3bbbf07235
SEC-1464: Fix broken test (flags in returned user object were not being copied from stored user).
2010-04-25 20:12:00 +01:00
024e6904ff
SEC-1464: Deprecate UserMap, InMemoryDaoImpl and other related classes in favour of the simpler (non-property editor based) InMemoryUserDetailsManager.
2010-04-25 04:27:09 +01:00
f5859fabcf
SEC-1464: Created InMemoryUserDetailsManager and converted user-service BDP to use it for its in-memory database.
2010-04-25 04:26:45 +01:00
d3d9c5db59
Refactoring of UserDetailsService injection (for X509, OpenID and RememberMeServices) to use a factory bean rather than a post-processor.
2010-04-20 23:47:47 +01:00
74896f217b
SEC-1459: Generifying AuthenticationUserDetailsService. Now parameterized with <? extends Authentication>.
2010-04-20 23:47:47 +01:00
0521d10069
SEC-1294: Enable access to beans from ApplicationContext in EL expressions.
...
ExpressionHandlers are now ApplicationContextAware and set the app context on the SecurityExpressionRoot. A custom PropertyAccessor resolves the properties against the root by looking them up in the app context.
2010-04-01 01:24:23 +01:00
020e0aa49a
SEC-1448: Fixed failure to resolve generic method argument names in MethodSecurityEvaluationContext.
...
Changed to use AopUtils.getMostSpecificMethod() when obtaining the method on which the parameter resolution should be performed. Also added better error handling and log warning when parameter names cannot be resolved. The exception will then be a SpEL one, rather than a NPE.
2010-03-30 15:52:40 +01:00
977bc2b164
SEC-1433: Reduce the number of direct dependencies on DataAccessException from spring-tx.
...
It is still required as a compile-time dependency by classes which use Spring's JDBC support, but it doesn't really have to be used in many interfaces and classes which are not necessarily backed by JDBC implementations.
2010-03-26 18:05:28 +00:00
472c1fac84
SEC-1450: Replace use of ClassUtils.getMostSpecificMethod() in AbstractFallbackMethodDefinitionSource with AopUtils.getMostSpecificMethod() equivalent.
...
Ensures protect-pointcut expressions match methods with generic parameters.
2010-03-24 20:57:03 +00:00
e60108ca8c
SEC-1443: Modify Jsr250Voter to handle multiple "RolesAllowed" roles.
...
It now votes to abstain if there are no Jsr250 attributes present. If any are found, it will either deny or grant access. For multiple "RoleAllowed" attributes, access will be granted if any user authority matches or denied if no match is found.
2010-03-22 16:26:04 +00:00
9e049dfef4
SEC-1438: Removed JoinPoint support from AbstractMethodSecurityMetadataSource
2010-03-11 21:51:19 +00:00
c09cd3a9cb
Remove unused inner class in MethodSecurityMetadataSourceAdvisor
2010-03-11 01:52:07 +00:00
55de2cfcb1
SEC-1262: Added new (replacement) AspectJ interceptor which wraps the JoinPoint in a MethodInvocation adapter to provide compatibility with classes which only support MethodInvocation instances.
...
Also deprecated the existing AspectJ interceptors. This will also allow future simplification of the AbstractMethodSecurityMetadataSource, as it no longer needs to support JoinPoints.
2010-03-11 01:51:59 +00:00
f3264ba9ab
Addition of commons-logging exclusions and adjustments to pom generation.
2010-03-07 21:58:25 +00:00
b38b8e55ac
SEC-1432: Convert map keys to lower-case in UserMap.setUsers().
...
Otherwise the lookup on mixed-case fails, since the lookup is performed with a lower-case key.
2010-03-05 17:55:29 +00:00
530ab3ae30
SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect.
2010-03-04 21:21:07 +00:00
0551dd89ac
SEC-1420: Add htmlEscape attribute to authentication JSP tag.
...
