Commit Graph

1437 Commits

Author SHA1 Message Date
Luke Taylor 9e2f372bad SEC-607: Deprecated InitialDirContextFactory and replaced it with SpringSecurityContextSource.
Also some refactoring of LdapUserDetailsManager to use a strategy for creating DNs from usernames.
2007-11-20 20:54:48 +00:00
Luke Taylor 6d5773d177 Replaced creation of new list with Collections.EMPTY_LIST reference. 2007-11-17 23:06:32 +00:00
Luke Taylor 1196381220 Remove "controls" property as it doesn't really make sense and has never been used. 2007-11-17 20:55:39 +00:00
Luke Taylor 91e0a329f9 Upgrade to Spring LDAP 1.2 final. 2007-11-17 20:53:26 +00:00
Luke Taylor b1b3f585e4 Moved setter methods out of inner classes area. 2007-11-13 22:55:01 +00:00
Luke Taylor c485664ee7 Removed accidental use of autoboxing. 2007-11-13 22:16:52 +00:00
Luke Taylor 3e3dac4050 SEC-600: Added extra test assertions on authentication details object after password change. 2007-11-13 17:17:25 +00:00
Luke Taylor cb237055ac SEC-600: Added Jdbc implementation of UserDetailsManager 2007-11-13 17:11:29 +00:00
Luke Taylor 81067840ef SEC-485: Added calculateLoginLifetime method. 2007-11-13 01:16:27 +00:00
Luke Taylor b681952933 SEC-545: Added utility methods for checking if user has a particular role to existing AuthorityUtils class. Class may be renamed at some point as more functionality is added. 2007-11-11 23:37:32 +00:00
Luke Taylor 315d4a247f Added method to clear datasource field after use. 2007-11-11 23:10:21 +00:00
Luke Taylor 910e63f83c SEC-586: Implemented secure channel support in namespace configuration. 2007-11-11 22:07:46 +00:00
Luke Taylor c214f4a9bc Simplified initialization of datasource. 2007-11-11 22:06:22 +00:00
Luke Taylor 4f3bbb52f6 Pulled methods and fields up into AbstractFilterInvocationDefinitionSource to make it easier to query the map size etc, regardless of the specific type. 2007-11-11 19:29:11 +00:00
Luke Taylor 28a138f8ec Converted to use guard clause to reduce nesting. 2007-11-11 19:22:51 +00:00
Luke Taylor 756be6fed3 Removed unnecessary constructor. 2007-11-11 19:10:47 +00:00
Luke Taylor 964e6911a7 Added RememberMeServices to list of logout handlers. 2007-11-11 18:11:18 +00:00
Luke Taylor 2856a6ba43 Allow configuration of embedded ldap server port through ldap namespace configuration. Changed default port from 3389 to avoid conflict with windows remote desktop (as reported by Ray Krueger in dev list). 2007-11-11 16:10:30 +00:00
Luke Taylor 0e7dac6ca5 SEC-565: Refactoring of TokenBasedRememberMeServices. Changed arguments to makeValidSignature so that it could be used from both places where a signature is required and refactored the class to extend AbstractRememberMeServices. The method processAutoLoginCookie now returns a UserDetails, rather than username, as the UserDetails is needed in TokenBasedRememberMeServices. 2007-11-10 19:20:36 +00:00
Luke Taylor 1a5ef2dece SEC-588: Completed JdbcTokenRepositoryImpl and added extra update method to PersistentTokenRepository interface (additional files from failed commit). 2007-11-10 15:56:07 +00:00
Luke Taylor 7caa1587b3 SEC-588: Completed JdbcTokenRepositoryImpl and added extra update method to PersistentTokenRepository interface. 2007-11-10 15:42:21 +00:00
Scott Battaglia 87a864619d SEC-592
fixed failing test due to thinking a null value should be provided.
2007-11-07 21:44:15 +00:00
Scott Battaglia 981f185575 SEC-592
implemented NullStatelessTicketCache and test cases and made it the default for CasAuthenticationProvider.
2007-11-07 18:46:35 +00:00
Luke Taylor 0a50cd67ce Tidied up logic for setting token repository in RememberMeBeanDefinitionParser. Plus some tinkering with attributes in rnc file. 2007-11-07 13:29:15 +00:00
Luke Taylor 9fa32bac7c SEC-578: Set FilterInvocationDefinitionSource field in FilterChainProxy to null after it has been converted to a map of paths->filters. 2007-11-06 23:58:56 +00:00
Luke Taylor 9f2bc9a842 SEC-582: Namespace configuration implementation for remember-me support. 2007-11-06 23:20:25 +00:00
Luke Taylor b868143fb1 Make sure "start" is called even if working directory is already set. 2007-11-06 22:18:13 +00:00
Luke Taylor 7ad8e2acf0 SEC-591: Removed default NullRememberMeServices in RememberMeProcessingFilter 2007-11-06 21:43:37 +00:00
Luke Taylor 4c44bd782f SEC-588: Added extra tests to check cookie values. 2007-11-04 12:07:49 +00:00
Luke Taylor 55b1f9348d SEC-588: PersistentTokenBasedRememberMeServices implementation. 2007-11-03 22:11:26 +00:00
Luke Taylor 8b199d38ed Refactored autoLogin method to reduce nesting of conditionals and loops. 2007-10-30 21:09:47 +00:00
Luke Taylor d7b6ca281a Removed unused "autodetect" method. 2007-10-27 11:50:38 +00:00
Luke Taylor 43fc8e2660 Added Id keyword for all java files 2007-10-27 00:45:30 +00:00
Luke Taylor d3b165749f SEC-583: Implementation of namespace config for concurrent session support.
Also some minor adjustments to ordering of different http features in schema.
2007-10-27 00:28:24 +00:00
Luke Taylor 334d55b12e Tidying. 2007-10-27 00:26:25 +00:00
Luke Taylor 685d74d81b FilterSecurityInterceptor is now configured through ConfigUtils, rather than by autowiring. 2007-10-27 00:25:59 +00:00
Luke Taylor 0185dc5a90 Moved registration of ProviderManager bean to ConfigUtils. 2007-10-27 00:24:16 +00:00
Luke Taylor 06ce4b79e9 SEC-584: Remove use of default SessionRegistryImpl. 2007-10-27 00:23:21 +00:00
Luke Taylor 0cdac4912a Changed to use a BeanReference when creating default login page to prevent duplication of filter bean. 2007-10-27 00:20:55 +00:00
Luke Taylor 3d9ea49d19 SEC-585: Made expiredUrl optional.
Also implemented Ordered interface for use in namespace configuration.
