Commit Graph

2020 Commits

Author SHA1 Message Date
Luke Taylor d7cef1ba31 SEC-539: Moved SecurityContextHolder.setContext() call into the try {} block to emphasize that it is only set for the duration of chain.doFilter() and immediately cleared afterwards. Changed the debug messages about setting the context, since it has not strictly taken place when they are logged. 2007-08-28 23:11:58 +00:00
Luke Taylor 47c5a6d43f SEC-539: Renamed extractSecurityContextFromSession to readSecurityContextFromSession to emphasize that it doesn't actually modify anything (the context is still stored in the session). 2007-08-28 22:43:13 +00:00
Luke Taylor f7a6129657 SEC-539: Removed unnecessary check for a null request object. Removed unnecessary catch/rethrow of IOException and ServletException from try/finally around chain.doFilter. 2007-08-28 22:40:56 +00:00
Luke Taylor d1be9f9980 SEC-539: Refactored so that SecurityContextHolder.setContext() is called in exactly one place. Moved setting of httpSession = null to point immediately after its last use. 2007-08-28 22:38:55 +00:00
Luke Taylor 3dd0716611 SEC-539: Altered storeSecurityContextInSession to take the SecurityContext as a parameter rather than calling SecurityContextHolder.getContext(). This allows SecurityContextHolder.clearContext() to be called immediately after reading the context in the finally block of doFilter(). 2007-08-28 21:58:30 +00:00
Luke Taylor fa63d8ecfb SEC-539: Refactored if (httpSession == null) block in storeSecurityContextInSession() 2007-08-28 21:25:17 +00:00
Luke Taylor ce3eb599ed SEC-539: Renamed populateSecurityContextFromSession to extractSecurityContextFromSession and removed the side-effect of setting SecurityContextHolder. It now returns the context found in the session (or null) and SecurityContextHolder.setContext() is called in a single place in doFilter(). 2007-08-28 21:11:48 +00:00
Luke Taylor ba88214d1d SEC-539: Refactored populateSecurityContextFromSession() to reduce nested blocks and clarify logic. 2007-08-28 20:16:19 +00:00
Luke Taylor 27ef2caf45 SEC-539: Removed filterApplied boolean. 2007-08-28 19:56:33 +00:00
Luke Taylor e8d11f28f2 SEC-539: Extracted storeSecurityContextInSession() method. 2007-08-28 19:54:24 +00:00
Luke Taylor bcf69cbe3d SEC-539: Extracted populateSecurityContextFromSession() method. 2007-08-28 19:16:37 +00:00
Luke Taylor 6651a240de Replaced massive if/else with guard clause to reduce nesting. Moved declaration of filterApplied boolean to where it is actually set. It is only used when removing the attribute from the request at the end of the invocation, so should probably not be needed at all. request.removeAttribute() can be called regardless of whether the attribute is set or not. 2007-08-28 18:26:04 +00:00
Luke Taylor 6fe00b3433 SEC-501: Fix. Convert secure url paths to lower case if convertUrlToLowercaseBeforeComparison is true.
Also removed unnecessary assertions from PathBasedFilterDefinitionMapTests.
2007-08-28 16:53:05 +00:00
Luke Taylor 036ea034ac SEC-521: Updated svn URLs to match recent repository restructuring. 2007-08-28 15:31:36 +00:00
Luke Taylor 4ba77fa736 SEC-450: Added group subtree to LDAP test server and extra tests for DefaultLdapAuthoritiesPopulator to make sure searchSubtree parameter works as expected. 2007-08-28 15:26:59 +00:00
Luke Taylor e189bc685f SEC-408: Fix. Provide getter for filterProcessesUrl. 2007-08-28 11:37:05 +00:00
Luke Taylor c8077c5e87 SEC-506: Fix as suggested by reporter. Split the disgest header string ignoring separating commas which occur between quotes. 2007-08-28 00:31:30 +00:00
Luke Taylor 3f123e1478 SEC-518: Fix. "Cache" in EhCache is a class, so change the APIs to use the interface it implements (Ehcache). 2007-08-27 23:41:59 +00:00
Luke Taylor 87d6b8dedd SEC-412: Fix. Added extra constructor to UsernameNotFoundException allow use of extraInformation property of parent class. 2007-08-27 23:22:48 +00:00
Luke Taylor f47ccd81a6 SEC-487: Added documentation on use of #NONE# in FilterChainProxy. Also changed doc version to 1.0.5. 2007-08-27 23:05:16 +00:00
Luke Taylor dda88e3931 SEC-502: Fix. Use a Map instead of HashMap in the API. Also some minor tidying of test class. 2007-08-27 17:21:16 +00:00
Luke Taylor 57f3d268a1 SEC-519: Fix. Changed notNull() assertion for "key" parameter to hasText() to prevent the use of empty keys. 2007-08-27 17:17:25 +00:00
Luke Taylor 1c72b7989e Fix for SEC-522. Strip query parameters from logout URL before doing comparison with filterProcessesUrl. 2007-08-27 17:14:23 +00:00
Luke Taylor 82599a72ba Reformatted LogoutFilter. 2007-08-27 16:56:33 +00:00
Luke Taylor f8689b18b2 SEC-526: Fixed. Support for different case prefixes ({SHA}, {sha} etc). 2007-08-27 16:23:14 +00:00
Luke Taylor 0425d3b638 Rolled back unnecessary changes (whitespace, imports etc) for SEC-398 to make actual change from revision 1858 clearer. 2007-08-27 13:29:39 +00:00
Luke Taylor ed944fa537 SEC-514: Re-enable contact sample in maven build. 2007-08-27 12:35:23 +00:00
Luke Taylor 6a36ae7a0d SEC-509: removed clirr plugin declaration from maven build.
