38629f159a
Added default role option to authorities populator.
2006-01-13 21:13:53 +00:00
63dcdec1b7
Corrected more Jalopy screwy formatting.
2006-01-06 02:00:41 +00:00
22b0e1613c
Addition of package.html files. Minor formatting.
2006-01-05 19:59:04 +00:00
2f53f0e7d7
Message string changed to reflect class name changes.
2006-01-05 01:11:45 +00:00
affa500778
Message string changed to reflect class name changes.
2006-01-05 01:02:49 +00:00
d7ae1ad21b
Refactoring to reduce code duplication, remove config files and use JMock to enforce expectations on whether FilterChain proceeds or not.
2006-01-05 00:59:10 +00:00
0202b47346
Switched to using JMock methods for dummy objects.
2006-01-04 23:31:34 +00:00
4063a87dbf
Changed to use parent method for Mock creation rather than new operator.
2006-01-04 23:25:40 +00:00
f9d0ee209b
Changed FilterInvocationDefinitionSourceEditor to complain if the parsed URL or the config attribute is empty or null. Plus some comment tidying.
2006-01-04 21:35:10 +00:00
56bccf6070
Added MessageSource support for LDAP provider classes.
2006-01-03 20:31:19 +00:00
e81be72bd7
Changed test to use tested class rather than interface name. Added test for service detection style URLs.
2006-01-01 15:11:54 +00:00
1dfc42550f
Add spring-mock to dependency management
...
Add ldap dependencies
Simplify spring dependencies
2005-12-25 00:21:49 +00:00
6b1f97a381
Resolve compiler warnings.
2005-12-24 10:03:18 +00:00
b0d65259b6
Changed groupId to org.acegisecurity
2005-12-22 16:40:22 +00:00
f226dfb67f
Use ISO encoding to avoid problems
2005-12-22 16:27:44 +00:00
0c9e1769a4
Improved m2 poms
2005-12-22 15:54:37 +00:00
f662ed5890
Ignore eclipse project files
2005-12-22 13:41:33 +00:00
9b5aa159aa
Correct screwy formatting.
2005-12-22 01:42:27 +00:00
3977e3b822
Refactored to remove unnecessary null check in createSuccessAuthentication. Removed several legacy references to AuthenticationDao in Javadoc.
2005-12-22 01:30:53 +00:00
5b076c79d1
Changed to use a Set rather than array index to check for the presence of granted authorities as the ordering of the latter couldn't be guaranteed.
2005-12-22 01:22:09 +00:00
41a95b11cd
Corrected wrong package name in Javadoc.
2005-12-22 01:18:32 +00:00
8f725f7a74
Removed no-arg constructor from UsernamePasswordAuthenticationToken.
2005-12-22 01:16:16 +00:00
c378779610
Removed printStackTrace from expected exception.
2005-12-22 01:15:25 +00:00
09cef7adc2
Refactoring to remove encodeInternal method. Same as recent changes to SHA encoder.
2005-12-21 16:41:52 +00:00
2d1dd7b292
Restoring author/version tags, some minor comments.
2005-12-21 00:48:57 +00:00
20d69e2734
Tidying up some Jalopy weirdness.
2005-12-21 00:39:36 +00:00
dc728987f4
Changed LdapDataAccessException to extend AuthenticationServiceException.
2005-12-21 00:14:15 +00:00
0f678d53ba
Javadoc typo in tag.
2005-12-21 00:00:02 +00:00
911be66513
Move LdapUserSearch into main provider package and separate out its current implementation as it may be used for more than authentication.
2005-12-20 23:58:35 +00:00
b01bf0b878
Expanded Javadoc.
2005-12-20 23:26:38 +00:00
1549ec55b1
Switch to embedded context version of apache DS (no socket nonsense etc.)
2005-12-20 23:08:54 +00:00
9554dc50bc
Pull functionality for hiding UsernameNotFoundException's up into AbstractUserDetailsAuthenticationProvider.
2005-12-19 17:23:34 +00:00
929b08c085
Spring config for ApacheDS is no longer used.
2005-12-19 17:04:09 +00:00
069f78c00b
Move the apacheDS working directory to java.io.tmpdir
2005-12-19 17:01:25 +00:00
1f66750e24
Added support for multiple DN patterns. Changes to favour constructor injection for mandatory properties. Renamed LdapUserInfo to prevent confusion with UserDetails interface.
