Mark St. Godard
486bbee35d
added context path to redirect
2005-09-03 21:43:08 +00:00
Mark St. Godard
9d359780d9
finish user context switch event publishing
2005-09-03 20:24:35 +00:00
Mark St. Godard
20ebb668a6
Added event for user context switching and updated switch user filter
2005-08-25 02:59:19 +00:00
Ben Alex
55f5c3397a
Relocated JdbcDaoExtendedImpl.convertAclObjectIdentityToString to superclass (pursuant to suggestion made by Tim Kettering on acegisecurity-developer).
2005-08-23 22:45:17 +00:00
Ray Krueger
2bda6ec25c
Fix: SEC-48 http://opensource2.atlassian.com/projects/spring/browse/SEC-48
...
If the principal is an instanceof UserDetails, UserDetails.getUsername();
2005-08-23 15:15:06 +00:00
Ben Alex
40a81ed220
Revisit synchonization issue and correct problem identified by Volker Malzahn.
2005-08-21 10:10:16 +00:00
Mark St. Godard
ec5e39c2e8
Initial checkin of user security context switching (see SEC-15). This is the first cut of the SwitchUserProcessingFilter that handles switching to a target uesr and exiting back to the original user. Note: This is going to be used for the common use-case of an Administrator 'switching' to another user (i.e. ROLE_ADMIN -> ROLE_USER). This is the initial cut of a Unix 'su' for Acegi managed web applications.
2005-08-04 05:49:12 +00:00
Luke Taylor
725ec767b6
Javadoc typo corrected (as suggested on mailing list)
2005-08-01 20:05:02 +00:00
Scott McCrory
c2c48b905b
Added package.html files to reamining java packages (see http://opensource.atlassian.com/projects/spring/browse/SEC-41 )
2005-07-26 01:54:18 +00:00
Scott McCrory
f5975dcf30
Whoops, almost forgot to remove System.out debug lines :-/
2005-07-26 00:55:53 +00:00
Scott McCrory
891cd7380c
Mirrored Ben's FilterChainProxy.java 1.5 spelling fix to its corresponding test class, which depended on equality of the exception message. All JUnit tests pass now.
2005-07-26 00:50:43 +00:00
Scott McCrory
dc31553f2a
Syntax
2005-07-25 22:49:05 +00:00
Scott McCrory
db4ed4bc44
Added debug statement to AbstractTicketValidator to help with Acegi+CAS+SSL setup (thanks Seth Ladd for the patch) (see http://opensource.atlassian.com/projects/spring/browse/SEC-34 )
2005-07-25 03:46:23 +00:00
Scott McCrory
c66c5dfab5
AuthorizeTag no longer depends on JDK 1.4. Tested on Websphere 5.0 w/JDK 1.3 (see http://opensource.atlassian.com/projects/spring/browse/SEC-11 )
2005-07-25 00:52:15 +00:00
Scott McCrory
32f62d1ef1
Added SiteminderAuthenticationProcessingFilter for Ben's review. <Untested>.
2005-07-24 23:59:08 +00:00
Ben Alex
f625d06cd9
Avoid expense of HttpSession when working with anonymous users.
2005-07-23 09:52:42 +00:00
Ben Alex
4ad98a7df3
Spelling correction, thanks to Zack Chandler.
2005-07-23 07:40:43 +00:00
Ben Alex
c5ba30b001
Comment how to make a signing certificate.
2005-07-23 07:39:56 +00:00
Ray Krueger
4b98d357ff
SecureContextLoginModuleTest has been renamed to ...Tests as per Acegi project.
...
SecureContextLoginModule now throws a LoginException if there is no authentication present, if the ignoreMissingAuthentication option is true, the login() method will simply return false.
2005-07-22 04:35:31 +00:00
Luke Taylor
e51c38aec9
Removed reference in Javadoc to obtaining and validating the SecureContext (checking for null etc), as this is no longer relevant.
2005-07-21 22:59:30 +00:00
Luke Taylor
c89d4a8add
Added trimming of whitespace to tokens and use of Springs StringUtils.hasText() to check for content in the string passed to setAsText.
