a28a932598
SEC-183: Minimise session creation as a consequence of SEC-168 and SEC-182 changes.
2006-02-09 23:04:29 +00:00
0282696202
SEC-182: Remember-me compatibility with concurrent session support.
2006-02-09 10:32:49 +00:00
b1dd784dee
SEC-180: BasicProcessingFilter should configurably ignore authentication failures.
2006-02-09 06:41:31 +00:00
e63b2ec9e6
Cleanup unused imports.
2006-02-09 06:00:25 +00:00
96196bd637
SEC-179: Upgrade to Spring 2.0-M2.
2006-02-09 05:36:06 +00:00
ae29498f75
SEC-158: X509 to support Authentication.isAuthenticated() as per usual contract.
2006-02-09 04:25:07 +00:00
79287999dc
SEC-178: Refactor AbstractAuthenticationToken.
2006-02-09 04:16:50 +00:00
74de83e5f1
SEC-177: Add hashCode() method.
2006-02-09 03:45:47 +00:00
c9cee6651c
SEC-176: Add hashCode() method.
2006-02-09 03:36:47 +00:00
ac457021b8
Inheritance doesn't seem to work, so added the groupId manually.
2006-02-09 03:13:58 +00:00
77be0009ad
Correct equals(Object) method handling if both objects have null getDetails().
2006-02-09 02:54:40 +00:00
78df09db8a
SEC-175: Add equals(Object) method.
2006-02-09 02:53:27 +00:00
dc959b1847
Fix for SEC-159. Added clearContext() method to SecurityContextHolder and refactored code to use it instead of putting an empty context into the holder.
2006-02-08 23:27:46 +00:00
8c0ce12332
SEC-169: Add SessionRegistry.getAllPrincipals() method.
2006-02-08 05:22:48 +00:00
3a01e48b17
SEC-174: Correct IE6 bug with AuthenticationProcessingFilterEntryPoint.
2006-02-08 04:58:50 +00:00
9d213f46a4
SEC-168: Prevent errors with concurrent session support.
2006-02-08 04:42:03 +00:00
1fa6ac0975
SEC-164: Copy Authentication.getDetails() to returned Authentication object.
2006-02-08 02:19:43 +00:00
2daea069f9
Refactoring of BindAuthenticator to allow an extended version which uses ppolicy controls. Added no-cause constructor in LdapDataAccessException for use in data parsing errors.
2006-02-08 02:17:44 +00:00
ca1bf5cc21
SEC-170: AbstractAclVoter to support JoinPoint.
2006-02-08 02:06:55 +00:00
eb7964f6e5
Clean imports.
2006-02-08 01:54:03 +00:00
fe88d6ec17
SEC-134 fix. Authorities array is now copied on access. Also refactored token classes to move authorities to the base class.
2006-02-08 01:24:38 +00:00
842ad929a4
Change search object to use constructor injection (SEC-165) .
2006-02-03 19:53:08 +00:00
436fcde10b
Change apacheds to version 0.9.4-SNAPSHOT, add slf4j-log4j12 dep
2006-02-02 19:58:46 +00:00
3036b5d46b
Spring mock is required for compilation
2006-02-01 19:16:46 +00:00
9771b7817a
SEC-144: Separate SecurityEnforcementFilter from FilterSecurityInterceptor.
2006-01-28 22:54:23 +00:00
fa4c2a6ade
Correct bug with SEC-120 location of where filter chain proceeds.
2006-01-28 22:52:17 +00:00
823f93fe3b
SEC-163: Fix ClassCastException bug in MethodInvocationUtils, and add test to prove correct functionality.
2006-01-28 21:33:35 +00:00
ce907f2ddc
SEC-153: Improve toString() method.
2006-01-28 01:30:46 +00:00
484b0e3a51
SEC-126: Initial commit of WebInvocationPrivilegeEvaluator feature.
2006-01-28 01:26:58 +00:00
0c89822c56
SEC-162: Properly handle null Authentication.
2006-01-28 01:24:52 +00:00
c8c7c24822
SEC-120: Remember-me to delegate to AuthenticationManager so authentication-specific behaviour (such as concurrent user management) can be applied.
2006-01-28 01:22:36 +00:00
9062b4c352
Improved solution to 1.4-compatible IllegalArgumentException with "cause" exception (as suggested on dev list).
2006-01-27 18:53:37 +00:00
fbe5957c23
Add support for ldaps:// urls. (Fix for SEC-146).
2006-01-27 18:28:13 +00:00
82be52cea0
SEC-123: Remove exception from no-arg constructor.
2006-01-27 05:26:46 +00:00
ea182f73fe
SEC-145: Include nested exception.
2006-01-27 05:17:13 +00:00
2459858f48
SEC-132: Refactor out getSessionId() to interface, so different Authentication.getDetails() implementations can be used.
2006-01-27 05:10:30 +00:00
07ed2ca2f0
Initial commit.
2006-01-27 05:09:57 +00:00
ab223b8423
SEC-156: Use getName() instead of toString() as getName() is always the username whereas toString() contains extra information if the Authentication.getPrincipal() has been converted to a UserDetails.
2006-01-27 04:52:46 +00:00
8f6275ab3e
SEC-155: BasicaclEntryCache to provide "remove from cache" support.
2006-01-27 04:42:39 +00:00
449e395181
Reformat code.
2006-01-27 04:42:15 +00:00
e675c89e28
Remove unused imports.
2006-01-27 04:41:32 +00:00
5e258cc201
SEC-161: Truncate everything after ? in URL.
2006-01-27 03:30:01 +00:00
49a917b08d
Remove extra dependency on Commons Lang. This dependency is only required by the domain subproject, not the core security project.
2006-01-27 03:18:34 +00:00
13a0784736
Replaced use of Java 1.5 IllegalArgumentException constructor.
2006-01-27 01:20:15 +00:00
2b0a65983d
Removed unused logger.
2006-01-26 20:48:49 +00:00
f9e043d43a
added commons lang dependency
2006-01-26 20:02:26 +00:00
17b3424b85
Javadoc typos.
2006-01-26 14:55:13 +00:00
4024f124b9
SEC-154: Support Hibernate/CGLIB modified domain objects.
2006-01-26 10:27:32 +00:00
a7ebe51fc8
SEC-135: Additional logging of votes in BasicAclEntryVoter.
2006-01-26 10:04:36 +00:00
f4c1b81a9c
SEC-150: Expand exception message.
2006-01-26 10:00:59 +00:00
37802e3748
SEC-138: Make exception output to Commons Logging, not system console.
2006-01-26 09:36:48 +00:00
10541fc9db
SEC-137: Correct stack overflow with MethodInvocation.createFromClass(Class, Method).
2006-01-26 09:28:30 +00:00
e5c538d1a5
SEC-125: Provide hashCode() method for AbstractAuthenticationToken.
2006-01-26 09:23:03 +00:00
63682a9c5d
Javadoc typos.
2006-01-25 17:04:58 +00:00
fe2f4e4a3b
Added setter method to allow connection pooling to be disabled.
2006-01-25 17:04:02 +00:00
b20c0a674a
Fixed NPE see SEC-143
2006-01-16 23:56:04 +00:00
38629f159a
Added default role option to authorities populator.
2006-01-13 21:13:53 +00:00
63dcdec1b7
Corrected more Jalopy screwy formatting.
2006-01-06 02:00:41 +00:00
22b0e1613c
Addition of package.html files. Minor formatting.
2006-01-05 19:59:04 +00:00
2f53f0e7d7
Message string changed to reflect class name changes.
2006-01-05 01:11:45 +00:00
affa500778
Message string changed to reflect class name changes.