2007-10-26 23:32:40 +00:00
Luke Taylor 55ef50a4df Added checking of path ordering to FilterChainProxy to detect misplaced universal match ("/**"). 2007-10-26 13:51:32 +00:00
Luke Taylor 1bcb62af2e Remove use of autoconfig, as it was really just a conveniece for creating default access and authentication managers. 2007-10-26 13:05:31 +00:00
Luke Taylor 700de0d388 Tidying. 2007-10-25 15:07:15 +00:00
Luke Taylor 03e285c31d Moved responsability for creating AuthenticationManager into AuthenticationProviderBeanDefinitionParser. Tidied up SecrityNamespaceHandler. 2007-10-25 14:21:45 +00:00
Luke Taylor 3927ba9ed0 SEC-578: Removed additional FilterChainMap reference. 2007-10-25 13:40:51 +00:00
Luke Taylor 7ef57c67ed SEC-578: Removed FilterChainMap class 2007-10-25 11:51:51 +00:00
Luke Taylor fb72fa82de Changed comment to remove reference to FilterChainMap. 2007-10-22 23:56:01 +00:00
Luke Taylor acf3966651 SEC-578: Refactored to remove FilterChainMap and use a LinkedHashMap instead to maintain the path ordering. Also made use of Springs ManagedList and ManagedMap to preform resolution of bean names to Filter objects at runtime, replacing the unnecessary bean which was performing this task for the filter lists. 2007-10-22 23:52:29 +00:00
Luke Taylor b9cfae5903 Exception for flagging errors in namespace config. 2007-10-20 23:18:41 +00:00
Luke Taylor 2d3d5ceb8d Tidying. 2007-10-20 23:17:56 +00:00
Luke Taylor cffd3131f0 Added building of filter chain in post-processing, support for basic authentication and automatic generation of login page, if no loginUrl supplied. 2007-10-20 23:17:01 +00:00
Luke Taylor f0d8db5ce6 Store the default order values of security filters. 2007-10-20 23:12:41 +00:00
Luke Taylor 7afa99a21a Security filter base class. 2007-10-20 23:10:53 +00:00
Luke Taylor a6a372a5ab SEC-568: Added the decorated for filter-chain-map to the namespace handler registry. 2007-10-20 23:10:28 +00:00
Luke Taylor 2b14d2da98 Make Spring Security filters implement the Ordered interface, for use when post-processing the application context 2007-10-20 23:09:23 +00:00
Luke Taylor 9b8c06e9f6 SEC-568: Introduced FilterChainMap as a simpler option for configuring FilterChainProxy and introduced a namespace-based for configuring it. The Url pattern matching is factored out into a separate strategy with ant and regex versions. 2007-10-20 23:05:03 +00:00
Luke Taylor d6fe97de43 Latest updates to namespace configuration. 2007-10-20 22:58:59 +00:00
Luke Taylor 28d04c1759 Removed unnecessary casts, corrected incomplete comment and reformatted code. 2007-10-19 11:53:26 +00:00
Luke Taylor 380b22f50d Removed unused autodetect method and reformatted code. 2007-10-18 16:50:31 +00:00
Luke Taylor c51bcd9c1f Changed method protection config to make it compatible with MethodDefinitionMap for the time being. 2007-10-14 14:29:15 +00:00
Luke Taylor a4b522351f Added "unprotected" method for tests 2007-10-14 14:15:51 +00:00
Luke Taylor 0b54eece28 Added code to set the manager username and password if supplied. 2007-10-13 21:20:19 +00:00
Luke Taylor 3d0f3302dc RNC file used for convenience to generate the namespace xsd schema file. 2007-10-13 16:27:14 +00:00
Luke Taylor 0f4cdf345d Intermediate checkin of experimental namespace config work (additional parser files). 2007-10-13 16:26:08 +00:00
Luke Taylor 627b0b38ad Intermediate checkin of experimental namespace config work. 2007-10-13 16:24:24 +00:00
Luke Taylor 98f6111d06 Corrected wrong error message in ProviderManager. 2007-10-13 12:15:13 +00:00
Luke Taylor e561b87987 Switched testOperation method to use unicode escaped characters. 2007-10-13 11:40:16 +00:00
Luke Taylor 75bc838ae8 Switched testOperation method to use French locale to prevent use of default machine locales such as Chinese (see previous commit sg). 2007-10-11 16:18:28 +00:00
Luke Taylor 0a214e4930 Removed locale-specific message value assertions which will cause tests to fail if run with a different standard locale for which we have a message file (e.g. Chinese). 2007-10-11 15:23:01 +00:00
Luke Taylor 92bc57eefd Switch test to use a specific locale for which we have a message file (french). The default ResourceBundle behaviour is to attempt to load the platform locale if the specified one isn't found before using the default. We don't have a messages_en.properties file, hence trying to use "en" locale on a Chinese computer will result in Chinese messages being used (and test failing). 2007-10-11 15:16:06 +00:00
Luke Taylor 650a5467e8 Renamed ApacheDSStartStopBean to ApacheDSContainer and implemented LifeCycle interface. 2007-10-03 18:09:53 +00:00
Luke Taylor 3f2b9cd6fb SEC-562: More changes of Acegi name in comments, docs etc. 2007-10-03 14:02:39 +00:00
Luke Taylor 9dbeda1c85 Corrected out of date comments referring to SecurityEnforcementFilter etc. 2007-10-03 11:13:40 +00:00
Luke Taylor 87ddc63f73 Format to correct spacing. 2007-10-02 16:13:55 +00:00
Luke Taylor 6fbf73e74f Added explicit dependency override on mina 1.0.5 to get round this problem:
http://issues.apache.org/jira/browse/DIRMINA-366 

when using apache DS embedded. It causes failures on linux, but not on OS X.
