9e5d35235c
Made the principal for jaas sample serializable
2011-03-07 22:25:16 -06:00
72f031253f
Remove unnecessary dependency repos and update GAE version.
2011-02-28 15:43:25 +00:00
d58dd79a52
SEC-1494: Updated the tutorial webapp to use CSS and make use of the securityHiddenUI element when UI security is disabled.
2011-01-25 13:16:46 +00:00
19e56f4397
Stripping out unnecessary dependencies from sample jars.
2011-01-10 17:27:58 +00:00
7316bcff75
Updated outdated CAS sample readme with instructions for running CAS using gradle
2010-12-20 22:22:19 +00:00
bbcc611af5
CAS server version upgrade and minor tweaks to CAS sample build file.
2010-12-20 22:12:35 +00:00
4a40d80da1
SEC-1418: Deprecate GrantedAuthorityImpl in favour of final SimpleGrantedAuthority.
...
It should be noted that equality checks or lookups with Strings or other authority types will now fail where they would have succeeded before.
2010-12-03 16:41:46 +00:00
51a53ddbaa
Minor refactoring of GAE code to use specific GrantedAuthority type.
2010-11-17 14:15:11 +00:00
fc00d7ef1d
Move the unix scripts for the tutorial sample into a subdirectory
2010-11-12 15:19:46 +00:00
37810a19c4
SEC-1619: Added check in GAE sample for change of Google user while still logged into the app.
...
Also updated GAE version and build script. Uploading to GAE now works when run from the gradle build file using the command 'gradle gaeDeploy'.
2010-11-10 15:37:42 +00:00
ffccc5f446
SEC-1617: Added spring-security-taglibs as a runtime dependency to jaas.gradle
2010-11-08 19:27:44 -06:00
685e0417a7
SEC-1544: Update the tutorial sample to attempt to delete the JSESSIONID cookie on logout.
2010-09-19 18:30:52 +01:00
de819378fc
SEC-1536: added JAAS API Integration, updated doc, updated jaas sample
2010-09-13 13:12:45 -05:00
58d9903ebc
SEC-1564: JAAS Configuration can now be injected into DefaultJaasAuthenticationProvider
2010-09-10 20:17:22 -05:00
f4d57ab5e8
SEC-1456: Remove maven poms as we are now using gradle for the build.
2010-08-30 19:02:19 +01:00
bdb906e588
Enable parameterization for log levels in logback files to allow the use of command-line options for controlling log output.
2010-08-24 18:25:39 +01:00
b39b63bf3d
Add logback configuration for contacts sample.
2010-08-22 22:43:49 +01:00
b2fc1d8491
Fix namespace schema version in CAS sample.
2010-08-22 22:43:10 +01:00
07d8275ee6
Modify order of saxon and xerces deps in dependency list to prevent Aelfred parser from being used in build.
2010-08-22 22:31:01 +01:00
102bc2d6a0
Reduce unnecessary use of aspectj as a build dependency
2010-08-19 23:23:03 +01:00
c37ca1c2a9
Sample app build adjustments to remove unwanted deps such as jsp-api, tidy up use of JSTL, make sure all are using servlet 2.5 etc.
2010-08-19 22:41:51 +01:00
6abfa2e887
Update minimum required schema to 3.1.
2010-08-17 02:19:55 +01:00
992566b6cb
SEC-1527: Internationalization of contacts sample (Adding message resource bundle and RequestContextFilter). Re-working of L12n section of manual to mention existing localized message files and use of RequestContextFilter.
2010-08-14 01:07:51 +01:00
281d77271e
SEC-1486, SEC-1538, SEC-1537: Generification of AuthenticationDetailsSource. Deprecation of non-web pre-authentication classes and other unnecessary classes. Removal of reflection in WebAuthenticationDetailsSource.
2010-08-13 15:51:05 +01:00
1a838c2049
SEC-1533: AclAuthorizationStrategyImpl can now take either one or three GrantedAuthority arguments. If only one is supplied, it will be used for all 3 of the permissions supported by the class.
