Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,622 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

847 Commits

Author SHA1 Message Date
Ben Alex a5d74ca2e1 SEC-260: Remove disused loggers. 2006-05-23 10:37:30 +00:00
Luke Taylor 4d24c88d1e Enforce the setting of a LdapUserDetailsMapper on authenticators (rather than a general mapper) to make sure the correct type is returned and that the username is set before it is returned. 2006-05-22 23:40:29 +00:00
Luke Taylor 3eaed3ad44 Added additionalAuthenticationChecks implementation to make sure password is rechecked if Ldap is used with a user cache. 2006-05-22 23:37:54 +00:00
Luke Taylor e30c3d7bd2 SEC-270: Make SavedRequest serializable. 2006-05-22 19:07:57 +00:00
Luke Taylor e5b79f1f95 Make getGroupMembershipRoles method public for convenience. 2006-05-22 19:06:19 +00:00
Luke Taylor 53b6735c3e Make sure the username and password are set on the final UserDetails object returned by the provider. 2006-05-21 03:03:50 +00:00
Luke Taylor e1eac8f0ca Added setters for rolePrefix and convertToUpperCase 2006-05-21 02:19:42 +00:00
Luke Taylor c1e76b64bc Chnaged to use setters in essence "copy constructor" 2006-05-21 02:17:14 +00:00
Luke Taylor 360e9908b7 Added test for empty or null username 2006-05-21 01:40:00 +00:00
Luke Taylor d8a28d6068 Add call for setDerefLinkFlag 2006-05-21 01:32:37 +00:00
Luke Taylor 016ac8016c Minor changes to increase coverage of methods 2006-05-21 01:23:34 +00:00
Luke Taylor 0d6b3ab9f3 Renamed 'execute' method in LdapCallback in line with Spring equivalents. Added some extra tests. 2006-05-21 01:06:37 +00:00
Luke Taylor 9623eb3d04 Correct log category package name 2006-05-20 23:45:54 +00:00
Luke Taylor b5e9690735 Removed duplicate file. 2006-05-20 18:14:05 +00:00
Luke Taylor 577cc17764 Removed individual search controls setter methods in favour of supplying complete search controls object. Added comment for 'compare' method. 2006-05-20 18:02:04 +00:00
Luke Taylor b8fa1ad906 Delete deprecated ldap classes (from previous package move) 2006-05-20 17:53:16 +00:00
Luke Taylor 316798ef9e Made mock context factory a standalone class 2006-05-20 17:47:36 +00:00
Luke Taylor 859185eebd Removed unused methods and added some extra tests. 2006-05-20 17:46:10 +00:00
Luke Taylor 2a24e4faf8 Deleted old version of LdapDataAccessException 2006-05-20 00:21:17 +00:00
Luke Taylor 7794ebf84b Now extends Spring's DataAccessException 2006-05-20 00:18:01 +00:00
Luke Taylor 3583470a49 Now extends Spring's DataAccessException 2006-05-20 00:14:24 +00:00
Luke Taylor 3eea670efc Exception translator IF for use in LdapTemplate 2006-05-19 23:22:55 +00:00
Luke Taylor 983afec70c Added license. 2006-05-19 23:20:27 +00:00
Luke Taylor ce1c59e924 Make template and search controls member variables. 2006-05-19 23:02:37 +00:00
Luke Taylor d3e42c6f3f Move conversion of roles to Strings into LdapTemplate 2006-05-19 22:29:17 +00:00
Luke Taylor 3239cd139e SEC-251: use username as parameter {2} in group searches 2006-05-19 22:10:05 +00:00
Luke Taylor 46cc1bec1e SEC-268: allow for delayed obtaining of app context reference 2006-05-19 21:38:26 +00:00
Luke Taylor 5d811c4a94 Removed "==true" in boolean conditional. 2006-05-19 19:29:59 +00:00
Luke Taylor f546e2bbad Remove default constructor as class is now only responsible for group searches which need the args version. 2006-05-16 23:38:48 +00:00
Luke Taylor 30d878b22e Change essence class to use a new ArrayList for the authorities (list from Arrays.asList() doesn't support add method). 2006-05-16 23:35:15 +00:00