2006-01-05 01:02:49 +00:00
d7ae1ad21b
Refactoring to reduce code duplication, remove config files and use JMock to enforce expectations on whether FilterChain proceeds or not.
2006-01-05 00:59:10 +00:00
0202b47346
Switched to using JMock methods for dummy objects.
2006-01-04 23:31:34 +00:00
4063a87dbf
Changed to use parent method for Mock creation rather than new operator.
2006-01-04 23:25:40 +00:00
f9d0ee209b
Changed FilterInvocationDefinitionSourceEditor to complain if the parsed URL or the config attribute is empty or null. Plus some comment tidying.
2006-01-04 21:35:10 +00:00
56bccf6070
Added MessageSource support for LDAP provider classes.
2006-01-03 20:31:19 +00:00
e81be72bd7
Changed test to use tested class rather than interface name. Added test for service detection style URLs.
2006-01-01 15:11:54 +00:00
1dfc42550f
Add spring-mock to dependency management
...
Add ldap dependencies
Simplify spring dependencies
2005-12-25 00:21:49 +00:00
6b1f97a381
Resolve compiler warnings.
2005-12-24 10:03:18 +00:00
b0d65259b6
Changed groupId to org.acegisecurity
2005-12-22 16:40:22 +00:00
f226dfb67f
Use ISO encoding to avoid problems
2005-12-22 16:27:44 +00:00
0c9e1769a4
Improved m2 poms
2005-12-22 15:54:37 +00:00
f662ed5890
Ignore eclipse project files
2005-12-22 13:41:33 +00:00
9b5aa159aa
Correct screwy formatting.
2005-12-22 01:42:27 +00:00
3977e3b822
Refactored to remove unnecessary null check in createSuccessAuthentication. Removed several legacy references to AuthenticationDao in Javadoc.
2005-12-22 01:30:53 +00:00
5b076c79d1
Changed to use a Set rather than array index to check for the presence of granted authorities as the ordering of the latter couldn't be guaranteed.
2005-12-22 01:22:09 +00:00
41a95b11cd
Corrected wrong package name in Javadoc.
2005-12-22 01:18:32 +00:00
8f725f7a74
Removed no-arg constructor from UsernamePasswordAuthenticationToken.
2005-12-22 01:16:16 +00:00
c378779610
Removed printStackTrace from expected exception.
2005-12-22 01:15:25 +00:00
09cef7adc2
Refactoring to remove encodeInternal method. Same as recent changes to SHA encoder.
2005-12-21 16:41:52 +00:00
2d1dd7b292
Restoring author/version tags, some minor comments.
2005-12-21 00:48:57 +00:00
20d69e2734
Tidying up some Jalopy weirdness.
2005-12-21 00:39:36 +00:00
dc728987f4
Changed LdapDataAccessException to extend AuthenticationServiceException.
2005-12-21 00:14:15 +00:00
0f678d53ba
Javadoc typo in tag.
2005-12-21 00:00:02 +00:00
911be66513
Move LdapUserSearch into main provider package and separate out its current implementation as it may be used for more than authentication.
2005-12-20 23:58:35 +00:00
b01bf0b878
Expanded Javadoc.
2005-12-20 23:26:38 +00:00
1549ec55b1
Switch to embedded context version of apache DS (no socket nonsense etc.)
2005-12-20 23:08:54 +00:00
9554dc50bc
Pull functionality for hiding UsernameNotFoundException's up into AbstractUserDetailsAuthenticationProvider.
2005-12-19 17:23:34 +00:00
929b08c085
Spring config for ApacheDS is no longer used.
2005-12-19 17:04:09 +00:00
069f78c00b
Move the apacheDS working directory to java.io.tmpdir
2005-12-19 17:01:25 +00:00
1f66750e24
Added support for multiple DN patterns. Changes to favour constructor injection for mandatory properties. Renamed LdapUserInfo to prevent confusion with UserDetails interface.
2005-12-18 21:14:27 +00:00
e3b728cc9a
Javadoc typos.
2005-12-18 15:02:17 +00:00
40f50498b2
Re-enable some tests which partially work with embedded ApacheDS.
2005-12-16 18:26:23 +00:00
bfb4fb81d4
Remove messages about existing data.
2005-12-16 02:47:47 +00:00
f9c88adfa9
Switch to embedded server and disable tests which cause problems with apacheDS for the time being.
2005-12-16 02:23:06 +00:00
53252d258f
Set extra properties on InitialDirContextFactory and corrected group search filter.
2005-12-16 01:28:29 +00:00
1db1a3cd62
Changes try to get Ldap tests working with the possibility of using a non-networked embedded server.
2005-12-16 01:07:31 +00:00
45e2f9dac4
Removed internal encoding method to make subclassing work.
2005-12-16 00:59:29 +00:00
781ed0f380
Switch to local url.
2005-12-15 03:45:48 +00:00
d014411d48
Corrections to DIT for apache-ds tests.
2005-12-15 02:16:13 +00:00
ce3d6f2129
Initial LDAP provider checkin.
2005-12-15 00:18:13 +00:00
a1037ddc87
Prepare 1.0.0 RC1.
2005-12-04 11:20:52 +00:00
d89c6c0a74
SEC-118: Wrong logger class corrected.
2005-12-04 10:48:33 +00:00
ee48f38ff0
SEC-116: Correct JavaDocs.
2005-12-02 12:14:38 +00:00
75a9784028
SEC-58: Initial commit of Velocity helper.
2005-12-01 09:38:50 +00:00
b16ce31c5b
Prove placeholders work correctly.
2005-12-01 00:30:18 +00:00
2c28ff4fd1
SEC-56: Further improvements to localization.
2005-11-30 01:23:36 +00:00
62fde4ede3
SEC-107: Finalize rename of AuthenticationDao to UserDetailsService with corresponding change in package from .providers.dao to .userdetails.
2005-11-30 00:20:13 +00:00
a6e23d79ae
SEC-107: Rename AuthenticationDao to UserDetailsService.
2005-11-29 13:10:15 +00:00
6144e1664e
SEC-108: Make fields protected.
2005-11-29 02:43:35 +00:00
6585c2b391
Allow subclasses to make modifications to GrantedAuthority[].
2005-11-26 13:27:30 +00:00
fddcd6112e
SEC-56: Add localisation support.
2005-11-26 05:11:53 +00:00
f4c3e2ff8c
Use Spring Assert for cleaner code.
2005-11-26 04:18:21 +00:00
e53a00371c
Use logger instead of System.out.println().
2005-11-26 04:10:05 +00:00
218fcf5b24
SEC-3: Add static method so digest-compatible passwords can be stored in database.
2005-11-25 05:20:57 +00:00
bb2ac126b7
SEC-47: AbstractSecurityInterceptor to reject secure object invocations which do not have configuration attributes defined.
2005-11-25 04:56:01 +00:00
27f47673ad
SEC-106: Use getMethod() instead of getDeclaredMethod() so that methods defined in principal Object superclasses are accessible.
2005-11-25 04:40:27 +00:00
9ccaf05cc7
SEC-112: Bug when SecurityEnforcementFilter used with disabled Authentication and remember-me services.
2005-11-25 04:38:18 +00:00
47166fe078
SEC-110: ProviderManager to properly handle ConcurrentLoginException.
2005-11-25 04:33:40 +00:00
58b8b840b3
SEC-105: Correct incorrect JavaDocs.
2005-11-25 04:29:32 +00:00
969bbff00c
SEC-18: Preemptive method invocation security checking helper.
2005-11-25 04:18:34 +00:00
731d7b2e89
SEC-113 Provide MethodInvocationUtils.
