Commit Graph

2141 Commits

Author SHA1 Message Date
Luke Taylor 76438b3347 SEC-1132: Refactoring of access/intercept package to extract packages and classes which are externally depended on or potentially may be used outside of the standard interceptor model (e.g. SecurityMetadataSource) 2009-05-11 05:44:31 +00:00
Luke Taylor 14c4739605 SEC-1158: Decoupling of Pre/Post annotations implementation from Spring EL. 2009-05-11 05:18:20 +00:00
Luke Taylor 39f1536d5a Upgrade to Spring 3.0 M3 2009-05-07 08:24:41 +00:00
Luke Taylor 6d655aa514 SEC-1132: More refactoring to remove cycles ad reduce complexity metrics 2009-05-04 14:24:54 +00:00
Luke Taylor 73cfeecd0c Make sure argumentsAdded flag is set correctly. 2009-05-04 12:36:16 +00:00
Luke Taylor 5b543f83ec Removed web dependency on core-tests 2009-05-04 02:25:49 +00:00
Luke Taylor 4bc788828c SEC-1147: Remove use of SessionRegistryUtils. Inlined the methods. 2009-05-01 06:45:34 +00:00
Luke Taylor 39cc865a36 SEC-1143: Fixed by using BeanDefinitionRegistry.isBeanNameInUse() instead of containsBeanDefinition() to check for the SessionRegistry availability. The former picks up the alias registration of the standard bean Id for user's bean Id. 2009-04-28 12:08:48 +00:00
Luke Taylor e94baf38b3 Tidying up to remove warnings (generics, use of deprecated test classes etc). 2009-04-28 06:49:43 +00:00
Luke Taylor 50ac9d3b05 More generification to remove last warnings in core package. 2009-04-26 10:17:09 +00:00
Luke Taylor 1454cbb78e SEC-1132: Moved TextUtils to web module and StringSplit utils into Digest authentication package (as they aren't used elsewhere). 2009-04-25 08:04:26 +00:00
Luke Taylor a76cbee4bc SEC-1132: Moved ThrowableAnalyzer code to web module as it is only used in ExceptionTranslationFilter 2009-04-25 07:03:15 +00:00
Luke Taylor 22e7142f45 SEC-998: Bundlor enabled in web, ldap, config and core modules 2009-04-24 09:12:53 +00:00
Luke Taylor 2e3189cf83 SEC-998: Enabled bundlor in core 2009-04-22 13:00:14 +00:00
Luke Taylor 21e36e0a57 Updated version number from 2.5.0-SNPSHOT to 3.0.0.CI-SNAPSHOT 2009-04-22 12:55:52 +00:00
Luke Taylor a73016b898 SEC-998: Initial bundlor template.mf for core 2009-04-22 12:47:44 +00:00
Luke Taylor 305ce125fb SEC-863: Hierarchical roles should use the interface GrantedAuthority. Applied submitted patch. 2009-04-22 05:53:59 +00:00
Luke Taylor d7f202a111 Addition of final to constructor set fields to improve immutability of authentication and user objects 2009-04-22 04:11:38 +00:00
Luke Taylor ba6664f77f SEC-1012: Refactor SessionRegistry interface to use Java 5 generics. 2009-04-21 06:57:21 +00:00
Luke Taylor cac2bce382 Refactored SessionRegistryImpl to remove servlet API deps and moved back into core, along with other concurrent authentication package classes. 2009-04-21 06:05:14 +00:00
Luke Taylor 06040853da Javadoc tidying 2009-04-21 03:16:57 +00:00
Luke Taylor 56ec1b4b05 Tidying beforeInvocation method. 2009-04-20 01:01:34 +00:00
Luke Taylor 292926518b SEC-1136: Converted base exceptions to extend RuntimeException rather than NestedRuntimeException. 2009-04-15 10:19:37 +00:00
Luke Taylor 93bdcccaee SEC-1132: Moved userdetails into core and added core/authority sub-package 2009-04-15 07:39:21 +00:00
Luke Taylor 5d0d1bd404 Fixed Javadoc typo. 2009-04-14 12:56:16 +00:00
Luke Taylor db9afc36ab Refactored internal context holder strategy implementations to be package private and final and refactored getContext() methods to use a single call to ThreadLocal.get(). 2009-04-14 11:04:49 +00:00
Luke Taylor c770998d92 SEC-1132: Move authoritymapping to core as it is actually used in loading authorities for a use, not in making access decisions. 2009-04-14 04:22:57 +00:00