Luke Taylor fc8ead3c54 Make sure populator roles are added rather than overwriting any roles loaded with the user entry. 2006-05-16 23:33:02 +00:00
Luke Taylor f8db6a4c78 Switch LDAP tests back to embedded server and comment out apacheds-broken ones. 2006-05-15 21:20:50 +00:00
Luke Taylor 9219c6548e SEC-264: Delete classes which are no longer used after LDAP changes. 2006-05-15 21:14:38 +00:00
Luke Taylor 65fe641900 SEC-264: changes to LDAP services. 2006-05-15 20:53:10 +00:00
Luke Taylor db042046e9 Introduce LDAPUserDetails. 2006-05-15 19:34:57 +00:00
Scott Battaglia ab05cb95ff SEC-239: changed order url is created in to reflect new processing filter url order 2006-05-04 19:31:28 +00:00
Scott Battaglia aee934812a SEC-239: switched to encoding a url with response.encodeURL to get the jsession. 2006-05-04 19:27:57 +00:00
Carlos Sanchez 76ce826345 Remove spring transitive deps, add log4j 2006-05-03 17:38:19 +00:00
Luke Taylor a7d7631f2f Fixed potential problem with multiple userDn patterns. 2006-05-01 00:43:42 +00:00
Luke Taylor f0b11109b4 Added tests for nameExists method 2006-05-01 00:41:07 +00:00
Luke Taylor 9f385eb1e0 Typo in Javadoc. 2006-05-01 00:40:18 +00:00
Luke Taylor a468f03cae Add functionality to LdapTemplate for checking that an entry exists, and for retrieving an entry as an object, mapped from its attributes. 2006-05-01 00:28:27 +00:00
Luke Taylor 3f0f45706c Update Javadoc to include SSHA info. 2006-04-30 22:14:27 +00:00
Luke Taylor def8a849a2 Added String-only 'compare' operation tests which now work with ApacheDS RC2 (unlike byte[] comparisons which are still broken). 2006-04-30 21:53:05 +00:00
Luke Taylor 98887f37da Change to more appropriate inline inner class name. 2006-04-30 21:40:53 +00:00
Luke Taylor 0b2be28def Added search method which will be used for finding roles. 2006-04-30 21:37:18 +00:00
Luke Taylor 91f5fc30be SEC-258: Removed use of URI class 2006-04-30 19:45:37 +00:00
Luke Taylor 25c643970a Change package names to match apacheds RC1. 2006-04-29 22:45:19 +00:00
Luke Taylor a50695a1a8 Upgrade apacheds to RC1 2006-04-29 22:41:21 +00:00
Ben Alex 890864ed00 SEC-194: Allow remember-me services to be used with BASIC authentication. 2006-04-28 08:54:54 +00:00
Ben Alex 9b63051149 SEC-204: Improve startup time detection of errors by FilterInvocationDefinitionSourceEditor. 2006-04-28 08:41:55 +00:00
Ben Alex cc07f620df SEC-257: ExceptionTranslationFilter to use AccessDeniedHandler. 2006-04-28 06:52:50 +00:00
Ben Alex 21aaf2b9db SEC-256: Contacts sample not displaying localized exceptions correctly. 2006-04-28 06:43:50 +00:00
Ben Alex d125569bd6 SEC-29: Save POST parameters on AuthenticationEntryPoint redirect. 2006-04-28 05:05:35 +00:00
Ben Alex 22aa0e898f SEC-243: SessionRegistry.getAllSessions() now accepts an "includeExpiredSessions" argument. 2006-04-27 23:26:19 +00:00
Ben Alex 0648c65b0b SEC-243: SessionRegistry.getAllSessions() now accepts an "includeExpiredSessions" argument. 2006-04-27 23:25:00 +00:00
Ben Alex d8a56d4e60 SEEC-255: Always create HttpSession before calling AuthenticationDetailsSource. 2006-04-27 23:11:56 +00:00
Marc-Antoine Garrigue 2af791a801 Error in javadoc concerning the default keyword 
REQUIRES_CAPTCHA_BELOW_AVERAGE_TIME_IN_MILLIS_REQUESTS
 2006-04-27 08:56:42 +00:00
Ben Alex 81603832be SEC-152: Strategy pattern for SecurityContextHoldder. 2006-04-27 08:31:32 +00:00
Ben Alex b05709df6a SEC-152: Strategy pattern for SecurityContextHoldder. 2006-04-27 08:30:29 +00:00