2007-10-02 16:13:06 +00:00
Luke Taylor 438dc44004 Minor changes to improve robustess of LDAP tests. 2007-10-02 14:50:08 +00:00
Luke Taylor 5a3f5fcd78 Minor changes to improve robustess of LDAP tests. 2007-10-02 14:49:08 +00:00
Luke Taylor a4266f3fb8 Minor imrovements to configuration of embedded apache server. 2007-10-02 14:20:27 +00:00
Luke Taylor acb02246e0 Refactored embedded LDAP server tests to make use of new namespace configuration. Use Junit 4 annotations in preference to AbstractDependencyInjectionSpringContextTests so that it is possible to clear up the context after each class is run rather than at JVM shutdown (causes problems with running embedded apache DS). 2007-10-02 10:52:06 +00:00
Luke Taylor 77b6503e2e SEC-271: Added namespace handler class and experimental LDAP parser. The latter creates an embedded Apache DS server if no server URL is supplied, so changed dependencies on the latter to compile-time/optional. 2007-10-02 10:46:38 +00:00
Luke Taylor 5066fc5e39 SEC-562: Changed urls for login, logout, switch user etc. 2007-09-24 15:39:51 +00:00
Luke Taylor eacbc71ba1 Switch ldap server port to 3999 (intermittent test failures occurring). 2007-09-23 20:57:01 +00:00
Luke Taylor 18c8ba4ac2 SEC-562: Changing constants and key names. 2007-09-23 11:16:01 +00:00
Luke Taylor 757b153430 SEC-562: Repackaging adapters module. 2007-09-22 11:54:13 +00:00
Luke Taylor 5a586c04a9 SEC-562: Repackaging core. 2007-09-21 18:18:21 +00:00
Luke Taylor 274658f9b0 SEC-272: Added group tables to test DB. 2007-09-21 15:51:36 +00:00
Luke Taylor d19fe54c01 Renamed test class to match target (JdbcDaoImpl). 2007-09-21 15:50:23 +00:00
Luke Taylor 400a3b90f0 SEC-232: Additional updates to hierachical roles code from contributor. 2007-09-19 22:10:31 +00:00
Luke Taylor eb0307bcd9 SEC-557: Reinstate use of default AccessDeniedHandlerImpl for the time being (2.0 branch). 2007-09-19 16:49:18 +00:00
Luke Taylor 477dc308f8 SEC-413: Consistent redirect behaviour between LogoutFilter and AbstractProcessingFilter. (previous commit of AbstractProcessingFilter has an erroneous message). 2007-09-19 16:27:23 +00:00
Luke Taylor 7139cbafbb Removed assertions on response buffer size. 2007-09-19 16:25:31 +00:00
Luke Taylor dde3803532 Removed assertions on response buffer size. 2007-09-19 16:24:20 +00:00
Luke Taylor 03beaf0777 SEC-448: MD4 password encode implementation. 2007-09-19 15:28:57 +00:00
Luke Taylor 2ef2bfc514 SEC-561: Removed setting of respose buffer size prior to redirect. 2007-09-19 15:17:29 +00:00
Luke Taylor 809c962d3b Corrected method name in comment. 2007-09-19 15:04:30 +00:00
Luke Taylor 0288204432 SEC-369: Made spring-jdbc and spring-remoting optional dependencies in core. Removed explicit commons-lang dependency and updated commons logging to 1.1. 2007-09-19 00:23:33 +00:00
Luke Taylor fdd3dfc51f Remove explicit commons-lang dependency. 2007-09-19 00:17:04 +00:00
Luke Taylor 2f03000b68 SEC-232: Add role hierarchy contribution. 2007-09-17 22:37:39 +00:00
Luke Taylor 1a4b32e50e Remove unused import. 2007-09-17 22:17:42 +00:00
Luke Taylor e872823490 SEC-559: Throw an initialization exception if configured truststore file doesn't exist. 2007-09-17 21:29:40 +00:00
Luke Taylor 96eb11aadc SEC-399: Add support for invalidating the existing session on successful authentication. 2007-09-17 15:54:07 +00:00
Luke Taylor 0efa5c3090 SEC-458: implementy hashCode() in PrincipalSid and GrantedAuthoritySid. 2007-09-17 13:10:17 +00:00
Luke Taylor d79d55c8b6 SEC-8: Changes to LDAP authenticator API to take an authentication object rather than username/password. 2007-09-17 12:28:07 +00:00
Luke Taylor c7354c125a SEC-417: Fix. Remove hard-coded messages from JdbcDaoImpl to allow internationalized versions for "user not found" etc. 2007-09-16 22:20:08 +00:00
Luke Taylor 8a35f7da75 SEC-558: Combine user mapping implementations into a single interface and make more use of DirContextOperations in SS LDAP APIs. 2007-09-16 18:56:00 +00:00
Luke Taylor 56deb3dd83 SEC-549: Trim whitespace from username submitted with login form. 2007-09-14 14:25:21 +00:00
Luke Taylor 8398e940cf SEC-449: Corrected comment. 2007-09-14 14:18:54 +00:00
Luke Taylor fdbcbec9d8 SEC-449: Reamed template test class to match tested class. Added test method for case when no attribute value is found. 2007-09-14 14:17:30 +00:00
Luke Taylor 223a597208 SEC-449: Changed role searching to use parent spring ldap template search method. 2007-09-14 14:16:28 +00:00
Luke Taylor b7d9466f99 SEC-449: Remoned unnecessary declaration of ContextMapper interface. 2007-09-14 14:12:32 +00:00
Luke Taylor 97ef5f389f SEC-449: Remoned unnecessary declaration of ContextMapper interface. 2007-09-14 14:11:57 +00:00
Luke Taylor d208cf3824 SEC-449: Make LdapUserDetailsMapper a pure ContextMapper so it can be used with LdapTemplate. 2007-09-13 20:42:50 +00:00
Luke Taylor 6d8f92e1b8 Allow an ldif file to be set in the configuration and loaded on initialization. 2007-09-13 20:40:49 +00:00
Luke Taylor ae40919d13 Tidying up class. 2007-09-12 19:55:52 +00:00
Luke Taylor c0f5230667 SEC-302: Add rolePrefix property to SecurityContextHolderAwareRequestFilter. 2007-09-11 17:29:47 +00:00
Luke Taylor 6a6bafa219 Make sure test classes which are setting the context clear it in their tearDown methods. 2007-09-11 14:13:50 +00:00
Luke Taylor c56b8c4117 SEC-471: Allow names of username and password parameters to be customized in AuthenticationProcessingFilter. 2007-09-11 12:12:14 +00:00
Luke Taylor 3326525b65 SEC-368: Tidied up captcha spelling. 2007-09-11 11:16:07 +00:00
Luke Taylor dd2a46c7ca SEC-368: Tidied up captcha spelling. 2007-09-11 11:11:05 +00:00
Luke Taylor c91400b03b Corrected scm sections of core and parent poms. 2007-09-10 23:18:43 +00:00
Luke Taylor 448e8cfb42 SEC-551: Convert RegExpBasedFilterInvocationDefinitionMap and DaoX509AuthoritiesPopulator to use JDK regexps. Removed ORO dependency from the project. 2007-09-10 23:09:36 +00:00
Luke Taylor 6eb17c8546 SEC-513: Ldap user manager implementation classes changed to use new spring ldap apis. 2007-09-10 21:13:45 +00:00
Luke Taylor afaa169e97 SEC-449: Test data ldif file for ApacheDS. 2007-09-10 21:09:59 +00:00
Luke Taylor 0503c3e1ab SEC-449: Refactoring towards more use of Spring LDAP. Also borrowed the Spring LDAP integration testing setup which is much better and makes use of the full LDAP stack. There were still problems with using Apache DS's CoreContextFactory (e.g. compare operations) so it is an improvement on that front too. Moved spring ldap to 1.2-RC1 version. 2007-09-10 21:09:02 +00:00
Scott Battaglia f7815e8da2 SEC-520
added parameter to determine whether to encode the session id or not and an explanation on when it should/should not be used.
