Luke Taylor
|
9e2f372bad
|
SEC-607: Deprecated InitialDirContextFactory and replaced it with SpringSecurityContextSource.
Also some refactoring of LdapUserDetailsManager to use a strategy for creating DNs from usernames.
|
2007-11-20 20:54:48 +00:00 |
Luke Taylor
|
6d5773d177
|
Replaced creation of new list with Collections.EMPTY_LIST reference.
|
2007-11-17 23:06:32 +00:00 |
Luke Taylor
|
1196381220
|
Remove "controls" property as it doesn't really make sense and has never been used.
|
2007-11-17 20:55:39 +00:00 |
Luke Taylor
|
91e0a329f9
|
Upgrade to Spring LDAP 1.2 final.
|
2007-11-17 20:53:26 +00:00 |
Luke Taylor
|
b1b3f585e4
|
Moved setter methods out of inner classes area.
|
2007-11-13 22:55:01 +00:00 |
Luke Taylor
|
c485664ee7
|
Removed accidental use of autoboxing.
|
2007-11-13 22:16:52 +00:00 |
Luke Taylor
|
3e3dac4050
|
SEC-600: Added extra test assertions on authentication details object after password change.
|
2007-11-13 17:17:25 +00:00 |
Luke Taylor
|
cb237055ac
|
SEC-600: Added Jdbc implementation of UserDetailsManager
|
2007-11-13 17:11:29 +00:00 |
Luke Taylor
|
81067840ef
|
SEC-485: Added calculateLoginLifetime method.
|
2007-11-13 01:16:27 +00:00 |
Luke Taylor
|
b681952933
|
SEC-545: Added utility methods for checking if user has a particular role to existing AuthorityUtils class. Class may be renamed at some point as more functionality is added.
|
2007-11-11 23:37:32 +00:00 |
Luke Taylor
|
315d4a247f
|
Added method to clear datasource field after use.
|
2007-11-11 23:10:21 +00:00 |
Luke Taylor
|
910e63f83c
|
SEC-586: Implemented secure channel support in namespace configuration.
|
2007-11-11 22:07:46 +00:00 |
Luke Taylor
|
c214f4a9bc
|
Simplified initialization of datasource.
|
2007-11-11 22:06:22 +00:00 |
Luke Taylor
|
4f3bbb52f6
|
Pulled methods and fields up into AbstractFilterInvocationDefinitionSource to make it easier to query the map size etc, regardless of the specific type.
|
2007-11-11 19:29:11 +00:00 |
Luke Taylor
|
28a138f8ec
|
Converted to use guard clause to reduce nesting.
|
2007-11-11 19:22:51 +00:00 |
Luke Taylor
|
756be6fed3
|
Removed unnecessary constructor.
|
2007-11-11 19:10:47 +00:00 |
Luke Taylor
|
964e6911a7
|
Added RememberMeServices to list of logout handlers.
|
2007-11-11 18:11:18 +00:00 |
Luke Taylor
|
2856a6ba43
|
Allow configuration of embedded ldap server port through ldap namespace configuration. Changed default port from 3389 to avoid conflict with windows remote desktop (as reported by Ray Krueger in dev list).
|
2007-11-11 16:10:30 +00:00 |
Luke Taylor
|
0e7dac6ca5
|
SEC-565: Refactoring of TokenBasedRememberMeServices. Changed arguments to makeValidSignature so that it could be used from both places where a signature is required and refactored the class to extend AbstractRememberMeServices. The method processAutoLoginCookie now returns a UserDetails, rather than username, as the UserDetails is needed in TokenBasedRememberMeServices.
|
2007-11-10 19:20:36 +00:00 |
Luke Taylor
|
1a5ef2dece
|
SEC-588: Completed JdbcTokenRepositoryImpl and added extra update method to PersistentTokenRepository interface (additional files from failed commit).
|
2007-11-10 15:56:07 +00:00 |
Luke Taylor
|
7caa1587b3
|
SEC-588: Completed JdbcTokenRepositoryImpl and added extra update method to PersistentTokenRepository interface.
|
2007-11-10 15:42:21 +00:00 |
Scott Battaglia
|
87a864619d
|
SEC-592
fixed failing test due to thinking a null value should be provided.
|
2007-11-07 21:44:15 +00:00 |
Scott Battaglia
|
981f185575
|
SEC-592
implemented NullStatelessTicketCache and test cases and made it the default for CasAuthenticationProvider.
|
2007-11-07 18:46:35 +00:00 |
Luke Taylor
|
0a50cd67ce
|
Tidied up logic for setting token repository in RememberMeBeanDefinitionParser. Plus some tinkering with attributes in rnc file.
|
2007-11-07 13:29:15 +00:00 |
Luke Taylor
|
9fa32bac7c
|
SEC-578: Set FilterInvocationDefinitionSource field in FilterChainProxy to null after it has been converted to a map of paths->filters.
|
2007-11-06 23:58:56 +00:00 |
Luke Taylor
|
9f2bc9a842
|
SEC-582: Namespace configuration implementation for remember-me support.
|
2007-11-06 23:20:25 +00:00 |
Luke Taylor
|
b868143fb1
|
Make sure "start" is called even if working directory is already set.
|
2007-11-06 22:18:13 +00:00 |
Luke Taylor
|
7ad8e2acf0
|
SEC-591: Removed default NullRememberMeServices in RememberMeProcessingFilter
|
2007-11-06 21:43:37 +00:00 |
Luke Taylor
|
4c44bd782f
|
SEC-588: Added extra tests to check cookie values.
|
2007-11-04 12:07:49 +00:00 |
Luke Taylor
|
55b1f9348d
|
SEC-588: PersistentTokenBasedRememberMeServices implementation.
|
2007-11-03 22:11:26 +00:00 |
Luke Taylor
|
8b199d38ed
|
Refactored autoLogin method to reduce nesting of conditionals and loops.
|
2007-10-30 21:09:47 +00:00 |
Luke Taylor
|
d7b6ca281a
|
Removed unused "autodetect" method.
|
2007-10-27 11:50:38 +00:00 |
Luke Taylor
|
43fc8e2660
|
Added Id keyword for all java files
|
2007-10-27 00:45:30 +00:00 |
Luke Taylor
|
d3b165749f
|
SEC-583: Implementation of namespace config for concurrent session support.
Also some minor adjustments to ordering of different http features in schema.
|
2007-10-27 00:28:24 +00:00 |
Luke Taylor
|
334d55b12e
|
Tidying.
|
2007-10-27 00:26:25 +00:00 |
Luke Taylor
|
685d74d81b
|
FilterSecurityInterceptor is now configured through ConfigUtils, rather than by autowiring.
|
2007-10-27 00:25:59 +00:00 |
Luke Taylor
|
0185dc5a90
|
Moved registration of ProviderManager bean to ConfigUtils.
|
2007-10-27 00:24:16 +00:00 |
Luke Taylor
|
06ce4b79e9
|
SEC-584: Remove use of default SessionRegistryImpl.
|
2007-10-27 00:23:21 +00:00 |
Luke Taylor
|
0cdac4912a
|
Changed to use a BeanReference when creating default login page to prevent duplication of filter bean.
|
2007-10-27 00:20:55 +00:00 |
Luke Taylor
|
3d9ea49d19
|
SEC-585: Made expiredUrl optional.
