e951c42c2b
Improved javadoc. Some tidying up.
2008-08-06 15:28:04 +00:00
7258d30e13
Reinstated missing author tag and some minor tidying (de-jalopying). Removed unused logger.
2008-08-06 13:41:01 +00:00
3ee3591feb
SEC-947: Added check on "before" and "after" values to make sure they don't overflow when decremented/incremented respectfully.
2008-08-05 23:26:01 +00:00
1af7eed433
SEC-883: RoleHierarchyVoter
...
http://jira.springframework.org/browse/SEC-883 . Added RoleHierarchyVoter and deprecated existing approach. Also moved TestingAuthenticationToken to test package structure.
2008-08-04 13:08:03 +00:00
54ac7b3e46
SEC-935: Updated schema to include OpenID filter name. Also updated some doc comments and added default schema name (spring-security.xsd) to schemas.
2008-08-01 12:51:31 +00:00
3049b933d9
Moved XML test snippet to ConfigTestUtils class and removed context files from core-tiger tests in favour of in-memory XML
2008-07-31 21:35:29 +00:00
1d96283876
Removed commented out line.
2008-07-31 20:45:25 +00:00
d7926f3557
SEC-943: Forgot to commit tests.
2008-07-31 20:30:56 +00:00
e5d86b13b7
SEC-941: Embedded ldap-server uses hard-coded ldap url for importing ldif files
...
http://jira.springframework.org/browse/SEC-941 . Changed LdapUtils.parseRootDnFromUrl to use URI.getRawPath() so the returned root value still contains the escaping. I think this should be Ok.
2008-07-31 19:50:08 +00:00
67e5afbb79
OPEN - issue SEC-881: PreAuthenticatedFilter continues filter chain after unsuccessfulAuthentication(...)
...
http://jira.springframework.org/browse/SEC-881 . Updated Javadoc.
2008-07-31 15:56:37 +00:00
000bb1cbed
OPEN - issue SEC-881: PreAuthenticatedFilter continues filter chain after unsuccessfulAuthentication(...)
...
http://jira.springframework.org/browse/SEC-881 . Added test class.
2008-07-31 15:42:04 +00:00
243c4f22d4
OPEN - issue SEC-899: GrantedAuthorityImpl.compareTo should handle null roles
...
http://jira.springframework.org/browse/SEC-899 . Changed to return -1 when compared to custom auhority which returns null from getAuthority()
2008-07-31 13:01:22 +00:00
d4c105d8ba
OPEN - issue SEC-934: security:intercept-url throws NPE if defined twice with the same url
...
http://jira.springframework.org/browse/SEC-934 . Added log warning when the same url is used multiple times.
2008-07-30 15:03:47 +00:00
f6ff958411
Renamed rnc file.
2008-07-30 11:05:44 +00:00
4bb3eb12c3
SEC-933: global-method-security and aop:aspectj-autoproxy throws NullPointerException in some situations
...
http://jira.springframework.org/browse/SEC-933 . Removed the setting of the attributeSource field from the interceptor in MethodDefinitionSourceAdvisor as this was overwriting the version supplied with the constructor with null (causing the NPE).
Also implemented lazy initialization of the authentication provider list from the bean factory in a custom NamespaceAuthenticationManager (extends ProviderManager and introspects the BeanFactory when getProviders() is first called). This should prevent the perennial problem of the eager initialization of UserDetailsService and other beans when the interceptor is eagerly initialized by something like aspectj-autoproxy.
2008-07-30 11:01:23 +00:00
f453264bde
SEC-909: custom remember me services doesn't get registered as logout handler
...
http://jira.springframework.org/browse/SEC-909 . HttpSecurityBeanDefinitionParser now passes the resolved RememberMeServices bean name to the LogoutBeanDefinitionparser so that it an use it explicitly.
2008-07-15 18:22:53 +00:00
1ddc033fe5
SEC-903: Wrong attribute mapping when using jdbc-user-service bean
...
http://jira.springframework.org/browse/SEC-903 . Corrected property name set by JdbcUserServiceBeanDefinitionParser (was setting authorities query rather than groups one).
2008-07-15 16:43:57 +00:00
e303e8b71a
SEC-924: Implement automatic injection of namespace created RememberMeServices into custom AbstractProcessingFilter based beans.
...
http://jira.springframework.org/browse/SEC-924 . Delayed setting of NullRememberMeServices in AbstractProcessingFilter until afterPropertiesSet method is called, allowing the null value to be read by the namespace and the confgiured RememberMeServices bean injected.