2007-09-10 15:11:56 +00:00
Luke Taylor e7ede68352 Update ldap test base class to use LdapContext by default. 2007-09-07 20:52:03 +00:00
Luke Taylor ff1f1d8ef5 SEC-449: Rename internal LdapTemplate class to SpringSecurityLdapTemplate to avoid confusion. 2007-09-07 20:49:38 +00:00
Luke Taylor f178ca2a39 Updated trunk poms to 2.0-SNAPSHOT version 2007-09-07 20:14:55 +00:00
Luke Taylor 70239a9769 SEC-513: First check in of user management stuff. 2007-09-07 20:01:46 +00:00
Luke Taylor 9b71b5aa00 SEC-449: Mostly changes to aid moving towards compatibility with spring-ldap. 2007-09-07 19:55:45 +00:00
Luke Taylor 8d4b97f685 Updated poms post-release 1.0.5 2007-09-06 02:52:09 +00:00
Luke Taylor c8b6111418 Release 1.0.5. 2007-09-06 01:52:53 +00:00
Luke Taylor 3de8745494 Commented out (another) failing captcha test whose behaviour varies with speed of the build server (makes assumptions about the interval within which certain lines of code are executed). 2007-09-04 01:06:58 +00:00
Luke Taylor 6289503643 Commented out failing captcha test whose behaviour varies with speed of the build server (makes assumptions about the interval within which certain lines of code are executed). 2007-09-03 23:33:13 +00:00
Luke Taylor 34527c3305 Changed spring version to 1.2.9 and modified dependencies to get build to work with this version. Corrected some javadoc links. 2007-09-03 15:47:39 +00:00
Luke Taylor 15ee5b2364 SEC-540,SEC-541: Changes for maven 2 site generation and use of docbkx. 2007-09-02 13:22:24 +00:00
Luke Taylor 4e452046ec Comment out System.out.println 2007-09-01 14:59:41 +00:00
Ray Krueger edd7bbeceb Removed repeated downcasting of ServletRequest and ServletResponse 2007-09-01 14:43:09 +00:00
Luke Taylor b2799985f2 SEC-398: Added patch which uses response wrapper to set context in session on redirect or error. 2007-08-31 20:39:33 +00:00
Luke Taylor 219b865c01 SEC-544: Added German localization messages from Andreas Senft. 2007-08-31 12:15:13 +00:00
Luke Taylor c021bf4682 SEC-542: Made SessionInformation serializable. Also remove unused default constructor. 2007-08-30 21:38:07 +00:00
Luke Taylor 0adf0d6f1c SEC-529: Added French translation of messages from Laurent Pireyn 2007-08-30 21:27:49 +00:00
Luke Taylor bc411c7c3b SEC-457: Added Czech translation of messages from Jan Novotný 2007-08-30 21:20:19 +00:00
Luke Taylor ea61964f56 SEC-483: Fix. Make getGroupSearchBase protected. 2007-08-30 21:15:14 +00:00
Luke Taylor 0c4916ee98 SEC-427: Fix. Added NullAuthoritiesPopulator and extra constructor. 2007-08-30 21:12:16 +00:00
Luke Taylor 301626fd6e SEC-346: Fix. Added suggested change. Also some minor tidying up of comments etc. 2007-08-30 20:55:49 +00:00
Luke Taylor 2e8d16c538 SEC-484: Multithreaded tests for SessionRegistryImpl. 2007-08-30 19:26:24 +00:00
Luke Taylor ad43d433b4 SEC-484: Fix for NPE concurreny issue. Also reinstated synchronized on registerNewSession (had removed it for testing). 2007-08-30 19:04:18 +00:00
Luke Taylor aa4ee54f86 Added logging to SessionRegistryImpl. 2007-08-30 18:22:40 +00:00
Luke Taylor 7fcdd4a6ff More tidying... 2007-08-30 11:31:36 +00:00
Luke Taylor 510cd5050f Tidied up SessionRegistryImpl and rolled back reformatting of its test class to incorrect width. 2007-08-30 11:21:28 +00:00
Luke Taylor 5f993e5627 SEC-534: Refactored JaasAuthenticationProvider to use ApplicationPublisherAware rather than ApplicationContextAware. 2007-08-29 11:51:02 +00:00
Luke Taylor 1467527c0a SEC-538: Deleted maven 1 files. 2007-08-29 11:00:28 +00:00
Luke Taylor 5b7ed79b6a SEC-539: Reformatted "divider" comments (//~ Methods=== etc). Simplified boolean expression in afterPropertiesSet. 2007-08-28 23:19:06 +00:00
Luke Taylor d7cef1ba31 SEC-539: Moved SecurityContextHolder.setContext() call into the try {} block to emphasize that it is only set for the duration of chain.doFilter() and immediately cleared afterwards. Changed the debug messages about setting the context, since it has not strictly taken place when they are logged. 2007-08-28 23:11:58 +00:00
Luke Taylor 47c5a6d43f SEC-539: Renamed extractSecurityContextFromSession to readSecurityContextFromSession to emphasize that it doesn't actually modify anything (the context is still stored in the session). 2007-08-28 22:43:13 +00:00
Luke Taylor f7a6129657 SEC-539: Removed unnecessary check for a null request object. Removed unnecessary catch/rethrow of IOException and ServletException from try/finally around chain.doFilter. 2007-08-28 22:40:56 +00:00
Luke Taylor d1be9f9980 SEC-539: Refactored so that SecurityContextHolder.setContext() is called in exactly one place. Moved setting of httpSession = null to point immediately after its last use. 2007-08-28 22:38:55 +00:00
Luke Taylor 3dd0716611 SEC-539: Altered storeSecurityContextInSession to take the SecurityContext as a parameter rather than calling SecurityContextHolder.getContext(). This allows SecurityContextHolder.clearContext() to be called immediately after reading the context in the finally block of doFilter(). 2007-08-28 21:58:30 +00:00
Luke Taylor fa63d8ecfb SEC-539: Refactored if (httpSession == null) block in storeSecurityContextInSession() 2007-08-28 21:25:17 +00:00
Luke Taylor ce3eb599ed SEC-539: Renamed populateSecurityContextFromSession to extractSecurityContextFromSession and removed the side-effect of setting SecurityContextHolder. It now returns the context found in the session (or null) and SecurityContextHolder.setContext() is called in a single place in doFilter(). 2007-08-28 21:11:48 +00:00
Luke Taylor ba88214d1d SEC-539: Refactored populateSecurityContextFromSession() to reduce nested blocks and clarify logic. 2007-08-28 20:16:19 +00:00
Luke Taylor 27ef2caf45 SEC-539: Removed filterApplied boolean. 2007-08-28 19:56:33 +00:00
Luke Taylor e8d11f28f2 SEC-539: Extracted storeSecurityContextInSession() method. 2007-08-28 19:54:24 +00:00
Luke Taylor bcf69cbe3d SEC-539: Extracted populateSecurityContextFromSession() method. 2007-08-28 19:16:37 +00:00
Luke Taylor 6651a240de Replaced massive if/else with guard clause to reduce nesting. Moved declaration of filterApplied boolean to where it is actually set. It is only used when removing the attribute from the request at the end of the invocation, so should probably not be needed at all. request.removeAttribute() can be called regardless of whether the attribute is set or not. 2007-08-28 18:26:04 +00:00
Luke Taylor 6fe00b3433 SEC-501: Fix. Convert secure url paths to lower case if convertUrlToLowercaseBeforeComparison is true.