2005-07-21 22:55:27 +00:00
Marc-Antoine Garrigue
3287439421
Initial commit for captcha adapter
2005-07-19 12:35:50 +00:00
Luke Taylor
74588c8e53
Move acegifier code from core.
2005-07-16 19:35:30 +00:00
Luke Taylor
5bbc54ac42
Javadoc typo corrected
2005-07-15 14:28:44 +00:00
Ben Alex
d9b1a8e83c
Fix typo in InteractiveAuthenticationSucces(s)Event
2005-07-11 01:23:20 +00:00
Ben Alex
c7bfeeaf58
Clarify local variable name given it was the same as a member variable.
2005-07-11 01:19:41 +00:00
Luke Taylor
ab065923d4
Correct doctype for generated web.xml files and add declaration to test file.
2005-07-09 23:32:08 +00:00
Luke Taylor
22a28f3b39
Separate InMemoryResource class for use in Acegifier web application.
2005-07-09 21:37:50 +00:00
Luke Taylor
7268c81192
Fix for SEC-27. Now checks for a null authentication before proceeding to fire the success event.
2005-07-08 21:16:12 +00:00
Luke Taylor
f1656ee7fd
Tidying: removed unused intermediate variable.
2005-07-08 21:10:26 +00:00
Luke Taylor
6f467def90
Added conversion of URLs ending in '*' to the ant '**' form.
2005-07-06 17:22:19 +00:00
Luke Taylor
9e1a773cc7
Add xsl resources to build.
2005-07-06 15:22:52 +00:00
Luke Taylor
d13faf0815
Renaming and refactoring of web.xml converter.
2005-06-30 21:23:50 +00:00
Luke Taylor
118f6401d8
XSL file for converting web.xml to acegified version.
2005-06-29 23:00:54 +00:00
Luke Taylor
a2bc398915
Refactoring and commenting XSL
2005-06-27 21:56:13 +00:00
Ben Alex
3e4a29eae9
FilterSecurityInterceptor now has an observeOncePerRequest boolean property, allowing multiple fragments of the HTTP request to be individually authorized (see http://opensource.atlassian.com/projects/spring/browse/SEC-14 ).
2005-06-27 03:57:31 +00:00
Ben Alex
5c883e639f
Add InteractiveAuthenticationSuccessEvent handling to authentication mechanisms.
2005-06-27 03:34:36 +00:00
Ben Alex
60f8095cf2
Make Authenticated.isAuthenticated() behaviour switchable. See http://opensource.atlassian.com/projects/spring/browse/SEC-13 .
2005-06-27 03:05:26 +00:00
Ben Alex
ef8281f534
HttpSessionContextIntegrationFilter elegantly handles IOExceptions and ServletExceptions within filter chain (see http://opensource.atlassian.com/projects/spring/browse/SEC-20 ).
2005-06-27 02:55:01 +00:00
Luke Taylor
25fa471779
First version of web.xml to acegi translator
2005-06-26 17:30:36 +00:00
Ben Alex
a312fede74
Refactor DAO authentication failure events under a consistent abstract superclass (thanks to Mark St Godard for suggestion).
2005-06-22 08:07:52 +00:00
Ben Alex
c0f1d4e19d
Remove getters and setters from JdbcDaoImpl so IoC container cannot modify MappingSqlQuerys (thanks to David Durham for bug report).
2005-06-22 08:06:28 +00:00
Ben Alex
a15691d9d7
Silently catch NotSerializableException in AbstractProcessingFilter if rootCause is not Serializable (thanks to Joseph Dane for reporting this bug).
2005-06-22 07:03:53 +00:00
Ben Alex
5f75e9bf9a
Refactor Authentication.isAuthenticated() handling to be more performance (as per developer list discussion).
2005-06-22 06:30:46 +00:00
Ben Alex
a7b5299e77
Correct synchronization issue with FilterToBeanProxy initialization (thanks to George Franciscus and Volker Malzahn as per acegisecurity-developer discussion 4 June 2005).
2005-06-22 05:22:05 +00:00
Ben Alex
c699f7d40e
Support non-username as primary key.
2005-05-29 09:46:51 +00:00
Ben Alex
25cb085df7
More JavaDocs.