2010-08-07 14:41:25 +01:00
85c4c91e0e
IDEA inspection refactorings.
2010-08-05 23:28:07 +01:00
413b2a06e3
Improvements in up-to-date checking and use of parallel tests where possible.
2010-08-05 02:11:00 +01:00
64375484a1
More build and logging tuning.
2010-08-04 22:55:17 +01:00
c4ee46824c
Removing log4j.properties files and adding logback config ones.
2010-08-04 21:16:05 +01:00
d1279aeda2
Logging adjustments for gae sample.
2010-08-02 19:51:24 +01:00
6ba8257cab
Renamed file to fix case-sensitivity issue.
2010-08-02 12:13:58 +01:00
52edf115ce
Workaround for repeated attempt to download CAS server poms (GRADLE-1072)
2010-07-28 20:04:15 +01:00
2d9a848265
Added missing gradle build files for remaining samples. Some related reordering, dependency fixing etc. CAS sample no longer requires two separate subprojects as both client and server app can be run from a single gradle build.
2010-07-27 02:20:36 +01:00
a74077f9b1
SEC-1490: Minor changes to GAE sample. Simplification of redirect to registration page (only needs to be done after authentication).
2010-07-25 20:46:00 +01:00
e659e15f90
Tidying.
2010-07-23 01:57:45 +01:00
2afccfc633
Remove commons-logging dependency properly and switch tutorial sample to logback/slf4j.
2010-07-23 01:57:31 +01:00
a681dee0e1
Minor sample build changes. JSTL dependency update.
2010-07-20 23:45:20 +01:00
e5a302b5c4
SEC-1490: Correct loggedout URL.
2010-07-20 23:43:43 +01:00
5d35919ca3
SEC-1490: Code for GAE Sample webapp
2010-07-20 23:41:31 +01:00
c1c8fd1874
SEC-1171: Changed attribute name/value from secured="false" to security="none" to allow future extension by adding extra options (e.g. contextOnly to provide security context information during the request).
2010-07-20 19:46:47 +01:00
565ef7383d
SEC-1513
...
upgraded to latest version of cas client
2010-07-06 22:09:24 -04:00
026517f674
Removal of deprecated methods and classes.
2010-06-26 16:23:42 +01:00
5939f17708
Fix openid sample configuration.
2010-06-09 22:52:43 +01:00
6a37e4be86
Fix OpenID sample to use new syntax for excluding requests.
2010-06-05 16:53:01 +01:00
efb600166a
SEC-1488: Remove commons-logging dependencies from maven poms.
2010-05-28 13:10:59 +01:00
080430150a
SEC-187: Refactoring contact Dao to use JdbcTemplate, and removing unused query objects (which have been there since 2004!)
2010-05-25 16:47:57 +01:00
64d59e1d32
Some extra FAQs and added comment to samples runall.sh script to explain that it's for dev only.
2010-05-03 14:56:22 +01:00
a421370a3d
SEC-1465: Change DelegatingMethodSecurityMetadataSource to use constructor injection to get round the problem of it being invoked before it has been initialized properly. Also changed the contacts tests to use the same app context and loading order as the actual webapp, to give better reassurance that the app will run successfully.
2010-04-25 22:00:25 +01:00
def5f88c8c
SEC-1431: Added openid-selector to openid sample, plus AX configuration for myopenid.com.
2010-04-21 17:16:03 +01:00
2f025fba6c
SEC-1460: Added AxFetchListFactory which matches OpenID identifiers to lists of attributes to use in a fetch-request.
...
This allows different configurations to be used based on the identity-provider (google, yahoo etc). The default implementation iterates through a map of regex patterns to attribute lists. The namespace has also been extended to support this facility, with the "identifier-match" attribute being added to the attribute-exchange element. Multiple attribute-exchange elements can now be defined, each matching a different identifier.
2010-04-20 23:47:48 +01:00
ee1fd1bc50
SEC-1431: Modify OpenID sample to use a custom UserDetailsService which allows any user to authenticate, allocating them a standard role and "registers" their ID in a map, allowing it to be retrieved in subsequent logins.