2008-07-15 14:52:13 +00:00
bf5896600e
OPEN - issue SEC-913: SwitchUserProcessingFilter modifies the switchFailureUrl member variable on failure
...
http://jira.springframework.org/browse/SEC-913 . Applied patch as suggested (use sendRedirect method for failure URL).
2008-07-15 13:42:30 +00:00
b4c63db680
SEC-921: Improved messages_zh_CN.properties for Chinese
...
http://jira.springframework.org/browse/SEC-921 . Added contributed file.
2008-07-15 11:11:21 +00:00
a56c13fb22
SEC-912: Added callback methods to BasicProcessingFilter for successful and unsuccessful authentication.
2008-07-12 17:40:39 +00:00
697c7c5f48
SEC-918: Added more info on DB schema to javadoc
2008-07-12 15:21:24 +00:00
6d179122d3
SEC-916: Added Spanish messages contribution.
2008-07-10 15:32:01 +00:00
2cda6242c8
SEC-904: Moved multi-threaded tests into sandbox
2008-07-02 19:19:21 +00:00
479693ced7
SEC-900: Added extra checks on expiry time
2008-07-02 18:40:55 +00:00
775a6c3939
[maven-release-plugin] prepare for next development iteration
2008-06-23 14:10:35 +00:00
87d50aecce
[maven-release-plugin] prepare release spring-security-parent-2.0.3
2008-06-23 14:05:36 +00:00
3ee8733261
SEC-879: Added required BeanPostProcessor to set SessionRegistry is set on namespace registered AbstractProcessingFilter and SessionFixationProtectionFilter when using custom ConcurrentSessionController
...
http://jira.springframework.org/browse/SEC-879 .
2008-06-20 22:08:05 +00:00
d5ee89bb7c
Correct typo in error message.
2008-06-19 15:21:03 +00:00
ff5bfccdba
SEC-892: Linked use of create-session='never' in namespace to corresponding properties in ExceptionTranslationFilter and AbstractProcessingFilter
2008-06-19 13:46:45 +00:00
c56d524bd9
SEC-887: Added setter method for account status checker.
2008-06-18 12:00:45 +00:00
af5f193ec1
SEC-890: Corrected use of dataSource property name in RememberMeBDP.
2008-06-18 10:35:30 +00:00
7d79ae5424
SEC-880: Fix incorrect index value.
2008-06-13 10:58:01 +00:00
32b8009bee
SEC-875: Removed duplicated parameters from SavedRequestWrapper.getParameterValues()
2008-06-09 23:33:36 +00:00
3b775d29d3
SEC-870: Polish messages file contribution
2008-06-08 22:09:47 +00:00
358f284f42
SEC-760: Correct bug where more than one concurrent JaasAuthenticationProvider used.
2008-06-06 06:13:14 +00:00
ff785a829f
[maven-release-plugin] prepare for next development iteration
2008-06-03 16:07:20 +00:00
db1d8604a6
[maven-release-plugin] prepare release spring-security-parent-2.0.2
2008-06-03 16:05:40 +00:00
9308284bd4
SEC-864: Removed duplicate OpenID provider.
2008-06-03 14:53:43 +00:00
122e1c47ed
Changed rnc filename prior to 2.0.2 release
2008-06-01 19:34:50 +00:00
64ab7e534c
Spelling corrections in Javadoc.
2008-06-01 17:26:27 +00:00
ab6d29d927
SEC-862: Make logoutSuccessUrl accessible to sub-classes.
2008-06-01 16:15:09 +00:00
1d9d7eb9a7
Removed accidental commit of SavedRequest clearing code in TargetUrlResolverImpl
2008-05-30 17:53:09 +00:00
ecd2cc6da7
Added some Assert calls to setters and improved comments.
2008-05-30 15:29:51 +00:00
f228d013d8
SEC-861: Change default value of justUseSavedRequestOnGet to false
2008-05-30 15:09:51 +00:00
4de4bb8e87
SEC-860: Added setter for authenticationDetailsSource to AbstractRememberMeServices
2008-05-30 14:29:32 +00:00
f8cded10ee
Typo.
2008-05-30 11:20:16 +00:00
c031588975
SEC-606: Added support for customizable credentials character set.
2008-05-29 18:00:15 +00:00
36a192b70f
SEC-858: Replaced integer properties in schema with strings to allow use of placeholders.
