Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-22 22:46:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,065 Commits 33 Branches 337 Tags
Commit Graph

209 Commits

Author SHA1 Message Date
Luke Taylor
443ac0487a SEC-1093: Namespace support for jee element. 
Adds a J2eePreAuthenticatedProcessingFilter to the stack, using a SimpleAttributes2GrantedAuthoritiesMapper to process the role attributes defined in the "mappable-roles" attribute. Provider uses a PreAuthenticatedGrantedAuthoritiesUserDetailsService by default.
 2010-07-07 22:42:26 +01:00
Luke Taylor
026517f674 Removal of deprecated methods and classes. 2010-06-26 16:23:42 +01:00
Luke Taylor
6a79cf7be2 SEC-1383: Make MethodSecurityMetadataSourceBeanDefinitionParser extend AbstractBeanDefinitionParser for automatic support of ID attribute. 2010-06-26 16:07:23 +01:00
Luke Taylor
cd946c4e23 SEC-1493: Added namespace support. 2010-06-20 21:09:38 +01:00
Luke Taylor
8bddc8f820 SEC-1484: Documentation for some namespace attributes. 2010-06-05 17:35:24 +01:00
Luke Taylor
2e865752ff Upgraded groovy to 1.7.2 to avoid jansi dependency issue 2010-06-03 23:13:28 +01:00
Luke Taylor
efb600166a SEC-1488: Remove commons-logging dependencies from maven poms. 2010-05-28 13:10:59 +01:00
Luke Taylor
f7405cef82 Removed original Java version of refactored http namespace tests. 2010-05-27 18:06:26 +01:00
Luke Taylor
34401416b0 SEC-1171: Implement parsing of empty filter chain patters via http 'secured' attribute and remove filters='none' support. 2010-05-27 15:54:15 +01:00
Luke Taylor
05c7abe191 SEC-1445: Tests for setting of username and password parameter names through the form-login element. 2010-05-27 15:54:15 +01:00
Luke Taylor
7d74b7c87e SEC-1171: Allow multiple http elements and add pattern attribute to specify filter chain mapping. 2010-05-27 15:54:15 +01:00
Luke Taylor
b0758dd8de Refactoring HTTP config tests to use spock and groovy MarkupBuilder 2010-05-27 15:53:52 +01:00
Luke Taylor
b0308e41cb SEC-1455: Load namespace parsers when required, rather than on init() call, to avoid classloaded issue with dmServer failing to resolve web classes when the namespace handler is first used. 2010-05-21 15:36:37 +01:00
Luke Taylor
a4ce14f604 Add "provisioning" package to config bundlor template. 2010-05-16 14:14:13 +01:00
Luke Taylor
d5ffdd9c27 Import cleaning 2010-05-03 18:46:06 +01:00
Luke Taylor
dccb30ad63 Remove use of wrong DOMUtils class (from com.sun package). 2010-05-01 15:06:48 +01:00
Luke Taylor
863ccecf55 SEC-1466: Report error if authentication-provider element has child elements when used with "ref" attribute. 2010-04-30 20:22:20 +01:00
Luke Taylor
165cbb0d19 SEC-1445: Added support for custom username and password parameters in form-login. 2010-04-30 18:14:50 +01:00
Luke Taylor
a421370a3d SEC-1465: Change DelegatingMethodSecurityMetadataSource to use constructor injection to get round the problem of it being invoked before it has been initialized properly. Also changed the contacts tests to use the same app context and loading order as the actual webapp, to give better reassurance that the app will run successfully. 2010-04-25 22:00:25 +01:00
Luke Taylor
f5859fabcf SEC-1464: Created InMemoryUserDetailsManager and converted user-service BDP to use it for its in-memory database. 2010-04-25 04:26:45 +01:00
Luke Taylor
2f025fba6c SEC-1460: Added AxFetchListFactory which matches OpenID identifiers to lists of attributes to use in a fetch-request. 
This allows different configurations to be used based on the identity-provider (google, yahoo etc). The default implementation iterates through a map of regex patterns to attribute lists. The namespace has also been extended to support this facility, with the "identifier-match" attribute being added to the attribute-exchange element. Multiple attribute-exchange elements can now be defined, each matching a different identifier.
 2010-04-20 23:47:48 +01:00
Luke Taylor
d3d9c5db59 Refactoring of UserDetailsService injection (for X509, OpenID and RememberMeServices) to use a factory bean rather than a post-processor. 2010-04-20 23:47:47 +01:00
Luke Taylor
0521d10069 SEC-1294: Enable access to beans from ApplicationContext in EL expressions. 
ExpressionHandlers are now ApplicationContextAware and set the app context on the SecurityExpressionRoot. A custom PropertyAccessor resolves the properties against the root by looking them up in the app context.
 2010-04-01 01:24:23 +01:00
Luke Taylor
a3ef8255d8 SEC-1232: GlobalMethodSecurityBeanDefinitionParser support for mode='aspectj' 
Also added this syntax to the aspectj sample.
 2010-03-31 18:31:28 +01:00
Luke Taylor
020e0aa49a SEC-1448: Fixed failure to resolve generic method argument names in MethodSecurityEvaluationContext. 