This allows HTML escaping to be disabled if required.
2010-03-04 00:47:22 +00:00
b147652193
Make hsqldb a testRuntime/runtime dependency.
2010-03-01 01:10:58 +00:00
f3f84da625
Increase upper bounds of Spring and Spring Security versions in bundlor templates to 3.2.0.
2010-02-21 23:25:36 +00:00
ea7ccc718d
SEC-1399: Removed AbstractAuthenticationManager.
...
MockAuthenticationManager was the only other subclass (apart from the main ProviderManager) and has been removed also.
2010-02-20 21:35:39 +00:00
dacb8dd25a
SEC-1382: Removed deprecated label-based voter and related classes.
2010-02-20 20:50:16 +00:00
b37d2ed978
SEC-593: Added PermissionCacheOptimizer strategy interface and implementation in Acl module.
...
This is used by DefaultMethodSecurityExpressionHandler to allow permissions to be cached before repeatedly evaluating an expression for a collection of domain objects.
2010-02-20 18:02:12 +00:00
2ee7696bf4
Update version number to 3.1.0.CI-SNAPSHOT.
2010-02-19 17:35:19 +00:00
44f45d21f0
3.0.2 release. Update version in build files.
2010-02-19 01:22:21 +00:00
d2b2ca3bc6
SEC-1387: Use a transient object as the advice monitor, rather than a Serializable.
...
No need for an anonymous inner class.
2010-02-19 01:02:22 +00:00
10dc72b017
SEC-1387: Support serialization of security advised beans.
...
MethodSecurityMetadataSourceAdvisor now takes the SecurityMetadataSource bean name as an extra constructor argument and re-obtains the bean from the BeanFactory in its readObject method. Beans that are advised using <global-method-security> should therefore now be serializable.
2010-02-19 00:53:14 +00:00
dbee91002e
Deprecate EncryptionUtils.
2010-02-14 23:27:29 +00:00
c12c43da9e
Javadoc fixes.
2010-02-14 23:27:09 +00:00
36612377e2
Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents.
2010-02-14 23:23:23 +00:00
67c9a0b78d
SEC-1389: Added "iterations" property to BaseDigestpasswordEncoder to support "stretching" of passwords.
2010-02-06 17:34:07 +00:00
bd2fd3448b
SEC-1392: Mark PermissionEvaluator and MethodSecurityExpressionHandler as AopInfrastructure beans to prevent them being advised and causing premature use of MethodSecurityMetadataSource before it is initialized properly.
2010-02-06 15:42:01 +00:00
10d787ede2
Javadoc corrections to SessionRegistryImpl
2010-02-03 23:49:36 +00:00
d931495c8a
SEC-1380: Trim whitespace from config attributes when building a list in SecurityConfig.
2010-01-23 02:12:30 +00:00
1a7f71fc0f
SEC-1372: Return an empty list rather than null from SessionRegistryImpl.getAllSessions()
...
If the principal has no sessions, null is returned which contradicts the interface contract. In practice it didn't matter as the null was checked for, but it is cleaner to disallow a null value.
2010-01-19 01:07:33 +00:00
51dfc0fb39
Set versions to 3.0.2-CI-SNAPSHOT, post release.
2010-01-15 18:15:19 +00:00
05634f97dc
Updated version numbers for 3.0.1 release.
2010-01-15 18:04:28 +00:00
0f90e69004
SEC-1362: Updated French messages translation.
2010-01-13 15:37:18 +00:00
b323098167
Added gradle build files for taglibs, tutorial, contacts and openid.
...
Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).
2010-01-10 23:31:23 +00:00
052537c8b0
Removing $Id$ markers and stripping trailing whitespace from the codebase.
2010-01-08 21:05:13 +00:00
93973a4b75
SEC-1304: Removed compareTo method from GrantedAuthorityImpl
...
This method had been left by mistake when the Comparable
interface was removed. See also SEC-1347.