Also implemented Ordered interface for use in namespace configuration.
|
2007-10-26 23:32:40 +00:00 |
Luke Taylor
|
55ef50a4df
|
Added checking of path ordering to FilterChainProxy to detect misplaced universal match ("/**").
|
2007-10-26 13:51:32 +00:00 |
Luke Taylor
|
1bcb62af2e
|
Remove use of autoconfig, as it was really just a conveniece for creating default access and authentication managers.
|
2007-10-26 13:05:31 +00:00 |
Luke Taylor
|
700de0d388
|
Tidying.
|
2007-10-25 15:07:15 +00:00 |
Luke Taylor
|
03e285c31d
|
Moved responsability for creating AuthenticationManager into AuthenticationProviderBeanDefinitionParser. Tidied up SecrityNamespaceHandler.
|
2007-10-25 14:21:45 +00:00 |
Luke Taylor
|
3927ba9ed0
|
SEC-578: Removed additional FilterChainMap reference.
|
2007-10-25 13:40:51 +00:00 |
Luke Taylor
|
7ef57c67ed
|
SEC-578: Removed FilterChainMap class
|
2007-10-25 11:51:51 +00:00 |
Luke Taylor
|
fb72fa82de
|
Changed comment to remove reference to FilterChainMap.
|
2007-10-22 23:56:01 +00:00 |
Luke Taylor
|
acf3966651
|
SEC-578: Refactored to remove FilterChainMap and use a LinkedHashMap instead to maintain the path ordering. Also made use of Springs ManagedList and ManagedMap to preform resolution of bean names to Filter objects at runtime, replacing the unnecessary bean which was performing this task for the filter lists.
|
2007-10-22 23:52:29 +00:00 |
Luke Taylor
|
b9cfae5903
|
Exception for flagging errors in namespace config.
|
2007-10-20 23:18:41 +00:00 |
Luke Taylor
|
2d3d5ceb8d
|
Tidying.
|
2007-10-20 23:17:56 +00:00 |
Luke Taylor
|
cffd3131f0
|
Added building of filter chain in post-processing, support for basic authentication and automatic generation of login page, if no loginUrl supplied.
|
2007-10-20 23:17:01 +00:00 |
Luke Taylor
|
f0d8db5ce6
|
Store the default order values of security filters.
|
2007-10-20 23:12:41 +00:00 |
Luke Taylor
|
7afa99a21a
|
Security filter base class.
|
2007-10-20 23:10:53 +00:00 |
Luke Taylor
|
a6a372a5ab
|
SEC-568: Added the decorated for filter-chain-map to the namespace handler registry.
|
2007-10-20 23:10:28 +00:00 |
Luke Taylor
|
2b14d2da98
|
Make Spring Security filters implement the Ordered interface, for use when post-processing the application context
|
2007-10-20 23:09:23 +00:00 |
Luke Taylor
|
9b8c06e9f6
|
SEC-568: Introduced FilterChainMap as a simpler option for configuring FilterChainProxy and introduced a namespace-based for configuring it. The Url pattern matching is factored out into a separate strategy with ant and regex versions.
|
2007-10-20 23:05:03 +00:00 |
Luke Taylor
|
d6fe97de43
|
Latest updates to namespace configuration.
|
2007-10-20 22:58:59 +00:00 |
Luke Taylor
|
28d04c1759
|
Removed unnecessary casts, corrected incomplete comment and reformatted code.
|
2007-10-19 11:53:26 +00:00 |
Luke Taylor
|
380b22f50d
|
Removed unused autodetect method and reformatted code.
|
2007-10-18 16:50:31 +00:00 |
Luke Taylor
|
c51bcd9c1f
|
Changed method protection config to make it compatible with MethodDefinitionMap for the time being.
|
2007-10-14 14:29:15 +00:00 |
Luke Taylor
|
a4b522351f
|
Added "unprotected" method for tests
|
2007-10-14 14:15:51 +00:00 |
Luke Taylor
|
0b54eece28
|
Added code to set the manager username and password if supplied.
|
2007-10-13 21:20:19 +00:00 |
Luke Taylor
|
3d0f3302dc
|
RNC file used for convenience to generate the namespace xsd schema file.
|
2007-10-13 16:27:14 +00:00 |
Luke Taylor
|
0f4cdf345d
|
Intermediate checkin of experimental namespace config work (additional parser files).
|
2007-10-13 16:26:08 +00:00 |
Luke Taylor
|
627b0b38ad
|
Intermediate checkin of experimental namespace config work.
|
2007-10-13 16:24:24 +00:00 |
Luke Taylor
|
98f6111d06
|
Corrected wrong error message in ProviderManager.
|
2007-10-13 12:15:13 +00:00 |
Luke Taylor
|
e561b87987
|
Switched testOperation method to use unicode escaped characters.
|
2007-10-13 11:40:16 +00:00 |
Luke Taylor
|
75bc838ae8
|
Switched testOperation method to use French locale to prevent use of default machine locales such as Chinese (see previous commit sg).
|
2007-10-11 16:18:28 +00:00 |
Luke Taylor
|
0a214e4930
|
Removed locale-specific message value assertions which will cause tests to fail if run with a different standard locale for which we have a message file (e.g. Chinese).
|
2007-10-11 15:23:01 +00:00 |
Luke Taylor
|
92bc57eefd
|
Switch test to use a specific locale for which we have a message file (french). The default ResourceBundle behaviour is to attempt to load the platform locale if the specified one isn't found before using the default. We don't have a messages_en.properties file, hence trying to use "en" locale on a Chinese computer will result in Chinese messages being used (and test failing).
|
2007-10-11 15:16:06 +00:00 |
Luke Taylor
|
650a5467e8
|
Renamed ApacheDSStartStopBean to ApacheDSContainer and implemented LifeCycle interface.
|
2007-10-03 18:09:53 +00:00 |
Luke Taylor
|
3f2b9cd6fb
|
SEC-562: More changes of Acegi name in comments, docs etc.
|
2007-10-03 14:02:39 +00:00 |
Luke Taylor
|
9dbeda1c85
|
Corrected out of date comments referring to SecurityEnforcementFilter etc.
|
2007-10-03 11:13:40 +00:00 |
Luke Taylor
|
87ddc63f73
|
Format to correct spacing.
|
2007-10-02 16:13:55 +00:00 |
Luke Taylor
|
6fbf73e74f
|
Added explicit dependency override on mina 1.0.5 to get round this problem:
http://issues.apache.org/jira/browse/DIRMINA-366
when using apache DS embedded. It causes failures on linux, but not on OS X.
|
2007-10-02 16:13:06 +00:00 |
Luke Taylor
|
438dc44004
|
Minor changes to improve robustess of LDAP tests.
|
2007-10-02 14:50:08 +00:00 |
Luke Taylor
|
5a3f5fcd78
|
Minor changes to improve robustess of LDAP tests.
|
2007-10-02 14:49:08 +00:00 |
Luke Taylor
|
a4266f3fb8
|
Minor imrovements to configuration of embedded apache server.
|
2007-10-02 14:20:27 +00:00 |
Luke Taylor
|
acb02246e0
|
Refactored embedded LDAP server tests to make use of new namespace configuration. Use Junit 4 annotations in preference to AbstractDependencyInjectionSpringContextTests so that it is possible to clear up the context after each class is run rather than at JVM shutdown (causes problems with running embedded apache DS).
|
2007-10-02 10:52:06 +00:00 |
Luke Taylor
|
77b6503e2e
|
SEC-271: Added namespace handler class and experimental LDAP parser. The latter creates an embedded Apache DS server if no server URL is supplied, so changed dependencies on the latter to compile-time/optional.
|
2007-10-02 10:46:38 +00:00 |
Luke Taylor
|
5066fc5e39
|
SEC-562: Changed urls for login, logout, switch user etc.
|
2007-09-24 15:39:51 +00:00 |
Luke Taylor
|
eacbc71ba1
|
Switch ldap server port to 3999 (intermittent test failures occurring).
|
2007-09-23 20:57:01 +00:00 |
Luke Taylor
|
18c8ba4ac2
|
SEC-562: Changing constants and key names.
|
2007-09-23 11:16:01 +00:00 |
Luke Taylor
|
757b153430
|
SEC-562: Repackaging adapters module.