Changed to use AopUtils.getMostSpecificMethod() when obtaining the method on which the parameter resolution should be performed. Also added better error handling and log warning when parameter names cannot be resolved. The exception will then be a SpEL one, rather than a NPE.
 2010-03-30 15:52:40 +01:00
Luke Taylor
977bc2b164 SEC-1433: Reduce the number of direct dependencies on DataAccessException from spring-tx. 
It is still required as a compile-time dependency by classes which use Spring's JDBC support, but it doesn't really have to be used in many interfaces and classes which are not necessarily backed by JDBC implementations.
 2010-03-26 18:05:28 +00:00
Luke Taylor
57150a6717 SEC-1440: Add entry-point-ref to http-basic element to allow setting a separate AuthenticationEntryPoint for the BasicAuthenticationFilter. 2010-03-26 12:47:24 +00:00
Luke Taylor
472c1fac84 SEC-1450: Replace use of ClassUtils.getMostSpecificMethod() in AbstractFallbackMethodDefinitionSource with AopUtils.getMostSpecificMethod() equivalent. 
Ensures protect-pointcut expressions match methods with generic parameters.
 2010-03-24 20:57:03 +00:00
Luke Taylor
f3264ba9ab Addition of commons-logging exclusions and adjustments to pom generation. 2010-03-07 21:58:25 +00:00
Luke Taylor
b38b8e55ac SEC-1432: Convert map keys to lower-case in UserMap.setUsers(). 
Otherwise the lookup on mixed-case fails, since the lookup is performed with a lower-case key.
 2010-03-05 17:55:29 +00:00
Luke Taylor
530ab3ae30 SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect. 2010-03-04 21:21:07 +00:00
Luke Taylor
e5a875d752 SEC-1407: Correct logger category in MatcherType. 2010-03-01 02:03:32 +00:00
Luke Taylor
90a7f1f00e SEC-1383: Namespace support for MethodSecurityMetadataSource. Initial commit. 2010-03-01 01:45:43 +00:00
Luke Taylor
93438defff SEC-1407: Use RequestMatcher instances as the FilterInvocationSecurityMetadataSource keys and in the FilterChainMap use by FilterChainProxy. 
This greatly simplifies the code and opens up possibilities for other matching strategies (e.g. EL). This also means that matching is now completely strict - the order of the matchers is all that matters (not whether an HTTP method is included or not). The first matcher that returns true will be used.
 2010-03-01 01:21:06 +00:00
Luke Taylor
b147652193 Make hsqldb a testRuntime/runtime dependency. 2010-03-01 01:10:58 +00:00
Luke Taylor
f0466b6488 SEC-1424: Added support for "stateless" option for create-session attribute, designed for applications which do not use sessions at all. 2010-02-27 00:22:21 +00:00
Luke Taylor
6a34807a07 SEC-1423: Cache PointcutExpression instances in ProtectPointcutPostProcessor for more efficient startup. 2010-02-26 17:21:25 +00:00
Luke Taylor
2f1479785e Refactoring to remove remaining circular dependencies indicated by structure101. 2010-02-22 01:48:22 +00:00
Luke Taylor
f3f84da625 Increase upper bounds of Spring and Spring Security versions in bundlor templates to 3.2.0. 2010-02-21 23:25:36 +00:00
Luke Taylor
26cf6f5528 SEC-1399: Remove MockAuthenticationManager in app context file for FilterChainProxy tests. 2010-02-20 21:59:44 +00:00
Luke Taylor
68f6afd905 SEC-1383: Added namespace support for method-security-metadata-source 2010-02-20 19:05:25 +00:00
Luke Taylor
b7fc5bc455 Update schema version to 3.1 2010-02-20 18:58:00 +00:00
Luke Taylor
2ee7696bf4 Update version number to 3.1.0.CI-SNAPSHOT. 2010-02-19 17:35:19 +00:00
Luke Taylor
44f45d21f0 3.0.2 release. Update version in build files. 2010-02-19 01:22:21 +00:00
Luke Taylor
10dc72b017 SEC-1387: Support serialization of security advised beans. 
MethodSecurityMetadataSourceAdvisor now takes the SecurityMetadataSource bean name as an extra constructor argument and re-obtains the bean from the BeanFactory in its readObject method. Beans that are advised using <global-method-security> should therefore now be serializable.
 2010-02-19 00:53:14 +00:00
Luke Taylor
5b5934144a Avoid infinite loop in InterceptMethodsBeanDefinitionDecoratorTests when upgrading to Spring 3.0.1. 
Converted test target to implement ApplicationListener<SessionCreatedEvent> so that it doesn't receive events from its own interceptor (which are in turn intercepted).
 2010-02-16 00:03:15 +00:00
Luke Taylor
36612377e2 Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents. 2010-02-14 23:23:23 +00:00
Luke Taylor
dcbdfc2026 SEC-1396: Implement eager saving of SecurityContext in SessionManagementFilter on authentication. 
The user is then seen as being authenticated to further (re-entrant) requests which occur before the existing request has completed. The saving logic is contained with the SecurityContextRepository implementation.
 2010-02-11 17:47:22 +00:00
Luke Taylor
70ef0d8b3e Added extra test to itest/context as POC of using extra interceptor with http ns. 2010-02-11 01:48:00 +00:00
Luke Taylor
23511c930f Standardising slf4j versions. 2010-02-11 01:33:31 +00:00