2005-12-18 21:14:27 +00:00
e3b728cc9a
Javadoc typos.
2005-12-18 15:02:17 +00:00
40f50498b2
Re-enable some tests which partially work with embedded ApacheDS.
2005-12-16 18:26:23 +00:00
bfb4fb81d4
Remove messages about existing data.
2005-12-16 02:47:47 +00:00
f9c88adfa9
Switch to embedded server and disable tests which cause problems with apacheDS for the time being.
2005-12-16 02:23:06 +00:00
53252d258f
Set extra properties on InitialDirContextFactory and corrected group search filter.
2005-12-16 01:28:29 +00:00
1db1a3cd62
Changes try to get Ldap tests working with the possibility of using a non-networked embedded server.
2005-12-16 01:07:31 +00:00
45e2f9dac4
Removed internal encoding method to make subclassing work.
2005-12-16 00:59:29 +00:00
781ed0f380
Switch to local url.
2005-12-15 03:45:48 +00:00
d014411d48
Corrections to DIT for apache-ds tests.
2005-12-15 02:16:13 +00:00
ce3d6f2129
Initial LDAP provider checkin.
2005-12-15 00:18:13 +00:00
a1037ddc87
Prepare 1.0.0 RC1.
2005-12-04 11:20:52 +00:00
d89c6c0a74
SEC-118: Wrong logger class corrected.
2005-12-04 10:48:33 +00:00
ee48f38ff0
SEC-116: Correct JavaDocs.
2005-12-02 12:14:38 +00:00
75a9784028
SEC-58: Initial commit of Velocity helper.
2005-12-01 09:38:50 +00:00
b16ce31c5b
Prove placeholders work correctly.
2005-12-01 00:30:18 +00:00
2c28ff4fd1
SEC-56: Further improvements to localization.
2005-11-30 01:23:36 +00:00
62fde4ede3
SEC-107: Finalize rename of AuthenticationDao to UserDetailsService with corresponding change in package from .providers.dao to .userdetails.
2005-11-30 00:20:13 +00:00
a6e23d79ae
SEC-107: Rename AuthenticationDao to UserDetailsService.
2005-11-29 13:10:15 +00:00
6144e1664e
SEC-108: Make fields protected.
2005-11-29 02:43:35 +00:00
6585c2b391
Allow subclasses to make modifications to GrantedAuthority[].
2005-11-26 13:27:30 +00:00
fddcd6112e
SEC-56: Add localisation support.
2005-11-26 05:11:53 +00:00
f4c3e2ff8c
Use Spring Assert for cleaner code.
2005-11-26 04:18:21 +00:00
e53a00371c
Use logger instead of System.out.println().
2005-11-26 04:10:05 +00:00
218fcf5b24
SEC-3: Add static method so digest-compatible passwords can be stored in database.
2005-11-25 05:20:57 +00:00
bb2ac126b7
SEC-47: AbstractSecurityInterceptor to reject secure object invocations which do not have configuration attributes defined.
2005-11-25 04:56:01 +00:00
27f47673ad
SEC-106: Use getMethod() instead of getDeclaredMethod() so that methods defined in principal Object superclasses are accessible.
2005-11-25 04:40:27 +00:00
9ccaf05cc7
SEC-112: Bug when SecurityEnforcementFilter used with disabled Authentication and remember-me services.
2005-11-25 04:38:18 +00:00
47166fe078
SEC-110: ProviderManager to properly handle ConcurrentLoginException.
2005-11-25 04:33:40 +00:00
58b8b840b3
SEC-105: Correct incorrect JavaDocs.
2005-11-25 04:29:32 +00:00
969bbff00c
SEC-18: Preemptive method invocation security checking helper.
2005-11-25 04:18:34 +00:00
731d7b2e89
SEC-113 Provide MethodInvocationUtils.
2005-11-25 04:17:25 +00:00
72256a225f
SEC-73: Support storage and retrieval of actual Principal object (such as UserDetails) from PrnicipalAcegiUserToken.
2005-11-25 00:26:30 +00:00
7847af2664
Fix for SEC-111. Added a try/finally block to make sure context is always reset after the invocation.
