05-27 00:12:30 +00:00
e2c218e8c9
[maven-release-plugin] prepare release spring-security-3.0.0.M1
2009-05-26 23:44:11 +00:00
b6f3d82dac
Remove commented-out dependencies.
2009-05-26 22:18:53 +00:00
45c54c558c
Updated build to use maven.springframework.org deps
2009-05-13 06:16:05 +00:00
ef388529ae
Javadoc update.
2009-05-12 00:12:22 +00:00
4bad213b19
SEC-1132: Moved remaining preauth code from core to web
2009-05-12 00:11:06 +00:00
c7a2e12c65
Moved python script to correct directory
2009-05-11 06:03:59 +00:00
03d39f1e88
Minor package info updates.
2009-05-11 05:48:09 +00:00
76438b3347
SEC-1132: Refactoring of access/intercept package to extract packages and classes which are externally depended on or potentially may be used outside of the standard interceptor model (e.g. SecurityMetadataSource)
2009-05-11 05:44:31 +00:00
14c4739605
SEC-1158: Decoupling of Pre/Post annotations implementation from Spring EL.
2009-05-11 05:18:20 +00:00
39f1536d5a
Upgrade to Spring 3.0 M3
2009-05-07 08:24:41 +00:00
6d655aa514
SEC-1132: More refactoring to remove cycles ad reduce complexity metrics
2009-05-04 14:24:54 +00:00
73cfeecd0c
Make sure argumentsAdded flag is set correctly.
2009-05-04 12:36:16 +00:00
5b543f83ec
Removed web dependency on core-tests
2009-05-04 02:25:49 +00:00
4bc788828c
SEC-1147: Remove use of SessionRegistryUtils. Inlined the methods.
2009-05-01 06:45:34 +00:00
39cc865a36
SEC-1143: Fixed by using BeanDefinitionRegistry.isBeanNameInUse() instead of containsBeanDefinition() to check for the SessionRegistry availability. The former picks up the alias registration of the standard bean Id for user's bean Id.
2009-04-28 12:08:48 +00:00
e94baf38b3
Tidying up to remove warnings (generics, use of deprecated test classes etc).
2009-04-28 06:49:43 +00:00
50ac9d3b05
More generification to remove last warnings in core package.
2009-04-26 10:17:09 +00:00
1454cbb78e
SEC-1132: Moved TextUtils to web module and StringSplit utils into Digest authentication package (as they aren't used elsewhere).
2009-04-25 08:04:26 +00:00
a76cbee4bc
SEC-1132: Moved ThrowableAnalyzer code to web module as it is only used in ExceptionTranslationFilter
2009-04-25 07:03:15 +00:00
22e7142f45
SEC-998: Bundlor enabled in web, ldap, config and core modules
2009-04-24 09:12:53 +00:00
2e3189cf83
SEC-998: Enabled bundlor in core
2009-04-22 13:00:14 +00:00
21e36e0a57
Updated version number from 2.5.0-SNPSHOT to 3.0.0.CI-SNAPSHOT
2009-04-22 12:55:52 +00:00
a73016b898
SEC-998: Initial bundlor template.mf for core
2009-04-22 12:47:44 +00:00
305ce125fb
SEC-863: Hierarchical roles should use the interface GrantedAuthority. Applied submitted patch.
2009-04-22 05:53:59 +00:00
d7f202a111
Addition of final to constructor set fields to improve immutability of authentication and user objects
2009-04-22 04:11:38 +00:00
ba6664f77f
SEC-1012: Refactor SessionRegistry interface to use Java 5 generics.
2009-04-21 06:57:21 +00:00
cac2bce382
Refactored SessionRegistryImpl to remove servlet API deps and moved back into core, along with other concurrent authentication package classes.
2009-04-21 06:05:14 +00:00
06040853da
Javadoc tidying
2009-04-21 03:16:57 +00:00
56ec1b4b05
Tidying beforeInvocation method.
2009-04-20 01:01:34 +00:00
292926518b
SEC-1136: Converted base exceptions to extend RuntimeException rather than NestedRuntimeException.
2009-04-15 10:19:37 +00:00
93bdcccaee
SEC-1132: Moved userdetails into core and added core/authority sub-package
2009-04-15 07:39:21 +00:00
5d0d1bd404
Fixed Javadoc typo.
