34a6849998
Release 0.9.0
2005-11-11 04:52:13 +00:00
fa835ca484
Change versions for 1.0.0-SNAPSHOT.
2005-11-11 04:50:33 +00:00
edf3b466c4
Fix so multiproject:site doesn't fail.
2005-11-11 03:55:41 +00:00
01c576227a
Eliminate PHP redirects.
2005-11-11 03:04:18 +00:00
c167e9fd87
Change SecurityContextHolder to ThreadLocal due to IBM JDK 1.3 issues as described at http://tinyurl.com/8zhka and reported by Scott McCrory on acegisecurity-developer 8 November 2005.
2005-11-08 22:07:33 +00:00
97bd75f78c
Added change examples and wrapped <code> around all java & XML references. Other developers please review the end result and let me know if I went too far :-)
2005-11-08 01:08:07 +00:00
c185c5bfb8
Fixed "FilterToBeProxy" typo
2005-11-08 00:04:33 +00:00
509ae1ccc9
Improved Siteminder docs.
2005-11-07 01:07:07 +00:00
478b575ad5
General improvements ready for 0.9.0.
2005-11-06 23:59:45 +00:00
60b0bfc41f
Slight wording change in Commercial Deployments section.
2005-11-06 19:48:42 +00:00
24c3b77d8b
Developers no longer need to add change history to changes.xml - they should maintain JIRA instead. Changed this direction in policies.html.
2005-11-06 19:45:39 +00:00
82c3d76842
Added Windows syntax for first "cd" command mention.
2005-11-06 19:35:24 +00:00
bdd0f3d055
More additions.
2005-11-05 04:54:07 +00:00
a807b8d539
Extra 0.9.0 upgrade details.
2005-11-05 01:28:44 +00:00
addae5965d
Remove index.html. The index.php should take priority, so an automatic redirect to acegisecurity.org will occur.
2005-11-04 05:25:42 +00:00
54aaefa703
Move changelog for 0.9.0 to JIRA after adding the tasks previously in changes.xml.
2005-11-04 05:14:05 +00:00
6e389ca1b8
SEC-51: Use long instead of int for ACL primary keys.
2005-11-03 13:38:45 +00:00
c5d652f6c2
SEC-26: Add link to SSL instructions.
2005-11-03 12:58:35 +00:00
b6dbfde55c
SEC-70: Refactor event publishing.
2005-11-03 06:55:47 +00:00
cb86d6f9d6
Add David Medinets' articles.
2005-11-01 02:01:16 +00:00
3f43a04972
Added Siteminder authentication section.
2005-10-27 22:04:04 +00:00
ac05c5a843
Use new domain.
2005-10-23 05:12:23 +00:00
0b9c38e600
Use new domain.
2005-10-23 05:02:29 +00:00
55e552a846
Fix incorrect packages.
2005-10-21 07:38:57 +00:00
e1c7a6bc86
Few more....
2005-10-21 06:34:07 +00:00
76fe024302
Doc updates.
2005-10-21 01:24:33 +00:00
fc8ed33f64
Reduce to 50% size.
2005-10-17 12:27:54 +00:00
b2363dfe07
SEC-62 Add maven 2 support
2005-10-06 20:53:08 +00:00
9b898e84c4
Added Java 5 Annotations version of Contacts sample (contacts-tiger).
...
Note: I have added a pre goal to add the source dir of the original Contacts example.
I also added an exclude on the main project.properties for the attributes sample, as the Commons Attributes plugin causes issues with Java 5 source compilation.
The Annotations version will eventually replace the Commons Attributes approach, for now those users will need to manually build the attributes example.
2005-09-25 05:58:49 +00:00
2c539a03d2
Add Seraph link.
2005-09-23 01:14:39 +00:00
f5741962ed
Add createSessionAllowed property, which should be set to false to avoid unnecessary session creation.
2005-09-22 00:54:27 +00:00
84a723d035
Adding more Common User problems to FAQ
2005-09-21 01:53:35 +00:00
6f3e92e2e4
started adding Common User Problems to the FAQ..... I will add more as well go.. I will also add the Change Password and other usage patterns such as Disabling and Event publishing, etc
2005-09-20 02:31:23 +00:00
35ca25f085
BasicAuthenticationProcessingFilter no longer creates HttpSession via WebAuthenticationDetails call.