|
2007-09-22 11:54:13 +00:00 |
Luke Taylor
|
5a586c04a9
|
SEC-562: Repackaging core.
|
2007-09-21 18:18:21 +00:00 |
Luke Taylor
|
274658f9b0
|
SEC-272: Added group tables to test DB.
|
2007-09-21 15:51:36 +00:00 |
Luke Taylor
|
d19fe54c01
|
Renamed test class to match target (JdbcDaoImpl).
|
2007-09-21 15:50:23 +00:00 |
Luke Taylor
|
400a3b90f0
|
SEC-232: Additional updates to hierachical roles code from contributor.
|
2007-09-19 22:10:31 +00:00 |
Luke Taylor
|
eb0307bcd9
|
SEC-557: Reinstate use of default AccessDeniedHandlerImpl for the time being (2.0 branch).
|
2007-09-19 16:49:18 +00:00 |
Luke Taylor
|
477dc308f8
|
SEC-413: Consistent redirect behaviour between LogoutFilter and AbstractProcessingFilter. (previous commit of AbstractProcessingFilter has an erroneous message).
|
2007-09-19 16:27:23 +00:00 |
Luke Taylor
|
7139cbafbb
|
Removed assertions on response buffer size.
|
2007-09-19 16:25:31 +00:00 |
Luke Taylor
|
dde3803532
|
Removed assertions on response buffer size.
|
2007-09-19 16:24:20 +00:00 |
Luke Taylor
|
03beaf0777
|
SEC-448: MD4 password encode implementation.
|
2007-09-19 15:28:57 +00:00 |
Luke Taylor
|
2ef2bfc514
|
SEC-561: Removed setting of respose buffer size prior to redirect.
|
2007-09-19 15:17:29 +00:00 |
Luke Taylor
|
809c962d3b
|
Corrected method name in comment.
|
2007-09-19 15:04:30 +00:00 |
Luke Taylor
|
0288204432
|
SEC-369: Made spring-jdbc and spring-remoting optional dependencies in core. Removed explicit commons-lang dependency and updated commons logging to 1.1.
|
2007-09-19 00:23:33 +00:00 |
Luke Taylor
|
fdd3dfc51f
|
Remove explicit commons-lang dependency.
|
2007-09-19 00:17:04 +00:00 |
Luke Taylor
|
2f03000b68
|
SEC-232: Add role hierarchy contribution.
|
2007-09-17 22:37:39 +00:00 |
Luke Taylor
|
1a4b32e50e
|
Remove unused import.
|
2007-09-17 22:17:42 +00:00 |
Luke Taylor
|
e872823490
|
SEC-559: Throw an initialization exception if configured truststore file doesn't exist.
|
2007-09-17 21:29:40 +00:00 |
Luke Taylor
|
96eb11aadc
|
SEC-399: Add support for invalidating the existing session on successful authentication.
|
2007-09-17 15:54:07 +00:00 |
Luke Taylor
|
0efa5c3090
|
SEC-458: implementy hashCode() in PrincipalSid and GrantedAuthoritySid.
|
2007-09-17 13:10:17 +00:00 |
Luke Taylor
|
d79d55c8b6
|
SEC-8: Changes to LDAP authenticator API to take an authentication object rather than username/password.
|
2007-09-17 12:28:07 +00:00 |
Luke Taylor
|
c7354c125a
|
SEC-417: Fix. Remove hard-coded messages from JdbcDaoImpl to allow internationalized versions for "user not found" etc.
|
2007-09-16 22:20:08 +00:00 |
Luke Taylor
|
8a35f7da75
|
SEC-558: Combine user mapping implementations into a single interface and make more use of DirContextOperations in SS LDAP APIs.
|
2007-09-16 18:56:00 +00:00 |
Luke Taylor
|
56deb3dd83
|
SEC-549: Trim whitespace from username submitted with login form.
|
2007-09-14 14:25:21 +00:00 |
Luke Taylor
|
8398e940cf
|
SEC-449: Corrected comment.
|
2007-09-14 14:18:54 +00:00 |
Luke Taylor
|
fdbcbec9d8
|
SEC-449: Reamed template test class to match tested class. Added test method for case when no attribute value is found.
|
2007-09-14 14:17:30 +00:00 |
Luke Taylor
|
223a597208
|
SEC-449: Changed role searching to use parent spring ldap template search method.
|
2007-09-14 14:16:28 +00:00 |
Luke Taylor
|
b7d9466f99
|
SEC-449: Remoned unnecessary declaration of ContextMapper interface.
|
2007-09-14 14:12:32 +00:00 |
Luke Taylor
|
97ef5f389f
|
SEC-449: Remoned unnecessary declaration of ContextMapper interface.
|
2007-09-14 14:11:57 +00:00 |
Luke Taylor
|
d208cf3824
|
SEC-449: Make LdapUserDetailsMapper a pure ContextMapper so it can be used with LdapTemplate.
|
2007-09-13 20:42:50 +00:00 |
Luke Taylor
|
6d8f92e1b8
|
Allow an ldif file to be set in the configuration and loaded on initialization.
|
2007-09-13 20:40:49 +00:00 |
Luke Taylor
|
ae40919d13
|
Tidying up class.
|
2007-09-12 19:55:52 +00:00 |
Luke Taylor
|
c0f5230667
|
SEC-302: Add rolePrefix property to SecurityContextHolderAwareRequestFilter.
|
2007-09-11 17:29:47 +00:00 |
Luke Taylor
|
6a6bafa219
|
Make sure test classes which are setting the context clear it in their tearDown methods.
|
2007-09-11 14:13:50 +00:00 |
Luke Taylor
|
c56b8c4117
|
SEC-471: Allow names of username and password parameters to be customized in AuthenticationProcessingFilter.
|
2007-09-11 12:12:14 +00:00 |
Luke Taylor
|
3326525b65
|
SEC-368: Tidied up captcha spelling.
|
2007-09-11 11:16:07 +00:00 |
Luke Taylor
|
dd2a46c7ca
|
SEC-368: Tidied up captcha spelling.
|
2007-09-11 11:11:05 +00:00 |
Luke Taylor
|
c91400b03b
|
Corrected scm sections of core and parent poms.
|
2007-09-10 23:18:43 +00:00 |
Luke Taylor
|
448e8cfb42
|
SEC-551: Convert RegExpBasedFilterInvocationDefinitionMap and DaoX509AuthoritiesPopulator to use JDK regexps. Removed ORO dependency from the project.
|
2007-09-10 23:09:36 +00:00 |
Luke Taylor
|
6eb17c8546
|
SEC-513: Ldap user manager implementation classes changed to use new spring ldap apis.
|
2007-09-10 21:13:45 +00:00 |
Luke Taylor
|
afaa169e97
|
SEC-449: Test data ldif file for ApacheDS.
|
2007-09-10 21:09:59 +00:00 |
Luke Taylor
|
0503c3e1ab
|
SEC-449: Refactoring towards more use of Spring LDAP. Also borrowed the Spring LDAP integration testing setup which is much better and makes use of the full LDAP stack. There were still problems with using Apache DS's CoreContextFactory (e.g. compare operations) so it is an improvement on that front too. Moved spring ldap to 1.2-RC1 version.
|
2007-09-10 21:09:02 +00:00 |
Scott Battaglia
|
f7815e8da2
|
SEC-520
added parameter to determine whether to encode the session id or not and an explanation on when it should/should not be used.
|
2007-09-10 15:11:56 +00:00 |
Luke Taylor
|
e7ede68352
|
Update ldap test base class to use LdapContext by default.
|
2007-09-07 20:52:03 +00:00 |
Luke Taylor
|
ff1f1d8ef5
|
SEC-449: Rename internal LdapTemplate class to SpringSecurityLdapTemplate to avoid confusion.