2010-01-04 19:13:49 +00:00
80aacf447f
Refactored JaasAuthenticationProvider
...
The toUrl() method on File gives a deprecation warning with Java 6, so I reimplemented
the logic for building the Jaas config URL.
2010-01-03 16:28:44 +00:00
893f212fa5
Tidying
2010-01-02 19:53:19 +00:00
bcb1ff8921
SEC-1342: Introduced extra factory method in SecurityConfig to get round problem with Spring converting a string with commas to an array
2009-12-23 14:12:59 +00:00
115d5b84ff
[maven-release-plugin] prepare for next development iteration
2009-12-22 22:20:01 +00:00
6c6ef08353
[maven-release-plugin] prepare release spring-security-3.0.0.RELEASE
2009-12-22 22:19:38 +00:00
e64866ae6a
Updated bundlor templates and introduced spring.version variable
2009-12-22 01:10:04 +00:00
fcce29f8df
SEC-1326: Updating dependencies to match Spring versions. Removing unused deps.
2009-12-21 17:32:38 +00:00
aeed49393c
Switching StringBuffer to StringBuilder throughout the codebase (APIs permitting).
2009-12-18 18:44:42 +00:00
354b043fd1
SEC-1337: Add Serializable interface to internal comparator
2009-12-18 14:12:32 +00:00
55679971f0
SEC-1337: Make User serializable by moving anonymous comparator class
2009-12-18 13:49:02 +00:00
cad32ffe39
SEC-1325: Tighten up Authentication interface contract to disallow null authorities. Modified internals of AbstractAuthenticationToken to use an empty list instead of null. Clarified Javadoc. removed unnecessary null checks in classes which use the interface.
2009-12-13 17:37:24 +00:00
ef3d9c7877
Tidying Javadoc.
2009-12-13 16:20:28 +00:00
1e8ea55030
SEC-1320: JaasAuthenticationProvider can not find jaas realm defined inside service archive. Added flag to control refresh of configuration on startup.
2009-12-13 16:19:53 +00:00
520e733cb2
[maven-release-plugin] prepare for next development iteration
2009-12-08 21:19:41 +00:00
f2cf17bd49
[maven-release-plugin] prepare release spring-security-3.0.0.RC2
2009-12-08 21:19:20 +00:00
adfac7e718
Added gradle file for cas and standardised ehcache version
2009-12-08 01:54:15 +00:00
33b109f0b3
Made session maps final in SessionRegistryImpl.
2009-12-08 01:33:01 +00:00
558737363f
Added some extra tracing to SessionRegistryImpl.
2009-12-08 01:28:47 +00:00
cde9cd6b36
Correct toString() method in User class.
2009-12-08 00:16:08 +00:00
02a9db7bcf
SEC-1317: Removed check in ProviderManager.getProviders() for empty provider list. A ProviderManager with a non-null parent may have an empty provider list. The afterPropertiesSet() method performs the necessary checks.
2009-12-07 21:38:40 +00:00
dab76249db
Added gradle build files (experimental)
2009-12-04 21:33:17 +00:00
dada789814
NOJIRA
...
removed unnecessary cast and use StringBuilder rather than non-final String and concatenation.
2009-12-01 15:19:56 +00:00
ed92d5ea71
SEC-1304: Removed unused compareTo method from custom GrantedAuthority.
2009-12-01 14:32:57 +00:00
8a0f69b955
SEC-1295: Placing Security on Roo Aspected method fails. Added suggested fix - check for null target and use Signature.declaredType instead.
2009-11-30 22:00:49 +00:00
7e0c7ffc0e
SEC-1304: Removed "Comparable" from GrantedAuthority
2009-11-30 21:27:13 +00:00
e72cfd58d4
SEC-1304: Remove Comparable interface from GrantedAuthority to enable it to be imlemented by an enum.