2009-04-14 12:56:16 +00:00
db9afc36ab
Refactored internal context holder strategy implementations to be package private and final and refactored getContext() methods to use a single call to ThreadLocal.get().
2009-04-14 11:04:49 +00:00
c770998d92
SEC-1132: Move authoritymapping to core as it is actually used in loading authorities for a use, not in making access decisions.
2009-04-14 04:22:57 +00:00
550715e73f
SEC-1136: Removed SpringSecurityException and last import.
2009-04-14 01:51:22 +00:00
10673780db
OPEN - issue SEC-1136: Removed SpringSecurityException. Introduced new AclException as base class for Acl module. Refactored JAAS authentication to map to AuthenticationExcpetions rather than SpringSecurityException. Modified ExceptionTranslationFilter to look explicitly for AuthenticationException or AccessDeniedException (which it should do since these are the only two it handles).
2009-04-13 14:56:49 +00:00
ca7d055c2b
SEC-1132: Created core and authentication packages within core module.
2009-04-13 13:43:23 +00:00
9efb5a7007
SEC-1132: Moved access-control/authorization specific code to org.sf.security.access package. Created provisioning package for user management classes to remove cyclical deps. Some other moving of classes to remove code tangles. Restructuring of portlet module under org.sf.security.portlet
2009-04-12 12:23:23 +00:00
7c4d54f356
SEC-1131: Applied patch for portlet upgrade
2009-04-12 05:52:20 +00:00
365ae3936e
Moved MockAuthenticationManager to test package.
2009-04-12 05:13:18 +00:00
1b43e3661a
SEC-1132: Moved switch user event class to web module as it is only used by SwitchUserProcessingFilter.
2009-04-12 04:16:46 +00:00
bec84f874a
SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples.
2009-03-26 07:18:36 +00:00
2a9a8a41db
SEC-1125: Created separate web module spring-security-web
2009-03-25 06:28:18 +00:00
2c985a1c36
SEC-1126: separated out spring-security-config module containing namespace configuration classes and resources
2009-03-23 04:23:48 +00:00
a45ba138f7
SEC-1121: InMemoryResource.equals() is wrong. Corrected as suggested.
2009-03-20 04:44:39 +00:00
4aff4b2350
SEC-1123: Renamed ObjectDefinitionSource to SecurityMetadataSourceand performed related refactoring
2009-03-20 04:32:06 +00:00
4aae5ec42e
SEC-1124: Refactored LDAP code into separate module
2009-03-19 06:30:32 +00:00
a0f3015ac6
SEC-1086: AccessDecisionManager implementations now log debug messages giving the results returned by each voter polled.
2009-03-19 02:01:24 +00:00
d163cd7d18
SEC-1099: Translation of message.properties in Brazilian Portuguese. Added file.
2009-03-19 01:47:34 +00:00
c0638e9c8d
SEC-1110: Localization (messages_ko_KR.properties). Added.
2009-03-19 01:46:05 +00:00
591681c180
Upgrade to Spring M2 and correct expression classes and pom files to match changes
2009-03-19 01:17:16 +00:00
98593b7c78
SEC-1120: Added Portuguese messages file
2009-03-19 01:02:32 +00:00
ccf422af5a
SEC-1070: AbstractRetryEntryPoint always uses RetryWithHttpEntryPoint logger. Converted to protected (non-static) and used getClass().
2009-03-16 08:32:16 +00:00
9de9f638fe
SEC-1083: Removed unnecessary import
2009-03-16 08:07:18 +00:00
30748e8615
SEC-1083: PersistentTokenBasedRememberMeServices does not clear tokens on logout. Override logout method to remove tokens for user.
2009-03-16 08:05:02 +00:00
b7557d017e
Corrected Javadoc typo.
2009-03-16 07:10:12 +00:00
ef3ea65fdb
Switching back to 2.5.0-SNAPSHOT after tagging M1 release
2009-01-03 07:42:19 +00:00
fc5f50501e
[maven-release-plugin] prepare release 2.5.0.M1
2009-01-03 07:08:25 +00:00
ddffdf1699
SEC-745: Renamed failureHandler and successHandler to have prefix 'authentication'
2008-12-28 17:32:25 +00:00
4a41416c9b
Tidying up and removing compiler warnings.