2005-05-29 08:30:28 +00:00
Ben Alex
3401072368
Made Serializable as per acegisecurity-developer list discussion on 20 May 2005.
2005-05-22 03:56:37 +00:00
Ben Alex
4e55780e7c
Performance optimisations thanks to Paulo Neves.
2005-05-20 00:00:22 +00:00
Ben Alex
cfb8271826
Reorder DaoAuthenticationProvider exception logic as per developer list discussion.
2005-05-18 01:40:45 +00:00
Ben Alex
ecbfac2ff8
Made AclEntry Serializable (correct issue with BasicAclEntryCache).
2005-05-17 11:07:00 +00:00
Ben Alex
fa6924a373
Update project workspace settings to Java 1.5. NB: Maven remains at 1.3 compatibility for all subprojects except "domain". It is recommended the Eclipse "Problems" view be customised to not display items containing "Type Safety:" in their description. Developers should NOT introduce 1.5+ dependencies to any projects apart from "domain".
2005-05-09 01:18:31 +00:00
Ben Alex
e08e66dec6
Refactor SecurityContextHolder to return a SecurityContext instead of Authentication.
2005-05-08 23:42:14 +00:00
Ben Alex
6a9abe5d90
Remove ContextHolder and introduce SecurityContext.
2005-05-07 09:11:37 +00:00
Ray Krueger
47989c11bd
HttpSessionEventPublisher now verifies that the ApplicationContext is not null
2005-05-02 20:31:18 +00:00
Ben Alex
d169829f27
AbstractAuthenticationToken.getName() now returns username alone if UserDetails present.
2005-04-29 22:29:00 +00:00
Ray Krueger
54ccbf5617
The SecurityEnforcementFilter was forced to catch Throwable by the FilterInvocation.invoke(...) method. Therefore it was wrapping the throwable in ServletException, which left it wrapping SevletException and IOException in ServletException.
2005-04-29 02:53:02 +00:00
Ray Krueger
2c23c75f91
SecureContextLoginModule as requested from list with Test
2005-04-27 04:47:41 +00:00
Ray Krueger
6f286e2054
AuthorityGranter.grant now returns a java.util.Set of role names, instead of a single role name
2005-04-27 03:39:06 +00:00
Luke Taylor
c29a5731be
Moved credential expiry checking after password check. If the wrong password is presented, BadCredentialsException will now be thrown even if the password has expired.
2005-04-25 23:11:12 +00:00
Ben Alex
cff9ba4988
AnonymousProcessingFilter offers protected method to control when it should execute as per http://forum.springframework.org/viewtopic.php?p=19766 .
2005-04-21 23:02:58 +00:00
Ben Alex
4e1649c2b7
Fix NullPointerException caused by unit tests.
2005-04-20 12:39:14 +00:00
Luke Taylor
1fc79f04f1
Added AntPathMatcher member to bring into line with recent Spring refactoring which breaks the build.
2005-04-18 23:10:54 +00:00
Luke Taylor
48ad6496e4
Javadoc typo corrected
2005-04-18 16:24:33 +00:00
Luke Taylor
ee32874308
Added X509 EhCache tests and fixed glaring bug in X509 EhCache implementation.
2005-04-17 22:18:01 +00:00
Ray Krueger
ec80ae22c1
Templated out event publishing. Added getApplicationContext(). Fixed javadoc formatting
2005-04-17 14:13:13 +00:00
Luke Taylor
1a78f9e15f
Refactored to use Spring Assert class (thanks IntelliJ :).
2005-04-15 01:21:41 +00:00
Ben Alex
fdf5c63033
Add obtainUsername method as per http://forum.springframework.org/viewtopic.php?t=4757 .
2005-04-13 22:17:05 +00:00
Ben Alex
8091b60194
Improve Javadocs.
2005-04-12 04:19:09 +00:00
Luke Taylor
f2788c7cb6
Refactored to use Spring Assert class. Corrected some typos.
2005-04-11 01:18:46 +00:00
Luke Taylor
3d4f8eed31
Refactoring to use Spring mock web classes.
2005-04-11 01:07:04 +00:00
Luke Taylor
d6f2b136ec
Refactored to use Spring mock classes.