2008-05-29 16:13:14 +00:00
980a72f9a0
Removed TODO (done).
2008-05-29 15:54:50 +00:00
517a7f117a
SEC-857: Make request wrapper getParameterValues() consistent with getParameterMap() etc.
2008-05-29 15:49:43 +00:00
244579faf4
OPEN - issue SEC-856: GroupManager JdbcUserDetailsManager implementation: addGroupAuthority() method doesn't work.
...
http://jira.springframework.org/browse/SEC-856 . Refactored class to remove the JDBC-related inner classes.
2008-05-28 16:25:28 +00:00
d63536cc0d
SEC-821: Added support for eternal session registry and concurrent session controller to the 2.0.2 namespace.
2008-05-27 13:14:21 +00:00
8b5bbe3800
SEC-830: Changed SavedRequestAwareWrapper to make wrapped request parameters take precedence over saved request ones.
2008-05-25 22:57:03 +00:00
45c3084502
SEC-836: Made LDAP namespace elements use subtree group searching by default.
2008-05-23 23:57:01 +00:00
871e529840
SEC-850: custom-authentication-provider Registering Separate Bean Definitions in App Context and Providers List
...
http://jira.springframework.org/browse/SEC-850 . Added extra test.
2008-05-23 23:32:57 +00:00
d1005e4cfb
SEC-850: custom-authentication-provider Registering Separate Bean Definitions in App Context and Providers List
...
http://jira.springframework.org/browse/SEC-850 . Changed bean decorator to add a bean reference to the ProviderManager rather than a bean definition.
2008-05-23 23:25:09 +00:00
9ce0270226
Fixed typo in test name
2008-05-23 22:57:30 +00:00
7603ce2f97
SEC-848: Remove all Spring LDAP dependecy loading from namespace parsers
...
http://jira.springframework.org/browse/SEC-848 . Replaced class references with class names.
2008-05-23 21:30:57 +00:00
25ba269db0
SEC-835: use setContentType on response for J2EE 1.3 compatibility.
2008-05-23 20:55:10 +00:00
11b448c0e0
SEC-847: Updated the xsl file to inline openid-login and other elements
2008-05-23 16:29:44 +00:00
08c5fe8925
Fixed autoboxing issue
2008-05-22 12:19:00 +00:00
fbe3ca48f4
SEC-823, SEC-843: Allow setting of custom RememberMeServices and token validity periodon remember-me namespace element
2008-05-21 16:03:05 +00:00
3e33b8a880
Update InMemoryXmlApplicationContext to use 2.0.2 schema
2008-05-20 22:46:37 +00:00
b60c578b25
SEC-844: Support for SHA-256 hashing.
2008-05-20 22:45:02 +00:00
03981ab6a0
SEC-844: Added sec-256 to namespace schema
2008-05-20 22:32:03 +00:00
e9adbd4d62
SEC-844, SEC-843, SEC-823: Added support for sha-256, custom remember-me services and setting of remember me token validity period to namespace schema. Also added 2.0.2 XSD file
2008-05-20 19:48:32 +00:00
29d31b72d0
SEC-837: Add special character filtering to LDAP search filters
2008-05-20 19:25:37 +00:00
3fb1f59fde
SEC-837: Add special character filtering to LDAP search filterscore/src/test/java/org/springframework/security/ldap
2008-05-20 19:22:49 +00:00
5af53da106
Improved doc for'filters' attribute
2008-05-18 11:09:50 +00:00
2329dadf48
Removed jalopy parameter comments
2008-05-15 17:58:15 +00:00
f269373442
IDE-791: Remove explicit Spring LDAP class dependencies from LdapServerBDP.
2008-05-15 14:33:42 +00:00
8b2c0468ff
OPEN - issue SEC-834: Session fixation attack protection will cause problems with URL rewriting
...
http://jira.springframework.org/browse/SEC-834 . Modified HttpSecurityBDP to add session-fixation parameters to openId and form-login filters. Also added sessionRegistry property to AbstractProcessingFilter so that it doesn't conflict with concurrent session control.
2008-05-15 01:34:14 +00:00
d17a2da9e0
SEC-834: Session fixation attack protection will cause problems with URL rewriting
...
http://jira.springframework.org/browse/SEC-834 . Changed position of SessionFixationProtectionFilter and modified it to make a decision about whether authentication has taken place prior to calling doFilter(). Previously it did this on the return through the filter chain, which caused the problem described in this issue.