2005-09-08 11:15:48 +00:00
1bd4d0beca
Started adding Java 5 Annotation documentation, including example configuration and usage.
2005-09-05 05:56:39 +00:00
fce510fa9f
added core-tiger
2005-09-04 20:07:12 +00:00
55f5c3397a
Relocated JdbcDaoExtendedImpl.convertAclObjectIdentityToString to superclass (pursuant to suggestion made by Tim Kettering on acegisecurity-developer).
2005-08-23 22:45:17 +00:00
438130ef4c
Use same groupId as Apache Repo and iBiblio Repo.
2005-08-22 21:42:47 +00:00
9b648357fe
Fixed sdocbook plugin url
2005-08-22 21:30:54 +00:00
204582d2fc
For convenience of users of Acegi Security Domain subproject, include the source code in the sources ZIP file.
2005-08-21 10:29:22 +00:00
cbdb3ed8da
Add Jared Odulio's blog entry.
2005-08-21 10:18:26 +00:00
e805aa2e73
Add annotation support.
2005-08-21 09:40:09 +00:00
c2e927e01d
Add Pascal Gehl's blog entry.
2005-08-21 08:43:29 +00:00
ec5e39c2e8
Initial checkin of user security context switching (see SEC-15). This is the first cut of the SwitchUserProcessingFilter that handles switching to a target uesr and exiting back to the original user. Note: This is going to be used for the common use-case of an Administrator 'switching' to another user (i.e. ROLE_ADMIN -> ROLE_USER). This is the initial cut of a Unix 'su' for Acegi managed web applications.
2005-08-04 05:49:12 +00:00
3010a85fdd
Add the policies which were agreed on-list.
2005-07-30 01:04:44 +00:00
c2c48b905b
Added package.html files to reamining java packages (see http://opensource.atlassian.com/projects/spring/browse/SEC-41 )
2005-07-26 01:54:18 +00:00
f4c8211cc2
Replaced .cvsignore placeholders for package.html files (which also serve some doccumentary purpose).
2005-07-26 00:52:02 +00:00
db4ed4bc44
Added debug statement to AbstractTicketValidator to help with Acegi+CAS+SSL setup (thanks Seth Ladd for the patch) (see http://opensource.atlassian.com/projects/spring/browse/SEC-34 )
2005-07-25 03:46:23 +00:00
c66c5dfab5
AuthorizeTag no longer depends on JDK 1.4. Tested on Websphere 5.0 w/JDK 1.3 (see http://opensource.atlassian.com/projects/spring/browse/SEC-11 )
2005-07-25 00:52:15 +00:00
f20bc6d9d0
Catch up with recent changes.
2005-07-25 00:45:43 +00:00
f650289142
Avoid expense of HttpSession when working with anonymous users.
2005-07-23 10:05:32 +00:00
f625d06cd9
Avoid expense of HttpSession when working with anonymous users.
2005-07-23 09:52:42 +00:00
f0813b45d7
Typo correction as suggested in forum
2005-07-15 18:01:45 +00:00
c8275c591f
Reflect additional releases made for backporting SEC-20 security fix.
2005-07-14 01:12:38 +00:00
32136c38d4
Fix broken link (thanks to Marc Palmer).
2005-07-13 23:40:54 +00:00
3e4a29eae9
FilterSecurityInterceptor now has an observeOncePerRequest boolean property, allowing multiple fragments of the HTTP request to be individually authorized (see http://opensource.atlassian.com/projects/spring/browse/SEC-14 ).
2005-06-27 03:57:31 +00:00
d09d250656
Form, CAS, X509 and Remember-Me authentication mechanisms now publish an InteractiveAuthenticationSuccessEvent (see http://opensource.atlassian.com/projects/spring/browse/SEC-5 ).
2005-06-27 03:36:30 +00:00
60f8095cf2
Make Authenticated.isAuthenticated() behaviour switchable. See http://opensource.atlassian.com/projects/spring/browse/SEC-13 .