Luke Taylor 550715e73f SEC-1136: Removed SpringSecurityException and last import. 2009-04-14 01:51:22 +00:00
Luke Taylor 10673780db OPEN - issue SEC-1136: Removed SpringSecurityException. Introduced new AclException as base class for Acl module. Refactored JAAS authentication to map to AuthenticationExcpetions rather than SpringSecurityException. Modified ExceptionTranslationFilter to look explicitly for AuthenticationException or AccessDeniedException (which it should do since these are the only two it handles). 2009-04-13 14:56:49 +00:00
Luke Taylor ca7d055c2b SEC-1132: Created core and authentication packages within core module. 2009-04-13 13:43:23 +00:00
Luke Taylor 9efb5a7007 SEC-1132: Moved access-control/authorization specific code to org.sf.security.access package. Created provisioning package for user management classes to remove cyclical deps. Some other moving of classes to remove code tangles. Restructuring of portlet module under org.sf.security.portlet 2009-04-12 12:23:23 +00:00
Luke Taylor 7c4d54f356 SEC-1131: Applied patch for portlet upgrade 2009-04-12 05:52:20 +00:00
Luke Taylor 365ae3936e Moved MockAuthenticationManager to test package. 2009-04-12 05:13:18 +00:00
Luke Taylor 1b43e3661a SEC-1132: Moved switch user event class to web module as it is only used by SwitchUserProcessingFilter. 2009-04-12 04:16:46 +00:00
Luke Taylor bec84f874a SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples. 2009-03-26 07:18:36 +00:00
Luke Taylor 2a9a8a41db SEC-1125: Created separate web module spring-security-web 2009-03-25 06:28:18 +00:00
Luke Taylor 2c985a1c36 SEC-1126: separated out spring-security-config module containing namespace configuration classes and resources 2009-03-23 04:23:48 +00:00
Luke Taylor a45ba138f7 SEC-1121: InMemoryResource.equals() is wrong. Corrected as suggested. 2009-03-20 04:44:39 +00:00
Luke Taylor 4aff4b2350 SEC-1123: Renamed ObjectDefinitionSource to SecurityMetadataSourceand performed related refactoring 2009-03-20 04:32:06 +00:00
Luke Taylor 4aae5ec42e SEC-1124: Refactored LDAP code into separate module 2009-03-19 06:30:32 +00:00
Luke Taylor a0f3015ac6 SEC-1086: AccessDecisionManager implementations now log debug messages giving the results returned by each voter polled. 2009-03-19 02:01:24 +00:00
Luke Taylor d163cd7d18 SEC-1099: Translation of message.properties in Brazilian Portuguese. Added file. 2009-03-19 01:47:34 +00:00
Luke Taylor c0638e9c8d SEC-1110: Localization (messages_ko_KR.properties). Added. 2009-03-19 01:46:05 +00:00
Luke Taylor 591681c180 Upgrade to Spring M2 and correct expression classes and pom files to match changes 2009-03-19 01:17:16 +00:00
Luke Taylor 98593b7c78 SEC-1120: Added Portuguese messages file 2009-03-19 01:02:32 +00:00
Luke Taylor ccf422af5a SEC-1070: AbstractRetryEntryPoint always uses RetryWithHttpEntryPoint logger. Converted to protected (non-static) and used getClass(). 2009-03-16 08:32:16 +00:00
Luke Taylor 9de9f638fe SEC-1083: Removed unnecessary import 2009-03-16 08:07:18 +00:00
Luke Taylor 30748e8615 SEC-1083: PersistentTokenBasedRememberMeServices does not clear tokens on logout. Override logout method to remove tokens for user. 2009-03-16 08:05:02 +00:00
Luke Taylor b7557d017e Corrected Javadoc typo. 2009-03-16 07:10:12 +00:00
Luke Taylor ef3ea65fdb Switching back to 2.5.0-SNAPSHOT after tagging M1 release 2009-01-03 07:42:19 +00:00
Luke Taylor fc5f50501e [maven-release-plugin] prepare release 2.5.0.M1 2009-01-03 07:08:25 +00:00
Luke Taylor ddffdf1699 SEC-745: Renamed failureHandler and successHandler to have prefix 'authentication' 2008-12-28 17:32:25 +00:00