|
2007-09-07 20:49:38 +00:00 |
Luke Taylor
|
f178ca2a39
|
Updated trunk poms to 2.0-SNAPSHOT version
|
2007-09-07 20:14:55 +00:00 |
Luke Taylor
|
70239a9769
|
SEC-513: First check in of user management stuff.
|
2007-09-07 20:01:46 +00:00 |
Luke Taylor
|
9b71b5aa00
|
SEC-449: Mostly changes to aid moving towards compatibility with spring-ldap.
|
2007-09-07 19:55:45 +00:00 |
Luke Taylor
|
8d4b97f685
|
Updated poms post-release 1.0.5
|
2007-09-06 02:52:09 +00:00 |
Luke Taylor
|
c8b6111418
|
Release 1.0.5.
|
2007-09-06 01:52:53 +00:00 |
Luke Taylor
|
3de8745494
|
Commented out (another) failing captcha test whose behaviour varies with speed of the build server (makes assumptions about the interval within which certain lines of code are executed).
|
2007-09-04 01:06:58 +00:00 |
Luke Taylor
|
6289503643
|
Commented out failing captcha test whose behaviour varies with speed of the build server (makes assumptions about the interval within which certain lines of code are executed).
|
2007-09-03 23:33:13 +00:00 |
Luke Taylor
|
34527c3305
|
Changed spring version to 1.2.9 and modified dependencies to get build to work with this version. Corrected some javadoc links.
|
2007-09-03 15:47:39 +00:00 |
Luke Taylor
|
15ee5b2364
|
SEC-540,SEC-541: Changes for maven 2 site generation and use of docbkx.
|
2007-09-02 13:22:24 +00:00 |
Luke Taylor
|
4e452046ec
|
Comment out System.out.println
|
2007-09-01 14:59:41 +00:00 |
Ray Krueger
|
edd7bbeceb
|
Removed repeated downcasting of ServletRequest and ServletResponse
|
2007-09-01 14:43:09 +00:00 |
Luke Taylor
|
b2799985f2
|
SEC-398: Added patch which uses response wrapper to set context in session on redirect or error.
|
2007-08-31 20:39:33 +00:00 |
Luke Taylor
|
219b865c01
|
SEC-544: Added German localization messages from Andreas Senft.
|
2007-08-31 12:15:13 +00:00 |
Luke Taylor
|
c021bf4682
|
SEC-542: Made SessionInformation serializable. Also remove unused default constructor.
|
2007-08-30 21:38:07 +00:00 |
Luke Taylor
|
0adf0d6f1c
|
SEC-529: Added French translation of messages from Laurent Pireyn
|
2007-08-30 21:27:49 +00:00 |
Luke Taylor
|
bc411c7c3b
|
SEC-457: Added Czech translation of messages from Jan Novotný
|
2007-08-30 21:20:19 +00:00 |
Luke Taylor
|
ea61964f56
|
SEC-483: Fix. Make getGroupSearchBase protected.
|
2007-08-30 21:15:14 +00:00 |
Luke Taylor
|
0c4916ee98
|
SEC-427: Fix. Added NullAuthoritiesPopulator and extra constructor.
|
2007-08-30 21:12:16 +00:00 |
Luke Taylor
|
301626fd6e
|
SEC-346: Fix. Added suggested change. Also some minor tidying up of comments etc.
|
2007-08-30 20:55:49 +00:00 |
Luke Taylor
|
2e8d16c538
|
SEC-484: Multithreaded tests for SessionRegistryImpl.
|
2007-08-30 19:26:24 +00:00 |
Luke Taylor
|
ad43d433b4
|
SEC-484: Fix for NPE concurreny issue. Also reinstated synchronized on registerNewSession (had removed it for testing).
|
2007-08-30 19:04:18 +00:00 |
Luke Taylor
|
aa4ee54f86
|
Added logging to SessionRegistryImpl.
|
2007-08-30 18:22:40 +00:00 |
Luke Taylor
|
7fcdd4a6ff
|
More tidying...
|
2007-08-30 11:31:36 +00:00 |
Luke Taylor
|
510cd5050f
|
Tidied up SessionRegistryImpl and rolled back reformatting of its test class to incorrect width.
|
2007-08-30 11:21:28 +00:00 |
Luke Taylor
|
5f993e5627
|
SEC-534: Refactored JaasAuthenticationProvider to use ApplicationPublisherAware rather than ApplicationContextAware.
|
2007-08-29 11:51:02 +00:00 |
Luke Taylor
|
1467527c0a
|
SEC-538: Deleted maven 1 files.
|
2007-08-29 11:00:28 +00:00 |
Luke Taylor
|
5b7ed79b6a
|
SEC-539: Reformatted "divider" comments (//~ Methods=== etc). Simplified boolean expression in afterPropertiesSet.
|
2007-08-28 23:19:06 +00:00 |
Luke Taylor
|
d7cef1ba31
|
SEC-539: Moved SecurityContextHolder.setContext() call into the try {} block to emphasize that it is only set for the duration of chain.doFilter() and immediately cleared afterwards. Changed the debug messages about setting the context, since it has not strictly taken place when they are logged.
|
2007-08-28 23:11:58 +00:00 |
Luke Taylor
|
47c5a6d43f
|
SEC-539: Renamed extractSecurityContextFromSession to readSecurityContextFromSession to emphasize that it doesn't actually modify anything (the context is still stored in the session).
|
2007-08-28 22:43:13 +00:00 |
Luke Taylor
|
f7a6129657
|
SEC-539: Removed unnecessary check for a null request object. Removed unnecessary catch/rethrow of IOException and ServletException from try/finally around chain.doFilter.
|
2007-08-28 22:40:56 +00:00 |
Luke Taylor
|
d1be9f9980
|
SEC-539: Refactored so that SecurityContextHolder.setContext() is called in exactly one place. Moved setting of httpSession = null to point immediately after its last use.
|
2007-08-28 22:38:55 +00:00 |
Luke Taylor
|
3dd0716611
|
SEC-539: Altered storeSecurityContextInSession to take the SecurityContext as a parameter rather than calling SecurityContextHolder.getContext(). This allows SecurityContextHolder.clearContext() to be called immediately after reading the context in the finally block of doFilter().
|
2007-08-28 21:58:30 +00:00 |
Luke Taylor
|
fa63d8ecfb
|
SEC-539: Refactored if (httpSession == null) block in storeSecurityContextInSession()
|
2007-08-28 21:25:17 +00:00 |
Luke Taylor
|
ce3eb599ed
|
SEC-539: Renamed populateSecurityContextFromSession to extractSecurityContextFromSession and removed the side-effect of setting SecurityContextHolder. It now returns the context found in the session (or null) and SecurityContextHolder.setContext() is called in a single place in doFilter().
|
2007-08-28 21:11:48 +00:00 |
Luke Taylor
|
ba88214d1d
|
SEC-539: Refactored populateSecurityContextFromSession() to reduce nested blocks and clarify logic.
|
2007-08-28 20:16:19 +00:00 |
Luke Taylor
|
27ef2caf45
|
SEC-539: Removed filterApplied boolean.
|
2007-08-28 19:56:33 +00:00 |
Luke Taylor
|
e8d11f28f2
|
SEC-539: Extracted storeSecurityContextInSession() method.
|
2007-08-28 19:54:24 +00:00 |
Luke Taylor
|
bcf69cbe3d
|
SEC-539: Extracted populateSecurityContextFromSession() method.
|
2007-08-28 19:16:37 +00:00 |
Luke Taylor
|
6651a240de
|
Replaced massive if/else with guard clause to reduce nesting. Moved declaration of filterApplied boolean to where it is actually set. It is only used when removing the attribute from the request at the end of the invocation, so should probably not be needed at all. request.removeAttribute() can be called regardless of whether the attribute is set or not.
|
2007-08-28 18:26:04 +00:00 |
Luke Taylor
|
6fe00b3433
|
SEC-501: Fix. Convert secure url paths to lower case if convertUrlToLowercaseBeforeComparison is true.