2005-11-25 04:17:25 +00:00
72256a225f
SEC-73: Support storage and retrieval of actual Principal object (such as UserDetails) from PrnicipalAcegiUserToken.
2005-11-25 00:26:30 +00:00
7847af2664
Fix for SEC-111. Added a try/finally block to make sure context is always reset after the invocation.
2005-11-23 16:09:44 +00:00
6a1a4abb1d
SEC-104: Move to org.acegisecurity package.
2005-11-17 00:56:49 +00:00
79c3ba521b
Resolved and/or inhibit build warnings as seen in Eclipse 3.1. Please refer to http://opensource2.atlassian.com/projects/spring/browse/SEC-93 for more info.
2005-11-11 22:37:38 +00:00
b1d247835a
Stop causing an exception when there is no AuthenticationException to ApplicationEvent mapping. Requested by Brian Moseley on acegisecurity-developer 10 November 2005.
2005-11-10 00:41:54 +00:00
c167e9fd87
Change SecurityContextHolder to ThreadLocal due to IBM JDK 1.3 issues as described at http://tinyurl.com/8zhka and reported by Scott McCrory on acegisecurity-developer 8 November 2005.
2005-11-08 22:07:33 +00:00
b938b6b363
Increased SiteminderAuthenticationProcessinfFilter test coverage from 70% to 93%.
2005-11-08 02:55:48 +00:00
df9deea4de
Only clear SecurityContextHolder if the Authentication object has not changed.
2005-11-08 01:39:27 +00:00
97f3ad79cb
Removed unused imports & organized the remnants.
2005-11-07 03:32:18 +00:00
55f5093ec7
SEC-94: DaoAuthenticationProvider to include UserDetails in BadCredentialsException.
2005-11-07 03:04:47 +00:00
309b559a8f
Removed unused imports.
2005-11-06 23:00:31 +00:00
e02dbd5c34
Changed class names to match new context classes.
2005-11-06 22:00:27 +00:00
0aef31d302
Converted ApplicationContextAware classes to ApplicationEventPublisherAware (SEC-69).
2005-11-06 21:11:25 +00:00
6511677f93
Moved duplicate setting of null authentication to setUp method.
2005-11-06 21:06:53 +00:00
bba77b64e9
Corrected javadoc
2005-11-06 21:01:21 +00:00
5cb7575b2b
Corrected references to old context class names in Javadoc and logging.
2005-11-05 18:49:55 +00:00
5a51f391a4
Add UsernameNotFoundException to default exception to event mappings list.
2005-11-05 09:20:14 +00:00
aa4fd8586c
Fix concurrent session interaction bug where UserDetails.getUsername() may have been override to be a different value than the original login request, as per email from Herryanto Siatono on acegisecurity-developer 5 November 2005.
2005-11-05 03:50:22 +00:00
0aa4989dad
JaasAuthenticationProvider no longer supports the useSystemProperty setting.This is because it no longer uses the java.security.auth.login.config system property for configuring Jaas. Custom Jaas configuration needs can be implemented in a subclass that overrides the configureJaas method.
...
JaasAuthenticationProvider now handles logout by associating the LoginContext with a new JaasAuthenticationToken
2005-11-04 15:02:27 +00:00
6049e9ac65
Removed string concatenation from buffer.append methods
2005-11-04 14:54:25 +00:00
9be82a3d8f
SEC-67: Enhance taglib to allow retrieval of custom UserDetails methods.
2005-11-03 13:51:55 +00:00
31a1f0be1a
SEC-52: Move potentially useful methods to an abstract superclass so that other voters can use them.
2005-11-03 13:47:44 +00:00
6e389ca1b8
SEC-51: Use long instead of int for ACL primary keys.
2005-11-03 13:38:45 +00:00
633f2cfe66
SEC-39: Add equals(Object) method to User.
2005-11-03 13:20:26 +00:00
7faf2741f1
SEC-32: Patches to move isPermissable(int) method to the BasicAclEntry interface. Thanks to Andres March for this patch.
2005-11-03 13:08:43 +00:00
a42dec6fbf
SEC-21: Initial commit.
2005-11-03 12:56:27 +00:00
e9b1d9452f
SEC-9 and SEC-55: Refactor DaoAuthenticationProvider and deprecate PasswordDaoAuthenticationProvider.
2005-11-03 11:31:23 +00:00
f50cbd31ba
SEC-38: Make InMemoryDaoImpl support external Properties objects.
2005-11-03 10:05:02 +00:00
0d77abb9c1
SEC-64: Correct operation with Orion Web Application Server. Patch thanks to Paul Brooks.
2005-11-03 09:48:52 +00:00
d9be0f86fd
SEC-53: BasicProcessingFilter only to reauthenticate if the SecurityContextHolder contains an unauthenticated Authentication, or an Authentication with a different username.
2005-11-03 09:45:30 +00:00
690ab27a52
SEC-70 and SEC-71: Refactor event publishing.
2005-11-03 09:23:49 +00:00
b6dbfde55c
SEC-70: Refactor event publishing.
2005-11-03 06:55:47 +00:00
3811200599
Improve debug output.
2005-11-03 06:51:30 +00:00
2cbe42f493
SEC-7: Allow better chaining of authentication providers.
2005-11-03 04:14:12 +00:00
42c47c086a
JavaDocs formatting.
2005-11-03 04:13:56 +00:00
f8b0de3459
Corrected Javadoc link to interface name.
2005-11-01 14:22:08 +00:00
5235727d23
SEC-2
...
Refactor the CaptchaChannelProcessor and extract a CaptchaChannelProcessor that is an abstract class and add its implementations.
Jalopy on all java files.
2005-10-24 17:08:18 +00:00
1ae07779a2
SEC-710: Refactor concurrent session handling support.
2005-10-22 01:53:03 +00:00
a5ffda7369
SEC-63: Do not return an absolute URL unless switching from HTTP to HTTPS.
2005-10-21 08:00:15 +00:00
c6d5363e5d
SEC-60: Make method more friendly towards Hibernate detached object. Please note my comments in the JIRA task, as I believing calling toString() is not an unreasonable expectation.
2005-10-21 07:53:34 +00:00
d49198a944
SEC-43: Eliminate id column.
2005-10-21 07:32:48 +00:00
41202112bc
SEC-37: Only update HttpSession if SecurityContext has actually been changed.
2005-10-21 07:26:16 +00:00
494e35f009
Jalopy styling.
2005-10-21 07:23:33 +00:00
24a78be159
Corrected link in Javadoc.
2005-10-19 21:19:16 +00:00
c065c46668
Javadoc correction: ContextHolder -> SecurityContextHolder
2005-10-18 15:44:22 +00:00
df4b8f602f
Javadoc correction: SecureContext -> SecurityContext
2005-10-18 15:43:41 +00:00
b2363dfe07
SEC-62 Add maven 2 support
2005-10-06 20:53:08 +00:00
a39339674e
login.config.url should be set to a url, not a file path
...
The System property java.security.auth.login.config will only be used if the useSystemProperty option is enabled. This is the default.
2005-09-26 14:14:42 +00:00
bc14dd62db
Fixed CVS line break
2005-09-25 22:49:45 +00:00
4717b64b83
Updated Siteminder auth processing filter and added test case. As of this weekend, this version is in production at a large financial org.
2005-09-25 22:48:33 +00:00
0f5e9ad372
Fix NPE. Thanks to Tom Dunstan.
2005-09-22 01:49:12 +00:00
f5741962ed
Add createSessionAllowed property, which should be set to false to avoid unnecessary session creation.
2005-09-22 00:54:27 +00:00
60d3b6505b
Finalizing the validation, entry point and channel processor concerning captchas. Replacing the Thread.sleep() in captchaChannelProcessorTest to avoid the build break issue.