Scott McCrory 88ff43017d Added unit test for the overridden requiresAuthentication method 2006-04-27 02:24:30 +00:00
Scott McCrory 481a9377e4 Added NPE check for defaultTargetUrl in requiresAuthentication 2006-04-27 02:23:46 +00:00
Ben Alex 8cc5dcde30 SEC-249: Support logout filter. 2006-04-26 23:36:03 +00:00
Luke Taylor 8400341399 Tidy up screwy formatting. 2006-04-26 21:19:20 +00:00
Ray Krueger a7d0f88e01 Fixed no authority check so that it is after addCustomAuthorities 
http://opensource.atlassian.com/projects/spring/browse/SEC-253

Also removed the unused logger
 2006-04-26 16:22:38 +00:00
Ben Alex a47a342ce6 SEC-234: Allow pluggable AuthenticationDetailsSource strategy interface. 2006-04-26 05:24:49 +00:00
Ben Alex b1becf9277 SEC-242: Make logger reflect subclass, not superclass. 2006-04-26 04:56:46 +00:00
Ben Alex f4156a22bd SEC-246: Enable late binding on DaoAuthenticationProvider.userDetailsService field. 2006-04-26 04:54:44 +00:00
Ben Alex d541c8e257 SEC-238: Add AuthenticationException to onUnsuccessfulAuthentication method signature. 2006-04-26 04:42:16 +00:00
Ben Alex 540c7b2e6a SEC-229: Allow external URLs from AbstractProcessingFilter. 2006-04-26 04:36:54 +00:00
Ben Alex 97ac9f7e98 SEC-191: Look in parent bean factories for AclManager. 2006-04-26 04:26:04 +00:00
Ben Alex f6b7429947 SEC-187: Tidy up URL composition logic basedon default HTTP(S) ports. 2006-04-26 04:19:35 +00:00
Ben Alex 307ac99ec5 SEC-199: Use ServletException.getRootCause() to extract any Acegi Security exceptions. 2006-04-26 04:11:05 +00:00
Ben Alex 4e09777dec SEC-247: Allow #NONE# to be used to specify paths that shouldn't have any filters fire. 2006-04-26 03:55:39 +00:00
Ben Alex 185d63f23c SEC-221: AbstractProcessingFilter.onPreAuthentication() should have exceptions caught. 2006-04-26 03:40:24 +00:00
Ben Alex 6bae43d380 SEC-206: Include context root when generating cookies. 2006-04-26 03:35:33 +00:00
Ben Alex 5d9ed78b50 SEC-147: Add processDomainObjectClass property to AfterInvocationProviders. 2006-04-26 03:30:27 +00:00
Ben Alex de4af379cc SEC-252: Stop NPE if principal object is null. 2006-04-26 03:00:14 +00:00
Ben Alex fba45cb19e SEC-208: Fix threading issue. 2006-04-26 02:54:18 +00:00
Carlos Sanchez 88e8e60861 [SEC-240] Moved log4j.properties to test folder to avoid including it in jar 2006-04-26 02:39:56 +00:00
Ben Alex 5f79a25860 SEC-243: SessionRegistryImpl no longer incorrectly includes expired sessions. 2006-04-26 02:36:37 +00:00
Ben Alex 948f79e2e2 SEC-219: Support complex tokenization scenarios. 2006-04-26 02:23:19 +00:00
Ben Alex 14683dcbc7 SEC-190: Add hashCode() and equals() methods. 2006-04-26 01:41:10 +00:00
Ben Alex 36c096858d SEC-223: Improve hashCode() performance. 2006-04-26 01:31:17 +00:00
Ben Alex 57aee4e605 SEC-218: Fix authentication exception cleanup of SecurityContextHolder. 2006-04-26 01:28:06 +00:00
Ben Alex 8cff715599 SEC-222: Improve hashCode() to use XOR. 2006-04-26 01:18:42 +00:00
Scott McCrory e39bd43541 SEC-217 - Improve Siteminder Filter - now authenticates on calls to both j_security_check and the default target URL if the user isn't already authenticated. Thanks Paul Garvey for determining this and providing solution code. 2006-04-25 23:19:30 +00:00
Scott McCrory e44c5e66d3 As per SEC-193, removed unnecessarily overridden methods. 2006-04-25 23:01:04 +00:00
Carlos Sanchez 465f76cb22 Resolve some compilation problems with m2 2006-04-25 16:31:48 +00:00
