Commit Graph

4290 Commits

Author SHA1 Message Date
Luke Taylor b5269625af Incorporate Chris's improvements to the bundlor build file (proper integration with incremental build support). 2010-07-28 16:10:00 +01:00
Luke Taylor 2d9a848265 Added missing gradle build files for remaining samples. Some related reordering, dependency fixing etc. CAS sample no longer requires two separate subprojects as both client and server app can be run from a single gradle build. 2010-07-27 02:20:36 +01:00
Luke Taylor b854e67952 SEC-1522: Treat empty attribute collection the same as null when returned by SecurityMetadataSource. Both are now treated as public invocations. 2010-07-27 02:20:09 +01:00
Luke Taylor a74077f9b1 SEC-1490: Minor changes to GAE sample. Simplification of redirect to registration page (only needs to be done after authentication). 2010-07-25 20:46:00 +01:00
Luke Taylor 5de68cb18f SEC-1499: Additional doc paragraph that escaped the commit. 2010-07-23 23:03:54 +01:00
Luke Taylor 97bc240602 SEC-1519: Added extra constructor to make sure strategy objects are initialized before the first attempt to retrieve an object from the Acl cache. 2010-07-23 17:57:57 +01:00
Luke Taylor 9dd6a5eb8f SEC-1499: Added some Javadoc and doc on the problems of using session-fixation protection with attributes that implement HttpSessionBindingListener. 2010-07-23 16:27:57 +01:00
Luke Taylor d7d8448120 SEC-1521: Add check for null SecurityContextRepository and clarify related docs on use of null implementation (NullSecurityContextRepository). 2010-07-23 15:59:53 +01:00
Luke Taylor e659e15f90 Tidying. 2010-07-23 01:57:45 +01:00
Luke Taylor 2afccfc633 Remove commons-logging dependency properly and switch tutorial sample to logback/slf4j. 2010-07-23 01:57:31 +01:00
Luke Taylor 118af45b8e SEC-1520: Close NamingEnumeration in LDAP compare implementation. 2010-07-21 16:54:44 +01:00
Luke Taylor 36e0fb6d91 SEC-1518: Fix element ordering in security.tld 2010-07-21 16:16:15 +01:00
Luke Taylor 7ce29d3e3d Don't set GAE location unless property available 2010-07-21 15:40:29 +01:00
Luke Taylor a681dee0e1 Minor sample build changes. JSTL dependency update. 2010-07-20 23:45:20 +01:00
Luke Taylor e5a302b5c4 SEC-1490: Correct loggedout URL. 2010-07-20 23:43:43 +01:00
Luke Taylor 5d35919ca3 SEC-1490: Code for GAE Sample webapp 2010-07-20 23:41:31 +01:00
Luke Taylor c1c8fd1874 SEC-1171: Changed attribute name/value from secured="false" to security="none" to allow future extension by adding extra options (e.g. contextOnly to provide security context information during the request). 2010-07-20 19:46:47 +01:00
Luke Taylor a4fd191499 Added check for use of "ref" with other attributes in <authentication-provider>. 2010-07-20 14:31:52 +01:00
Luke Taylor ea5f2088b5 Comment out OpenLDAP tests to allow running in IDEA, and reduce default load configuration of performance test class. 2010-07-12 12:40:19 +01:00
Luke Taylor 4683273c2c Correct message in namespace handler when web classes are missing. 2010-07-12 12:40:06 +01:00
Luke Taylor 69a10c48ae Switch to using slf4j/logback for logging.
We still compile modules against commons-logging but all runtime logging and samples will use logback
2010-07-12 12:39:52 +01:00
Luke Taylor ed447f63f6 Added intellij plugin to gradle build. 2010-07-07 22:42:27 +01:00
Luke Taylor 6894544122 Fixed serialization issue with gradle TarUpload task 2010-07-07 22:42:27 +01:00
Luke Taylor ae7fbf69e1 Added intellij files to .gitignore 2010-07-07 22:42:27 +01:00
Luke Taylor d704a3bb4a Prevent source jars from being included in the gradle 'default' configuration and thus being included as dependencies in war files etc. 2010-07-07 22:42:27 +01:00
Luke Taylor 443ac0487a SEC-1093: Namespace support for jee element.