2005-09-20 12:24:47 +00:00
fb3f4af3b2
when extracting the original user, fix by referencing by the interface (UserDetail) rather than the concrete class (User)
2005-09-20 02:28:01 +00:00
24394b7b2b
added fix to preserve custom UserDetails implementations (Matt DeHoust fix recommendation)
2005-09-19 02:22:44 +00:00
d44b570087
Disable failing tests until Marc-Antoine has a chance to look at them.
2005-09-18 22:38:37 +00:00
ae9e7733db
Fix broken tests.
2005-09-18 22:38:05 +00:00
35ca25f085
BasicAuthenticationProcessingFilter no longer creates HttpSession via WebAuthenticationDetails call.
2005-09-08 11:15:48 +00:00
c7dcceb05c
Do not setAuthenticated(false) in the event of a public (unsecured) invocation. Thanks to Joseph Dane for reporting this issue on acegisecurity-developer on 3 September 2005.
2005-09-08 09:32:24 +00:00
486bbee35d
added context path to redirect
2005-09-03 21:43:08 +00:00
9d359780d9
finish user context switch event publishing
2005-09-03 20:24:35 +00:00
20ebb668a6
Added event for user context switching and updated switch user filter
2005-08-25 02:59:19 +00:00
55f5c3397a
Relocated JdbcDaoExtendedImpl.convertAclObjectIdentityToString to superclass (pursuant to suggestion made by Tim Kettering on acegisecurity-developer).
2005-08-23 22:45:17 +00:00
2bda6ec25c
Fix: SEC-48 http://opensource2.atlassian.com/projects/spring/browse/SEC-48
...
If the principal is an instanceof UserDetails, UserDetails.getUsername();
2005-08-23 15:15:06 +00:00
40a81ed220
Revisit synchonization issue and correct problem identified by Volker Malzahn.
2005-08-21 10:10:16 +00:00
ec5e39c2e8
Initial checkin of user security context switching (see SEC-15). This is the first cut of the SwitchUserProcessingFilter that handles switching to a target uesr and exiting back to the original user. Note: This is going to be used for the common use-case of an Administrator 'switching' to another user (i.e. ROLE_ADMIN -> ROLE_USER). This is the initial cut of a Unix 'su' for Acegi managed web applications.
2005-08-04 05:49:12 +00:00
725ec767b6
Javadoc typo corrected (as suggested on mailing list)
2005-08-01 20:05:02 +00:00
c2c48b905b
Added package.html files to reamining java packages (see http://opensource.atlassian.com/projects/spring/browse/SEC-41 )
2005-07-26 01:54:18 +00:00
f5975dcf30
Whoops, almost forgot to remove System.out debug lines :-/
2005-07-26 00:55:53 +00:00
891cd7380c
Mirrored Ben's FilterChainProxy.java 1.5 spelling fix to its corresponding test class, which depended on equality of the exception message. All JUnit tests pass now.
2005-07-26 00:50:43 +00:00
dc31553f2a
Syntax
2005-07-25 22:49:05 +00:00
db4ed4bc44
Added debug statement to AbstractTicketValidator to help with Acegi+CAS+SSL setup (thanks Seth Ladd for the patch) (see http://opensource.atlassian.com/projects/spring/browse/SEC-34 )
2005-07-25 03:46:23 +00:00
c66c5dfab5
AuthorizeTag no longer depends on JDK 1.4. Tested on Websphere 5.0 w/JDK 1.3 (see http://opensource.atlassian.com/projects/spring/browse/SEC-11 )
2005-07-25 00:52:15 +00:00
32f62d1ef1
Added SiteminderAuthenticationProcessingFilter for Ben's review. <Untested>.
2005-07-24 23:59:08 +00:00
f625d06cd9
Avoid expense of HttpSession when working with anonymous users.
2005-07-23 09:52:42 +00:00
4ad98a7df3
Spelling correction, thanks to Zack Chandler.
2005-07-23 07:40:43 +00:00
c5ba30b001
Comment how to make a signing certificate.
2005-07-23 07:39:56 +00:00
4b98d357ff
SecureContextLoginModuleTest has been renamed to ...Tests as per Acegi project.
...
SecureContextLoginModule now throws a LoginException if there is no authentication present, if the ignoreMissingAuthentication option is true, the login() method will simply return false.
2005-07-22 04:35:31 +00:00
e51c38aec9
Removed reference in Javadoc to obtaining and validating the SecureContext (checking for null etc), as this is no longer relevant.
2005-07-21 22:59:30 +00:00
c89d4a8add
Added trimming of whitespace to tokens and use of Springs StringUtils.hasText() to check for content in the string passed to setAsText.
2005-07-21 22:55:27 +00:00
3287439421
Initial commit for captcha adapter
2005-07-19 12:35:50 +00:00
74588c8e53
Move acegifier code from core.
2005-07-16 19:35:30 +00:00
5bbc54ac42
Javadoc typo corrected
2005-07-15 14:28:44 +00:00
d9b1a8e83c
Fix typo in InteractiveAuthenticationSucces(s)Event
2005-07-11 01:23:20 +00:00
c7bfeeaf58
Clarify local variable name given it was the same as a member variable.
2005-07-11 01:19:41 +00:00
ab065923d4
Correct doctype for generated web.xml files and add declaration to test file.
2005-07-09 23:32:08 +00:00
22a28f3b39
Separate InMemoryResource class for use in Acegifier web application.
2005-07-09 21:37:50 +00:00
7268c81192
Fix for SEC-27. Now checks for a null authentication before proceeding to fire the success event.
2005-07-08 21:16:12 +00:00
f1656ee7fd
Tidying: removed unused intermediate variable.
2005-07-08 21:10:26 +00:00
6f467def90
Added conversion of URLs ending in '*' to the ant '**' form.
2005-07-06 17:22:19 +00:00
9e1a773cc7
Add xsl resources to build.
2005-07-06 15:22:52 +00:00
d13faf0815
Renaming and refactoring of web.xml converter.
2005-06-30 21:23:50 +00:00
118f6401d8
XSL file for converting web.xml to acegified version.
2005-06-29 23:00:54 +00:00
a2bc398915
Refactoring and commenting XSL
2005-06-27 21:56:13 +00:00
3e4a29eae9
FilterSecurityInterceptor now has an observeOncePerRequest boolean property, allowing multiple fragments of the HTTP request to be individually authorized (see http://opensource.atlassian.com/projects/spring/browse/SEC-14 ).
2005-06-27 03:57:31 +00:00
5c883e639f
Add InteractiveAuthenticationSuccessEvent handling to authentication mechanisms.
2005-06-27 03:34:36 +00:00
60f8095cf2
Make Authenticated.isAuthenticated() behaviour switchable. See http://opensource.atlassian.com/projects/spring/browse/SEC-13 .
2005-06-27 03:05:26 +00:00
ef8281f534
HttpSessionContextIntegrationFilter elegantly handles IOExceptions and ServletExceptions within filter chain (see http://opensource.atlassian.com/projects/spring/browse/SEC-20 ).
2005-06-27 02:55:01 +00:00
25fa471779
First version of web.xml to acegi translator
2005-06-26 17:30:36 +00:00
a312fede74
Refactor DAO authentication failure events under a consistent abstract superclass (thanks to Mark St Godard for suggestion).
2005-06-22 08:07:52 +00:00
c0f1d4e19d
Remove getters and setters from JdbcDaoImpl so IoC container cannot modify MappingSqlQuerys (thanks to David Durham for bug report).
2005-06-22 08:06:28 +00:00
a15691d9d7
Silently catch NotSerializableException in AbstractProcessingFilter if rootCause is not Serializable (thanks to Joseph Dane for reporting this bug).