Also removed unnecessary assertions from PathBasedFilterDefinitionMapTests.
2007-08-28 16:53:05 +00:00
Luke Taylor 4ba77fa736 SEC-450: Added group subtree to LDAP test server and extra tests for DefaultLdapAuthoritiesPopulator to make sure searchSubtree parameter works as expected. 2007-08-28 15:26:59 +00:00
Luke Taylor e189bc685f SEC-408: Fix. Provide getter for filterProcessesUrl. 2007-08-28 11:37:05 +00:00
Luke Taylor c8077c5e87 SEC-506: Fix as suggested by reporter. Split the disgest header string ignoring separating commas which occur between quotes. 2007-08-28 00:31:30 +00:00
Luke Taylor 3f123e1478 SEC-518: Fix. "Cache" in EhCache is a class, so change the APIs to use the interface it implements (Ehcache). 2007-08-27 23:41:59 +00:00
Luke Taylor 87d6b8dedd SEC-412: Fix. Added extra constructor to UsernameNotFoundException allow use of extraInformation property of parent class. 2007-08-27 23:22:48 +00:00
Luke Taylor dda88e3931 SEC-502: Fix. Use a Map instead of HashMap in the API. Also some minor tidying of test class. 2007-08-27 17:21:16 +00:00
Luke Taylor 57f3d268a1 SEC-519: Fix. Changed notNull() assertion for "key" parameter to hasText() to prevent the use of empty keys. 2007-08-27 17:17:25 +00:00
Luke Taylor 1c72b7989e Fix for SEC-522. Strip query parameters from logout URL before doing comparison with filterProcessesUrl. 2007-08-27 17:14:23 +00:00
Luke Taylor 82599a72ba Reformatted LogoutFilter. 2007-08-27 16:56:33 +00:00
Luke Taylor f8689b18b2 SEC-526: Fixed. Support for different case prefixes ({SHA}, {sha} etc). 2007-08-27 16:23:14 +00:00
Luke Taylor 0425d3b638 Rolled back unnecessary changes (whitespace, imports etc) for SEC-398 to make actual change from revision 1858 clearer. 2007-08-27 13:29:39 +00:00
Ben Alex db3024f9a4 SEC-271: Revert Ordered and ApplicationContextAware usage at this time, due to release of 1.0.. 2007-08-25 00:15:30 +00:00
Vishal Puri 2b4d8a6378 Removed print statement 2007-08-22 04:48:04 +00:00
Luke Taylor 3fbc7beb88 SEC-251: Document use of {1} parameter in javadoc for DefaultLdapAuthoritiesPopulator. 2007-08-17 15:45:57 +00:00
Vishal Puri bc30b903f8 SEC-398: Lazy update of 'filterApplied' to true 2007-07-25 05:34:40 +00:00
Luke Taylor a499e74102 SEC-449: Add spring-ldap dependency to pom.xml. 2007-07-24 17:23:47 +00:00
Luke Taylor b646a06443 Fix for SEC-512. Removed unnecessary context creation. 2007-07-24 17:01:36 +00:00
Luke Taylor aea1148ffb Fix broken test caused by null application context in AbtractAccessDecisionManager when auto-detection of voters is called. 2007-07-24 16:48:49 +00:00
Vishal Puri c5cc42e16c made two instance variables protected for RBA solution 2007-07-23 07:59:28 +00:00
Vishal Puri 5ea8232f84 SEC-484: fixed concurrency issue 2007-07-23 07:58:31 +00:00
Vishal Puri 0e46e5307c SEC-271: added Ordered interface to AcessDecisionVoters 2007-07-06 13:34:43 +00:00
Vishal Puri ef38844a6d Improved comments and made TokenBasedRememberMeServices modular to support subclasses 2007-06-27 08:33:37 +00:00
Ray Krueger 0159b617cf Refactored the failureUrl lookup into a protected method to allow customization 2007-06-19 13:09:57 +00:00
Vishal Puri b2c30277f4 SEC-271: work on security:autoconfig 2007-06-19 04:08:19 +00:00
Carlos Sanchez 165d2c0122 [maven-release-plugin] prepare for next development iteration 2007-06-02 21:28:53 +00:00
Carlos Sanchez 942b5d7345 [maven-release-plugin] prepare release acegi-security-1.0.4-maven2 2007-06-02 21:21:51 +00:00
Ben Alex 4561c3a1f1 Remove unused imports that were causing warnings. 2007-05-25 05:33:06 +00:00
Ben Alex e252f4a497 Make compatible with Assert static class in Spring 1.2.9. 2007-05-25 05:32:32 +00:00
Vishal Puri 5b97b3458c utility class added required to copy ordering information from one object to another 2007-05-25 03:25:28 +00:00
Ben Alex 10bf40fc03 SEC-472: Provide support for subclasses to select the login form URL to use for a given request. 2007-05-25 03:21:17 +00:00
Vishal Puri b30162191e SEC-271: Moved spring security namespaces cnfig code to sandbox 2007-05-25 03:17:12 +00:00
Ben Alex a8b402462e SEC-470: Provide flexibility to customize cookie name. 2007-05-25 03:12:49 +00:00
Ben Alex 24b31c0c57 SEC-443: Provide useRelativeContext property. 2007-05-25 02:55:25 +00:00
Ben Alex c8d5374602 SEC-436: Add hashCode() methods. 2007-05-25 02:28:40 +00:00
Ben Alex 95735017e6 SEC-421: MutableAcl.setParent(MutableAcl) method to accept Acl parameter, not MutableAcl. 2007-05-25 02:22:18 +00:00
Ben Alex d0d645788a SEC-405: Extract out target URL determination method. 2007-05-25 02:07:44 +00:00
Ben Alex 998fc938df SEC-403: Add support for Chinese. 2007-05-25 02:04:44 +00:00
Ben Alex 296d235135 SEC-343: Make obtainAllDefinedFilters() protected. 2007-05-25 02:03:12 +00:00
Ben Alex 1fa89e99c4 SEC-307: Preserve result of AuthenticationManager.authenticate(Authentication). 2007-05-25 02:00:37 +00:00
Ben Alex 3b9a8dc53e SEC-444: Handle synchronization issues if multiple authentications taking place for same session ID concurrently. 2007-05-25 01:38:42 +00:00
Ben Alex 4f13db5552 SEC-398: Delay sending of redirect until after HttpSession updated with revised SecurityContextHolder contents. 2007-05-25 01:24:07 +00:00
Vishal Puri 4c6d132ead SEC-411: fixed broken unit tests as a consequence of adding anoter constructor argument 2007-05-24 23:35:01 +00:00
Vishal Puri 220ba29fc6 SEC-411: another constructor argument added as required in SecurityContextHolderAwareRequestWrapper 2007-05-24 23:20:40 +00:00
