c7792458b4
SEC-645: Reimplementation of X509 authentication.
2008-01-27 11:12:50 +00:00
ae71e9a5bd
SEC-632: Changed user-filter to custom-filter to avoid confusion with system "users".
2008-01-27 00:48:53 +00:00
cd16dac290
SEC-648: Added custom-authentication-provider element.
2008-01-27 00:42:35 +00:00
619c7b0dbf
SEC-632: Explicit filter chain ordering is now achieved using "after" or "before". Setting the order value directly in the context is fragile due to potential future changes in the order values of standard filters.
2008-01-26 23:56:04 +00:00
0005da3b63
Corrected spelling of class name.
2008-01-26 11:36:24 +00:00
83ecb3e9e0
test classes
2008-01-26 11:35:49 +00:00
0e58e816a2
2008-01-26 11:31:49 +00:00
0f32b3fc40
reverted to junit 3
2008-01-25 15:04:29 +00:00
630efbf536
AclFormattingUtils and AccessControlEntryImpl test classes
2008-01-24 22:11:17 +00:00
d10450cfb7
SEC-531: Provide support for HTTP methods in FilterInvocationDefinitionSource. Path/Regex versions of FIDS are now deprecated and in favour of using their (no longer abstract) parent class with a UrlPathMatcher strategy.
2008-01-24 14:39:47 +00:00
b4c37db9f9
test classes for AuditLogger and security checks in AclImpl and AclAuthorizationStrategyImpl
2008-01-23 21:50:49 +00:00
837ecd85ec
SEC-576: Tidied up code, added preauth sample demo app.
2008-01-23 20:02:11 +00:00
a9ff309b02
Deleted as test now uses inline context snippets.
2008-01-22 21:08:33 +00:00
06f3bcbf6a
Converted all namespace attributes which refer to bean IDs to use "-ref" suffix (or "ref").
2008-01-22 20:58:12 +00:00
11570d9584
SEC-576: Test web.xml files.
2008-01-22 20:42:09 +00:00
24caad5a67
Make sure default lower/upper case is respected for regex and ant paths when not set explicitly using the lowercase-comparisons attribute. Added much more comprehensive testing of HttpSecurityBeanDefinitionParser.
2008-01-22 20:25:46 +00:00
b9561cc4e0
SEC-643: Fix to allow namespace configuration without remember-me authentication.
2008-01-22 18:32:18 +00:00
7854e36029
SEC-576: Tidying.
2008-01-22 15:07:37 +00:00
c8b9f24038
SEC-576: Committed pre-autheticated contribution. Still has to be more thoroughly reviewed.
2008-01-22 13:55:19 +00:00
35a7928cb9
SEC-635: Convert xsd:IDREF types to xsd:string to allow references to beans outside the current file.
2008-01-22 11:38:50 +00:00
b29bcfebe8
Converted test class to use in memory XML snippets - makes it easier to work out which one is causing a failure.
2008-01-22 11:36:15 +00:00
ca8dff7abb
Delete unused ldap namespace test context file
2008-01-21 20:09:07 +00:00
1b8f13aa4c
Use "'" for XML attributes in in-memory test contexts for readability.
2008-01-21 20:08:24 +00:00
aff568efb9
Tidied up getters/setters (undoing jalopy ordering). Made getters protected.
2008-01-21 17:23:48 +00:00
9836bda5b3
SEC-630: Support for "properties" attribute in user-service namespace element.
2008-01-21 17:15:53 +00:00
59a947bbe5
SEC-636: Support for use of "ref" attribute in salt-source element.
2008-01-21 15:06:43 +00:00
568211b77f
SEC-638: Fixed problem caused by using Spring 2.5.1 method from ReflectionUtils which isn't available in 2.0.6.
2008-01-21 15:00:16 +00:00
eb70db1dee
SEC-638: Allow property names as well as method names to be used in ReflectionSaltSource.
2008-01-21 14:45:29 +00:00
fe6e297358
Added missing space to SQL query in JdbcMutableAclService.
2008-01-21 10:31:48 +00:00
437c6fb7b7
Tidying.
2008-01-21 09:33:49 +00:00
8694028b13
SEC-632: Completed comment.
2008-01-19 14:21:20 +00:00
d70a820e64
SEC-632: Make order attribute in user-filter optional for cases when the filter implements Ordered directly.
2008-01-19 14:18:33 +00:00
5e3a0ef379
SEC-632: Added user-filter element to namespace to allow a user to add their filters. Filters which aren't in the org.security.springframework package will now be skipped. Also renamed FilterChainOrderUtils and members for future use in ordering (e.g. using "after", "before" as attributes in user-filter).
2008-01-19 13:51:03 +00:00
c3cd5d98ba
Added logging of FilterChainProxy when security namespace postprocessor has finished configuring it.
2008-01-18 22:20:16 +00:00
84815df529
Added toString method to FilterChainProxy.