2005-06-27 03:05:26 +00:00
ef8281f534
HttpSessionContextIntegrationFilter elegantly handles IOExceptions and ServletExceptions within filter chain (see http://opensource.atlassian.com/projects/spring/browse/SEC-20 ).
2005-06-27 02:55:01 +00:00
a3d26edea3
JBoss container adapter to use getName() instead to toString() (see http://opensource.atlassian.com/projects/spring/browse/SEC-22 ).
2005-06-27 02:06:33 +00:00
a312fede74
Refactor DAO authentication failure events under a consistent abstract superclass (thanks to Mark St Godard for suggestion).
2005-06-22 08:07:52 +00:00
c0f1d4e19d
Remove getters and setters from JdbcDaoImpl so IoC container cannot modify MappingSqlQuerys (thanks to David Durham for bug report).
2005-06-22 08:06:28 +00:00
a15691d9d7
Silently catch NotSerializableException in AbstractProcessingFilter if rootCause is not Serializable (thanks to Joseph Dane for reporting this bug).
2005-06-22 07:03:53 +00:00
5f75e9bf9a
Refactor Authentication.isAuthenticated() handling to be more performance (as per developer list discussion).
2005-06-22 06:30:46 +00:00
a7b5299e77
Correct synchronization issue with FilterToBeanProxy initialization (thanks to George Franciscus and Volker Malzahn as per acegisecurity-developer discussion 4 June 2005).
2005-06-22 05:22:05 +00:00
1cfdc86ff4
Add Matt's latest presentation.
2005-06-20 05:31:57 +00:00
420fb0ec2c
Minor corrections, as reported by Wil Lambrecht.
2005-06-20 02:57:49 +00:00
645c2bb5d5
Add new book.
2005-05-29 12:40:21 +00:00
c699f7d40e
Support non-username as primary key.
2005-05-29 09:46:51 +00:00
4e55780e7c
Performance optimisations thanks to Paulo Neves.
2005-05-20 00:00:22 +00:00
cfb8271826
Reorder DaoAuthenticationProvider exception logic as per developer list discussion.
2005-05-18 01:40:45 +00:00
ecbfac2ff8
Made AclEntry Serializable (correct issue with BasicAclEntryCache).
2005-05-17 11:07:00 +00:00
dcfa0008db
Updated URL to point to Reid Carlberg's latest blog entry.
2005-05-16 22:37:04 +00:00
de6a258460
Refactor SecurityContextHolder to return a SecurityContext instead of Authentication.
2005-05-09 01:35:52 +00:00
e08e66dec6
Refactor SecurityContextHolder to return a SecurityContext instead of Authentication.
2005-05-08 23:42:14 +00:00
6a9abe5d90
Remove ContextHolder and introduce SecurityContext.
2005-05-07 09:11:37 +00:00
52064d5db4
Correction.
2005-05-06 03:53:12 +00:00
854112076e
Add Victor's entry.
2005-05-06 03:50:53 +00:00
e2b7b785e1
AppFuse link.
2005-05-01 08:55:40 +00:00
d4da559ccc
added entry for credential expiry modifications
2005-04-30 00:32:41 +00:00
d169829f27
AbstractAuthenticationToken.getName() now returns username alone if UserDetails present.
2005-04-29 22:29:00 +00:00
6f286e2054
AuthorityGranter.grant now returns a java.util.Set of role names, instead of a single role name
2005-04-27 03:39:06 +00:00
423dbc9f14
Add JavaDocs link to navigation documentation.
2005-04-21 23:12:50 +00:00
cff9ba4988
AnonymousProcessingFilter offers protected method to control when it should execute as per http://forum.springframework.org/viewtopic.php?p=19766 .
2005-04-21 23:02:58 +00:00
a68d720e88
Prepare for 0.9.0.
2005-04-20 22:43:46 +00:00
56f201c651
More memory needed...
2005-04-20 14:48:45 +00:00
4cf500763f
Release 0.8.2.
2005-04-20 14:15:03 +00:00
efd8955a3d
General update.