2010-04-20 23:47:48 +01:00
12a6ae2ffa
SEC-1232: Add config dependency to maven build for aspectj sample.
2010-03-31 19:58:59 +01:00
a3ef8255d8
SEC-1232: GlobalMethodSecurityBeanDefinitionParser support for mode='aspectj'
...
Also added this syntax to the aspectj sample.
2010-03-31 18:31:28 +01:00
d334f6fa09
Latest gradle syntax updates.
2010-03-28 23:54:41 +01:00
55de2cfcb1
SEC-1262: Added new (replacement) AspectJ interceptor which wraps the JoinPoint in a MethodInvocation adapter to provide compatibility with classes which only support MethodInvocation instances.
...
Also deprecated the existing AspectJ interceptors. This will also allow future simplification of the AbstractMethodSecurityMetadataSource, as it no longer needs to support JoinPoints.
2010-03-11 01:51:59 +00:00
f3264ba9ab
Addition of commons-logging exclusions and adjustments to pom generation.
2010-03-07 21:58:25 +00:00
b147652193
Make hsqldb a testRuntime/runtime dependency.
2010-03-01 01:10:58 +00:00
5aae545949
SEC-1232: Re-enable aspects module and aspectj sample in maven build.
2010-02-25 20:09:01 +00:00
e2a8f81ae8
Update aspectj version in sample to 1.6.8
2010-02-20 18:50:36 +00:00
b37d2ed978
SEC-593: Added PermissionCacheOptimizer strategy interface and implementation in Acl module.
...
This is used by DefaultMethodSecurityExpressionHandler to allow permissions to be cached before repeatedly evaluating an expression for a collection of domain objects.
2010-02-20 18:02:12 +00:00
2ee7696bf4
Update version number to 3.1.0.CI-SNAPSHOT.
2010-02-19 17:35:19 +00:00
44f45d21f0
3.0.2 release. Update version in build files.
2010-02-19 01:22:21 +00:00
2f40088fe7
Change spring-aop dep to compile scope in contacts sample
2010-02-08 12:34:19 +00:00
15c309a2ed
Add spring-aop to acl and contacts compile dependencies following changes for SEC-1390.
...
AopInfrastructureBean interface is now required.
2010-02-06 21:22:12 +00:00
0974e21fb6
SEC-1379: Added creation of a session if session timeout is detected (requested session ID is invalid).
...
This prevents problems with repeated detection of the same invalid session when the redirected request comes in.
2010-01-23 02:12:30 +00:00
a5dde8b28f
Updated doc on invalid session detection.
...
Invalid session URL must typically be omitted from the filter chain to prevent an infinite loop.
2010-01-17 14:41:24 +00:00
51dfc0fb39
Set versions to 3.0.2-CI-SNAPSHOT, post release.
2010-01-15 18:15:19 +00:00
05634f97dc
Updated version numbers for 3.0.1 release.
2010-01-15 18:04:28 +00:00
b323098167
Added gradle build files for taglibs, tutorial, contacts and openid.
...
Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).
2010-01-10 23:31:23 +00:00
e211f9b35f
SEC-1349: Allow configuration of OpenID with parameters which should be transferred to the return_to URL.
...
The OpenIDAuthenticationFilter now has a returnToUrlParameters property (a Set). If this is set, the named parameters will be copied from the incoming submitted request to the return_to URL. If not set, it defaults to the "parameter" property of the AbstractRememberMeServices of the parent class. If remember-me is not in use, it defaults to the empty set.
Enabled remember-me in the OpenID sample.
2010-01-09 01:04:13 +00:00
052537c8b0
Removing $Id$ markers and stripping trailing whitespace from the codebase.
2010-01-08 21:05:13 +00:00
be72ed1350
Remove commented out beans from contacts sample app context.
...
These were left when the app was updated to use Spring MVC @Controller syntax and scanning.