2008-01-18 22:16:41 +00:00
48620f3550
Changed AuthorizeTag to use StringUtils.deleteAny(), instead of replace()
2008-01-18 17:12:21 +00:00
a40bb11be3
SEC-599: Refactoring to use Map.Entry for iterating through patterns.
2008-01-18 16:33:36 +00:00
04c89e0795
SEC-599: Refactoring of FilterInvocationDefinitionSource implementations to use UrlPathMatcher strategy.
2008-01-18 16:24:35 +00:00
cc96fa730a
Added file header
2008-01-18 16:11:44 +00:00
61c91d1b79
SEC-633: Handle null credentials in AbstractAuthenticationToken.equals
...
Also added a test for the OpenIDAuthenticationToken to reproduce the original error.
2008-01-18 16:09:31 +00:00
01569e5746
SEC-599: Refactoring of FilterInvocationDefinitionSource implementations to use a LinkedHashMap internally rather than list of "EntryHolder" classes.
2008-01-18 13:04:46 +00:00
ea70845987
SEC-335: Support for ANY_CHANNEL configuration attribute in channel processing. Also added to namespace.
2008-01-17 20:52:26 +00:00
2ed1c7d494
SEC-596: Added Italian messages file.
2008-01-17 16:39:18 +00:00
acd87918d2
Implemented hashcode (and equals) to prevent NPE with Spring 2.5
2008-01-17 15:13:47 +00:00
a458d21b9f
Changed to be compatible with Spring 2.5. ManagedMap no longer has a constructor taking a map.
2008-01-17 14:25:08 +00:00
ad92dbf389
Minor correction to error message.
2008-01-17 11:01:23 +00:00
66f73897e6
Refactored up an AuthoritiesPopulator and DaoAuthoritiesPopulator from functionality in the cas provider. This interface and impl are well suited for use in the openid provider, and possibly in the sitemesh provider.
2008-01-16 03:01:51 +00:00
e90498c4f7
Import cleaning.
2008-01-15 22:26:10 +00:00
9e21c48fce
SEC-628: Added port-mappings element to allow use of a PortMapper.
2008-01-15 19:59:07 +00:00
60b7e2d4f2
Refactored channel entry points to use a common base clase since the functionality is almost exactlythe same (apart from the function called on the PortMapper).
2008-01-15 17:56:21 +00:00
afded24b62
Removed accidentally committed JDK 1.5 methods (Integer.valueOf()).
2008-01-15 17:22:10 +00:00
a4a7813ddb
Refactoring PortResolverImpl - simpler code and remove InitializingBean implementation.
2008-01-15 16:28:38 +00:00
5295d33000
SEC-272: Deleted GroupsManager after rename.
2008-01-15 12:28:03 +00:00
0459fc5477
SEC-272: Completion of JDBC manager implementation.
2008-01-14 18:52:42 +00:00
f27ea98217
SEC-272: More group manager method implementations.
2008-01-14 11:33:05 +00:00
bad58fe96a
SEC-272: Partial group manager implementation.
2008-01-11 16:46:53 +00:00
d66b9693ba
SEC-507: Initial support for JSR-250 "RolesAllowed" attributes.
...
Added jsr250 boolean to annotation-driven element to determine whether JSR-250 annotations should be used in preference to the traditional Acegi "Secured" attribute.
2008-01-10 20:19:15 +00:00
dfb60e2f62
Clarifying Javadoc
2008-01-10 13:38:12 +00:00
9a23ec4937
Clarifying Javadoc
2008-01-10 13:37:47 +00:00
06c6c3b9f3
Reformatting.
2008-01-10 13:09:23 +00:00
518ccada8c
Tidying.
2008-01-10 12:42:02 +00:00
dac911ac08
Fixed test failures caused by reordering of authorities loading order in JdbcDaoImpl.
2008-01-09 18:31:54 +00:00
c77475cda6
SEC-272: Added groups support to JdbcDaoImpl.
2008-01-09 18:06:41 +00:00
f983ff204d
SEC-414: Add useRelativeContext and sendRedirectMethod to SwitchUserProcessingFilter.
2008-01-08 22:41:28 +00:00
96dd564b79
Renamed obtainFullRequestUrl to obtainFullSavedRequestUrl.
2008-01-08 22:17:56 +00:00
28d4fa4665
Reformatting.
2008-01-08 18:41:06 +00:00
07db88a367
Import cleaning.
2008-01-08 18:13:53 +00:00
2eca8ee7b0
SEC-572: Added allowSessionCreation (default=true) property to AbstractProcessingFilter and modified it and AuthenticationProcessingFilter to stop them creating a new session for storing data if this property is set to false.
2008-01-08 18:11:20 +00:00
41d90e9bdb
SEC-399: Added tests for new session creation/attribute migration options.
2008-01-08 15:44:21 +00:00
c5e6a4cdfd
SEC-546: Added AccountStatusException as base class for dibled, locked etc. Modified ProviderManager to prevent it querying further providers if either this exception or a ConcurrentLoginException is thrown.