2005-04-09 23:37:18 +00:00
Luke Taylor
458a2c9e39
Refactored to use Spring mock classes.
2005-04-09 23:24:22 +00:00
Luke Taylor
021abb7369
Added check for "path parameters" to ensure the filterProcessesUrl matches rewritten URLs with a jsessionid included. Refactored property checking to use Spring Assert class.
2005-04-09 22:50:06 +00:00
Luke Taylor
eaa5feb5f8
Refactored to use Spring mock objects for HttpRequest etc.
2005-04-09 21:48:47 +00:00
Ben Alex
204da55a0b
PasswordDaoAuthenticationProvider no longer stores String against Authentication.setDetails().
2005-04-03 21:48:45 +00:00
Ray Krueger
9649003d57
AbstractProcessingFilter no longer uses a set*FailureUrl approach for every exception, it now uses a properties object that maps authenticationExceptions to failure urls
2005-03-28 17:42:21 +00:00
Ben Alex
798ebb1a3d
Correct NullPointerException as fixture missing an ApplicationContext and attempting to publish an event.
2005-03-27 08:40:09 +00:00
Ben Alex
684d5bc10e
Handle null Authentication.getAuthorities() in AuthorizeTag.
2005-03-27 06:36:41 +00:00
Ben Alex
8ae2276843
TokenBasedRememberMeServices changed to use long instead of int for tokenValiditySeconds.
2005-03-25 22:07:00 +00:00
Ray Krueger
10c1926385
Added the ConcurrentSessionViolationEvent that will be published by the ConcurrentSessionControllerImpl before throwing the ConcurrentSessionViolationException
2005-03-25 00:53:46 +00:00
Ben Alex
8884ca51af
Add credentialsExpiredFailureUrl getter/setter to AbstractProcessingFilter.
2005-03-23 23:22:51 +00:00
Ben Alex
9f66c0eae9
Update to current Spring JAR dependencies.
2005-03-22 11:17:22 +00:00
Ben Alex
c936801842
DigestProcessingFilter now provides userCache getter and setter.
2005-03-21 08:03:11 +00:00
Ben Alex
0530351f0d
Provide toString() method on User.
2005-03-21 05:33:51 +00:00
Ben Alex
a2b9da7e22
StringSplitUtils.split() ignored delimiter argument.
2005-03-21 05:14:48 +00:00
Ben Alex
6f31ecb04b
UserDetails now indicates locked accounts.
2005-03-21 03:22:59 +00:00
Luke Taylor
ae47fb722d
sendError now returns less informative forbidden message rather than the exception message.
2005-03-20 19:12:51 +00:00
Luke Taylor
944d11bb1a
Changed to using DN in cache log messages rather than entire certificate.
2005-03-19 18:07:24 +00:00
Luke Taylor
918fc7c15a
License header added.
2005-03-18 01:00:36 +00:00
Luke Taylor
e755687a19
Updated to use Spring Assert class.
2005-03-18 00:59:32 +00:00
Luke Taylor
2a6c68deb6
Entry point tests
2005-03-18 00:52:23 +00:00
Ben Alex
a056946c49
HttpSessionContextIntegrationFilter now handles HttpSession invalidation without redirection.
2005-03-18 00:50:12 +00:00
Luke Taylor
8592e3bcbf
Added tearDown method which resets the Context to null
2005-03-18 00:45:48 +00:00
Luke Taylor
04366d2b12
Corrected Javadoc
2005-03-18 00:33:30 +00:00
Ben Alex
07e46fe4d5
Proper handling if the account is no longer allowed login.
2005-03-18 00:06:09 +00:00
Ben Alex
748f427a80
Prove SecureContextImpl.equals works as we want it to, in light of HttpSessionContextIntegrationFilter's attempts to avoid unnecessary HttpSession creation.
2005-03-17 23:35:29 +00:00
Luke Taylor
abe9dfd234
Added caching and use of Spring's Assert to X509 provider
2005-03-17 21:43:42 +00:00
Luke Taylor
90914be3c2
Import cleaning
2005-03-17 19:58:08 +00:00
Luke Taylor
7db94cb5b7
X509 UserDetails cache interface and implementation
2005-03-17 19:57:12 +00:00