2010-01-06 22:21:34 +00:00
893f212fa5
Tidying
2010-01-02 19:53:19 +00:00
115d5b84ff
[maven-release-plugin] prepare for next development iteration
2009-12-22 22:20:01 +00:00
6c6ef08353
[maven-release-plugin] prepare release spring-security-3.0.0.RELEASE
2009-12-22 22:19:38 +00:00
a7770a64d3
Update cas server version in runall.sh
2009-12-22 21:31:26 +00:00
aad7d01c84
Updated CAS server version for sample use to 3.3.5
2009-12-22 19:35:20 +00:00
fcce29f8df
SEC-1326: Updating dependencies to match Spring versions. Removing unused deps.
2009-12-21 17:32:38 +00:00
aeed49393c
Switching StringBuffer to StringBuilder throughout the codebase (APIs permitting).
2009-12-18 18:44:42 +00:00
fac07ba8ff
Schema updates to Spring 3.0
2009-12-18 18:44:17 +00:00
85a58fd473
SEC-1331: Modify namespace to allow omission of user passwords in user-service element and generate random ones internally, preventing authentication against the data..
2009-12-18 15:39:13 +00:00
520e733cb2
[maven-release-plugin] prepare for next development iteration
2009-12-08 21:19:41 +00:00
f2cf17bd49
[maven-release-plugin] prepare release spring-security-3.0.0.RC2
2009-12-08 21:19:20 +00:00
94d185a6be
Updated slf4j version in ldap sample
2009-12-08 20:24:12 +00:00
5546698fef
SEC-1253: Decouple spring-security-config module from spring-security-web. Added ClassUtils.isPresent() check for FilterChainProxy before attempting to register web-related parsers and decorators. Added use of namespace to dms sample for testing.
2009-11-17 23:39:42 +00:00
4d8956a227
SEC-1288: Changed claimedIdentityFieldName in OpenIDAuthenticationFilter to "openid_identifier", as recommended by the 2.0 spec.
2009-11-17 22:05:38 +00:00
8f5c414b00
Improve cleanup in sample script
2009-10-17 13:00:24 +00:00
3f963ef8ca
Restore versions and svn URLs in trunk (release plugin fail)
2009-10-11 21:59:38 +00:00
af563e826c
[maven-release-plugin] prepare release spring-security-3.0.0.RC1
2009-10-11 21:43:42 +00:00
5f3ff97ce0
Disable aspectj sample
2009-10-11 21:39:14 +00:00
cf5e713812
Fixes to samples and improved test workout script
2009-10-10 23:50:33 +00:00
cb643f73de
Tidying up.
2009-10-07 21:08:57 +00:00
1286741c7c
SEC-1259: Improve consistency of authentication filter names.
2009-10-07 14:43:55 +00:00
1042305cfe
Renamed web.wrapper to web.servletapi. Added some package.html files.
2009-10-05 16:59:37 +00:00
7247902911
SEC-1229: Updated sample and itest namespace concurrency configs.
2009-09-29 16:18:01 +00:00
aa153681bf
SEC-1229: Added session-management element to namespace and refactored existing session-related attributes and concurrency control. Refactored <http> parsing code to split it up into more manageable units.
2009-09-29 00:29:09 +00:00
3f70d79df5
SEC-1022: Remove use of static methods/initializers in Acl Permissions. Converted PermissionFactory to a strategy which is used to convert integers and names to Permission instances.
2009-09-16 12:45:53 +00:00
731402e9f5
SEC-525: [PATCH] Add AccessCheckerTag based on URL resource access permissions. Added functionality to "authorize" tag to allow evaluation of whether a particual url is accessible to the user. Uses a WebInvocationPrivilegeEvaluator registered in the application context.
2009-09-16 00:23:13 +00:00
b531a81176
SEC-1246: Introduce EL-based authorization tag. Added optional access expression to authorize tag.
2009-09-15 16:34:05 +00:00
1d00b92d25
Removed portlet sample
2009-09-09 20:53:19 +00:00
Rob Winch
Luke Taylor
Luke Taylor
Scott Battaglia