Luke Taylor
|
8154161ef5
|
SEC-1035: Updated build to use Spring 3.0.0.M1 Release
|
2008-12-18 02:37:00 +00:00 |
Luke Taylor
|
8f598e9b11
|
SEC-1052: Add support for the namespace option 'disable-url-rewriting'.
|
2008-12-17 01:28:29 +00:00 |
Luke Taylor
|
171456a26c
|
SEC-1018: Changes to allow external reference to SaltSource bean from the namespace.
|
2008-12-17 01:11:43 +00:00 |
Luke Taylor
|
00125cddee
|
SEC-1016: Moved the MapBasedDefinitionSource to the top of the list of delegates (before expressions), but changed the code to only add it if there are pointcuts defined, so there should be no unnecessary overhead.
|
2008-12-17 00:48:32 +00:00 |
Luke Taylor
|
585e5f393a
|
Added warning suppression for deprecation.
|
2008-12-17 00:32:21 +00:00 |
Luke Taylor
|
d8b5f770e9
|
Added warning suppression for deprecation.
|
2008-12-17 00:31:17 +00:00 |
Luke Taylor
|
e86c76f555
|
Updated Spring version.
|
2008-12-17 00:20:55 +00:00 |
Luke Taylor
|
db5f1e69f1
|
SEC-949: Added the option of specifying -1 as the token-validity-seconds value in order to set the cookie maxAge to expire when the browser closes.
|
2008-12-17 00:14:48 +00:00 |
Luke Taylor
|
c2e688610c
|
SEC-1011: Introduced methods for extracting the remember-me cookie and for creating the returned token.
|
2008-12-16 23:25:44 +00:00 |
Luke Taylor
|
7fa9a959b5
|
Added webAppRootKey context-param to samples to prevent conflicts when run together in Tomcat.
|
2008-12-16 21:13:03 +00:00 |
Luke Taylor
|
998f0b3ea1
|
SEC-993: Updated retrievePassword method to return null if an Authentication object with null credentials is presented (e.g. with OpenID). Prevents NPE when toString() is called.
|
2008-12-16 20:35:18 +00:00 |
Luke Taylor
|
d0fcbd9baf
|
Tidying up Javadoc.
|
2008-12-16 20:29:53 +00:00 |
Luke Taylor
|
a1bd48733a
|
Minor Javadoc correction.
|
2008-12-16 20:16:56 +00:00 |
Luke Taylor
|
681f1ee00c
|
Fix duplicate logging.
|
2008-12-16 19:07:31 +00:00 |
Luke Taylor
|
74fd5fe8a4
|
Finish refactoring JdbcDaoIml to remove MappingSqlQuery objects. Updated Javadoc to avoid user confusion.
|
2008-12-16 18:55:38 +00:00 |
Luke Taylor
|
b24cc17dea
|
SEC-1052: Added "disableUrlRewriting" parameter to HttpSessionSecurityContextRepository.
|
2008-12-16 17:35:34 +00:00 |
Scott Battaglia
|
717fdcfec3
|
SEC-1046
upgrade to CAS Client for Java 3.1.4
|
2008-12-16 13:22:21 +00:00 |
Luke Taylor
|
bf409b5b25
|
Improvements to Javadoc.
|
2008-12-16 02:06:26 +00:00 |
Luke Taylor
|
55cc98ab54
|
SEC-1006: Fixed Javadoc.
|
2008-12-16 00:06:56 +00:00 |
Luke Taylor
|
f54d7ee6bc
|
SEC-535: Added "postOnly" flag to AuthenticationProcessingFilter, defaulting to "true" so that only POST requests are allowed by default.
|
2008-12-15 23:58:40 +00:00 |
Luke Taylor
|
224c86a0b3
|
Tidying.
|
2008-12-15 23:51:46 +00:00 |
Luke Taylor
|
898ef36d02
|
SEC-959: Converted SwitchUserFilter to use new Authentication success and failure strategies from SEC-745 for managing redirects.
|
2008-12-15 19:50:53 +00:00 |
Luke Taylor
|
c3181d9db0
|
SEC-1063: Moved the justUseSavedRequestOnGet property to ExceptionTranslationFilter. If set, it will not store the SavedRequest for unless the request is a GET.
|
2008-12-15 02:48:32 +00:00 |
Luke Taylor
|
c564a879d4
|
Some tests used for obtaining performance data.
|
2008-12-15 01:34:37 +00:00 |
Luke Taylor
|
40ccd3be11
|
SEC-1058: Further refactoring to remove use of getDefaultTargetUrl(). Subclasses now pass the default value as a constructor argument.
|
2008-12-15 01:25:12 +00:00 |
Luke Taylor
|
fcc68e636e
|
SEC-1062: Added authentication-success-handler-ref and authentication-failure-handler-ref to the namespace definition.
|
2008-12-15 00:56:17 +00:00 |
Luke Taylor
|
a0bcf7184c
|
SEC-1061: Renamed serverSideRedirect property.