Adds a J2eePreAuthenticatedProcessingFilter to the stack, using a SimpleAttributes2GrantedAuthoritiesMapper to process the role attributes defined in the "mappable-roles" attribute. Provider uses a PreAuthenticatedGrantedAuthoritiesUserDetailsService by default.
2010-07-07 22:42:26 +01:00
Scott Battaglia 565ef7383d SEC-1513
upgraded to latest version of cas client
2010-07-06 22:09:24 -04:00
Luke Taylor 080710e023 Minor doc updates on default filters created by namespace. 2010-07-06 13:29:11 +01:00
Luke Taylor 06368f956a Minor doc/javadoc updates to clarify use of UserDetailsContextapper. 2010-07-04 15:13:27 +01:00
Luke Taylor d6159e884a Some minor doc fixes. 2010-07-03 13:11:39 +01:00
Luke Taylor 8ad6cbbe85 SEC-1508: Update docbook processing to use Docbook 5 namespaces. 2010-07-03 13:10:48 +01:00
Luke Taylor 6093dbce7e Converted test to use namespace to set method securityMetadataSource property. 2010-07-02 20:00:01 +01:00
Luke Taylor 03fa8fce4d SEC-1507: Applied patch to return empty authority list rather than null from RoleHierarchyImpl. 2010-07-02 19:51:00 +01:00
Luke Taylor 8615369697 Added information on config jar to instructions on getting started using namespace. 2010-06-30 13:45:13 +01:00
Luke Taylor 8df356de29 SEC-1471: Allow use of a RequestMatcher with HttpSessionRequestCache to configure which requests should be cached by calls to saveRequest.
Also removed the justUseSavedRequestOnGet property, as this behaviour can be controlled by the RequestMatcher.
2010-06-28 19:51:30 +01:00
Luke Taylor c8ceca35b4 Extra files to gitignore 2010-06-26 16:55:09 +01:00
Luke Taylor 026517f674 Removal of deprecated methods and classes. 2010-06-26 16:23:42 +01:00
Luke Taylor 6a79cf7be2 SEC-1383: Make MethodSecurityMetadataSourceBeanDefinitionParser extend AbstractBeanDefinitionParser for automatic support of ID attribute. 2010-06-26 16:07:23 +01:00
Luke Taylor 4da4734750 Minor doc link updates and tidying. 2010-06-26 13:20:48 +01:00
Luke Taylor ad82e6a575 SEC-1493: Documentation of support for erasing credentials. 2010-06-26 12:27:49 +01:00
Luke Taylor 09176b0af4 SEC-1501: Fix bean classname in Javadoc for SwitchUserFilter. 2010-06-25 19:45:34 +01:00
Luke Taylor cd946c4e23 SEC-1493: Added namespace support. 2010-06-20 21:09:38 +01:00
Luke Taylor db913f6857 SEC-1493: Added CredentialsContainer interface and implemented it in User, AbstractAuthenticationToken and UsernamePasswordAuthenticationToken. ProviderManager makes use of this to erase the credentials of the returned Authentication object (and its contents) if configured to do so by setting the 'eraseCredentialsAfterAuthentication' property. 2010-06-20 21:09:33 +01:00
Luke Taylor ea8d37892c SEC-1496: Added support for use of any non-standard URL schemes in DefaultRedirectStrategy. 2010-06-18 03:33:49 +01:00
Luke Taylor 48016969ee Upgrade build to Spring 3.0.3.RELEASE 2010-06-18 02:07:12 +01:00
Luke Taylor 4d10d4b67f SEC-1500: Convert AbstractRetryEntryPoint to use requestURI to correctly encode URLs. 2010-06-18 01:34:07 +01:00
Luke Taylor c673a78103 Upgrade maven build to Spring 3.0.3.BUILD_SNAPSHOT. 2010-06-15 00:17:19 +01:00
Luke Taylor d56adb8ffb SEC-1495: Convert User class equals and hashcode methods to only use the "username" property.
This prevents situations where other data may have changed when a User object is reloaded (during a subsequent authentication attempt, in which case and Set.contains()/Map.containsKey() will return false even though the collection in question contains a principal representing the same user.
2010-06-10 22:27:50 +01:00
Luke Taylor 1dd4787194 Added note in namespace chapter clarifying that method security only applies to Spring beans, plus aspectj mode info to appendix. 2010-06-10 22:17:58 +01:00
Luke Taylor 5939f17708 Fix openid sample configuration. 2010-06-09 22:52:43 +01:00