2005-04-20 12:29:36 +00:00
b92bb993af
Add blog entry.
2005-04-20 11:32:37 +00:00
fdf5c63033
Add obtainUsername method as per http://forum.springframework.org/viewtopic.php?t=4757 .
2005-04-13 22:17:05 +00:00
59b3bc582d
Disable one page per chapter option.
2005-04-08 23:17:03 +00:00
2ee7cc1c18
General update.
2005-04-06 06:39:03 +00:00
204da55a0b
PasswordDaoAuthenticationProvider no longer stores String against Authentication.setDetails().
2005-04-03 21:48:45 +00:00
32521dde45
Add ACL Instantiation Diagram, courtesy of Bill Eisenhauer.
2005-03-31 23:42:26 +00:00
7c9bd78e16
Initial commit.
2005-03-28 21:40:44 +00:00
9649003d57
AbstractProcessingFilter no longer uses a set*FailureUrl approach for every exception, it now uses a properties object that maps authenticationExceptions to failure urls
2005-03-28 17:42:21 +00:00
684d5bc10e
Handle null Authentication.getAuthorities() in AuthorizeTag.
2005-03-27 06:36:41 +00:00
8e6305ae81
Update commons-codec dependency to 1.3.
2005-03-25 22:33:18 +00:00
8ae2276843
TokenBasedRememberMeServices changed to use long instead of int for tokenValiditySeconds.
2005-03-25 22:07:00 +00:00
8884ca51af
Add credentialsExpiredFailureUrl getter/setter to AbstractProcessingFilter.
2005-03-23 23:22:51 +00:00
45761058e7
Add ConcurrentSessionController details.
2005-03-23 22:25:34 +00:00
81e84067ae
Clarify AccessDecisionManager configuration if no configuration attributes being used.
2005-03-23 11:12:03 +00:00
747825cda1
Correct location of AuthenticationSimpleHttpInvokerRequestExecutor in clientContext.xml.
2005-03-22 22:56:36 +00:00
01aaadbe0d
Prepare for 0.8.2 (assuming 0.8.2 is the next version, but subject to change).
2005-03-22 11:57:32 +00:00
48dd6c5c73
Release 0.8.1.
2005-03-22 11:25:41 +00:00
9f66c0eae9
Update to current Spring JAR dependencies.
2005-03-22 11:17:22 +00:00
2b6b81f39a
Use Spring 1.1.5 JARs.
2005-03-22 08:52:22 +00:00
c936801842
DigestProcessingFilter now provides userCache getter and setter.
2005-03-21 08:03:11 +00:00
0530351f0d
Provide toString() method on User.
2005-03-21 05:33:51 +00:00
a2b9da7e22
StringSplitUtils.split() ignored delimiter argument.
2005-03-21 05:14:48 +00:00
6f31ecb04b
UserDetails now indicates locked accounts.
2005-03-21 03:22:59 +00:00
f510989cbb
Minor consistency changes.
2005-03-20 23:09:56 +00:00
f1f5e687ee
Note change to Authentication.getDetails().
2005-03-20 22:34:15 +00:00
d59db9ecdc
Note about X509 Contacts Sample.
2005-03-20 22:27:49 +00:00
4f697bee29
Added first draft of X509 docs
2005-03-20 16:50:05 +00:00
a056946c49
HttpSessionContextIntegrationFilter now handles HttpSession invalidation without redirection.
2005-03-18 00:50:12 +00:00
52c42a7a40
Corrected Authz parsing of whitespace in GrantedAuthoritys. Contributed by Francois Beausoleil.
2005-03-14 06:09:33 +00:00
63aee2e0a9
Add Matthew's latest blog entry.
2005-03-13 21:58:45 +00:00
df91d352cb
AbstractBasicAclEntry improved compatibility with Hibernate, as per http://forum.springframework.org/viewtopic.php?t=3949 .
2005-03-13 21:01:16 +00:00
4763f953d3
FilterChainProxy now supports replacement of ServletRequest and ServetResponse by Filter beans.
2005-03-11 01:41:43 +00:00
c5fe428400
Patch by Matt Raible which returns null if Authentication is anonymous.
