Commit Graph

144 Commits

Author SHA1 Message Date
Rob Winch 3118e39de8 SEC-2542: Use exclusions to remove duplicate dependencies
A number of projects had duplicate dependencies on their classpaths
as a result of the same classes being available in more than one
artifact, each with different Maven coordinates. Typically this only
affected the tests, but meant that the actual classes that were
loaded was somewhat unpredictable and had the potential to vary
between an IDE and the command line depending on the order in which
the aritfacts appeared on the classpath. This commit adds a number of
exclusions to remove such duplicates.

In addition to the new exclusions, notable other changes are:

 - Spring Data JPA has been updated to 1.4.1. This brings its
   transitive dependency upon spring-data-commons into line with
   Spring LDAP's and prevents both spring-data-commons-core and
   spring-data-commons from being on the classpath
 - All Servlet API dependencies have been updated to use the official
   artifact with all transitive dependencies on unofficial servlet API
   artifacts being excluded.
 - In places, groovy has been replaced with groovy-all. This removes
   some duplicates caused by groovy's transitive dependencies.
 - JUnit has been updated to 4.11 which brings its transitive Hamcrest
   dependency into line with other components.

There appears to be a bug in Gradle which means that some exclusions
applied to an artifact do not work reliably. To work around this
problem it has been necessary to apply some exclusions at the
configuration level