2005-06-22 07:03:53 +00:00
5f75e9bf9a
Refactor Authentication.isAuthenticated() handling to be more performance (as per developer list discussion).
2005-06-22 06:30:46 +00:00
a7b5299e77
Correct synchronization issue with FilterToBeanProxy initialization (thanks to George Franciscus and Volker Malzahn as per acegisecurity-developer discussion 4 June 2005).
2005-06-22 05:22:05 +00:00
c699f7d40e
Support non-username as primary key.
2005-05-29 09:46:51 +00:00
25cb085df7
More JavaDocs.
2005-05-29 08:30:28 +00:00
3401072368
Made Serializable as per acegisecurity-developer list discussion on 20 May 2005.
2005-05-22 03:56:37 +00:00
4e55780e7c
Performance optimisations thanks to Paulo Neves.
2005-05-20 00:00:22 +00:00
cfb8271826
Reorder DaoAuthenticationProvider exception logic as per developer list discussion.
2005-05-18 01:40:45 +00:00
ecbfac2ff8
Made AclEntry Serializable (correct issue with BasicAclEntryCache).
2005-05-17 11:07:00 +00:00
fa6924a373
Update project workspace settings to Java 1.5. NB: Maven remains at 1.3 compatibility for all subprojects except "domain". It is recommended the Eclipse "Problems" view be customised to not display items containing "Type Safety:" in their description. Developers should NOT introduce 1.5+ dependencies to any projects apart from "domain".
2005-05-09 01:18:31 +00:00
e08e66dec6
Refactor SecurityContextHolder to return a SecurityContext instead of Authentication.
2005-05-08 23:42:14 +00:00
6a9abe5d90
Remove ContextHolder and introduce SecurityContext.
2005-05-07 09:11:37 +00:00
47989c11bd
HttpSessionEventPublisher now verifies that the ApplicationContext is not null
2005-05-02 20:31:18 +00:00
d169829f27
AbstractAuthenticationToken.getName() now returns username alone if UserDetails present.
2005-04-29 22:29:00 +00:00
54ccbf5617
The SecurityEnforcementFilter was forced to catch Throwable by the FilterInvocation.invoke(...) method. Therefore it was wrapping the throwable in ServletException, which left it wrapping SevletException and IOException in ServletException.
2005-04-29 02:53:02 +00:00
2c23c75f91
SecureContextLoginModule as requested from list with Test
2005-04-27 04:47:41 +00:00
6f286e2054
AuthorityGranter.grant now returns a java.util.Set of role names, instead of a single role name
2005-04-27 03:39:06 +00:00
c29a5731be
Moved credential expiry checking after password check. If the wrong password is presented, BadCredentialsException will now be thrown even if the password has expired.
2005-04-25 23:11:12 +00:00
cff9ba4988
AnonymousProcessingFilter offers protected method to control when it should execute as per http://forum.springframework.org/viewtopic.php?p=19766 .
2005-04-21 23:02:58 +00:00
4e1649c2b7
Fix NullPointerException caused by unit tests.
2005-04-20 12:39:14 +00:00
1fc79f04f1
Added AntPathMatcher member to bring into line with recent Spring refactoring which breaks the build.
2005-04-18 23:10:54 +00:00
48ad6496e4
Javadoc typo corrected
2005-04-18 16:24:33 +00:00
ee32874308
Added X509 EhCache tests and fixed glaring bug in X509 EhCache implementation.
2005-04-17 22:18:01 +00:00
ec80ae22c1
Templated out event publishing. Added getApplicationContext(). Fixed javadoc formatting
2005-04-17 14:13:13 +00:00
1a78f9e15f
Refactored to use Spring Assert class (thanks IntelliJ :).
2005-04-15 01:21:41 +00:00
fdf5c63033
Add obtainUsername method as per http://forum.springframework.org/viewtopic.php?t=4757 .
2005-04-13 22:17:05 +00:00
8091b60194
Improve Javadocs.
2005-04-12 04:19:09 +00:00
f2788c7cb6
Refactored to use Spring Assert class. Corrected some typos.
2005-04-11 01:18:46 +00:00
3d4f8eed31
Refactoring to use Spring mock web classes.
2005-04-11 01:07:04 +00:00
d6f2b136ec
Refactored to use Spring mock classes.
2005-04-09 23:37:18 +00:00
458a2c9e39
Refactored to use Spring mock classes.
2005-04-09 23:24:22 +00:00
021abb7369
Added check for "path parameters" to ensure the filterProcessesUrl matches rewritten URLs with a jsessionid included. Refactored property checking to use Spring Assert class.
2005-04-09 22:50:06 +00:00
eaa5feb5f8
Refactored to use Spring mock objects for HttpRequest etc.
2005-04-09 21:48:47 +00:00
204da55a0b
PasswordDaoAuthenticationProvider no longer stores String against Authentication.setDetails().
2005-04-03 21:48:45 +00:00
9649003d57
AbstractProcessingFilter no longer uses a set*FailureUrl approach for every exception, it now uses a properties object that maps authenticationExceptions to failure urls
2005-03-28 17:42:21 +00:00
798ebb1a3d
Correct NullPointerException as fixture missing an ApplicationContext and attempting to publish an event.
2005-03-27 08:40:09 +00:00
684d5bc10e
Handle null Authentication.getAuthorities() in AuthorizeTag.
2005-03-27 06:36:41 +00:00
8ae2276843
TokenBasedRememberMeServices changed to use long instead of int for tokenValiditySeconds.
2005-03-25 22:07:00 +00:00
10c1926385
Added the ConcurrentSessionViolationEvent that will be published by the ConcurrentSessionControllerImpl before throwing the ConcurrentSessionViolationException
2005-03-25 00:53:46 +00:00
8884ca51af
Add credentialsExpiredFailureUrl getter/setter to AbstractProcessingFilter.
2005-03-23 23:22:51 +00:00
9f66c0eae9
Update to current Spring JAR dependencies.
2005-03-22 11:17:22 +00:00
c936801842
DigestProcessingFilter now provides userCache getter and setter.
2005-03-21 08:03:11 +00:00
0530351f0d
Provide toString() method on User.
2005-03-21 05:33:51 +00:00
a2b9da7e22
StringSplitUtils.split() ignored delimiter argument.
2005-03-21 05:14:48 +00:00
6f31ecb04b
UserDetails now indicates locked accounts.
2005-03-21 03:22:59 +00:00
ae47fb722d
sendError now returns less informative forbidden message rather than the exception message.
2005-03-20 19:12:51 +00:00
944d11bb1a
Changed to using DN in cache log messages rather than entire certificate.
2005-03-19 18:07:24 +00:00
918fc7c15a
License header added.
2005-03-18 01:00:36 +00:00
e755687a19
Updated to use Spring Assert class.
2005-03-18 00:59:32 +00:00
2a6c68deb6
Entry point tests
2005-03-18 00:52:23 +00:00
a056946c49
HttpSessionContextIntegrationFilter now handles HttpSession invalidation without redirection.
2005-03-18 00:50:12 +00:00
8592e3bcbf
Added tearDown method which resets the Context to null
2005-03-18 00:45:48 +00:00
04366d2b12
Corrected Javadoc
2005-03-18 00:33:30 +00:00
07e46fe4d5
Proper handling if the account is no longer allowed login.
2005-03-18 00:06:09 +00:00
748f427a80
Prove SecureContextImpl.equals works as we want it to, in light of HttpSessionContextIntegrationFilter's attempts to avoid unnecessary HttpSession creation.
