2b9beffd08
SEC-1444: Fix JNDI escaping problems in LDAP authentication.
...
CompositeName adds quotes to names which contain a forward slash ("/") character. These are automatically removed by Spring LDAP's DistinguishedName, but only if they are at the ends of the String. Since we were preprending the base to the (quoted) DN, resulting in something like ["cn=joe/b",ou=people], this was causing problems with the DN value returned from the search. Additionally, the bind succeeds when a DN is used with a slash, but the subsequent call to getAttributes() fails. This call now passes in a DistinguishedName for the user DN instance instead of a String.
2010-03-27 15:30:15 +00:00
977bc2b164
SEC-1433: Reduce the number of direct dependencies on DataAccessException from spring-tx.
...
It is still required as a compile-time dependency by classes which use Spring's JDBC support, but it doesn't really have to be used in many interfaces and classes which are not necessarily backed by JDBC implementations.
2010-03-26 18:05:28 +00:00
f3264ba9ab
Addition of commons-logging exclusions and adjustments to pom generation.
2010-03-07 21:58:25 +00:00
2f1479785e
Refactoring to remove remaining circular dependencies indicated by structure101.
2010-02-22 01:48:22 +00:00
f3f84da625
Increase upper bounds of Spring and Spring Security versions in bundlor templates to 3.2.0.
2010-02-21 23:25:36 +00:00
2ee7696bf4
Update version number to 3.1.0.CI-SNAPSHOT.
2010-02-19 17:35:19 +00:00
44f45d21f0
3.0.2 release. Update version in build files.
2010-02-19 01:22:21 +00:00
c12c43da9e
Javadoc fixes.
2010-02-14 23:27:09 +00:00
36612377e2
Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents.
2010-02-14 23:23:23 +00:00
23511c930f
Standardising slf4j versions.
2010-02-11 01:33:31 +00:00
10cd080090
SEC-1356: Update createUser method in LdapUserDetailsManager to create the LDAP entry before adding authorities. Prevents removal of authorities for an existing user.
2010-01-20 18:51:29 +00:00
51dfc0fb39
Set versions to 3.0.2-CI-SNAPSHOT, post release.
2010-01-15 18:15:19 +00:00
05634f97dc
Updated version numbers for 3.0.1 release.
2010-01-15 18:04:28 +00:00
b323098167
Added gradle build files for taglibs, tutorial, contacts and openid.
...
Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).
2010-01-10 23:31:23 +00:00
052537c8b0
Removing $Id$ markers and stripping trailing whitespace from the codebase.
2010-01-08 21:05:13 +00:00
115d5b84ff
[maven-release-plugin] prepare for next development iteration
2009-12-22 22:20:01 +00:00
6c6ef08353
[maven-release-plugin] prepare release spring-security-3.0.0.RELEASE
2009-12-22 22:19:38 +00:00
e64866ae6a
Updated bundlor templates and introduced spring.version variable
2009-12-22 01:10:04 +00:00
fcce29f8df
SEC-1326: Updating dependencies to match Spring versions. Removing unused deps.
2009-12-21 17:32:38 +00:00
aeed49393c
Switching StringBuffer to StringBuilder throughout the codebase (APIs permitting).
2009-12-18 18:44:42 +00:00
cad32ffe39
SEC-1325: Tighten up Authentication interface contract to disallow null authorities. Modified internals of AbstractAuthenticationToken to use an empty list instead of null. Clarified Javadoc. removed unnecessary null checks in classes which use the interface.
2009-12-13 17:37:24 +00:00
520e733cb2
[maven-release-plugin] prepare for next development iteration
2009-12-08 21:19:41 +00:00
f2cf17bd49
[maven-release-plugin] prepare release spring-security-3.0.0.RC2
2009-12-08 21:19:20 +00:00
dab76249db
Added gradle build files (experimental)
2009-12-04 21:33:17 +00:00
9d85168a10
Fix apache-ds shard-ldap version in template.mf (should be 0.9.15)
2009-11-04 18:18:46 +00:00
3f963ef8ca
Restore versions and svn URLs in trunk (release plugin fail)
2009-10-11 21:59:38 +00:00
af563e826c
[maven-release-plugin] prepare release spring-security-3.0.0.RC1
2009-10-11 21:43:42 +00:00
021f650f3d
Tidying up ldap pom
2009-10-11 15:28:00 +00:00
908e88b802
Import cleaning.