|
2008-12-14 23:56:30 +00:00 |
Luke Taylor
|
cf3cac90ad
|
SEC-1058, SEC-745: Updating comments
|
2008-12-14 23:53:44 +00:00 |
Luke Taylor
|
3f38035057
|
SEC-1058: Renamed "forwardToDestination" to "useForward" for simplicity and consistency with the namespace.
|
2008-12-14 22:53:31 +00:00 |
Luke Taylor
|
2927b8464f
|
SEC-1058: Substantial refactoring of AbstractProcessingFilter to use AuthenticationFailureHandler strategy. Also changed attemptAuthentication method to take a response object and have the option of returning null, to allow OpenIDAuthenticationProcessingFilter to work without having to throw exceptions between the template methods (which made the logic very hard to follow). The OpenID filter now redirects to the OpenID provider service from this method, rather than treating it as a temporary failure and throwing OpenIDAuthenticationRequiredException.
|
2008-12-14 22:20:21 +00:00 |
Luke Taylor
|
839279161d
|
SEC-745: Added concrete failure handling strategies.
|
2008-12-13 23:34:15 +00:00 |
Luke Taylor
|
6664f57ff6
|
SEC-992: Removed the line setting returningObj to false.
|
2008-12-12 23:22:26 +00:00 |
Luke Taylor
|
10e4d1fe1a
|
SEC-1058: Partial refactoring of AbstractProcessingFilter. It now uses the injected SuccssfulAuthenticationHandler strategy instead of managing everything itself. The default implementation is SavedRequestAwareSuccessfulAuthenticationHandler which encapsulates most of the filter's success logic along with the code which was previously in TargetUrlResolver. Removed TargetUrlResolver.
|
2008-12-12 22:30:57 +00:00 |
Luke Taylor
|
6c7d15ee44
|
Removed unused logger and imports.
|
2008-12-12 17:45:54 +00:00 |
Luke Taylor
|
df771038b4
|
SEC-1051: Fixed class names in dms sample app context.
|
2008-12-12 17:43:09 +00:00 |
Luke Taylor
|
615194710e
|
SEC-745: Created AuthenticationFailureHandler and AuthenticationSuccessHandler strategy interfaces.
|
2008-12-12 17:25:09 +00:00 |
Luke Taylor
|
48dce501ce
|
SEC-942: Added createEmptyContext() method to SecurityContextHolderStrategy and SecurityContextHolder to encapsulate the context implemetentation in one place. HttpSessionSecurityContextRepository calls this method when it needs a new context to store in the session.
|
2008-12-12 14:27:23 +00:00 |
Luke Taylor
|
aec23749d7
|
SEC-1056: Remove deprecated FilterToBeanProxy: It's gone
|
2008-12-12 13:04:37 +00:00 |
Luke Taylor
|
3fcc7b5403
|
SEC-1051: Moved voter and afterinvocation packages into acl package. Also moved filterer classes fom core, as they are used in the acl after-invocation classes
|
2008-12-12 12:47:42 +00:00 |
Luke Taylor
|
a443e55832
|
SEC-1057: Refactored TargetUrlResolver to remove SavedRequest from determineTargetUrl method.
|
2008-12-11 17:00:13 +00:00 |
Luke Taylor
|
093365b2f4
|
Removed unnecessary cast.
|
2008-12-11 16:42:25 +00:00 |
Luke Taylor
|
30f9b3e72c
|
SEC-995: AbstractSecurityInterceptor exception message improvement. Added the secured object to the exception message to make it easier to track down the originating method which causes a problem with public invocations.
|
2008-12-10 16:57:40 +00:00 |
Luke Taylor
|
3f40604b82
|
SEC-1055: Converted interfaces and methods using ServletRequest/Response to HttpServletRequest/Response where appropriate.
|
2008-12-10 13:48:25 +00:00 |
Luke Taylor
|
acfcac4594
|
SEC-996: AccessDeniedhandlerimpl doesn't write response code if used with errorPage
Applied supplied patch which checks the committed flag before forwarding to the error page.
|
2008-12-10 12:36:59 +00:00 |
Luke Taylor
|
7fe6a0fc0d
|
SEC-1033: Added support for web IP ranges based on an address and netmask.
|
2008-12-09 23:14:44 +00:00 |
Luke Taylor
|
7767a9ed60
|
SEC-1033: Add basic equality support for hasIpAddress() expression.
|
2008-12-09 18:04:08 +00:00 |
Luke Taylor
|
3da68a7a82
|
Java5 stuff
|
2008-12-09 18:02:58 +00:00 |
Luke Taylor
|
046456c142
|
Removed unused constants.
|
2008-12-09 14:33:31 +00:00 |
Luke Taylor
|
3e8de229be
|
Java5 updates.
|
2008-12-09 14:30:37 +00:00 |
Luke Taylor
|
98422b69a8
|
Java5 updates.
|
2008-12-09 14:27:31 +00:00 |