Also removed unnecessary assertions from PathBasedFilterDefinitionMapTests.
|
2007-08-28 16:53:05 +00:00 |
Luke Taylor
|
4ba77fa736
|
SEC-450: Added group subtree to LDAP test server and extra tests for DefaultLdapAuthoritiesPopulator to make sure searchSubtree parameter works as expected.
|
2007-08-28 15:26:59 +00:00 |
Luke Taylor
|
e189bc685f
|
SEC-408: Fix. Provide getter for filterProcessesUrl.
|
2007-08-28 11:37:05 +00:00 |
Luke Taylor
|
c8077c5e87
|
SEC-506: Fix as suggested by reporter. Split the disgest header string ignoring separating commas which occur between quotes.
|
2007-08-28 00:31:30 +00:00 |
Luke Taylor
|
3f123e1478
|
SEC-518: Fix. "Cache" in EhCache is a class, so change the APIs to use the interface it implements (Ehcache).
|
2007-08-27 23:41:59 +00:00 |
Luke Taylor
|
87d6b8dedd
|
SEC-412: Fix. Added extra constructor to UsernameNotFoundException allow use of extraInformation property of parent class.
|
2007-08-27 23:22:48 +00:00 |
Luke Taylor
|
dda88e3931
|
SEC-502: Fix. Use a Map instead of HashMap in the API. Also some minor tidying of test class.
|
2007-08-27 17:21:16 +00:00 |
Luke Taylor
|
57f3d268a1
|
SEC-519: Fix. Changed notNull() assertion for "key" parameter to hasText() to prevent the use of empty keys.
|
2007-08-27 17:17:25 +00:00 |
Luke Taylor
|
1c72b7989e
|
Fix for SEC-522. Strip query parameters from logout URL before doing comparison with filterProcessesUrl.
|
2007-08-27 17:14:23 +00:00 |
Luke Taylor
|
82599a72ba
|
Reformatted LogoutFilter.
|
2007-08-27 16:56:33 +00:00 |
Luke Taylor
|
f8689b18b2
|
SEC-526: Fixed. Support for different case prefixes ({SHA}, {sha} etc).
|
2007-08-27 16:23:14 +00:00 |
Luke Taylor
|
0425d3b638
|
Rolled back unnecessary changes (whitespace, imports etc) for SEC-398 to make actual change from revision 1858 clearer.
|
2007-08-27 13:29:39 +00:00 |
Ben Alex
|
db3024f9a4
|
SEC-271: Revert Ordered and ApplicationContextAware usage at this time, due to release of 1.0..
|
2007-08-25 00:15:30 +00:00 |
Vishal Puri
|
2b4d8a6378
|
Removed print statement
|
2007-08-22 04:48:04 +00:00 |
Luke Taylor
|
3fbc7beb88
|
SEC-251: Document use of {1} parameter in javadoc for DefaultLdapAuthoritiesPopulator.
|
2007-08-17 15:45:57 +00:00 |
Vishal Puri
|
bc30b903f8
|
SEC-398: Lazy update of 'filterApplied' to true
|
2007-07-25 05:34:40 +00:00 |
Luke Taylor
|
a499e74102
|
SEC-449: Add spring-ldap dependency to pom.xml.
|
2007-07-24 17:23:47 +00:00 |
Luke Taylor
|
b646a06443
|
Fix for SEC-512. Removed unnecessary context creation.
|
2007-07-24 17:01:36 +00:00 |
Luke Taylor
|
aea1148ffb
|
Fix broken test caused by null application context in AbtractAccessDecisionManager when auto-detection of voters is called.
|
2007-07-24 16:48:49 +00:00 |
Vishal Puri
|
c5cc42e16c
|
made two instance variables protected for RBA solution
|
2007-07-23 07:59:28 +00:00 |
Vishal Puri
|
5ea8232f84
|
SEC-484: fixed concurrency issue
|
2007-07-23 07:58:31 +00:00 |
Vishal Puri
|
0e46e5307c
|
SEC-271: added Ordered interface to AcessDecisionVoters
|
2007-07-06 13:34:43 +00:00 |
Vishal Puri
|
ef38844a6d
|
Improved comments and made TokenBasedRememberMeServices modular to support subclasses
|
2007-06-27 08:33:37 +00:00 |
Ray Krueger
|
0159b617cf
|
Refactored the failureUrl lookup into a protected method to allow customization
|
2007-06-19 13:09:57 +00:00 |
Vishal Puri
|
b2c30277f4
|
SEC-271: work on security:autoconfig
|
2007-06-19 04:08:19 +00:00 |
Carlos Sanchez
|
165d2c0122
|
[maven-release-plugin] prepare for next development iteration
|
2007-06-02 21:28:53 +00:00 |
Carlos Sanchez
|
942b5d7345
|
[maven-release-plugin] prepare release acegi-security-1.0.4-maven2
|
2007-06-02 21:21:51 +00:00 |
Ben Alex
|
4561c3a1f1
|
Remove unused imports that were causing warnings.
|
2007-05-25 05:33:06 +00:00 |
Ben Alex
|
e252f4a497
|
Make compatible with Assert static class in Spring 1.2.9.
|
2007-05-25 05:32:32 +00:00 |
Vishal Puri
|
5b97b3458c
|
utility class added required to copy ordering information from one object to another
|
2007-05-25 03:25:28 +00:00 |
Ben Alex
|
10bf40fc03
|
SEC-472: Provide support for subclasses to select the login form URL to use for a given request.
|
2007-05-25 03:21:17 +00:00 |
Vishal Puri
|
b30162191e
|
SEC-271: Moved spring security namespaces cnfig code to sandbox
|
2007-05-25 03:17:12 +00:00 |
Ben Alex
|
a8b402462e
|
SEC-470: Provide flexibility to customize cookie name.
|
2007-05-25 03:12:49 +00:00 |
Ben Alex
|
24b31c0c57
|
SEC-443: Provide useRelativeContext property.
|
2007-05-25 02:55:25 +00:00 |
Ben Alex
|
c8d5374602
|
SEC-436: Add hashCode() methods.
|
2007-05-25 02:28:40 +00:00 |
Ben Alex
|
95735017e6
|
SEC-421: MutableAcl.setParent(MutableAcl) method to accept Acl parameter, not MutableAcl.
|
2007-05-25 02:22:18 +00:00 |
Ben Alex
|
d0d645788a
|
SEC-405: Extract out target URL determination method.
|
2007-05-25 02:07:44 +00:00 |
Ben Alex
|
998fc938df
|
SEC-403: Add support for Chinese.
|
2007-05-25 02:04:44 +00:00 |
Ben Alex
|
296d235135
|
SEC-343: Make obtainAllDefinedFilters() protected.
|
2007-05-25 02:03:12 +00:00 |
Ben Alex
|
1fa89e99c4
|
SEC-307: Preserve result of AuthenticationManager.authenticate(Authentication).
|
2007-05-25 02:00:37 +00:00 |
Ben Alex
|
3b9a8dc53e
|
SEC-444: Handle synchronization issues if multiple authentications taking place for same session ID concurrently.
|
2007-05-25 01:38:42 +00:00 |
Ben Alex
|
4f13db5552
|
SEC-398: Delay sending of redirect until after HttpSession updated with revised SecurityContextHolder contents.
|
2007-05-25 01:24:07 +00:00 |
Vishal Puri
|
4c6d132ead
|
SEC-411: fixed broken unit tests as a consequence of adding anoter constructor argument
|
2007-05-24 23:35:01 +00:00 |
Vishal Puri
|
220ba29fc6
|
SEC-411: another constructor argument added as required in SecurityContextHolderAwareRequestWrapper
|
2007-05-24 23:20:40 +00:00 |
Ben Alex
|
0736f4ffa0
|
SEC-305: Retain SecurityContext when rendering error pages.