2009-11-30 21:22:11 +00:00
1df82654e3
SEC-1310: Added toString() implementations to Pre and PostInvocationExpressionAttribute classes.
2009-11-30 17:32:03 +00:00
69699431b1
SEC-1303: Added internal Hex and Base64 classes, and moved commons-codec dependency to test scope
2009-11-24 09:31:03 +00:00
b39db5b711
Removed jaxen from template.mf
2009-11-17 14:25:20 +00:00
d4d5012035
SEC-1272: <authentication-manager> does not register default event handler DefaultAuthenticationEventPublisher. Update AuthenticationManagerBeanDefinitionParser to register a DefaultAuthenticationeventPublisher and set it on the registered ProviderManager.
2009-11-17 12:55:53 +00:00
1898b4df52
Updated scope of commons collections to 'test'
2009-11-17 00:00:59 +00:00
248e826342
SEC-1282: Clarified javadoc
2009-11-03 16:31:55 +00:00
3f963ef8ca
Restore versions and svn URLs in trunk (release plugin fail)
2009-10-11 21:59:38 +00:00
af563e826c
[maven-release-plugin] prepare release spring-security-3.0.0.RC1
2009-10-11 21:43:42 +00:00
0615b94f55
Converted expression test to use static method.
2009-10-09 23:42:23 +00:00
4dcb9de67a
SEC-1257: Some additional API changes to use Collection instead of List...
2009-10-07 21:08:20 +00:00
f213cc5d9e
SEC-1257: APIs using List<ConfigAttribute> should use a Collection instead. Converted.
2009-10-06 19:46:44 +00:00
caff3ee9ba
SEC-1231: Authentication.getAuthorities should be of type Collection<GrantedAuthority> and not List<GrantedAuthority>. Refactored the interface and related classes to match (UserDetails etc).
2009-10-05 19:28:53 +00:00
acf13c74ca
SEC-1229: Refactored authentication.concurrent in core, moving classes into core.session
2009-10-05 15:51:00 +00:00
2a1430f1ce
SEC-1229: Removed legacy concurrency classes
2009-09-29 16:18:25 +00:00
9639340fef
SEC-1049: RoleHierarchy in SidRetrievalStrategy. Added optional RoleHierarchy injection to SidRetrievalStrategyImpl
2009-09-16 19:59:37 +00:00
1c4a809e09
SEC-1245: Add role hierarchy support to expression handlers. Done.
2009-09-15 17:17:21 +00:00
897960cd70
Add expression string to failed expression evaluation exception message to help clarify the context.
2009-09-13 22:29:07 +00:00
6851655ea9
SEC-1177: MethodInvocationUtils Returns Null With Valid Method String and Class. Added very simple checking of declared methods on class.
2009-09-09 19:49:44 +00:00
ef2df77889
SEC-1239: Special characters in JAAS config file location. Fix - convert Resource to a File before obtaining the URL from it. The URL.toString() obtained this way is different from the one obtained from Resource.getURL().toString().
2009-09-09 17:41:35 +00:00
8081a1a3cc
Set Id svn keyword.
2009-09-03 19:55:18 +00:00
e14a904306
SEC-1181: fixed recursive import in template.mf
2009-09-02 15:31:22 +00:00
660b408e6e
SEC-1181: added import to template.mf for the DNS classes
2009-09-02 15:20:26 +00:00
58ee9a364e
SEC-1181: DNS helper classes, will primarily be use for lookup of Active Directory servers.
2009-09-02 14:29:35 +00:00
bfd421016e
SEC-1228
...
added constructor so a wrapper can be instanciated in one line of code.
2009-09-01 19:52:43 +00:00
471206a29d
SEC-1229: Redesign Concurrent Session Control implementation. Added ConcurrentSessionControlAuthenticatedSessionStrategy
2009-08-27 10:43:01 +00:00
9bf8656d66
SEC-1201: PropertyPlaceholderConfigurer does not work for intercept-url attributes. Added use of ManagedMaps and BeanDefinitions to support placeholders in the pattern and access attributes.