Conflicts:
	samples/messages-jc/pom.xml
2014-04-02 09:47:26 -05:00
Rob Winch 9988fa141c Update Spring Security version in pom.xml 2014-03-06 08:13:52 -06:00
Rob Winch 6be4e3a9fc SEC-2506: Remove Bundlor Support 2014-03-05 13:32:16 -06:00
Rob Winch 7f99a2dfbb SEC-2487: Update to Spring 3.2.8.RELEASE 2014-02-19 09:30:40 -06:00
Rob Winch ec8b48150d SEC-2474: Update poms 2014-02-07 17:01:11 -06:00
Rob Winch a34178bc40 SEC-2434: Update to Spring 3.2.6 and Spring 4.0 GA 2013-12-12 08:16:59 -06:00
Rob Winch 4460e84b29 Updates to pom.xml author and repo 2013-12-09 08:57:30 -06:00
Rob Winch 2c8946c406 Next development version 2013-11-01 14:20:55 -05:00
Spring Buildmaster 9c703a3051 Release version 3.2.0.RC2 2013-11-01 14:20:49 -05:00
Rob Winch 88f41cdf62 SEC-2341: Update to Gradle 1.8
Some dependencies were necessary to update due to issues with JUnit
integration.
2013-09-24 15:35:51 -05:00
Rob Winch 3d2f23602f SEC-2294: Update Spring Version to 3.2.4.RELEASE 2013-08-31 11:26:43 -05:00
Rob Winch 086056f191 SEC-2289: Make compatible with Spring 4 as well
There are a few subtle changes in Spring 4 that this commit addresses
2013-08-27 16:43:10 -05:00
Rob Winch 976d9a9016 SEC-2194: Polish java config sample apps 2013-08-08 14:33:54 -05:00
Rob Winch 5e6ca12b01 SEC-2097: Update integrationTestCompile to use optional and provided
Also update slf4j version and remove explicit commons-logging from pom generation
2013-07-16 15:59:06 -05:00
Rob Winch 02551e1b7a SEC-2214: Update Spring Version 2013-07-16 15:15:47 -05:00
Rob Winch faa8b354b7 SEC-2209: add pom.xml 2013-07-16 15:15:47 -05:00
Rob Winch 07c3fdf8a7 SEC-2195: Update Groovy, Geb, Spock, httpcomponents, and Jetty 2013-07-16 15:02:39 -05:00
Rob Winch e88800cd9b SEC-2187: Polish
Create private utf8UrlEncode method to improve readability
2013-07-05 10:24:10 -05:00
Tom Boettcher 54c1c20c69 SEC-2187: Encode query parameter names and values in return_to URL 2013-07-05 09:47:18 -05:00
Rob Winch 1ed643ca1f SEC-1998: Provide integration with WebAsyncManager#startCallableProcessing
Support integration of the Spring SecurityContext on Callable's used with
WebAsyncManager by registering SecurityContextCallableProcessingInterceptor.
2012-11-28 17:56:03 -06:00
Luke Taylor a573e7b395 SEC-1820: Added null check for attributesToFetch in OpenID4JavaConsumer. 2011-09-20 21:46:21 +01:00
Rob Winch 4a000d040c SEC-1815: Downgrade openid to use HttpClient 4.1.1 to avoid bug in openid4java's usage of HttpClient 2011-09-18 18:52:27 -05:00
Luke Taylor 8ce4d326f5 Update HttpClient to 4.1.2 and removed incorrect bundlor references to commons version. 2011-08-12 00:23:29 +01:00
Luke Taylor 0120643721 SEC-1794: Convert OpenIDAuthenticationStatus to an enum. 2011-08-10 17:09:33 +01:00
Luke Taylor 89fa771093 SEC-1753: Cater for missing DiscoveryInformation object in OpenID4JavaConsumer.endConsumption. 2011-07-13 22:29:47 +01:00
Luke Taylor 6c9ab570a2 SEC-1729: Fix openid4java guice dependencies to use Maven Central. 2011-04-27 22:13:15 +01:00
Rob Winch 855ea73117 SEC-1729: Updated gradle to reference guice maven repo for all projects 2011-04-27 00:19:58 -05:00
Rob Winch bd74185e41 SEC-1729: Updated openid module and sample to openid4java 0.9.6 and httpclient 4.1.1 2011-04-26 23:39:51 -05:00
Rob Winch ae5b402651 SEC-1729: Revert "SEC-1710: Added shutdown method to OpenID4JavaConsumer that invokes MultiThreadedHttpConnectionManager.shutdownAll()" since it is superseded by SEC-1729
This reverts commit 62ba0fca5c.
2011-04-26 19:53:32 -05:00
Rob Winch a6b0c265db SEC-1729: Revert "SEC-1711: Support verifying that attribute exchange parameters were signed" since it is superseded by SEC-1729
This reverts commit 68ba11ba7b.
2011-04-26 19:52:44 -05:00
Luke Taylor 8178371927 SEC-1700: Add fixed serializationVersionUID values to security context, authentication tokens and related classes 2011-04-21 19:55:32 +01:00
Luke Taylor 23df97f44a Added missing HttpClient version information to openid bundlor template file. 2011-04-20 11:38:26 +01:00
Luke Taylor 4dc5d7d16e Typo. 2011-04-14 18:04:38 +01:00
Rob Winch 5c05575c0d Cleaned up warnings in openid module 2011-04-07 23:28:34 -05:00
Rob Winch 68ba11ba7b SEC-1711: Support verifying that attribute exchange parameters were signed 2011-04-07 23:28:34 -05:00
Rob Winch 62ba0fca5c SEC-1710: Added shutdown method to OpenID4JavaConsumer that invokes MultiThreadedHttpConnectionManager.shutdownAll() 2011-04-07 23:28:05 -05:00
Luke Taylor 4a1908188a SEC-1701: Trim claimed identity parameter value before submitting to OpenID4Java. 2011-03-25 19:13:06 +00:00
Luke Taylor 84ba7a0ea9 Additional tests for OpenID classes and minor refactoring of OpenID4JavaConsumer for easier testing. 2011-02-10 19:56:28 +00:00
Luke Taylor b0df1bd1b0 SEC-1673: Use a map to store the range values use in the bundlor templates. 2011-02-07 16:06:23 +00:00
Luke Taylor 43be9ea2a4 SEC-1430: Removed caching of username in session upon failed authentication. Improved Javadoc. 2010-11-26 13:58:49 +00:00
Luke Taylor d64efe9747 SEC-1492: Added GrantedAuthoritiesMapper to provide mapping of loaded authorities to those which are eventually stored in the user Authentication object. 2010-11-25 15:19:37 +00:00
Luke Taylor 265cdaf2a6 SEC-1595: Added extra constructor to OpenID4JavaConsumer which takes a ConsumerManager to allow a version compatible with GAE to be injected. 2010-11-02 20:19:16 +00:00
Luke Taylor 21ed5feb8d SEC-1600: Added Implementation-Version and Implementation-Title to manifest templates and checking of version numbers in namespace config module and core. Config checks the version of core it is running against and core checks the Spring version, reporting any mismatches or situations where the app is running with less than the recommended Spring version. 2010-10-27 13:25:40 +01:00
Luke Taylor f4d57ab5e8 SEC-1456: Remove maven poms as we are now using gradle for the build. 2010-08-30 19:02:19 +01:00
Luke Taylor 85c4c91e0e IDEA inspection refactorings. 2010-08-05 23:28:07 +01:00
Luke Taylor 2d9a848265 Added missing gradle build files for remaining samples. Some related reordering, dependency fixing etc. CAS sample no longer requires two separate subprojects as both client and server app can be run from a single gradle build. 2010-07-27 02:20:36 +01:00
Luke Taylor 0e57ce2dc3 SEC-1481: Updated constructors of Authentication types to use a generic wildcard for authorities collection. 2010-05-21 15:59:50 +01:00
Luke Taylor 2f025fba6c SEC-1460: Added AxFetchListFactory which matches OpenID identifiers to lists of attributes to use in a fetch-request.
This allows different configurations to be used based on the identity-provider (google, yahoo etc). The default implementation iterates through a map of regex patterns to attribute lists. The namespace has also been extended to support this facility, with the "identifier-match" attribute being added to the attribute-exchange element. Multiple attribute-exchange elements can now be defined, each matching a different identifier.
2010-04-20 23:47:48 +01:00
Luke Taylor f5468087c2 Remove cached DiscoveryInformation from session in OpenID4JavaConsumer's endConsumption method. 2010-04-20 23:47:47 +01:00
Luke Taylor d3d9c5db59 Refactoring of UserDetailsService injection (for X509, OpenID and RememberMeServices) to use a factory bean rather than a post-processor. 2010-04-20 23:47:47 +01:00