2005-11-23 16:09:44 +00:00
6a1a4abb1d
SEC-104: Move to org.acegisecurity package.
2005-11-17 00:56:49 +00:00
79c3ba521b
Resolved and/or inhibit build warnings as seen in Eclipse 3.1. Please refer to http://opensource2.atlassian.com/projects/spring/browse/SEC-93 for more info.
2005-11-11 22:37:38 +00:00
b1d247835a
Stop causing an exception when there is no AuthenticationException to ApplicationEvent mapping. Requested by Brian Moseley on acegisecurity-developer 10 November 2005.
2005-11-10 00:41:54 +00:00
c167e9fd87
Change SecurityContextHolder to ThreadLocal due to IBM JDK 1.3 issues as described at http://tinyurl.com/8zhka and reported by Scott McCrory on acegisecurity-developer 8 November 2005.
2005-11-08 22:07:33 +00:00
b938b6b363
Increased SiteminderAuthenticationProcessinfFilter test coverage from 70% to 93%.
2005-11-08 02:55:48 +00:00
df9deea4de
Only clear SecurityContextHolder if the Authentication object has not changed.
2005-11-08 01:39:27 +00:00
97f3ad79cb
Removed unused imports & organized the remnants.
2005-11-07 03:32:18 +00:00
55f5093ec7
SEC-94: DaoAuthenticationProvider to include UserDetails in BadCredentialsException.
2005-11-07 03:04:47 +00:00
309b559a8f
Removed unused imports.
2005-11-06 23:00:31 +00:00
e02dbd5c34
Changed class names to match new context classes.
2005-11-06 22:00:27 +00:00
0aef31d302
Converted ApplicationContextAware classes to ApplicationEventPublisherAware (SEC-69).
2005-11-06 21:11:25 +00:00
6511677f93
Moved duplicate setting of null authentication to setUp method.
2005-11-06 21:06:53 +00:00
bba77b64e9
Corrected javadoc
2005-11-06 21:01:21 +00:00
5cb7575b2b
Corrected references to old context class names in Javadoc and logging.
2005-11-05 18:49:55 +00:00
5a51f391a4
Add UsernameNotFoundException to default exception to event mappings list.
2005-11-05 09:20:14 +00:00
aa4fd8586c
Fix concurrent session interaction bug where UserDetails.getUsername() may have been override to be a different value than the original login request, as per email from Herryanto Siatono on acegisecurity-developer 5 November 2005.
2005-11-05 03:50:22 +00:00
0aa4989dad
JaasAuthenticationProvider no longer supports the useSystemProperty setting.This is because it no longer uses the java.security.auth.login.config system property for configuring Jaas. Custom Jaas configuration needs can be implemented in a subclass that overrides the configureJaas method.
...
JaasAuthenticationProvider now handles logout by associating the LoginContext with a new JaasAuthenticationToken
2005-11-04 15:02:27 +00:00
6049e9ac65
Removed string concatenation from buffer.append methods
2005-11-04 14:54:25 +00:00
9be82a3d8f
SEC-67: Enhance taglib to allow retrieval of custom UserDetails methods.
2005-11-03 13:51:55 +00:00
31a1f0be1a
SEC-52: Move potentially useful methods to an abstract superclass so that other voters can use them.
2005-11-03 13:47:44 +00:00
6e389ca1b8
SEC-51: Use long instead of int for ACL primary keys.
2005-11-03 13:38:45 +00:00
633f2cfe66
SEC-39: Add equals(Object) method to User.
2005-11-03 13:20:26 +00:00
7faf2741f1
SEC-32: Patches to move isPermissable(int) method to the BasicAclEntry interface. Thanks to Andres March for this patch.
2005-11-03 13:08:43 +00:00
a42dec6fbf
SEC-21: Initial commit.
2005-11-03 12:56:27 +00:00
e9b1d9452f
SEC-9 and SEC-55: Refactor DaoAuthenticationProvider and deprecate PasswordDaoAuthenticationProvider.
2005-11-03 11:31:23 +00:00
f50cbd31ba
SEC-38: Make InMemoryDaoImpl support external Properties objects.
2005-11-03 10:05:02 +00:00
0d77abb9c1
SEC-64: Correct operation with Orion Web Application Server. Patch thanks to Paul Brooks.