2009-08-22 21:09:34 +00:00
bb4d818862
SEC-1188: Added "getContexHolderStrategy" method to SecurityContextHolder.
2009-08-22 13:31:13 +00:00
5a8772df5b
Reset pom versions post release
2009-08-21 12:02:49 +00:00
0e5aa7008d
[maven-release-plugin] prepare release spring-security-3.0.0.M2
2009-08-20 15:51:26 +00:00
b807f7cbdd
Added comment to pom to explain spring-web requirement
2009-08-10 14:05:16 +00:00
972cd0a53c
javadoc
2009-08-10 12:10:04 +00:00
d65b1b3581
SEC-1200: Ukranian messages file
2009-08-10 11:41:24 +00:00
0f6642d3ab
SEC-1216: Replacement of custom-after-invocation-provider with after-invocation-provider element. Some changes to help prevent proxying of aop infrastructure classes (use of AopInfrastructureBean marker interface)
2009-08-04 00:18:07 +00:00
5953af0f6b
SEC-1196: Change use of <authentication-manager> to actually register the global ProviderManager instance. This element now registers the global ProviderManager instance and must contain any authentication-provider elements (or ldap-authentication-provider elements).
2009-08-03 00:21:11 +00:00
fdb7325cbc
Javadoc update
2009-07-24 15:21:59 +00:00
efd1dbf54a
Removed public modifier from getSessionController() method on ProviderManager.
2009-07-17 23:37:45 +00:00
1afa67c954
SEC-1195: Added internal AuthenticationManager for use by beans which are generated by the <http> block.
2009-07-15 23:09:47 +00:00
6346e31517
SEC-1195: Change <http> parsing behaviour to use an internal AuthenticationManager instance. Implemented "parent" AuthenticationManager in ProviderManager which is delegated to when no authentication is returned by the instances list of authentication providers. Extracted the Authentication success/failure publishing into a separate strategy.
2009-07-15 01:28:28 +00:00
1ca2e6e6fc
Tidying.
2009-07-13 23:12:32 +00:00
5d389d953d
RoleVoter test class.
2009-07-13 23:11:15 +00:00
946f3d1067
Converted to use mockito.
2009-07-13 23:10:52 +00:00
3b1cdc3ab4
Tidying.
2009-07-08 23:27:53 +00:00
8a3930e673
Refactoring of ProviderManager to ensure that any AuthenticationException from the ConcurrentSessionController will prevent further polling of providers.
2009-07-08 23:20:46 +00:00
6b53703e37
SEC-1187: Moved pre-authentication status check inside try/catch block and repeated the call after reloading the user during the "cacheWasUsed" logic.
2009-07-07 17:09:44 +00:00
980b9b73b8
deprecate property editor
2009-06-26 12:49:23 +00:00
c6b9371029
Updated to latest Spring build snapshot. Required minor EL changes to parser class name
2009-06-15 23:41:20 +00:00
db3f08cce4
SEC-1156: Added check for enableAuthorities setting in deleteUser method of JdbcUserDetailsManager.
2009-06-14 22:31:14 +00:00
ab7f06c108
SEC-1156: Modified JdbcUserDetailsManager to only save/update authorities if enableAuthorities is set
2009-06-14 22:26:44 +00:00
05ba2ff3f3
Improved Javadoc
2009-06-14 20:50:29 +00:00
3f603dfdd8
Removed invalid Javadoc reference to HttpSCIF
2009-06-10 12:44:06 +00:00
4e0d3c644f
Committed deletion of previous AuthorityUtilsTests
2009-06-09 01:50:35 +00:00
4768e4b13c
Removed methods relating to current context from AuthorityUtils, making it a simple factory for GrantedAuthority lists etc.
2009-06-09 01:42:37 +00:00
ab69a0a101
SEC-884: As per discussion in this issue. Added Javadoc to specify that Authentication object passed to decide method must not be null.