2005-03-17 23:35:29 +00:00
abe9dfd234
Added caching and use of Spring's Assert to X509 provider
2005-03-17 21:43:42 +00:00
90914be3c2
Import cleaning
2005-03-17 19:58:08 +00:00
7db94cb5b7
X509 UserDetails cache interface and implementation
2005-03-17 19:57:12 +00:00
7c6a2911c9
Added package.html files
2005-03-17 19:49:18 +00:00
562a015aeb
Javadoc typo corrected.
2005-03-17 14:14:18 +00:00
cacc31004f
Javadoc typo corrected.
2005-03-16 23:31:19 +00:00
bb7d428617
Commence method now returns 403 error
2005-03-16 18:26:41 +00:00
452604ff3b
Minor Javadoc corrections.
2005-03-16 16:57:28 +00:00
52c42a7a40
Corrected Authz parsing of whitespace in GrantedAuthoritys. Contributed by Francois Beausoleil.
2005-03-14 06:09:33 +00:00
632617f693
Test that the ConcurrentSessioncontrollerImpl implements ApplicationListener. This is critical and was left out once.
2005-03-13 22:35:17 +00:00
ff45047f5a
This MUST implement ApplicationListener in order to receive the HttpSessionDestroyedEvents
2005-03-13 22:30:06 +00:00
169449bf24
In response to: http://forum.springframework.org/viewtopic.php?t=3874
...
JaasAuthenticationProvider now checks that the java.security.auth.login.config is null before attempting to use it.
Also, The loginConfig resource is attempted as a file first as spaces in the path name can cause FileNotFoundExceptions for URLs
2005-03-13 22:26:56 +00:00
df91d352cb
AbstractBasicAclEntry improved compatibility with Hibernate, as per http://forum.springframework.org/viewtopic.php?t=3949 .
2005-03-13 21:01:16 +00:00
f594fdf751
Tidying and tests to bring Dao populator up to full coverage.
2005-03-12 21:56:04 +00:00
76f868c777
More tests.
2005-03-12 21:27:22 +00:00
765cc02599
Tidying.
2005-03-12 21:24:55 +00:00
9f62da7d1c
Better test method names.
2005-03-12 21:20:43 +00:00
0a4fc1731a
Tests added to bring X509ProcessingFilter up to full coverage.
2005-03-12 20:47:58 +00:00
c3c5487b93
Now sets WebAuthenticationDetails on authentication request token.
2005-03-12 20:46:58 +00:00
acee1ef696
Added "details" property
2005-03-12 20:40:05 +00:00
5d1cd29dfb
Added tearDown method which resets the context to null to prevent occasional breaking of other test classes.
2005-03-12 13:44:00 +00:00
f578915728
Test class for X509 filter.
2005-03-11 17:42:39 +00:00
af02c42e9f
First version that works.
2005-03-11 03:15:54 +00:00
fbb4bc0873
Added regexp matching within the DN to extract the user name.
2005-03-11 02:47:43 +00:00
29050b29b2
Dao populator tests for X.509. Tests matching of regexps in the certificate Subject to extract the user name.
2005-03-11 02:08:07 +00:00
4763f953d3
FilterChainProxy now supports replacement of ServletRequest and ServetResponse by Filter beans.
2005-03-11 01:41:43 +00:00
5c86b97f37
First working (kind of) version.
2005-03-11 00:39:36 +00:00
c5fe428400
Patch by Matt Raible which returns null if Authentication is anonymous.
2005-03-10 12:00:30 +00:00
b898b87ffb
Enhance test coverage as part of diagnosis of reported bug at http://forum.springframework.org/viewtopic.php?p=15751 .
2005-03-10 11:39:32 +00:00
15535fff41
SecurityEnforcementFilter caused NullPointerException when anonymous authentication used with BasicProcessingFilterEntryPoint.
2005-03-10 11:11:25 +00:00
08dbf66880
(Currently functionless) entry point implementation for X.509
2005-03-10 03:21:25 +00:00
aabcef4c69
Dao populator for X509, mirroring the CAS one.
2005-03-10 03:20:25 +00:00
fea1725f39
Removed inappropriate inheritance from AbstractProcessingFilter (doesn't make sense for X509 case).
2005-03-10 03:16:45 +00:00
ae91b58685
First stab at X509 authentication provider
2005-03-09 02:14:30 +00:00
da3801b914
Javadoc improvements.
2005-03-09 02:02:05 +00:00
559f480f4b
Corrected Javadoc typos.
2005-03-07 22:35:28 +00:00
ab6d43ff08
Corrected Javadoc typo.
2005-03-07 16:53:42 +00:00
051a34f859
Support credentialsExpiredUrl as per request made in http://forum.springframework.org/viewtopic.php?t=3862 .
2005-03-07 12:23:48 +00:00
5c3799cd16
Changed "opal ticket" to "opaque ticket" in Javadoc.
2005-03-05 19:48:02 +00:00
124f33bb09
Corrected Javadoc typo
2005-03-05 18:27:05 +00:00
6b12779902
Minor Javadoc corrections
2005-03-05 18:23:04 +00:00
4ef54828c0
corrected javadoc link
2005-03-05 01:05:23 +00:00
f1e071b0f1
Added remember-me services.
2005-03-01 02:30:38 +00:00
0d33b06990
Fix NullPointerException if a pattern is given without any config attributes (eg /**/*.css=). Contributed by Konstantin Shaposhnikov.
2005-02-28 22:06:53 +00:00
873c3f6c3d
Improve Linux and non-Sun JDK (specifically IBM JDK) compatibility.
2005-02-28 03:02:32 +00:00
d47a2190f7
Correct test failure on high performance JREs.
2005-02-27 07:16:38 +00:00
44397bb05d
Committing ConcurrentSessionController feature and tests. Documentation is needed.
2005-02-26 21:48:07 +00:00
4125db5650
Added in a default constructor to use the original sessionid and a constructor for specifying the sessionId
2005-02-25 05:24:10 +00:00
693ac5a24a
Anonymous principal support. As requested by the community at various times, including in http://forum.springframework.org/viewtopic.php?t=1925 .
2005-02-23 06:09:56 +00:00
3c4faf58c7
HttpSessionEventPublisher, HttpSessionCreatedEvent, HttpSessionDestroyedEvent
...
Used together to provide published events in the ApplicationContext about HttpSessions.
Useful for things like Single Session logins.
2005-02-23 02:54:41 +00:00
8b24b1cf7a
MockFilterChain extended TestCase but had no public constructor and no test methods.
...
The expectedToProceed test is internally handled by a static call to TestCase.assertTrue() and TestCase.fail()
2005-02-23 02:47:31 +00:00
a3818184f4
Added Digest Authentication support (RFC 2617 and RFC 2069).
2005-02-22 06:14:44 +00:00
dda66a0454
Significantly refactor "well-known location model" to authentication processing mechanism and HttpSessionContextIntegrationFilter model.
2005-02-21 06:48:31 +00:00
ba02d45677
Clean up imports.
2005-02-21 06:34:16 +00:00
e52f3eacb1
Use WebAuthenticationDetails for Authentication.getDetails() by default.
2005-02-21 00:09:49 +00:00
a5ea6f5436
Rewrite FilterChainProxy to separate functionality from FilterToBeanProxy and properly implement filter chaining issues.
2005-02-20 05:40:18 +00:00
57842d4ba8
IoC container vs servlet container lifecycle separation.
2005-02-20 05:38:57 +00:00
44f1c83dab
Move MockFilterChain to external class.
2005-02-20 05:38:14 +00:00
6d693ac0d4
Improve logging.
2005-02-20 05:37:13 +00:00
7c9fad0477
Added filter chain
2005-02-18 20:08:03 +00:00
0b296e7cf0
Correct issue with JdbcDaoImpl default SQL query not using consistent case sensitivity as per http://forum.springframework.org/viewtopic.php?t=3526 .