|
2007-05-24 02:04:47 +00:00 |
Ben Alex
|
6ea8899134
|
|
2007-05-24 00:47:12 +00:00 |
Ben Alex
|
5b3c633790
|
SEC-451: Correctly handle an empty context path.
|
2007-05-24 00:18:09 +00:00 |
Ben Alex
|
c8c37c8935
|
SEC-439: Do not modify the object (ie replace it with null) unless the provider is supposed to fire according to the processDomainObjectClass property.
|
2007-05-23 07:04:22 +00:00 |
Ben Alex
|
a3c992113e
|
SEC-459: Provide local argument to the message source accessor.
|
2007-05-23 06:57:07 +00:00 |
Ben Alex
|
a18bd9100c
|
SEC-474: Gracefully abort if username and password non-retrievable.
|
2007-05-23 06:48:42 +00:00 |
Ben Alex
|
f45c0944ef
|
SEC-478: Handle incorrect Base64 cookie encoding.
|
2007-05-23 06:45:45 +00:00 |
Ben Alex
|
5b8898c750
|
SEC-298: Ensure returned cookies have a maximum age equal to the TokenBasedRememberMeServices.tokenValiditySeconds property.
|
2007-05-23 06:43:47 +00:00 |
Ben Alex
|
ac3b142e4f
|
SEC-438: Made afterPropertiesSet() use instance variable instead of static variable.
|
2007-05-23 06:35:03 +00:00 |
Ben Alex
|
72a7d06ad1
|
SEC-476: Provide support for not logging interactive authentication events.
|
2007-05-23 06:31:32 +00:00 |
Ben Alex
|
f7e714b9da
|
Maven 2 polishing.
|
2007-05-23 04:20:54 +00:00 |
Vishal Puri
|
3f7e00c796
|
SEC-271: removed autowiring by type and explicity introspected the applicationContext to detect the required dependencies of userDetailsService
|
2007-05-18 03:21:21 +00:00 |
Vishal Puri
|
e3435da9ae
|
SEC-271: removed autowiring by type and explicity introspected the applicationContext to detect the required dependencies of userDetailsService
|
2007-05-18 03:20:28 +00:00 |
Vishal Puri
|
a934f82af4
|
SEC-271: Fixed IllegalStateException being thrown by LogoutHandlerOrdereResolver and add an assert statement in the unit test
|
2007-05-17 13:42:51 +00:00 |
Vishal Puri
|
a01bb3bbee
|
Added more bean definition parsers
|
2007-05-17 12:57:16 +00:00 |
Vishal Puri
|
1a06723404
|
fixed broken test in build 47
|
2007-05-17 12:49:58 +00:00 |
Vishal Puri
|
3eb9870162
|
SEC-271: Added more security elements
|
2007-05-17 12:30:36 +00:00 |
Vishal Puri
|
26b0d4d1cb
|
SEC-271: uncommented copy of resources in META-INF directory
|
2007-05-17 12:23:07 +00:00 |
Vishal Puri
|
e43439ba44
|
implemented Ordered interface
|
2007-05-17 12:21:02 +00:00 |
Vishal Puri
|
001dc0b1d9
|
SEC-271: implemented Orderd interface in all the entrypoints
|
2007-05-17 12:20:16 +00:00 |
Ray Krueger
|
8b1cc05518
|
Updated Assertion message
|
2007-05-17 03:18:35 +00:00 |
Vishal Puri
|
84a3c87ea4
|
SEC-271: Replaced Java 5 specific code with pre Java 5
|
2007-05-17 03:04:07 +00:00 |
Vishal Puri
|
e67bff61a0
|
Explicity specified version 2.3 for surefire-plugin
|
2007-05-17 01:14:07 +00:00 |
Vishal Puri
|
74123cd234
|
Replace resource property with location for PropertyFactoryBean
|
2007-05-16 00:31:31 +00:00 |
Vishal Puri
|
ee2eac5a51
|
SEC-271: added LogoutFilterBeanDefinitionParserTests
|
2007-05-15 13:54:43 +00:00 |
Vishal Puri
|
1203e9858a
|
SEC-271: Added BeanDefitnitionParser for principal-repository, extended security schema and added unit tests
|
2007-05-15 13:32:06 +00:00 |
Vishal Puri
|
51f306a19a
|
SEC-271: Added more BeanDefinitionParsers and extend spring-security.xsd to have more elements
|
2007-05-15 13:26:05 +00:00 |
Vishal Puri
|
ced5cb4f85
|
added new security element in the spring-security schema and wrote a parser for the element
|
2007-05-13 13:33:33 +00:00 |
Vishal Puri
|
e73421d7b2
|
Spring version upgrade to 2.0.4, changed svn urls in project.xml and poms
|
2007-05-13 12:30:53 +00:00 |
Vishal Puri
|
9794c518d6
|
SEC-271: Spring 2-based configuration simplification of Acegi Security
|
2007-05-11 00:09:56 +00:00 |
Vishal Puri
|
566314dae5
|
SEC-271: Spring 2-based configuration simplification of Acegi Security
|
2007-05-10 02:32:30 +00:00 |
Vishal Puri
|
09fd79bc64
|
SEC-419: Added the right logger class in CollectionFilterer
|
2007-05-10 02:25:15 +00:00 |
Vishal Puri
|
82f215700b
|
changed svn url to https://acegisecurity.svn.....
|
2007-05-10 02:11:54 +00:00 |
Vishal Puri
|
62c832e366
|
SEC-423: Fixed IllegalArguemntException being thrown by checking for null contextFromSessionObject
|
2007-04-27 07:35:11 +00:00 |
Vishal Puri
|
c2d1405f44
|
SEC-357: Added testIfSwitchUserWithNullUsernameThrowsException
|
2007-04-24 06:35:15 +00:00 |
Ray Krueger
|
fe0c99c816
|
Fixed http://opensource.atlassian.com/projects/spring/browse/SEC-445
Import servlet-api 2.4 in order to bring in the correct PageContext class
|
2007-04-23 18:25:01 +00:00 |
Luke Taylor
|
6bfff55da3
|
Corrected Javadoc for setRejectPublicInvocations (s/true/false) and tidied up code for validation of attributes
|
2007-03-30 18:27:19 +00:00 |
Luke Taylor
|
993f7e4af0
|
Refactored to pull "public invocation" behaviour (attr==null) into a single guard clause.
|
2007-03-30 18:02:08 +00:00 |
Luke Taylor
|
6e5f5e15ad
|
Refactored to introduce constants for number of ops and number of threads for tuning.
|
2007-03-10 21:34:53 +00:00 |
Luke Taylor
|
fabca162a7
|
Added a customized checkstyle configuration file to tame the Maven 2 checkstyle report to the extent that it gives some useful infomation. Tidied up comments, excessively long lines, use of tabs etc. to match.
|
2007-02-24 21:00:24 +00:00 |
Luke Taylor
|
bd2d4b013a
|
Extracted a method to evaluate the conditions for whether basic authentication is required.
|
2007-02-23 19:21:44 +00:00 |
Luke Taylor
|
a1886bd1e0
|
Made string constant RECIPIENT_FOR_CACHE_EMPTY final.
|
2007-02-22 23:57:49 +00:00 |
Luke Taylor
|
b8a0f97fde
|
Removed irrelevant CAS stuff from equalsWhenEqual test.
|
2007-02-22 23:29:01 +00:00 |
Luke Taylor
|
25bc67885d
|
Uncommented tests which now work due to apache-ds bugfixes
|
2007-02-06 18:21:31 +00:00 |
Luke Taylor
|
0d9cae43bf
|
Corrected mistake in reading java.io.tmpdir.