2009-06-09 01:14:55 +00:00
d2a8e43a55
SEC-1170: Some updates to UserDetails-related Javadoc.
2009-06-09 00:57:34 +00:00
cb6aa81701
Forgot to remove file
2009-06-08 19:21:22 +00:00
5808da12ff
SEC-1094: Simplified WebXml attribute mapping. Removed generic jaxen-based implementation on which it was based in favour of simple DOM model traversal. Updated sample.
2009-06-08 15:23:41 +00:00
43144cd75d
Javadoc updates.
2009-05-31 21:29:36 +00:00
67ad0456a1
Javadoc updates.
2009-05-31 21:28:50 +00:00
206598172c
Javadoc updates.
2009-05-31 21:26:03 +00:00
d1efb4eeed
generifying RowMappers in JdbcDaoImpl.
2009-05-30 13:52:39 +00:00
131ba5c62e
Reset poms to 3.0.0.CI-SNAPSHOT after tagging M1 release
2009-05-27 00:12:30 +00:00
e2c218e8c9
[maven-release-plugin] prepare release spring-security-3.0.0.M1
2009-05-26 23:44:11 +00:00
b6f3d82dac
Remove commented-out dependencies.
2009-05-26 22:18:53 +00:00
45c54c558c
Updated build to use maven.springframework.org deps
2009-05-13 06:16:05 +00:00
ef388529ae
Javadoc update.
2009-05-12 00:12:22 +00:00
4bad213b19
SEC-1132: Moved remaining preauth code from core to web
2009-05-12 00:11:06 +00:00
c7a2e12c65
Moved python script to correct directory
2009-05-11 06:03:59 +00:00
03d39f1e88
Minor package info updates.
2009-05-11 05:48:09 +00:00
76438b3347
SEC-1132: Refactoring of access/intercept package to extract packages and classes which are externally depended on or potentially may be used outside of the standard interceptor model (e.g. SecurityMetadataSource)
2009-05-11 05:44:31 +00:00
14c4739605
SEC-1158: Decoupling of Pre/Post annotations implementation from Spring EL.
2009-05-11 05:18:20 +00:00
39f1536d5a
Upgrade to Spring 3.0 M3
2009-05-07 08:24:41 +00:00
6d655aa514
SEC-1132: More refactoring to remove cycles ad reduce complexity metrics
2009-05-04 14:24:54 +00:00
73cfeecd0c
Make sure argumentsAdded flag is set correctly.
2009-05-04 12:36:16 +00:00
5b543f83ec
Removed web dependency on core-tests
2009-05-04 02:25:49 +00:00
4bc788828c
SEC-1147: Remove use of SessionRegistryUtils. Inlined the methods.
2009-05-01 06:45:34 +00:00
39cc865a36
SEC-1143: Fixed by using BeanDefinitionRegistry.isBeanNameInUse() instead of containsBeanDefinition() to check for the SessionRegistry availability. The former picks up the alias registration of the standard bean Id for user's bean Id.
2009-04-28 12:08:48 +00:00
e94baf38b3
Tidying up to remove warnings (generics, use of deprecated test classes etc).
2009-04-28 06:49:43 +00:00
50ac9d3b05
More generification to remove last warnings in core package.
2009-04-26 10:17:09 +00:00
1454cbb78e
SEC-1132: Moved TextUtils to web module and StringSplit utils into Digest authentication package (as they aren't used elsewhere).