Carlos Sanchez 7d250eda78 Use latest directory server version 
Set test scope to spring mock
 2006-04-25 04:46:19 +00:00
Ben Alex 719d3af879 SVN updates. 2006-04-25 00:22:00 +00:00
Luke Taylor 4d9f99acc4 Added getter for authoritiesPopulator. Fix for SEC-227. 2006-04-18 23:44:07 +00:00
Luke Taylor 596882804f First commit of LdapTemplate class, a la Spring JdbcTemplate, as suggested by Ben to simplify Ldap connection handling etc. 2006-04-18 22:34:04 +00:00
Luke Taylor 3d51c46575 Added license header. 2006-04-18 22:27:17 +00:00
Luke Taylor f61a58d98b Added a couple more tests. 2006-04-16 21:18:12 +00:00
Luke Taylor 7a0a87a167 Added support for LDAP SSHA (salted SHA) encoded passwords. 2006-04-16 21:12:39 +00:00
Luke Taylor c6dd545de0 Javadoc change. 2006-04-16 17:11:44 +00:00
Luke Taylor e5bef3f31b Added doc for @throws 2006-04-16 17:11:06 +00:00
Luke Taylor 9c8a4c2f74 Fix for SEC-237. Make LDAP Provider reject empty username. 2006-04-16 16:41:08 +00:00
Luke Taylor 743cc9fec7 Fix for SEC-215. Check for empty nameInNameSpace before appending. 2006-04-16 16:11:02 +00:00
Luke Taylor d5885baf6b Added some comments. 2006-04-16 16:00:32 +00:00
Luke Taylor 3f06c51379 Fix for SEC-225. Allow empty search base in authorities populator. 2006-04-16 15:37:48 +00:00
Luke Taylor 48716af20a Removed unnecessary package names left over from refactoring. 2006-04-16 15:25:33 +00:00
Luke Taylor 072a4c3d18 Fix for SEC-226. Added ability to set derefLinkFlag property. 2006-04-16 15:15:55 +00:00
Luke Taylor 267c846e12 Sort out LDAP tests to match up with moved production classes. 2006-04-16 14:31:13 +00:00
Luke Taylor bf4fca9126 Move non security-specific LDAP classes to org.acegisecurity.ldap package 2006-04-16 14:26:46 +00:00
Luke Taylor 7c69668589 Deprecated, pending deletion. 2006-04-16 14:12:23 +00:00
Luke Taylor bbd250e442 Modified to use classes from org.acegisecurity.ldap package 2006-04-16 14:05:28 +00:00
Luke Taylor 7f24e209a6 Move non security-specific LDAP classes to org.acegisecurity.ldap package 2006-04-16 13:56:36 +00:00
Luke Taylor 0c1ab7f98c Corrected a couple of Javadoc typos. 2006-04-15 12:32:50 +00:00
Scott Battaglia 9a8fdcd269 SEC-196 
updated references to Yale CAS to JA-SIG CAS
 2006-03-28 15:41:20 +00:00
Scott Battaglia b0d4cbceac updated javadoc to reflect proper value of getPrincipal 2006-03-28 14:05:57 +00:00
Scott Battaglia 3d0f746719 SEC-224 
updated CasAuthenticationToken to be consistant with approach taken by other providers with regards to authentication.getPrincipal()
 2006-03-14 16:15:51 +00:00
Ben Alex 51f1b33af9 SEC-209: Make eventPublisher protected. 2006-03-07 13:04:12 +00:00
Luke Taylor 7e7920ce00 Fix for SEC-202. Intialize manager password to default "manager_password_not_set". 2006-02-28 17:47:55 +00:00
Scott Battaglia 5607da8d67 updated references from Yale CAS to JA-SIG CAS 2006-02-27 13:52:41 +00:00
Luke Taylor 6abceb7ab0 Additional changes related to SEC-192 (avoiding session creation when creating WebAuthenticationDetails). Also fixed Jalopy chaos in SwitchUserProcessingFilter. 2006-02-20 00:37:39 +00:00
Luke Taylor 52a212e609 Removed "== true" in boolean. 2006-02-20 00:27:36 +00:00
Luke Taylor 5475ab0575 Modify AbstractAuthenticationManager to transfer the details object from authentication request to the resulting authentication token, provided it has not already been set on the latter by an authentication provider. 2006-02-19 23:50:21 +00:00
Luke Taylor c88b9093c0 Remove unnecessary check for null. 2006-02-19 22:35:37 +00:00