|
2007-02-06 18:20:14 +00:00 |
Luke Taylor
|
5464678355
|
Pass apache-ds temp working directory as a system property through the surefire plugin.
|
2007-02-06 18:18:14 +00:00 |
Luke Taylor
|
8b98a9d27c
|
Added code to delete the previous contents of the ldap test server working directory as these aren't always compatible if the apache-ds version has changed.
|
2007-02-05 00:35:42 +00:00 |
Luke Taylor
|
1686fd0bd2
|
Updated ldap tests to apache directory 1.0.0 release version.
|
2007-02-04 20:06:36 +00:00 |
Ben Alex
|
e169e63e1b
|
SEC-404: Correct previous SEC-404 commit.
|
2007-01-02 23:36:38 +00:00 |
Ben Alex
|
3f62a5c868
|
SEC-404: NPE when logging out if user not already logged in.
|
2006-12-28 21:23:35 +00:00 |
Luke Taylor
|
93509dc999
|
Reformatted X.509 certificate in comment.
|
2006-11-29 01:40:14 +00:00 |
Luke Taylor
|
6a440f816c
|
removed monkeymachine.co.uk email addresses.
|
2006-11-28 21:37:37 +00:00 |
Ben Alex
|
1805ab8ec4
|
SEC-401: internalMethod handling fixes, plus correct issue with startsWith(String) usage.
|
2006-11-26 04:47:43 +00:00 |
Ben Alex
|
e79a28875f
|
SEC-400: Clarify exception if getter returns null.
|
2006-11-26 03:24:11 +00:00 |
Ray Krueger
|
1a486e584b
|
HttpSessionEventPublisher need not implement ServletContextListener any longer
|
2006-11-20 19:35:11 +00:00 |
Ray Krueger
|
74e8efc4e9
|
Fixed SEC-395
|
2006-11-20 19:09:45 +00:00 |
Ben Alex
|
6fe569556c
|
Use type in same module (Maven requirement).
|
2006-11-17 03:18:07 +00:00 |
Ben Alex
|
197a011ac5
|
Relocate resource files to comply with Maven directory conventions.
|
2006-11-17 03:06:30 +00:00 |
Ben Alex
|
1081c267d9
|
SEC-239: New ACL module.
|
2006-11-17 02:03:23 +00:00 |
Ben Alex
|
9f512c384e
|
SEC-239: New ACL module.
|
2006-11-17 02:01:21 +00:00 |
Ben Alex
|
2984913051
|
SEC-393: More elegantly deal with setProviders(List) type safety enforcement.
|
2006-11-16 02:15:43 +00:00 |
Carlos Sanchez
|
5e819af782
|
SEC-388: Upgrade other Spring dependencies to 1.2.8.
|
2006-11-15 22:54:54 +00:00 |
Ben Alex
|
1b4a098760
|
SEC-354: Add label-based voter.
|
2006-11-14 22:07:36 +00:00 |
Ben Alex
|
4d166a6867
|
SEC-333: Error in last commit, should default to regexp processor, not Ant Path processor, in the case of empty or null strings.
|
2006-11-14 21:52:51 +00:00 |
Ben Alex
|
780130d0f3
|
SEC-333: Eliminate dependecy on ORO when Ant Paths being used instead of Regular Expressions.
|
2006-11-14 20:55:24 +00:00 |
Ben Alex
|
775840a565
|
SEC-374: Allow GrantedAuthority[]s assigned to switched user identity to be filtered.
|
2006-11-14 05:49:56 +00:00 |
Ben Alex
|
f5ce0250b4
|
SEC-310: Add AbstractProcessingFilter.getAuthenticationDetailsSource().
|
2006-11-14 03:30:04 +00:00 |
Ben Alex
|
8dda52eeaa
|
SEC-322: Workaround bug in WebSphere.
|
2006-11-14 02:21:27 +00:00 |
Ben Alex
|
5640eb0511
|
SEC-378: Use trim instead of replacement for space removal.
|
2006-11-14 01:55:44 +00:00 |
Ben Alex
|
ad6c501379
|
SEC-360: Minor correction in patch applied yesterday.
|
2006-11-14 01:09:35 +00:00 |
Ben Alex
|
2a65d386d5
|
SEC-384: Remove Commons-Lang dependency.
|
2006-11-14 00:59:17 +00:00 |
Ben Alex
|
59bf8602d2
|
SEC-356: Add cloneFromHttpSession property.
|
2006-11-14 00:43:00 +00:00 |
Ben Alex
|
5911234f65
|
SEC-359: Logout even if not logged in.
|
2006-11-13 06:05:28 +00:00 |
Ben Alex
|
fa6b4480b1
|
SEC-360: Provide server side forward option instead of redirection.
|
2006-11-13 00:17:07 +00:00 |
Ben Alex
|
f0ae6f53a7
|
SEC-327: Add includeDetailsObject property.
|
2006-11-12 23:55:50 +00:00 |
Ben Alex
|
f28ce39bde
|
SEC-365: Provide an alwaysRemember property, together with an abstract method so subclasses can determine custom behaviour.
|
2006-11-12 23:28:57 +00:00 |
Ben Alex
|
71eba94cf2
|
SEC-371: Use AbstractTicketValidator for logger.
|
2006-11-12 23:10:09 +00:00 |
Ben Alex
|
0f517cb8e2
|
SEC-375: Publish AuthorizationFailureEvent event when AccessDeniedException thrown by AfterInvocationProvider.
|
2006-11-12 22:06:37 +00:00 |
Ben Alex
|
b8d0722251
|
SEC-367: Added clarification of immutability contract.
|
2006-11-12 21:36:52 +00:00 |
Ben Alex
|
43dbe6c991
|
SEC-364: Fix context path handling.
|
2006-11-12 21:31:31 +00:00 |
Carlos Sanchez
|
10d6859dad
|
Added ACL table SQL for some databases
|
2006-10-17 22:24:57 +00:00 |
Ben Alex
|
172026f875
|
SEC-377: Remove Commons Lang dependency.
|
2006-10-14 00:17:19 +00:00 |
Ben Alex
|
c292826475
|
SEC-373: Add byte array encryption/decryption support.
|
2006-10-07 09:45:51 +00:00 |
Ben Alex
|
21dd050d7b
|
SEC-348: Limit Basic automatic reauthentication scope to UsernamePasswordAuthenticationToken (specifically avoid CasAuthenticationToken).
|
2006-09-29 08:41:25 +00:00 |
Ben Alex
|
d2fb473a4e
|
Formatting only.
|
2006-09-29 07:33:45 +00:00 |
Ben Alex
|
49a2de8f0f
|
SEC-366: Initial commit.
|
2006-09-29 07:29:13 +00:00 |
Ben Alex
|
cc03675776
|
SEC-340: Invalidate HttpSession on logout.
|
2006-09-29 06:45:40 +00:00 |
Scott McCrory
|
db96650d99
|
SEC-319: Reverted to 1.0.1 version to delay these changes to 1.1.0, based on small breakage of backward compatability.
|
2006-09-23 19:48:39 +00:00 |
Carlos Sanchez
|
558fd5d75d
|
Add scm info because we don't use artifactid as folder name
|
2006-09-17 21:06:22 +00:00 |
Ben Alex
|
b0056568f0
|
SEC-338: Serializable and serialVersionUID missing for Authentication-related objects.
|
2006-09-15 08:38:11 +00:00 |
Ben Alex
|
7313d5def0
|
SEC-324: Ensure IllegalStateException no longer occurs.
|
2006-09-15 07:55:57 +00:00 |
Ben Alex
|
324789d544
|
SEC-311: Must observe symmetry requirement of Object.equals(Object) contract.