2008-12-21 16:36:16 +00:00
f5d2e7a7ce
Make error message when multiple UserDetailsServices are found more explicit.
2008-12-21 13:29:42 +00:00
9cb361e88a
SEC-745: Added LogoutSuccessHandler strategy for use in LogoutFilter.
2008-12-20 23:25:29 +00:00
66e586ec67
Added Id keyword.
2008-12-20 15:41:51 +00:00
cc5966bc7e
Tidying up, removing compiler warnings etc.
2008-12-20 00:16:49 +00:00
8154161ef5
SEC-1035: Updated build to use Spring 3.0.0.M1 Release
2008-12-18 02:37:00 +00:00
8f598e9b11
SEC-1052: Add support for the namespace option 'disable-url-rewriting'.
2008-12-17 01:28:29 +00:00
171456a26c
SEC-1018: Changes to allow external reference to SaltSource bean from the namespace.
2008-12-17 01:11:43 +00:00
00125cddee
SEC-1016: Moved the MapBasedDefinitionSource to the top of the list of delegates (before expressions), but changed the code to only add it if there are pointcuts defined, so there should be no unnecessary overhead.
2008-12-17 00:48:32 +00:00
585e5f393a
Added warning suppression for deprecation.
2008-12-17 00:32:21 +00:00
d8b5f770e9
Added warning suppression for deprecation.
2008-12-17 00:31:17 +00:00
db5f1e69f1
SEC-949: Added the option of specifying -1 as the token-validity-seconds value in order to set the cookie maxAge to expire when the browser closes.
2008-12-17 00:14:48 +00:00
c2e688610c
SEC-1011: Introduced methods for extracting the remember-me cookie and for creating the returned token.
2008-12-16 23:25:44 +00:00
998f0b3ea1
SEC-993: Updated retrievePassword method to return null if an Authentication object with null credentials is presented (e.g. with OpenID). Prevents NPE when toString() is called.
2008-12-16 20:35:18 +00:00
d0fcbd9baf
Tidying up Javadoc.
2008-12-16 20:29:53 +00:00
a1bd48733a
Minor Javadoc correction.
2008-12-16 20:16:56 +00:00
74fd5fe8a4
Finish refactoring JdbcDaoIml to remove MappingSqlQuery objects. Updated Javadoc to avoid user confusion.
2008-12-16 18:55:38 +00:00
b24cc17dea
SEC-1052: Added "disableUrlRewriting" parameter to HttpSessionSecurityContextRepository.
2008-12-16 17:35:34 +00:00
bf409b5b25
Improvements to Javadoc.
2008-12-16 02:06:26 +00:00
f54d7ee6bc
SEC-535: Added "postOnly" flag to AuthenticationProcessingFilter, defaulting to "true" so that only POST requests are allowed by default.
2008-12-15 23:58:40 +00:00
898ef36d02
SEC-959: Converted SwitchUserFilter to use new Authentication success and failure strategies from SEC-745 for managing redirects.
2008-12-15 19:50:53 +00:00
c3181d9db0
SEC-1063: Moved the justUseSavedRequestOnGet property to ExceptionTranslationFilter. If set, it will not store the SavedRequest for unless the request is a GET.
2008-12-15 02:48:32 +00:00
40ccd3be11
SEC-1058: Further refactoring to remove use of getDefaultTargetUrl(). Subclasses now pass the default value as a constructor argument.
2008-12-15 01:25:12 +00:00
fcc68e636e
SEC-1062: Added authentication-success-handler-ref and authentication-failure-handler-ref to the namespace definition.
2008-12-15 00:56:17 +00:00
a0bcf7184c
SEC-1061: Renamed serverSideRedirect property.
2008-12-14 23:56:30 +00:00
cf3cac90ad
SEC-1058, SEC-745: Updating comments
2008-12-14 23:53:44 +00:00
3f38035057
SEC-1058: Renamed "forwardToDestination" to "useForward" for simplicity and consistency with the namespace.