2005-03-10 12:00:30 +00:00
15535fff41
SecurityEnforcementFilter caused NullPointerException when anonymous authentication used with BasicProcessingFilterEntryPoint.
2005-03-10 11:11:25 +00:00
53bb4aebdf
Setup future development for 0.8.1.
2005-03-03 13:29:46 +00:00
4c5d0476b0
Prepare to release 0.8.0.
2005-03-03 00:06:46 +00:00
ee899dcedf
Remove duplicate.
2005-03-02 01:37:54 +00:00
60ef10e331
Fix typos.
2005-03-02 01:36:55 +00:00
888e48f236
More references.
2005-03-01 08:15:09 +00:00
2149059c74
Use without Spring article.
2005-03-01 08:15:03 +00:00
9a35091a86
Add nightly build notes.
2005-03-01 06:10:26 +00:00
f1e071b0f1
Added remember-me services.
2005-03-01 02:30:38 +00:00
0d33b06990
Fix NullPointerException if a pattern is given without any config attributes (eg /**/*.css=). Contributed by Konstantin Shaposhnikov.
2005-02-28 22:06:53 +00:00
873c3f6c3d
Improve Linux and non-Sun JDK (specifically IBM JDK) compatibility.
2005-02-28 03:02:32 +00:00
44397bb05d
Committing ConcurrentSessionController feature and tests. Documentation is needed.
2005-02-26 21:48:07 +00:00
edd3fcc72c
Added the reference guide using one page per chapter
2005-02-25 19:32:26 +00:00
693ac5a24a
Anonymous principal support. As requested by the community at various times, including in http://forum.springframework.org/viewtopic.php?t=1925 .
2005-02-23 06:09:56 +00:00
a3818184f4
Added Digest Authentication support (RFC 2617 and RFC 2069).
2005-02-22 06:14:44 +00:00
cbf413afcd
Prepare for 0.8.0 as the next release.
2005-02-21 06:56:00 +00:00
dda66a0454
Significantly refactor "well-known location model" to authentication processing mechanism and HttpSessionContextIntegrationFilter model.
2005-02-21 06:48:31 +00:00
e52f3eacb1
Use WebAuthenticationDetails for Authentication.getDetails() by default.
2005-02-21 00:09:49 +00:00
436d37c166
Add FilterChainProxy discussion.
2005-02-20 06:22:48 +00:00
f57b1b9a8f
General update.
2005-02-20 05:40:57 +00:00
52479ec8a7
Typo.
2005-02-18 10:26:33 +00:00
0b296e7cf0
Correct issue with JdbcDaoImpl default SQL query not using consistent case sensitivity as per http://forum.springframework.org/viewtopic.php?t=3526 .
2005-02-15 07:14:59 +00:00
7d183b8eea
More info on where to find samples' source files.
2005-02-15 07:06:13 +00:00
1949c3b27e
Added AuthenticationException to the commence method signature of the AutenticationEntryPoint. The best example of this
...
is the BasicProcessingFilterEntryPoint where the authException.getMessage() is used to send back an informative 401,
instead of just the error code.
Added AccessDeniedException to the sendAccessDeniedError method signature. The accessDeniedException.getMessage() result
is used to send an invormative 403 error back to the servletResponse by default.
2005-02-15 03:28:18 +00:00
f43c31c8d4
Add basic configuration blog entry.
2005-02-13 07:07:46 +00:00
beadf24610
Use static HttpServletResponse.SC_UNAUTHORIZED instead of 401 HTTP response code.
2005-02-13 00:59:48 +00:00
6370fadfdc
FilterSecurityInterceptor now only executes once per request (improves performance with SiteMesh). Suggested by Sanjiv Jivan.
2005-02-11 05:49:41 +00:00
cbe53e21b9
HttpSessionIntegrationFilter no longer creates a HttpSession unnecessarily.
2005-02-10 07:15:20 +00:00
aa575f7103
Updated clover link to cenqua.com
2005-02-08 15:18:13 +00:00
Ben Alex
Scott McCrory
Carlos Sanchez
Mark St. Godard
Luke Taylor
Ray Krueger