2005-11-03 09:48:52 +00:00
d9be0f86fd
SEC-53: BasicProcessingFilter only to reauthenticate if the SecurityContextHolder contains an unauthenticated Authentication, or an Authentication with a different username.
2005-11-03 09:45:30 +00:00
690ab27a52
SEC-70 and SEC-71: Refactor event publishing.
2005-11-03 09:23:49 +00:00
b6dbfde55c
SEC-70: Refactor event publishing.
2005-11-03 06:55:47 +00:00
3811200599
Improve debug output.
2005-11-03 06:51:30 +00:00
2cbe42f493
SEC-7: Allow better chaining of authentication providers.
2005-11-03 04:14:12 +00:00
42c47c086a
JavaDocs formatting.
2005-11-03 04:13:56 +00:00
f8b0de3459
Corrected Javadoc link to interface name.
2005-11-01 14:22:08 +00:00
5235727d23
SEC-2
...
Refactor the CaptchaChannelProcessor and extract a CaptchaChannelProcessor that is an abstract class and add its implementations.
Jalopy on all java files.
2005-10-24 17:08:18 +00:00
1ae07779a2
SEC-710: Refactor concurrent session handling support.
2005-10-22 01:53:03 +00:00
a5ffda7369
SEC-63: Do not return an absolute URL unless switching from HTTP to HTTPS.
2005-10-21 08:00:15 +00:00
c6d5363e5d
SEC-60: Make method more friendly towards Hibernate detached object. Please note my comments in the JIRA task, as I believing calling toString() is not an unreasonable expectation.
2005-10-21 07:53:34 +00:00
d49198a944
SEC-43: Eliminate id column.
2005-10-21 07:32:48 +00:00
41202112bc
SEC-37: Only update HttpSession if SecurityContext has actually been changed.
2005-10-21 07:26:16 +00:00
494e35f009
Jalopy styling.
2005-10-21 07:23:33 +00:00
24a78be159
Corrected link in Javadoc.
2005-10-19 21:19:16 +00:00
c065c46668
Javadoc correction: ContextHolder -> SecurityContextHolder
2005-10-18 15:44:22 +00:00
df4b8f602f
Javadoc correction: SecureContext -> SecurityContext
2005-10-18 15:43:41 +00:00
b2363dfe07
SEC-62 Add maven 2 support
2005-10-06 20:53:08 +00:00
a39339674e
login.config.url should be set to a url, not a file path
...
The System property java.security.auth.login.config will only be used if the useSystemProperty option is enabled. This is the default.
2005-09-26 14:14:42 +00:00
bc14dd62db
Fixed CVS line break
2005-09-25 22:49:45 +00:00
4717b64b83
Updated Siteminder auth processing filter and added test case. As of this weekend, this version is in production at a large financial org.
2005-09-25 22:48:33 +00:00
0f5e9ad372
Fix NPE. Thanks to Tom Dunstan.
2005-09-22 01:49:12 +00:00
f5741962ed
Add createSessionAllowed property, which should be set to false to avoid unnecessary session creation.
2005-09-22 00:54:27 +00:00
60d3b6505b
Finalizing the validation, entry point and channel processor concerning captchas. Replacing the Thread.sleep() in captchaChannelProcessorTest to avoid the build break issue.
2005-09-20 12:24:47 +00:00
fb3f4af3b2
when extracting the original user, fix by referencing by the interface (UserDetail) rather than the concrete class (User)
2005-09-20 02:28:01 +00:00
24394b7b2b
added fix to preserve custom UserDetails implementations (Matt DeHoust fix recommendation)
2005-09-19 02:22:44 +00:00
d44b570087
Disable failing tests until Marc-Antoine has a chance to look at them.
2005-09-18 22:38:37 +00:00
ae9e7733db
Fix broken tests.
2005-09-18 22:38:05 +00:00
35ca25f085
BasicAuthenticationProcessingFilter no longer creates HttpSession via WebAuthenticationDetails call.
2005-09-08 11:15:48 +00:00
c7dcceb05c
Do not setAuthenticated(false) in the event of a public (unsecured) invocation. Thanks to Joseph Dane for reporting this issue on acegisecurity-developer on 3 September 2005.