2009-04-25 08:04:26 +00:00
a76cbee4bc
SEC-1132: Moved ThrowableAnalyzer code to web module as it is only used in ExceptionTranslationFilter
2009-04-25 07:03:15 +00:00
22e7142f45
SEC-998: Bundlor enabled in web, ldap, config and core modules
2009-04-24 09:12:53 +00:00
2e3189cf83
SEC-998: Enabled bundlor in core
2009-04-22 13:00:14 +00:00
21e36e0a57
Updated version number from 2.5.0-SNPSHOT to 3.0.0.CI-SNAPSHOT
2009-04-22 12:55:52 +00:00
a73016b898
SEC-998: Initial bundlor template.mf for core
2009-04-22 12:47:44 +00:00
305ce125fb
SEC-863: Hierarchical roles should use the interface GrantedAuthority. Applied submitted patch.
2009-04-22 05:53:59 +00:00
d7f202a111
Addition of final to constructor set fields to improve immutability of authentication and user objects
2009-04-22 04:11:38 +00:00
ba6664f77f
SEC-1012: Refactor SessionRegistry interface to use Java 5 generics.
2009-04-21 06:57:21 +00:00
cac2bce382
Refactored SessionRegistryImpl to remove servlet API deps and moved back into core, along with other concurrent authentication package classes.
2009-04-21 06:05:14 +00:00
06040853da
Javadoc tidying
2009-04-21 03:16:57 +00:00
56ec1b4b05
Tidying beforeInvocation method.
2009-04-20 01:01:34 +00:00
292926518b
SEC-1136: Converted base exceptions to extend RuntimeException rather than NestedRuntimeException.
2009-04-15 10:19:37 +00:00
93bdcccaee
SEC-1132: Moved userdetails into core and added core/authority sub-package
2009-04-15 07:39:21 +00:00
5d0d1bd404
Fixed Javadoc typo.
2009-04-14 12:56:16 +00:00
db9afc36ab
Refactored internal context holder strategy implementations to be package private and final and refactored getContext() methods to use a single call to ThreadLocal.get().
2009-04-14 11:04:49 +00:00
c770998d92
SEC-1132: Move authoritymapping to core as it is actually used in loading authorities for a use, not in making access decisions.
2009-04-14 04:22:57 +00:00
550715e73f
SEC-1136: Removed SpringSecurityException and last import.
2009-04-14 01:51:22 +00:00
10673780db
OPEN - issue SEC-1136: Removed SpringSecurityException. Introduced new AclException as base class for Acl module. Refactored JAAS authentication to map to AuthenticationExcpetions rather than SpringSecurityException. Modified ExceptionTranslationFilter to look explicitly for AuthenticationException or AccessDeniedException (which it should do since these are the only two it handles).
2009-04-13 14:56:49 +00:00
ca7d055c2b
SEC-1132: Created core and authentication packages within core module.
2009-04-13 13:43:23 +00:00
9efb5a7007
SEC-1132: Moved access-control/authorization specific code to org.sf.security.access package. Created provisioning package for user management classes to remove cyclical deps. Some other moving of classes to remove code tangles. Restructuring of portlet module under org.sf.security.portlet
2009-04-12 12:23:23 +00:00
7c4d54f356
SEC-1131: Applied patch for portlet upgrade
2009-04-12 05:52:20 +00:00
365ae3936e
Moved MockAuthenticationManager to test package.
2009-04-12 05:13:18 +00:00
1b43e3661a
SEC-1132: Moved switch user event class to web module as it is only used by SwitchUserProcessingFilter.
2009-04-12 04:16:46 +00:00
bec84f874a
SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples.
2009-03-26 07:18:36 +00:00
2a9a8a41db
SEC-1125: Created separate web module spring-security-web
2009-03-25 06:28:18 +00:00
2c985a1c36
SEC-1126: separated out spring-security-config module containing namespace configuration classes and resources
2009-03-23 04:23:48 +00:00
a45ba138f7
SEC-1121: InMemoryResource.equals() is wrong. Corrected as suggested.
2009-03-20 04:44:39 +00:00
4aff4b2350
SEC-1123: Renamed ObjectDefinitionSource to SecurityMetadataSourceand performed related refactoring
2009-03-20 04:32:06 +00:00
4aae5ec42e
SEC-1124: Refactored LDAP code into separate module
2009-03-19 06:30:32 +00:00
a0f3015ac6
SEC-1086: AccessDecisionManager implementations now log debug messages giving the results returned by each voter polled.