2009-10-08 12:27:41 +00:00
0e9452c17c
SEC-1074: Customized interceptor list for DefaultDirectoryService, including removal of SchemaInterceptor.
2009-10-07 22:04:18 +00:00
caff3ee9ba
SEC-1231: Authentication.getAuthorities should be of type Collection<GrantedAuthority> and not List<GrantedAuthority>. Refactored the interface and related classes to match (UserDetails etc).
2009-10-05 19:28:53 +00:00
245fc96137
SEC-1075: Update the embedded LDAP server to use Apache DS 1.5. Updated to use the new 1.5.5 release for the embedded server.
2009-09-01 23:21:44 +00:00
f6f5855b52
SEC-1222: Provide a constructor for LdapUserDetailsService that does not require an LdapAuthoritiesPopulator. Done.
2009-09-01 16:42:11 +00:00
5a8772df5b
Reset pom versions post release
2009-08-21 12:02:49 +00:00
0e5aa7008d
[maven-release-plugin] prepare release spring-security-3.0.0.M2
2009-08-20 15:51:26 +00:00
d47abbc35f
SEC-1223: Added break to bindWithDnLoop when non-null use is returned.
2009-08-19 21:34:05 +00:00
2f9a98c7ce
SEC-214: Update keywords.
2009-08-18 23:39:33 +00:00
8ed9f8a057
Remove wrongly named file
2009-08-18 23:32:40 +00:00
4df370b100
SEC-214: Add functionality to be able to use LDAP password policy request/response controls. Added PasswordPolicyAwareContextSource, ppolicy control implementations (from Sandbox) and modified BindAuthenticator to check for the presence of the response control, adding the control to the retured DirContextAdapter if appropriate. LdapUserDetailsImpl also contains the data for grace logins remaining and time till password expiry. Added OpenLDAP startup script with test data and integration test which operates against the data (must be run manually).
2009-08-18 23:09:16 +00:00
719a5e09d8
SEC-1205: Added comment to Javadoc for PasswordComparisonAuthenticator to indicate that it won't work with SSHA passwords
2009-07-22 16:11:24 +00:00
01b8def455
SEC-1145: Added test to confirm that there is no pooling issue in the trunk. There are already checks for the presence of the pooling flag.
2009-06-03 17:13:33 +00:00
131ba5c62e
Reset poms to 3.0.0.CI-SNAPSHOT after tagging M1 release
2009-05-27 00:12:30 +00:00
e2c218e8c9
[maven-release-plugin] prepare release spring-security-3.0.0.M1
2009-05-26 23:44:11 +00:00
6d655aa514
SEC-1132: More refactoring to remove cycles ad reduce complexity metrics
2009-05-04 14:24:54 +00:00
929b6bb1a0
Refactoring to remove warnings in LDAP module.
2009-04-27 11:05:58 +00:00
22e7142f45
SEC-998: Bundlor enabled in web, ldap, config and core modules
2009-04-24 09:12:53 +00:00
21e36e0a57
Updated version number from 2.5.0-SNPSHOT to 3.0.0.CI-SNAPSHOT
2009-04-22 12:55:52 +00:00
1fa46f4ad2
SEC-1104: Added check of "running" flag in stop() method to prevent stopping twice.
2009-04-22 06:25:36 +00:00
b2b2c95e55
SEC-1098: Added ignorePartialResultException property which is set on the LDAP template.
2009-04-21 03:37:16 +00:00
c7baeab172
SEC-1117: Moved check for empty password from LdapAuthenticationProvider to BindAuthenticator to allow use with Ntlm.
2009-04-20 06:08:00 +00:00
Luke Taylor