2005-09-08 09:32:24 +00:00
486bbee35d
added context path to redirect
2005-09-03 21:43:08 +00:00
9d359780d9
finish user context switch event publishing
2005-09-03 20:24:35 +00:00
20ebb668a6
Added event for user context switching and updated switch user filter
2005-08-25 02:59:19 +00:00
55f5c3397a
Relocated JdbcDaoExtendedImpl.convertAclObjectIdentityToString to superclass (pursuant to suggestion made by Tim Kettering on acegisecurity-developer).
2005-08-23 22:45:17 +00:00
2bda6ec25c
Fix: SEC-48 http://opensource2.atlassian.com/projects/spring/browse/SEC-48
...
If the principal is an instanceof UserDetails, UserDetails.getUsername();
2005-08-23 15:15:06 +00:00
40a81ed220
Revisit synchonization issue and correct problem identified by Volker Malzahn.
2005-08-21 10:10:16 +00:00
ec5e39c2e8
Initial checkin of user security context switching (see SEC-15). This is the first cut of the SwitchUserProcessingFilter that handles switching to a target uesr and exiting back to the original user. Note: This is going to be used for the common use-case of an Administrator 'switching' to another user (i.e. ROLE_ADMIN -> ROLE_USER). This is the initial cut of a Unix 'su' for Acegi managed web applications.
2005-08-04 05:49:12 +00:00
725ec767b6
Javadoc typo corrected (as suggested on mailing list)
2005-08-01 20:05:02 +00:00
c2c48b905b
Added package.html files to reamining java packages (see http://opensource.atlassian.com/projects/spring/browse/SEC-41 )
2005-07-26 01:54:18 +00:00
f5975dcf30
Whoops, almost forgot to remove System.out debug lines :-/
2005-07-26 00:55:53 +00:00
891cd7380c
Mirrored Ben's FilterChainProxy.java 1.5 spelling fix to its corresponding test class, which depended on equality of the exception message. All JUnit tests pass now.
2005-07-26 00:50:43 +00:00
dc31553f2a
Syntax
2005-07-25 22:49:05 +00:00
db4ed4bc44
Added debug statement to AbstractTicketValidator to help with Acegi+CAS+SSL setup (thanks Seth Ladd for the patch) (see http://opensource.atlassian.com/projects/spring/browse/SEC-34 )
2005-07-25 03:46:23 +00:00
c66c5dfab5
AuthorizeTag no longer depends on JDK 1.4. Tested on Websphere 5.0 w/JDK 1.3 (see http://opensource.atlassian.com/projects/spring/browse/SEC-11 )
2005-07-25 00:52:15 +00:00
32f62d1ef1
Added SiteminderAuthenticationProcessingFilter for Ben's review. <Untested>.
2005-07-24 23:59:08 +00:00
f625d06cd9
Avoid expense of HttpSession when working with anonymous users.
2005-07-23 09:52:42 +00:00
4ad98a7df3
Spelling correction, thanks to Zack Chandler.
2005-07-23 07:40:43 +00:00
c5ba30b001
Comment how to make a signing certificate.
2005-07-23 07:39:56 +00:00
4b98d357ff
SecureContextLoginModuleTest has been renamed to ...Tests as per Acegi project.
...
SecureContextLoginModule now throws a LoginException if there is no authentication present, if the ignoreMissingAuthentication option is true, the login() method will simply return false.
2005-07-22 04:35:31 +00:00
e51c38aec9
Removed reference in Javadoc to obtaining and validating the SecureContext (checking for null etc), as this is no longer relevant.
2005-07-21 22:59:30 +00:00
c89d4a8add
Added trimming of whitespace to tokens and use of Springs StringUtils.hasText() to check for content in the string passed to setAsText.
2005-07-21 22:55:27 +00:00
3287439421
Initial commit for captcha adapter
2005-07-19 12:35:50 +00:00
74588c8e53
Move acegifier code from core.
2005-07-16 19:35:30 +00:00
5bbc54ac42
Javadoc typo corrected
2005-07-15 14:28:44 +00:00
d9b1a8e83c
Fix typo in InteractiveAuthenticationSucces(s)Event
2005-07-11 01:23:20 +00:00
Luke Taylor
Carlos Sanchez
Ben Alex
Scott McCrory
Ray Krueger
Marc-Antoine Garrigue
Mark St. Godard