2008-01-08 13:33:20 +00:00
99b7510482
Tidied up getters/setters in AbstractProcessingFilter. Removed unused getters and reduced the scope of others where possible.
2008-01-07 16:10:50 +00:00
c5bc0fc683
SEC-623: Added login success and failure hooks to RememberMeProcessingFilter. Also moved MockApplicationEventPublisher implementations to a single class.
2008-01-07 15:06:29 +00:00
10ec13e4e2
[maven-release-plugin] prepare for next development iteration
2008-01-02 22:42:21 +00:00
2c5090da90
[maven-release-plugin] prepare release release_2_0_M1
2008-01-02 22:41:31 +00:00
09242ec66d
[maven-release-plugin] rollback the release of release_2_0_M1
2008-01-02 22:31:09 +00:00
42dcccd1b7
[maven-release-plugin] prepare release release_2_0_M1
2008-01-02 22:18:28 +00:00
aafbb5bb67
[maven-release-plugin] rollback the release of release_2_0_M1
2008-01-02 22:10:46 +00:00
425508d70d
[maven-release-plugin] prepare release release_2_0_M1
2008-01-02 22:01:34 +00:00
0b1e17f69a
[maven-release-plugin] rollback the release of release_2_0_M1
2008-01-02 21:54:37 +00:00
07aa0c6880
[maven-release-plugin] prepare release release_2_0_M1
2008-01-02 21:52:42 +00:00
5b9042ae07
Removed outdated scm elements from sub poms.
2008-01-02 20:33:09 +00:00
b115f4aa83
Removed unecessary rethrow of AuthenticationException from AbstractSecurityInterceptor and tidied up javadoc etc.
2008-01-01 16:43:34 +00:00
7ee049c824
Refactored SwitchUserProcessingFilter to extend SpringSecurityFilter.
2007-12-23 16:41:30 +00:00
5f1eea42fc
Moved configuration of security interceptors with access and authentication manangers from post processing stage to bean creation stage.
2007-12-23 16:40:29 +00:00
27de29f469
Corrected cut and paste error when parsing jdbc-user-service within AuthenticationProvider BDP.
2007-12-23 01:26:46 +00:00
ea8914f9ba
Moved Http post processor bean name to BeanIds class.
2007-12-23 01:06:22 +00:00
9d671fbdbf
Deleted original Ldap BD parser.
2007-12-23 01:05:35 +00:00
14e68618a5
Make constants class abstract.
2007-12-23 01:02:48 +00:00
46285a0ec0
SwitchUserProcessingFilter should come after FilterSecurityInterceptor (See SEC-376).
2007-12-23 01:02:12 +00:00
a38ed3cfde
Added check for multiple RememberMeServices beans.
2007-12-23 00:18:14 +00:00
debfbe47cf
Improvements to LDAP namespace configuration - splitting "ldap" element into ldap-server and ldap-authentication-provider. Also some minor changes to authentication-provider.
2007-12-23 00:17:37 +00:00
cf80292de3
Changes to namespace reinstating authentication-provider element in preference to "repository" to wrap convey that a user-service will be used as to authenticate against. Also introduced separate password-encoder element for use within authentication-provider.
2007-12-21 15:50:56 +00:00
70286f1197
Fixed problem caused by maven-2.0.8 change in test classpath. ldif file wasn't being loaded for tests. Default path should be "classpath*:" not "classpath:". (See discussing in Spring's PathMatchingResourcePatternResolver).
2007-12-20 20:53:26 +00:00
6e74d925fb
Boosted logging to try to resolve issues on bamboo server.
2007-12-20 19:45:43 +00:00
78e376312a
Added logging of working directory location.
2007-12-20 18:29:05 +00:00
85b10f79c2
Made servlet-api integration into an attribute of http, rather than a child element since it has no configuration.
2007-12-20 17:51:27 +00:00
31c09896ea
Fixed problem with relative name being used in (member={0}) search in DefaultAuthoritiesPopulator.
2007-12-14 20:41:00 +00:00
1a171ea316
SEC-595: Introduced loadUserAuthorities method. This can be overridden to allow loading of authorities with the authenticated user's credentials (by setting the security context). The Ldap ContextSource used in the authorities populator would also be configured with a SpringSecurityAuthentcationSource, to make use of the information in the security context.
2007-12-14 14:13:39 +00:00
fa510b3187
Modify attribute names to use "ref" instead of "id", plus use a hyphen
...
as an attribute value separator rather than a colon. This was changed
for compatibility with other components in the Spring Portfolio. tests
pass.
2007-12-13 20:19:56 +00:00
0f12d31d90
Corrected code for choosing entry point in namespace configuration.
2007-12-12 19:44:54 +00:00
Luke Taylor
Andrei Stefan
Ray Krueger
Ben Alex