Ben Alex 0736f4ffa0 SEC-305: Retain SecurityContext when rendering error pages. 2007-05-24 02:04:47 +00:00
Ben Alex 6ea8899134 2007-05-24 00:47:12 +00:00
Ben Alex 5b3c633790 SEC-451: Correctly handle an empty context path. 2007-05-24 00:18:09 +00:00
Ben Alex c8c37c8935 SEC-439: Do not modify the object (ie replace it with null) unless the provider is supposed to fire according to the processDomainObjectClass property. 2007-05-23 07:04:22 +00:00
Ben Alex a3c992113e SEC-459: Provide local argument to the message source accessor. 2007-05-23 06:57:07 +00:00
Ben Alex a18bd9100c SEC-474: Gracefully abort if username and password non-retrievable. 2007-05-23 06:48:42 +00:00
Ben Alex f45c0944ef SEC-478: Handle incorrect Base64 cookie encoding. 2007-05-23 06:45:45 +00:00
Ben Alex 5b8898c750 SEC-298: Ensure returned cookies have a maximum age equal to the TokenBasedRememberMeServices.tokenValiditySeconds property. 2007-05-23 06:43:47 +00:00
Ben Alex ac3b142e4f SEC-438: Made afterPropertiesSet() use instance variable instead of static variable. 2007-05-23 06:35:03 +00:00
Ben Alex 72a7d06ad1 SEC-476: Provide support for not logging interactive authentication events. 2007-05-23 06:31:32 +00:00
Ben Alex f7e714b9da Maven 2 polishing. 2007-05-23 04:20:54 +00:00
Vishal Puri 3f7e00c796 SEC-271: removed autowiring by type and explicity introspected the applicationContext to detect the required dependencies of userDetailsService 2007-05-18 03:21:21 +00:00
Vishal Puri e3435da9ae SEC-271: removed autowiring by type and explicity introspected the applicationContext to detect the required dependencies of userDetailsService 2007-05-18 03:20:28 +00:00
Vishal Puri a934f82af4 SEC-271: Fixed IllegalStateException being thrown by LogoutHandlerOrdereResolver and add an assert statement in the unit test 2007-05-17 13:42:51 +00:00
Vishal Puri a01bb3bbee Added more bean definition parsers 2007-05-17 12:57:16 +00:00
Vishal Puri 1a06723404 fixed broken test in build 47 2007-05-17 12:49:58 +00:00
Vishal Puri 3eb9870162 SEC-271: Added more security elements 2007-05-17 12:30:36 +00:00
Vishal Puri 26b0d4d1cb SEC-271: uncommented copy of resources in META-INF directory 2007-05-17 12:23:07 +00:00
Vishal Puri e43439ba44 implemented Ordered interface 2007-05-17 12:21:02 +00:00
Vishal Puri 001dc0b1d9 SEC-271: implemented Orderd interface in all the entrypoints 2007-05-17 12:20:16 +00:00
Ray Krueger 8b1cc05518 Updated Assertion message 2007-05-17 03:18:35 +00:00
Vishal Puri 84a3c87ea4 SEC-271: Replaced Java 5 specific code with pre Java 5 2007-05-17 03:04:07 +00:00
Vishal Puri e67bff61a0 Explicity specified version 2.3 for surefire-plugin 2007-05-17 01:14:07 +00:00
Vishal Puri 74123cd234 Replace resource property with location for PropertyFactoryBean 2007-05-16 00:31:31 +00:00
Vishal Puri ee2eac5a51 SEC-271: added LogoutFilterBeanDefinitionParserTests 2007-05-15 13:54:43 +00:00
Vishal Puri 1203e9858a SEC-271: Added BeanDefitnitionParser for principal-repository, extended security schema and added unit tests 2007-05-15 13:32:06 +00:00
Vishal Puri 51f306a19a SEC-271: Added more BeanDefinitionParsers and extend spring-security.xsd to have more elements 2007-05-15 13:26:05 +00:00
Vishal Puri ced5cb4f85 added new security element in the spring-security schema and wrote a parser for the element 2007-05-13 13:33:33 +00:00
Vishal Puri e73421d7b2 Spring version upgrade to 2.0.4, changed svn urls in project.xml and poms 2007-05-13 12:30:53 +00:00
Vishal Puri 9794c518d6 SEC-271: Spring 2-based configuration simplification of Acegi Security 2007-05-11 00:09:56 +00:00
Vishal Puri 566314dae5 SEC-271: Spring 2-based configuration simplification of Acegi Security 2007-05-10 02:32:30 +00:00
Vishal Puri 09fd79bc64 SEC-419: Added the right logger class in CollectionFilterer 2007-05-10 02:25:15 +00:00
Vishal Puri 82f215700b changed svn url to https://acegisecurity.svn..... 2007-05-10 02:11:54 +00:00
Vishal Puri 62c832e366 SEC-423: Fixed IllegalArguemntException being thrown by checking for null contextFromSessionObject 2007-04-27 07:35:11 +00:00
Vishal Puri c2d1405f44 SEC-357: Added testIfSwitchUserWithNullUsernameThrowsException 2007-04-24 06:35:15 +00:00
Ray Krueger fe0c99c816 Fixed http://opensource.atlassian.com/projects/spring/browse/SEC-445
Import servlet-api 2.4 in order to bring in the correct PageContext class
2007-04-23 18:25:01 +00:00
Luke Taylor 6bfff55da3 Corrected Javadoc for setRejectPublicInvocations (s/true/false) and tidied up code for validation of attributes 2007-03-30 18:27:19 +00:00
Luke Taylor 993f7e4af0 Refactored to pull "public invocation" behaviour (attr==null) into a single guard clause. 2007-03-30 18:02:08 +00:00
Luke Taylor 6e5f5e15ad Refactored to introduce constants for number of ops and number of threads for tuning. 2007-03-10 21:34:53 +00:00
Luke Taylor fabca162a7 Added a customized checkstyle configuration file to tame the Maven 2 checkstyle report to the extent that it gives some useful infomation. Tidied up comments, excessively long lines, use of tabs etc. to match. 2007-02-24 21:00:24 +00:00
Luke Taylor bd2d4b013a Extracted a method to evaluate the conditions for whether basic authentication is required. 2007-02-23 19:21:44 +00:00
Luke Taylor a1886bd1e0 Made string constant RECIPIENT_FOR_CACHE_EMPTY final. 2007-02-22 23:57:49 +00:00
Luke Taylor b8a0f97fde Removed irrelevant CAS stuff from equalsWhenEqual test. 2007-02-22 23:29:01 +00:00