Also removed regexp javadoc link as it doesn't seem to be a project dependency any more.
2007-08-27 11:49:11 +00:00
Luke Taylor c682a79e46 SEC-505: Fixed. Minor corrections to docbook source. 2007-08-27 11:44:11 +00:00
Luke Taylor 709dba101c SEC-498: Correct name of AfterInvocationProviderManager 2007-08-27 00:39:14 +00:00
Luke Taylor 70875a3c70 SEC-523: Made sentence about where GrantedAuthority objects come from a bit clearer. 2007-08-27 00:28:17 +00:00
Luke Taylor cbc74de7c6 Removed old LDAP code from sandbox and adjusted dependencies accordingly. 2007-08-26 23:07:34 +00:00
Mark St. Godard 5474b3a78c SEC-279 - Deleting Contacts Tiger sample project 2007-08-25 23:16:22 +00:00
Ben Alex 93b303e343 Support Spring LDAP. 2007-08-25 00:16:12 +00:00
Ben Alex db3024f9a4 SEC-271: Revert Ordered and ApplicationContextAware usage at this time, due to release of 1.0.. 2007-08-25 00:15:30 +00:00
Ben Alex 7a5c1ee328 Rename to spring-security. This is only a temporary commit, as in the future Maven 2 will be used and this file will be removed from Subversion. 2007-08-24 14:36:59 +00:00
Ben Alex 8b6c592180 Finalization of repository restructure. 2007-08-24 14:28:00 +00:00
Vishal Puri 2b4d8a6378 Removed print statement 2007-08-22 04:48:04 +00:00
Luke Taylor 3fbc7beb88 SEC-251: Document use of {1} parameter in javadoc for DefaultLdapAuthoritiesPopulator. 2007-08-17 15:45:57 +00:00
Luke Taylor fd0d4cd8b0 SEC-521: Fixed sourceforge svn URLs. 2007-08-10 18:34:38 +00:00
John Lewis 8396f04ae6 implemented unit tests for portlet support 2007-08-04 17:38:51 +00:00
John Lewis 0efdd5d2bf added javadoc package.html files for portlet classes 2007-07-27 04:33:56 +00:00
John Lewis f70cba5d0e added PortletProcessingFilterEntryPoint for accessing servlet resources via portlet authentication 2007-07-27 00:54:54 +00:00
Vishal Puri bc30b903f8 SEC-398: Lazy update of 'filterApplied' to true 2007-07-25 05:34:40 +00:00
Luke Taylor 99cc55b94a Minor code style corrections. 2007-07-24 18:23:35 +00:00
Luke Taylor 156965b370 SEC-181: Remove acegifier application. 2007-07-24 18:20:22 +00:00
Luke Taylor ea42164af2 Added jetty plugin to tutorial app pom.xml. 2007-07-24 18:12:09 +00:00
Luke Taylor 5d64b86875 Removed user cache from tutorial app context, as it's session -based. 2007-07-24 18:11:32 +00:00
Luke Taylor fe4bbe0fbf SEC-514: Refactoring contacts sample into single webapp. 2007-07-24 17:46:43 +00:00
Luke Taylor a499e74102 SEC-449: Add spring-ldap dependency to pom.xml. 2007-07-24 17:23:47 +00:00