Luke Taylor ee41d24447 Javadoc correction. 2006-02-19 22:23:04 +00:00
Luke Taylor e12c8310eb Remove unnecessary default constructors which throw IllegalArgumentException. Favours compile time over runtime errors. 2006-02-16 16:44:35 +00:00
Luke Taylor 4b4d4d3332 Added some uses of Spring Assert class and removed one to prevent unnecessary StringBuffer creation. 2006-02-16 01:11:31 +00:00
Luke Taylor 84ccd89061 More readable javadoc. 2006-02-15 19:06:04 +00:00
Luke Taylor cd7efaf567 Fix for SEC-189. Added getter for initialDirContextFactory. 2006-02-13 16:20:42 +00:00
Luke Taylor 6c29a6d17e Added test for immutability of authorities array. Refactored standard authorities array into an instance field. 2006-02-13 16:16:43 +00:00
Ben Alex 2ab5af0a69 SEC-188: Fix JavaDocs. 2006-02-12 06:29:53 +00:00
Ben Alex a28a932598 SEC-183: Minimise session creation as a consequence of SEC-168 and SEC-182 changes. 2006-02-09 23:04:29 +00:00
Ben Alex 0282696202 SEC-182: Remember-me compatibility with concurrent session support. 2006-02-09 10:32:49 +00:00
Ben Alex b1dd784dee SEC-180: BasicProcessingFilter should configurably ignore authentication failures. 2006-02-09 06:41:31 +00:00
Ben Alex e63b2ec9e6 Cleanup unused imports. 2006-02-09 06:00:25 +00:00
Ben Alex 96196bd637 SEC-179: Upgrade to Spring 2.0-M2. 2006-02-09 05:36:06 +00:00
Ben Alex ae29498f75 SEC-158: X509 to support Authentication.isAuthenticated() as per usual contract. 2006-02-09 04:25:07 +00:00
Ben Alex 79287999dc SEC-178: Refactor AbstractAuthenticationToken. 2006-02-09 04:16:50 +00:00
Ben Alex 74de83e5f1 SEC-177: Add hashCode() method. 2006-02-09 03:45:47 +00:00
Ben Alex c9cee6651c SEC-176: Add hashCode() method. 2006-02-09 03:36:47 +00:00
Ben Alex ac457021b8 Inheritance doesn't seem to work, so added the groupId manually. 2006-02-09 03:13:58 +00:00
Ben Alex 77be0009ad Correct equals(Object) method handling if both objects have null getDetails(). 2006-02-09 02:54:40 +00:00
Ben Alex 78df09db8a SEC-175: Add equals(Object) method. 2006-02-09 02:53:27 +00:00
Luke Taylor dc959b1847 Fix for SEC-159. Added clearContext() method to SecurityContextHolder and refactored code to use it instead of putting an empty context into the holder. 2006-02-08 23:27:46 +00:00
Ben Alex 8c0ce12332 SEC-169: Add SessionRegistry.getAllPrincipals() method. 2006-02-08 05:22:48 +00:00
Ben Alex 3a01e48b17 SEC-174: Correct IE6 bug with AuthenticationProcessingFilterEntryPoint. 2006-02-08 04:58:50 +00:00
Ben Alex 9d213f46a4 SEC-168: Prevent errors with concurrent session support. 2006-02-08 04:42:03 +00:00
Ben Alex 1fa6ac0975 SEC-164: Copy Authentication.getDetails() to returned Authentication object. 2006-02-08 02:19:43 +00:00
Luke Taylor 2daea069f9 Refactoring of BindAuthenticator to allow an extended version which uses ppolicy controls. Added no-cause constructor in LdapDataAccessException for use in data parsing errors. 2006-02-08 02:17:44 +00:00
Ben Alex ca1bf5cc21 SEC-170: AbstractAclVoter to support JoinPoint. 2006-02-08 02:06:55 +00:00
Luke Taylor eb7964f6e5 Clean imports. 2006-02-08 01:54:03 +00:00
Luke Taylor fe88d6ec17 SEC-134 fix. Authorities array is now copied on access. Also refactored token classes to move authorities to the base class. 2006-02-08 01:24:38 +00:00
Luke Taylor 842ad929a4 Change search object to use constructor injection (SEC-165) . 2006-02-03 19:53:08 +00:00
Luke Taylor 436fcde10b Change apacheds to version 0.9.4-SNAPSHOT, add slf4j-log4j12 dep 2006-02-02 19:58:46 +00:00