Luke Taylor 25bc67885d Uncommented tests which now work due to apache-ds bugfixes 2007-02-06 18:21:31 +00:00
Luke Taylor 0d9cae43bf Corrected mistake in reading java.io.tmpdir. 2007-02-06 18:20:14 +00:00
Luke Taylor 5464678355 Pass apache-ds temp working directory as a system property through the surefire plugin. 2007-02-06 18:18:14 +00:00
Luke Taylor 8b98a9d27c Added code to delete the previous contents of the ldap test server working directory as these aren't always compatible if the apache-ds version has changed. 2007-02-05 00:35:42 +00:00
Luke Taylor 1686fd0bd2 Updated ldap tests to apache directory 1.0.0 release version. 2007-02-04 20:06:36 +00:00
Ben Alex e169e63e1b SEC-404: Correct previous SEC-404 commit. 2007-01-02 23:36:38 +00:00
Ben Alex 3f62a5c868 SEC-404: NPE when logging out if user not already logged in. 2006-12-28 21:23:35 +00:00
Luke Taylor 93509dc999 Reformatted X.509 certificate in comment. 2006-11-29 01:40:14 +00:00
Luke Taylor 6a440f816c removed monkeymachine.co.uk email addresses. 2006-11-28 21:37:37 +00:00
Ben Alex 1805ab8ec4 SEC-401: internalMethod handling fixes, plus correct issue with startsWith(String) usage. 2006-11-26 04:47:43 +00:00
Ben Alex e79a28875f SEC-400: Clarify exception if getter returns null. 2006-11-26 03:24:11 +00:00
Ray Krueger 1a486e584b HttpSessionEventPublisher need not implement ServletContextListener any longer 2006-11-20 19:35:11 +00:00
Ray Krueger 74e8efc4e9 Fixed SEC-395 2006-11-20 19:09:45 +00:00
Ben Alex 6fe569556c Use type in same module (Maven requirement). 2006-11-17 03:18:07 +00:00
Ben Alex 197a011ac5 Relocate resource files to comply with Maven directory conventions. 2006-11-17 03:06:30 +00:00
Ben Alex 1081c267d9 SEC-239: New ACL module. 2006-11-17 02:03:23 +00:00
Ben Alex 9f512c384e SEC-239: New ACL module. 2006-11-17 02:01:21 +00:00
Ben Alex 2984913051 SEC-393: More elegantly deal with setProviders(List) type safety enforcement. 2006-11-16 02:15:43 +00:00
Carlos Sanchez 5e819af782 SEC-388: Upgrade other Spring dependencies to 1.2.8. 2006-11-15 22:54:54 +00:00
Ben Alex 1b4a098760 SEC-354: Add label-based voter. 2006-11-14 22:07:36 +00:00
Ben Alex 4d166a6867 SEC-333: Error in last commit, should default to regexp processor, not Ant Path processor, in the case of empty or null strings. 2006-11-14 21:52:51 +00:00
Ben Alex 780130d0f3 SEC-333: Eliminate dependecy on ORO when Ant Paths being used instead of Regular Expressions. 2006-11-14 20:55:24 +00:00
Ben Alex 775840a565 SEC-374: Allow GrantedAuthority[]s assigned to switched user identity to be filtered. 2006-11-14 05:49:56 +00:00
Ben Alex f5ce0250b4 SEC-310: Add AbstractProcessingFilter.getAuthenticationDetailsSource(). 2006-11-14 03:30:04 +00:00
Ben Alex 8dda52eeaa SEC-322: Workaround bug in WebSphere. 2006-11-14 02:21:27 +00:00
Ben Alex 5640eb0511 SEC-378: Use trim instead of replacement for space removal. 2006-11-14 01:55:44 +00:00
Ben Alex ad6c501379 SEC-360: Minor correction in patch applied yesterday. 2006-11-14 01:09:35 +00:00
Ben Alex 2a65d386d5 SEC-384: Remove Commons-Lang dependency. 2006-11-14 00:59:17 +00:00
Ben Alex 59bf8602d2 SEC-356: Add cloneFromHttpSession property. 2006-11-14 00:43:00 +00:00
Ben Alex 5911234f65 SEC-359: Logout even if not logged in. 2006-11-13 06:05:28 +00:00
Ben Alex fa6b4480b1 SEC-360: Provide server side forward option instead of redirection. 2006-11-13 00:17:07 +00:00
Ben Alex f0ae6f53a7 SEC-327: Add includeDetailsObject property. 2006-11-12 23:55:50 +00:00
Ben Alex f28ce39bde SEC-365: Provide an alwaysRemember property, together with an abstract method so subclasses can determine custom behaviour. 2006-11-12 23:28:57 +00:00
Ben Alex 71eba94cf2 SEC-371: Use AbstractTicketValidator for logger. 2006-11-12 23:10:09 +00:00
Ben Alex 0f517cb8e2 SEC-375: Publish AuthorizationFailureEvent event when AccessDeniedException thrown by AfterInvocationProvider. 2006-11-12 22:06:37 +00:00
Ben Alex b8d0722251 SEC-367: Added clarification of immutability contract. 2006-11-12 21:36:52 +00:00
Ben Alex 43dbe6c991 SEC-364: Fix context path handling. 2006-11-12 21:31:31 +00:00
Carlos Sanchez 10d6859dad Added ACL table SQL for some databases 2006-10-17 22:24:57 +00:00
Ben Alex 172026f875 SEC-377: Remove Commons Lang dependency. 2006-10-14 00:17:19 +00:00
Ben Alex c292826475 SEC-373: Add byte array encryption/decryption support. 2006-10-07 09:45:51 +00:00
Ben Alex 21dd050d7b SEC-348: Limit Basic automatic reauthentication scope to UsernamePasswordAuthenticationToken (specifically avoid CasAuthenticationToken). 2006-09-29 08:41:25 +00:00
Ben Alex d2fb473a4e Formatting only. 2006-09-29 07:33:45 +00:00
Ben Alex 49a2de8f0f SEC-366: Initial commit. 2006-09-29 07:29:13 +00:00
Ben Alex cc03675776 SEC-340: Invalidate HttpSession on logout. 2006-09-29 06:45:40 +00:00
Scott McCrory db96650d99 SEC-319: Reverted to 1.0.1 version to delay these changes to 1.1.0, based on small breakage of backward compatability. 2006-09-23 19:48:39 +00:00
Carlos Sanchez 558fd5d75d Add scm info because we don't use artifactid as folder name 2006-09-17 21:06:22 +00:00
Ben Alex b0056568f0 SEC-338: Serializable and serialVersionUID missing for Authentication-related objects. 2006-09-15 08:38:11 +00:00
Ben Alex 7313d5def0 SEC-324: Ensure IllegalStateException no longer occurs. 2006-09-15 07:55:57 +00:00
Ben Alex 324789d544 SEC-311: Must observe symmetry requirement of Object.equals(Object) contract. 2006-09-15 06:27:45 +00:00