2005-02-15 07:14:59 +00:00
1949c3b27e
Added AuthenticationException to the commence method signature of the AutenticationEntryPoint. The best example of this
...
is the BasicProcessingFilterEntryPoint where the authException.getMessage() is used to send back an informative 401,
instead of just the error code.
Added AccessDeniedException to the sendAccessDeniedError method signature. The accessDeniedException.getMessage() result
is used to send an invormative 403 error back to the servletResponse by default.
2005-02-15 03:28:18 +00:00
beadf24610
Use static HttpServletResponse.SC_UNAUTHORIZED instead of 401 HTTP response code.
2005-02-13 00:59:48 +00:00
6370fadfdc
FilterSecurityInterceptor now only executes once per request (improves performance with SiteMesh). Suggested by Sanjiv Jivan.
2005-02-11 05:49:41 +00:00
cbe53e21b9
HttpSessionIntegrationFilter no longer creates a HttpSession unnecessarily.
2005-02-10 07:15:20 +00:00
834f69168d
Support getUserPrincipal().
2005-02-04 22:38:07 +00:00
0be77abe75
Allow empty passwords as per http://forum.springframework.org/viewtopic.php?p=13343 .
2005-02-04 09:43:33 +00:00
4e6a4742bd
Tapestry integration improvements, as per http://forum.springframework.org/viewtopic.php?p=13327
2005-02-04 07:36:46 +00:00
82c15b1874
The JaasAuthenticationCallbackHandler handle method now takes a callback and the authentication in progress, the setAuthentication method has been removed.
...
The JaasAuthenticationProvider afterPropertiesSet method now makes use of the java.security.auth.login.config System property before trying to use the login.config.url.X properties.
2005-01-31 05:16:32 +00:00
debc67fa6d
Allow site deployment from each subproject
2005-01-19 22:18:37 +00:00
cc669f4e35
Retrieve bean from parent bean factory if not found, as per http://forum.springframework.org/viewtopic.php?t=3005 .
2005-01-19 21:21:07 +00:00
7e234869a5
Make Serializable.
2005-01-19 21:09:39 +00:00
99088fe14c
Fix JavaDoc error.
2005-01-16 03:57:43 +00:00
fd2cc5dbc7
Add subclass hook so it can customise request properties.
2005-01-06 20:32:36 +00:00
bb1e96c85a
Add notice.txt to generated artifacts.
2005-01-04 22:05:40 +00:00
d6207106c0
Expand test coverage.
2005-01-04 20:20:21 +00:00
9176aa0efb
Add new AuthenticationFailure* events.
2005-01-04 20:19:42 +00:00
c939bcb176
Add account expiration and credentials expiration capabilities.
2005-01-03 01:14:26 +00:00
6c1e2f23b2
Allow last attempted username to be displayed in views.
2004-12-25 23:38:39 +00:00
c77cb84f52
Fix group names etc as required to ensure a multiproject:install works from /docs if there is a CLEAN (empty) Maven repository.
2004-12-25 07:02:31 +00:00
5689807f38
Make Maven sign generated JARs. The last stage of the transition from Ant.
2004-12-24 05:48:54 +00:00
61a631af26
JavaDocs fix.
2004-12-22 23:49:25 +00:00
8fb64e1e1b
Fix repository URLs so "viewcvs" URLs (associated with changelog plugin) are all correct.
2004-12-22 03:47:55 +00:00
dc726ac75c
Clarify and enforce interface interface contract for AuthenticationDao.
2004-12-21 20:53:32 +00:00
4bcc1222e1
Modifications to support EH-CACHE upgrade (EH-CACHE appears to have changed the way the default cache configuration file gets handled).
2004-12-21 13:04:11 +00:00
823a2e990b
Add hook methods to AbstractProcessingFilter.
2004-12-20 11:14:34 +00:00
c5ea35d093
Extend After ACL provider to also filter arrays. Thanks to Joni Suominen.
2004-12-17 21:56:05 +00:00
cb61c88478
Increased test coverate to 100%
2004-12-09 23:53:11 +00:00
8853ba28e2
Replaced $author$ stuff in javadocs with Ray Krueger
2004-12-09 22:35:53 +00:00
41310f26a6
Missed a DOCUMENT ME! spot...
2004-12-09 22:29:12 +00:00
3eb6149877
New LoginExceptionResolver interface and base implementation to handle LoginExceptions thrown in the Jaas API. I am commiting this now so that it isn't lost, while a PropertyEditor based solution is investigated.
2004-12-09 22:09:35 +00:00
c5900cab9c
Added a ContextHolderAwareRequestWrapper to integrate with getRemoteUser() and isUserInRole(String). Thanks to Orlando Garcia Carmona ("paramosyermos" on Spring forums).
2004-12-05 06:11:18 +00:00
e3b9920d9c
Fix default query string to remove ambiguous columns. Thanks to Aaron Tang.
2004-12-05 05:30:06 +00:00
89ba20f057
Fix Tomcat compatibility issue where HttpSession unavailable during "logoff". Thanks to Aaron Tang.
2004-12-05 05:29:25 +00:00
82ed7253d4
Refactor AbstractFilterInvocationDefinitionSource to use a standard URL String in its lookup method, rather than a full FilterInvocation. This will make it easier for views (taglibs etc) to access URI security details without needing to construct a MockFilterInvocation.
2004-12-05 05:04:52 +00:00
76c82db196
Refactor EH-CACHE integration classes to work with Spring IoC provided Cache rather than manage our own cache internally.
2004-12-05 04:37:05 +00:00
41b41ba316
Expand test coverage. Clover via Maven (without excluding appropriate patterns like *Exception and debug messages) has modified coverage from 77.2% to 95%.
2004-12-03 06:46:41 +00:00
07e2037251
Find target domain object argument in a manner that works if nulls are presented for the domain object argument.
2004-12-03 06:43:17 +00:00
e75fc613b1
Gracefully handle null ContextHolder / Authentication etc.
2004-12-03 06:42:26 +00:00
7a4a46cc7b
General refactoring of taglibs.
2004-12-03 06:41:48 +00:00
1b660d4d5b
Handle usernames that are empty Strings.
2004-12-03 06:41:02 +00:00
ab6df6cfce
Make InternalMethodInvocation package protected for better unit test support.
2004-12-03 06:40:11 +00:00
f73fc735c2
Improve startup error detection and eliminate unnecessary checks for null application context.
2004-12-03 06:39:07 +00:00
4c1c7dcff5
Fix bugs.
2004-12-03 06:38:10 +00:00
22f8cd0c44
Improve null handling.
2004-12-01 02:55:01 +00:00
3a0e43337c
Improve test coverage and error detection at startup time.
2004-12-01 02:22:24 +00:00
699f97929a
Fix bug where class should delegate to setDetails method - not set the details directly.
2004-12-01 02:09:15 +00:00
89eed486e2
Add alwaysUseDefaultTargetUrl feature to AbstractProcessingFilter.
2004-11-22 21:38:14 +00:00
b0f6c5179a
Documentation improvement
2004-11-20 10:28:01 +00:00
a159d89ffd
Initial commit.
2004-11-20 05:24:16 +00:00
4ca1e2fd99
Add logging.
2004-11-20 04:10:05 +00:00
f251436a99
Improve logging and enable ACL determination to use an Object obtained from an internal method of the located processDomainObjectClass.
2004-11-20 04:09:14 +00:00
61580d1973
Move RMI context propagation support classes to core, and rename and document to more clearly reflect function.