|
2006-09-15 06:27:45 +00:00 |
Ben Alex
|
9e3ce85dd5
|
SEC-330: Make UserMap work with UserDetails, not User concrete class.
|
2006-09-15 03:47:17 +00:00 |
Ben Alex
|
f0b259a32e
|
SEC-349: GrantedAuthority constructor argument can be null.
|
2006-09-15 03:42:11 +00:00 |
Ben Alex
|
58d3f0c56f
|
SEC-290: Correct bug with generation of SimpleMethodInvocation.
|
2006-09-15 03:38:36 +00:00 |
Ben Alex
|
5364db2c27
|
SEC-328: Avoid unnecessarily hitting backend a second time, if the cache wasn't used in first place.
|
2006-09-15 03:36:51 +00:00 |
Ben Alex
|
53beadb7bf
|
SEC-290: Correct bug with generation of SimpleMethodInvocation.
|
2006-09-15 03:27:26 +00:00 |
Ben Alex
|
03df6a90eb
|
SEC-293: Modified collection remove logic to use removeList.
|
2006-09-15 03:20:08 +00:00 |
Ben Alex
|
1292420476
|
SEC-311: Must observe symmetry requirement of Object.equals(Object) contract.
|
2006-09-15 03:09:05 +00:00 |
Ray Krueger
|
cf91104b69
|
Made parameters case-insensitive
|
2006-09-14 20:47:17 +00:00 |
Ray Krueger
|
6779d97546
|
Made parameters case-insensitive
|
2006-09-14 20:39:37 +00:00 |
Carlos Sanchez
|
757062e8f9
|
Initialization of exceptionMappings was broken in last commit
|
2006-09-13 08:20:08 +00:00 |
Carlos Sanchez
|
4d070eab25
|
Add setAuthoritiesAsString to UserAttribute
|
2006-09-04 21:54:15 +00:00 |
Luke Taylor
|
000f9ab7ac
|
SEC-321: truncate from first question mark, not last.
|
2006-09-03 22:12:13 +00:00 |
Luke Taylor
|
4e65b24253
|
SEC-245: Add mapPassword method to allow customized translation of password attribute.
|
2006-08-28 20:58:26 +00:00 |
Luke Taylor
|
57a8d2adb3
|
Added handleBindException method to allow subclasses to inspect the reason for bind failure.
|
2006-08-25 16:06:20 +00:00 |
Luke Taylor
|
dc13f25dee
|
Tidied up formatting.
|
2006-08-25 16:04:27 +00:00 |
Luke Taylor
|
8dd1177c02
|
Added property to force use of LdapContext instead of DirContext
|
2006-08-25 16:03:50 +00:00 |
Luke Taylor
|
92dcf694b4
|
added createTarget method on Essence class to allow subclassing.
|
2006-08-25 15:32:39 +00:00 |
Luke Taylor
|
b5cbc977e1
|
Javadoc correction
|
2006-08-24 10:56:26 +00:00 |
Luke Taylor
|
3889894d16
|
Added extra mapping of OperationNotSupportedException to BadCredentialsException as some servers return a 53 code (unwilling to perform) when attempting a bind (e.g. is password has expired). This shouldn't be treated as an outright failure.
|
2006-08-24 10:32:38 +00:00 |
Luke Taylor
|
67fcf426eb
|
Close returned context in nameExists method
|
2006-08-24 10:10:24 +00:00 |
Luke Taylor
|
e96fee6ec1
|
Updated apacheds version to RC3 and slf4j to 1.0.1
|
2006-08-24 10:07:39 +00:00 |
Carlos Sanchez
|
27d2db9e22
|
Ensure that array of valid permissions can't be modified outside the class
|
2006-08-22 17:57:18 +00:00 |
Carlos Sanchez
|
38ec0f0d30
|
SEC-286: Reverted rev# 1588 as build fails without log4j (class not found exception)
|
2006-08-22 16:17:46 +00:00 |
Carlos Sanchez
|
69ec903088
|
Add MethodDefinitionSourceMapping for easier configuration
|
2006-08-22 16:02:44 +00:00 |
Carlos Sanchez
|
0298851ca3
|
Allow setting ACLs by its name
|
2006-08-22 16:01:34 +00:00 |
Carlos Sanchez
|
3487da0e85
|
Added javadoc
|
2006-08-22 15:53:41 +00:00 |
Luke Taylor
|
3498b36c14
|
SEC-285: Removed duplicate commons-lang dependency from pom.xml
|
2006-08-19 20:03:58 +00:00 |
Scott McCrory
|
8d3a2b42d9
|
SEC-319: Improvements to Siteminder integration: Create its own authentication provider & reeval strategy. Note that documentation not yet complete, but code is functional, test-covered and validated in a Siteminder environment.
|
2006-07-27 01:13:46 +00:00 |
Luke Taylor
|
52a167acfa
|
SEC-286: removed log4j dep as it is in the parent pom and tests run fine without it..
|
2006-07-25 23:53:42 +00:00 |
Carlos Sanchez
|
f7cb31a301
|
Fix broken test
|
2006-07-20 18:43:58 +00:00 |
Carlos Sanchez
|
9a337d2fea
|
Removed default constructors added in rev# 1573
|
2006-07-20 13:15:55 +00:00 |
Luke Taylor
|
4930657e57
|
Remove typo in method name "getAuthoritiesPopulator"
|
2006-07-16 20:17:20 +00:00 |
Scott McCrory
|
442c51bb30
|
SEC-318: Rename AuthenticationDao to UserDetailsService in local variables and logging messages
|
2006-07-15 15:18:51 +00:00 |
Ray Krueger
|
d485e30fd5
|
SavedCookieTest was renamed to SavedCookieTests
|
2006-07-12 10:33:14 +00:00 |
Ray Krueger
|
ca863ce4f7
|
http://opensource.atlassian.com/projects/spring/browse/SEC-308
Headers should remain case-insensitive.
|
2006-07-12 10:25:32 +00:00 |
Carlos Sanchez
|
91799c9290
|
Added missing resources
|
2006-07-11 21:42:42 +00:00 |
Carlos Sanchez
|
156af5b8b6
|
Added missing tld and notice file to jar
|
2006-07-11 18:54:04 +00:00 |
Carlos Sanchez
|
94a9acedad
|
Added checks to ensure object is properly initialized
|
2006-07-10 11:48:35 +00:00 |
Carlos Sanchez
|
488abe58fb
|
Added default constructor for easier use
|
2006-07-10 11:24:18 +00:00 |
Carlos Sanchez
|
80c1ae3bde
|
fix problems when not loaded through Spring context
|
2006-07-09 22:08:21 +00:00 |
Carlos Sanchez
|
00b73e8331
|
Fix failing tests keeping old behaviour.
|
2006-07-06 17:56:50 +00:00 |
Carlos Sanchez
|
46af400466
|
Added FilterInvocationDefinition interface to unify FilterInvocationDefinitionSource and FilterInvocationDefinitionMap
|
2006-07-06 17:05:08 +00:00 |
Carlos Sanchez
|
9e87bd6789
|
Add javadocs
|
2006-07-06 17:03:48 +00:00 |
Carlos Sanchez
|
aa52124d72
|
Simplify configuration of FilterInvocationDefinitionMap
|
2006-07-05 22:00:21 +00:00 |
Carlos Sanchez
|
9560636380
|
Simplify configuration of FilterInvocationDefinitionMap
|
2006-07-05 20:58:50 +00:00 |
Carlos Sanchez
|
9d539a13d9
|
Use accessor instead of field
|
2006-07-05 20:03:52 +00:00 |
Carlos Sanchez
|
0edb75d4aa
|
Added setUsers and setAuthorities for easier configuration
|
2006-07-05 16:16:13 +00:00 |
Carlos Sanchez
|
41f7bb3755
|
Improve javadoc formatting
|
2006-07-05 16:00:51 +00:00 |