Ben Alex 9e3ce85dd5 SEC-330: Make UserMap work with UserDetails, not User concrete class. 2006-09-15 03:47:17 +00:00
Ben Alex f0b259a32e SEC-349: GrantedAuthority constructor argument can be null. 2006-09-15 03:42:11 +00:00
Ben Alex 58d3f0c56f SEC-290: Correct bug with generation of SimpleMethodInvocation. 2006-09-15 03:38:36 +00:00
Ben Alex 5364db2c27 SEC-328: Avoid unnecessarily hitting backend a second time, if the cache wasn't used in first place. 2006-09-15 03:36:51 +00:00
Ben Alex 53beadb7bf SEC-290: Correct bug with generation of SimpleMethodInvocation. 2006-09-15 03:27:26 +00:00
Ben Alex 03df6a90eb SEC-293: Modified collection remove logic to use removeList. 2006-09-15 03:20:08 +00:00
Ben Alex 1292420476 SEC-311: Must observe symmetry requirement of Object.equals(Object) contract. 2006-09-15 03:09:05 +00:00
Ray Krueger cf91104b69 Made parameters case-insensitive 2006-09-14 20:47:17 +00:00
Ray Krueger 6779d97546 Made parameters case-insensitive 2006-09-14 20:39:37 +00:00
Carlos Sanchez 757062e8f9 Initialization of exceptionMappings was broken in last commit 2006-09-13 08:20:08 +00:00
Carlos Sanchez 4d070eab25 Add setAuthoritiesAsString to UserAttribute 2006-09-04 21:54:15 +00:00
Luke Taylor 000f9ab7ac SEC-321: truncate from first question mark, not last. 2006-09-03 22:12:13 +00:00
Luke Taylor 4e65b24253 SEC-245: Add mapPassword method to allow customized translation of password attribute. 2006-08-28 20:58:26 +00:00
Luke Taylor 57a8d2adb3 Added handleBindException method to allow subclasses to inspect the reason for bind failure. 2006-08-25 16:06:20 +00:00
Luke Taylor dc13f25dee Tidied up formatting. 2006-08-25 16:04:27 +00:00
Luke Taylor 8dd1177c02 Added property to force use of LdapContext instead of DirContext 2006-08-25 16:03:50 +00:00
Luke Taylor 92dcf694b4 added createTarget method on Essence class to allow subclassing. 2006-08-25 15:32:39 +00:00
Luke Taylor b5cbc977e1 Javadoc correction 2006-08-24 10:56:26 +00:00
Luke Taylor 3889894d16 Added extra mapping of OperationNotSupportedException to BadCredentialsException as some servers return a 53 code (unwilling to perform) when attempting a bind (e.g. is password has expired). This shouldn't be treated as an outright failure. 2006-08-24 10:32:38 +00:00
Luke Taylor 67fcf426eb Close returned context in nameExists method 2006-08-24 10:10:24 +00:00
Luke Taylor e96fee6ec1 Updated apacheds version to RC3 and slf4j to 1.0.1 2006-08-24 10:07:39 +00:00
Carlos Sanchez 27d2db9e22 Ensure that array of valid permissions can't be modified outside the class 2006-08-22 17:57:18 +00:00
Carlos Sanchez 38ec0f0d30 SEC-286: Reverted rev# 1588 as build fails without log4j (class not found exception) 2006-08-22 16:17:46 +00:00
Carlos Sanchez 69ec903088 Add MethodDefinitionSourceMapping for easier configuration 2006-08-22 16:02:44 +00:00
Carlos Sanchez 0298851ca3 Allow setting ACLs by its name 2006-08-22 16:01:34 +00:00
Carlos Sanchez 3487da0e85 Added javadoc 2006-08-22 15:53:41 +00:00
Luke Taylor 3498b36c14 SEC-285: Removed duplicate commons-lang dependency from pom.xml 2006-08-19 20:03:58 +00:00
Scott McCrory 8d3a2b42d9 SEC-319: Improvements to Siteminder integration: Create its own authentication provider & reeval strategy. Note that documentation not yet complete, but code is functional, test-covered and validated in a Siteminder environment. 2006-07-27 01:13:46 +00:00
Luke Taylor 52a167acfa SEC-286: removed log4j dep as it is in the parent pom and tests run fine without it.. 2006-07-25 23:53:42 +00:00
Carlos Sanchez f7cb31a301 Fix broken test 2006-07-20 18:43:58 +00:00
Carlos Sanchez 9a337d2fea Removed default constructors added in rev# 1573 2006-07-20 13:15:55 +00:00
Luke Taylor 4930657e57 Remove typo in method name "getAuthoritiesPopulator" 2006-07-16 20:17:20 +00:00
Scott McCrory 442c51bb30 SEC-318: Rename AuthenticationDao to UserDetailsService in local variables and logging messages 2006-07-15 15:18:51 +00:00
Ray Krueger d485e30fd5 SavedCookieTest was renamed to SavedCookieTests 2006-07-12 10:33:14 +00:00
Ray Krueger ca863ce4f7 http://opensource.atlassian.com/projects/spring/browse/SEC-308
Headers should remain case-insensitive.
2006-07-12 10:25:32 +00:00
Carlos Sanchez 91799c9290 Added missing resources 2006-07-11 21:42:42 +00:00
Carlos Sanchez 156af5b8b6 Added missing tld and notice file to jar 2006-07-11 18:54:04 +00:00
Carlos Sanchez 94a9acedad Added checks to ensure object is properly initialized 2006-07-10 11:48:35 +00:00
Carlos Sanchez 488abe58fb Added default constructor for easier use 2006-07-10 11:24:18 +00:00
Carlos Sanchez 80c1ae3bde fix problems when not loaded through Spring context 2006-07-09 22:08:21 +00:00
Carlos Sanchez 00b73e8331 Fix failing tests keeping old behaviour. 2006-07-06 17:56:50 +00:00
Carlos Sanchez 46af400466 Added FilterInvocationDefinition interface to unify FilterInvocationDefinitionSource and FilterInvocationDefinitionMap 2006-07-06 17:05:08 +00:00
Carlos Sanchez 9e87bd6789 Add javadocs 2006-07-06 17:03:48 +00:00
Carlos Sanchez aa52124d72 Simplify configuration of FilterInvocationDefinitionMap 2006-07-05 22:00:21 +00:00
Carlos Sanchez 9560636380 Simplify configuration of FilterInvocationDefinitionMap 2006-07-05 20:58:50 +00:00
Carlos Sanchez 9d539a13d9 Use accessor instead of field 2006-07-05 20:03:52 +00:00
Carlos Sanchez 0edb75d4aa Added setUsers and setAuthorities for easier configuration 2006-07-05 16:16:13 +00:00
Carlos Sanchez 41f7bb3755 Improve javadoc formatting 2006-07-05 16:00:51 +00:00