2008-05-15 00:26:27 +00:00
7f38c656ca
SEC-820: Expand regular expression used in hierarchical roles.
2008-05-14 22:59:33 +00:00
6493df13f8
SEC-803: Removed use of websphere SubjectHelper class.
2008-05-14 22:51:39 +00:00
59543af4fb
SEC-826: Support for JPA PersistenceContext annotation broken
...
http://jira.springframework.org/browse/SEC-826 Moved all injection post-processing to BeanPostProcessors (and deleted bean factory post-processor) to prevent early instantiation problems. Beas should now all be instantiated before the injection takes place.
2008-05-14 16:41:52 +00:00
1fee538c7e
Fixed typo in setter method (uses of).
2008-05-13 15:32:30 +00:00
ae2470127c
Fixed typo in setter method "seAttributePrefix"
2008-05-13 13:51:49 +00:00
e1b226ee57
Added 2.0.2 namespace file
2008-05-10 17:16:46 +00:00
add2649397
Javadoc typo.
2008-05-09 18:09:56 +00:00
781d88bd30
OPEN - issue SEC-825: Query string isn't beig stripped from URLs when ant matcher is in use (regression issue)
...
http://jira.springframework.org/browse/SEC-825 . Make sure the property is set on DefaultFilterInvocationDefinitionSource when ant paths are in use.
2008-05-09 18:08:32 +00:00
883b92e7bd
SEC-822: Converted to long arithmetic to prevent integer overflowing with long token validity periods
2008-05-08 15:07:40 +00:00
301d021bf5
SEC-817: NPE in org.springframework.security.config.FilterChainProxyPostProcessor
...
Reversed order of beanName.equals() call as suggested.
2008-05-07 13:58:53 +00:00
8ad2d681ab
SEC-818: Changed redirect URL validation to ignore potential property placeholders at parsing time and report a warning through the parser context rather than an error. Also validated the URLs in the beans themselves using Asserts, so an exception will occur later when the beans have been created rather than while assembling the bean definitions.
2008-05-07 13:49:20 +00:00
afc757e618
Removed reference to LdapDataAccessException since it isn't actually mentioned except in javadoc
2008-05-06 14:43:52 +00:00
c333070fe3
Javadoc tidying
2008-05-06 13:59:46 +00:00
fca3a2a709
SEC-812: Added missing TextUtils file
2008-05-05 19:09:09 +00:00
fa44c74993
SEC-812: Added entity-escaping of username stored under last username key, to prevent problems if it is rendered in a page without escaping the text.
2008-05-05 18:37:02 +00:00
06719053f1
Removed commons lang dependency.
2008-05-05 17:18:47 +00:00
9961c7f867
Moved to correct build location.
2008-05-02 10:52:57 +00:00
7a2e1e13d3
SEC-811: Provide a mechanism to allocate and rebuild cryptographically strong, randomised tokens.
2008-05-02 10:38:56 +00:00
a599ef5398
[maven-release-plugin] prepare for next development iteration
2008-05-01 20:09:03 +00:00
3e808335a4
[maven-release-plugin] prepare release spring-security-parent-2.0.1
2008-05-01 20:07:46 +00:00
6ecfa0541f
SEC-806: Osgi-ified more modules
2008-05-01 17:11:31 +00:00
4984d4be65
OPEN - issue SEC-757: Add validation of redirect URLs on namespace
...
http://jira.springframework.org/browse/SEC-757 . Added validation method to ConfigUtils and calls to it for url attributes.
2008-05-01 16:39:31 +00:00
0df9dee9dd
SEC-806: Improved OSGi bundle version information support
2008-04-30 18:02:47 +00:00
81ebd094ff
OPEN - issue SEC-808: Switch namespace schema version to 2.0.1 and update spring.schemas
...
http://jira.springframework.org/browse/SEC-808 . Replaced 2.0 text with that from the 2.0 release, rather than the website schema.
2008-04-29 18:59:25 +00:00
473f6a32c6
OPEN - issue SEC-808: Switch namespace schema version to 2.0.1 and update spring.schemas
...
http://jira.springframework.org/browse/SEC-808 . Created new 2.0.1 schema files and updated tests to use them.
2008-04-29 18:53:33 +00:00
8281aeb0da
SEC-807: Allow mapping to a standard Ldap UserDetails through the namespace
...
http://jira.springframework.org/browse/SEC-807 . Added extra test for Ldap provider parser.
2008-04-29 18:01:59 +00:00
Luke Taylor
Ben Alex