2008-12-14 22:53:31 +00:00
2927b8464f
SEC-1058: Substantial refactoring of AbstractProcessingFilter to use AuthenticationFailureHandler strategy. Also changed attemptAuthentication method to take a response object and have the option of returning null, to allow OpenIDAuthenticationProcessingFilter to work without having to throw exceptions between the template methods (which made the logic very hard to follow). The OpenID filter now redirects to the OpenID provider service from this method, rather than treating it as a temporary failure and throwing OpenIDAuthenticationRequiredException.
2008-12-14 22:20:21 +00:00
839279161d
SEC-745: Added concrete failure handling strategies.
2008-12-13 23:34:15 +00:00
6664f57ff6
SEC-992: Removed the line setting returningObj to false.
2008-12-12 23:22:26 +00:00
10e4d1fe1a
SEC-1058: Partial refactoring of AbstractProcessingFilter. It now uses the injected SuccssfulAuthenticationHandler strategy instead of managing everything itself. The default implementation is SavedRequestAwareSuccessfulAuthenticationHandler which encapsulates most of the filter's success logic along with the code which was previously in TargetUrlResolver. Removed TargetUrlResolver.
2008-12-12 22:30:57 +00:00
615194710e
SEC-745: Created AuthenticationFailureHandler and AuthenticationSuccessHandler strategy interfaces.
2008-12-12 17:25:09 +00:00
48dce501ce
SEC-942: Added createEmptyContext() method to SecurityContextHolderStrategy and SecurityContextHolder to encapsulate the context implemetentation in one place. HttpSessionSecurityContextRepository calls this method when it needs a new context to store in the session.
2008-12-12 14:27:23 +00:00
aec23749d7
SEC-1056: Remove deprecated FilterToBeanProxy: It's gone
2008-12-12 13:04:37 +00:00
3fcc7b5403
SEC-1051: Moved voter and afterinvocation packages into acl package. Also moved filterer classes fom core, as they are used in the acl after-invocation classes
2008-12-12 12:47:42 +00:00
a443e55832
SEC-1057: Refactored TargetUrlResolver to remove SavedRequest from determineTargetUrl method.
2008-12-11 17:00:13 +00:00
093365b2f4
Removed unnecessary cast.
2008-12-11 16:42:25 +00:00
30f9b3e72c
SEC-995: AbstractSecurityInterceptor exception message improvement. Added the secured object to the exception message to make it easier to track down the originating method which causes a problem with public invocations.
2008-12-10 16:57:40 +00:00
3f40604b82
SEC-1055: Converted interfaces and methods using ServletRequest/Response to HttpServletRequest/Response where appropriate.
2008-12-10 13:48:25 +00:00
acfcac4594
SEC-996: AccessDeniedhandlerimpl doesn't write response code if used with errorPage
...
Applied supplied patch which checks the committed flag before forwarding to the error page.
2008-12-10 12:36:59 +00:00
7fe6a0fc0d
SEC-1033: Added support for web IP ranges based on an address and netmask.
2008-12-09 23:14:44 +00:00
7767a9ed60
SEC-1033: Add basic equality support for hasIpAddress() expression.
2008-12-09 18:04:08 +00:00
3da68a7a82
Java5 stuff
2008-12-09 18:02:58 +00:00
046456c142
Removed unused constants.
2008-12-09 14:33:31 +00:00
3e8de229be
Java5 updates.
2008-12-09 14:30:37 +00:00
98422b69a8
Java5 updates.
2008-12-09 14:27:31 +00:00
c2ac125719
Tidying up.
2008-12-08 21:55:33 +00:00
a2ef10e65f
SEC-1033: Fixed missing AuthenticationTrustResolver in web SecurityExpressionRoot. Converted some logging to trace level.
2008-12-08 21:54:47 +00:00
6b4045667a
SEC-1033: Completed working version of web expression support.
...
SEC-999: Added getExpressionParser() method to the security handler interface to allow both web and method expression security to obtain a suitable parser from the configuration for parsing their expression attributes.
2008-12-08 01:01:14 +00:00
fd3990c1f8
SEC-1033: Refactored DefaultFilterInvocationDefinitionSource to remove legacy methods and make it immutable.
2008-12-07 22:46:36 +00:00
bed00e10f5
Reduced visibility of attribute names in HttpSecurityBDP.
2008-12-07 13:46:09 +00:00
Mike Wiesner
Scott Battaglia
Luke Taylor