2009-03-19 02:01:24 +00:00
d163cd7d18
SEC-1099: Translation of message.properties in Brazilian Portuguese. Added file.
2009-03-19 01:47:34 +00:00
c0638e9c8d
SEC-1110: Localization (messages_ko_KR.properties). Added.
2009-03-19 01:46:05 +00:00
591681c180
Upgrade to Spring M2 and correct expression classes and pom files to match changes
2009-03-19 01:17:16 +00:00
98593b7c78
SEC-1120: Added Portuguese messages file
2009-03-19 01:02:32 +00:00
ccf422af5a
SEC-1070: AbstractRetryEntryPoint always uses RetryWithHttpEntryPoint logger. Converted to protected (non-static) and used getClass().
2009-03-16 08:32:16 +00:00
9de9f638fe
SEC-1083: Removed unnecessary import
2009-03-16 08:07:18 +00:00
30748e8615
SEC-1083: PersistentTokenBasedRememberMeServices does not clear tokens on logout. Override logout method to remove tokens for user.
2009-03-16 08:05:02 +00:00
b7557d017e
Corrected Javadoc typo.
2009-03-16 07:10:12 +00:00
ef3ea65fdb
Switching back to 2.5.0-SNAPSHOT after tagging M1 release
2009-01-03 07:42:19 +00:00
fc5f50501e
[maven-release-plugin] prepare release 2.5.0.M1
2009-01-03 07:08:25 +00:00
ddffdf1699
SEC-745: Renamed failureHandler and successHandler to have prefix 'authentication'
2008-12-28 17:32:25 +00:00
4a41416c9b
Tidying up and removing compiler warnings.
2008-12-21 16:36:16 +00:00
f5d2e7a7ce
Make error message when multiple UserDetailsServices are found more explicit.
2008-12-21 13:29:42 +00:00
9cb361e88a
SEC-745: Added LogoutSuccessHandler strategy for use in LogoutFilter.
2008-12-20 23:25:29 +00:00
66e586ec67
Added Id keyword.
2008-12-20 15:41:51 +00:00
cc5966bc7e
Tidying up, removing compiler warnings etc.
2008-12-20 00:16:49 +00:00
8154161ef5
SEC-1035: Updated build to use Spring 3.0.0.M1 Release
2008-12-18 02:37:00 +00:00
8f598e9b11
SEC-1052: Add support for the namespace option 'disable-url-rewriting'.
2008-12-17 01:28:29 +00:00
171456a26c
SEC-1018: Changes to allow external reference to SaltSource bean from the namespace.
2008-12-17 01:11:43 +00:00
00125cddee
SEC-1016: Moved the MapBasedDefinitionSource to the top of the list of delegates (before expressions), but changed the code to only add it if there are pointcuts defined, so there should be no unnecessary overhead.
2008-12-17 00:48:32 +00:00
585e5f393a
Added warning suppression for deprecation.
2008-12-17 00:32:21 +00:00
d8b5f770e9
Added warning suppression for deprecation.
2008-12-17 00:31:17 +00:00
db5f1e69f1
SEC-949: Added the option of specifying -1 as the token-validity-seconds value in order to set the cookie maxAge to expire when the browser closes.
2008-12-17 00:14:48 +00:00
c2e688610c
SEC-1011: Introduced methods for extracting the remember-me cookie and for creating the returned token.
2008-12-16 23:25:44 +00:00
998f0b3ea1
SEC-993: Updated retrievePassword method to return null if an Authentication object with null credentials is presented (e.g. with OpenID). Prevents NPE when toString() is called.
2008-12-16 20:35:18 +00:00
Luke Taylor
Scott Battaglia
Mike Wiesner