2004-11-20 04:07:47 +00:00
ba16c01b90
Add toString() method so more informative when context propagation takes place, such as via ContextPropagatingRemoteInvocation.
2004-11-20 04:06:47 +00:00
58306157df
*** empty log message ***
2004-11-19 22:20:49 +00:00
177c00556d
Support just creating the acl_object_identity, without necessarily an acl_permission as well.
2004-11-16 12:22:43 +00:00
af5917b685
Added BasicAclExtendedDao interface and JdbcExtendedDaoImpl for ACL CRUD.
2004-11-15 13:04:12 +00:00
bc9a599bf7
Remove noisy logging.
2004-11-15 02:43:21 +00:00
d6beb9804f
Place authz taglib in correct JAR location (META-INF).
2004-11-15 01:46:23 +00:00
612971e134
Initial commit of a concrete AfterInvocationManager.
2004-11-15 01:45:03 +00:00
694bdb603d
Initial commit.
2004-11-15 01:44:20 +00:00
5f6aa9c49e
Refactoring to support "after invocation" processing.
2004-11-15 01:43:48 +00:00
03a530b36b
Improve JavaDocs.
2004-11-15 01:42:47 +00:00
d639e5c02f
Expand logging.
2004-11-15 01:41:45 +00:00
9972c69408
Support Authentication.getPrincipal() of UserDetails and improve logging.
2004-11-15 01:40:18 +00:00
e462c5a201
Minor polishing.
2004-11-15 01:36:41 +00:00
68dc38841f
Add an Authentication and Acl taglib.
2004-11-15 00:46:18 +00:00
70a9c76f69
Remove unnecessary console output from tests.
2004-11-15 00:37:00 +00:00
ef2e45df77
Update tests to support incompatible collaborator detection now in AbstractSecurityInterceptor.
2004-11-15 00:36:12 +00:00
e83c66bb37
Expand test coverage so GrantedAuthorityEffectiveAclsResolver properly handles Authentication with a principal of type UserDetails.
2004-11-15 00:34:32 +00:00
695948c31d
Remove unused import.
2004-11-12 01:07:59 +00:00
f1d993f47b
Made BasicAclProvider to only respond to specified ACL object requests.
2004-11-09 21:09:14 +00:00
cd56f2ed4a
Moved from test to main
2004-11-03 22:35:12 +00:00
8cf6867cba
Moved name to subprojects
2004-11-01 20:05:42 +00:00
fde59c2f29
Ad mock method implementation now we're using HttpSession.removeAttribute().
2004-10-30 23:32:53 +00:00
565c2e580b
Remove debug messages.
2004-10-30 23:32:28 +00:00
d27fb49803
*** empty log message ***
2004-10-30 22:49:58 +00:00
55624cf5dd
Moved resources from java dir to resources dir
2004-10-30 22:49:12 +00:00
928498b53d
Removed AutoIntegrationFilter
2004-10-30 22:45:35 +00:00
b25a6e002b
*** empty log message ***
2004-10-30 17:15:54 +00:00
89f6fcf5c9
Refactor to use an application context, thus enabling event publishing and use of DefaultAdvisorAutoProxyCreator.
2004-10-30 06:09:09 +00:00
537a58d754
Added net.sf.acegisecurity.intercept.event package.
2004-10-30 06:07:17 +00:00
26f5f1a9b3
Add the AccessDeniedException to the HttpSession as per http://forum.springframework.org/viewtopic.php?t=1515 .
2004-10-30 03:06:05 +00:00
21f29bbbb3
Fix JRun rejection of null in httpSession.setAttribute() as per http://livedocs.macromedia.com/jrun/4/javadocs/jrun/servlet/session/JRunSession.html .
...
Discussed at http://forum.springframework.org/viewtopic.php?t=1417 .
2004-10-30 02:56:01 +00:00
73349bf8f8
Add convenience method so subclasses can specify Authentication.setDetails().
2004-10-30 01:19:22 +00:00
7b0145fba7
Initial AspectJ support.
2004-10-18 06:41:20 +00:00
992cf44b36
Refactor MethodDefinitionMap to use Method, not MethodInvocation. Refactor AbstractSecurityInterceptor to not force use of Throwable. Move AOP Alliance based MethodSecurityInterceptor to separate package.
2004-10-18 06:38:44 +00:00
ba163d51ae
Documentation correction.
2004-10-17 07:56:19 +00:00
f123e9c333
Make MethodDefinitionMap query interfaces defined by secure objects, to properly support MethodDefinitionSourceAdvisor.
2004-10-15 03:47:53 +00:00
8ec0d89fe4
Improve documentation for abstract contract.
2004-10-15 03:17:57 +00:00
8d973af603
Added MethodDefinitionSourceAdvisor for performance and autoproxying.
2004-10-15 00:29:24 +00:00
333fe84ee8
Clarify interface contract for ObjectDefinitionSource when no ConfigAttributes exist for a given secure object invocation, plus unit tests and fixes for concrete implementations. Thanks to Sean Radford for spotting the inconsistency.
2004-09-11 06:14:58 +00:00
8a32fde12a
Additional convenience methods as suggested by Sean Radford.
2004-09-11 06:13:54 +00:00
defc79c283
Minor Javadoc correction.
2004-09-06 20:06:42 +00:00
ec166e086b
Refactored UsernamePasswordAuthenticationToken.getDetails() to Object.
2004-09-01 21:19:05 +00:00
fa2920baa7
Ensure delegate is not null before calling destroy method.
2004-09-01 21:03:34 +00:00
d7c98f95ca
Made FilterToBeanProxy compatible with ContextLoaderServlet (lazy initialisation on first HTTP request).
2004-09-01 02:37:55 +00:00
1a92434914
Add support for password-validating DAOs, such as LDAP. Contributed by Karel Miarka.
2004-08-30 01:24:12 +00:00
aaebd3ef5a
Added DaoAuthenticationProvider.hideUserNotFoundExceptions property. Defaults to true, so BadCredentialsException is thrown instead of UsernameNotFoundException if a user cannot be found.
2004-08-26 23:19:00 +00:00
5cd65887d5
Improved ConfigAttributeEditor so it trims preceding and trailing spaces.
2004-08-25 21:43:00 +00:00
3f87849f31
Fixed GrantedAuthorityEffectiveAclsResolver if null ACLs provided to method.
2004-08-23 02:03:46 +00:00
eb9c7d0852
Extracted removeUserFromCache(String) to UserCache interface.
2004-08-20 05:52:05 +00:00
bf53abf46e
Improve JavaDocs.
2004-08-18 22:59:00 +00:00
04f4c9881d
Added original Authentication.getDetails() to DaoAuthenticationProvider response.
2004-08-13 01:07:32 +00:00
08ee5deaa9
Fix unit test compatibility if no username provided.
2004-08-12 01:25:53 +00:00
da5469fed0
Additional event when user not found. Contributed by Karel Miarka.
2004-08-12 00:07:08 +00:00
6867efd6ac
Fix NPE problems with patch provided by Karel Miarka.
2004-08-10 00:22:53 +00:00
e006f521f4
Fix formatting.
2004-08-04 06:40:06 +00:00
0c43fe1f4a
Make SecurityEnforcementFilter more subclass friendly.
2004-08-02 23:08:52 +00:00
c1e109da74
Initial commit of remote client authentication interface.
2004-08-01 07:49:16 +00:00
29f8097c64
Increase test coverage.
2004-08-01 07:48:14 +00:00
b4a0e45e76
Increase test coverage.
2004-08-01 02:19:25 +00:00
Ben Alex
Luke Taylor
Carlos Sanchez
Ray Krueger
Scott McCrory
Marc-Antoine Garrigue
Mark St. Godard