Luke Taylor 4a41416c9b Tidying up and removing compiler warnings. 2008-12-21 16:36:16 +00:00
Luke Taylor f5d2e7a7ce Make error message when multiple UserDetailsServices are found more explicit. 2008-12-21 13:29:42 +00:00
Luke Taylor 9cb361e88a SEC-745: Added LogoutSuccessHandler strategy for use in LogoutFilter. 2008-12-20 23:25:29 +00:00
Luke Taylor 66e586ec67 Added Id keyword. 2008-12-20 15:41:51 +00:00
Luke Taylor cc5966bc7e Tidying up, removing compiler warnings etc. 2008-12-20 00:16:49 +00:00
Luke Taylor 8154161ef5 SEC-1035: Updated build to use Spring 3.0.0.M1 Release 2008-12-18 02:37:00 +00:00
Luke Taylor 8f598e9b11 SEC-1052: Add support for the namespace option 'disable-url-rewriting'. 2008-12-17 01:28:29 +00:00
Luke Taylor 171456a26c SEC-1018: Changes to allow external reference to SaltSource bean from the namespace. 2008-12-17 01:11:43 +00:00
Luke Taylor 00125cddee SEC-1016: Moved the MapBasedDefinitionSource to the top of the list of delegates (before expressions), but changed the code to only add it if there are pointcuts defined, so there should be no unnecessary overhead. 2008-12-17 00:48:32 +00:00
Luke Taylor 585e5f393a Added warning suppression for deprecation. 2008-12-17 00:32:21 +00:00
Luke Taylor d8b5f770e9 Added warning suppression for deprecation. 2008-12-17 00:31:17 +00:00
Luke Taylor db5f1e69f1 SEC-949: Added the option of specifying -1 as the token-validity-seconds value in order to set the cookie maxAge to expire when the browser closes. 2008-12-17 00:14:48 +00:00
Luke Taylor c2e688610c SEC-1011: Introduced methods for extracting the remember-me cookie and for creating the returned token. 2008-12-16 23:25:44 +00:00
Luke Taylor 998f0b3ea1 SEC-993: Updated retrievePassword method to return null if an Authentication object with null credentials is presented (e.g. with OpenID). Prevents NPE when toString() is called. 2008-12-16 20:35:18 +00:00
Luke Taylor d0fcbd9baf Tidying up Javadoc. 2008-12-16 20:29:53 +00:00
Luke Taylor a1bd48733a Minor Javadoc correction. 2008-12-16 20:16:56 +00:00
Luke Taylor 74fd5fe8a4 Finish refactoring JdbcDaoIml to remove MappingSqlQuery objects. Updated Javadoc to avoid user confusion. 2008-12-16 18:55:38 +00:00
Luke Taylor b24cc17dea SEC-1052: Added "disableUrlRewriting" parameter to HttpSessionSecurityContextRepository. 2008-12-16 17:35:34 +00:00
Luke Taylor bf409b5b25 Improvements to Javadoc. 2008-12-16 02:06:26 +00:00
Luke Taylor f54d7ee6bc SEC-535: Added "postOnly" flag to AuthenticationProcessingFilter, defaulting to "true" so that only POST requests are allowed by default. 2008-12-15 23:58:40 +00:00
Luke Taylor 898ef36d02 SEC-959: Converted SwitchUserFilter to use new Authentication success and failure strategies from SEC-745 for managing redirects. 2008-12-15 19:50:53 +00:00
Luke Taylor c3181d9db0 SEC-1063: Moved the justUseSavedRequestOnGet property to ExceptionTranslationFilter. If set, it will not store the SavedRequest for unless the request is a GET. 2008-12-15 02:48:32 +00:00
Luke Taylor 40ccd3be11 SEC-1058: Further refactoring to remove use of getDefaultTargetUrl(). Subclasses now pass the default value as a constructor argument. 2008-12-15 01:25:12 +00:00
Luke Taylor fcc68e636e SEC-1062: Added authentication-success-handler-ref and authentication-failure-handler-ref to the namespace definition. 2008-12-15 00:56:17 +00:00
Luke Taylor a0bcf7184c SEC-1061: Renamed serverSideRedirect property. 2008-12-14 23:56:30 +00:00
Luke Taylor cf3cac90ad SEC-1058, SEC-745: Updating comments 2008-12-14 23:53:44 +00:00
Luke Taylor 3f38035057 SEC-1058: Renamed "forwardToDestination" to "useForward" for simplicity and consistency with the namespace. 2008-12-14 22:53:31 +00:00
Luke Taylor 2927b8464f SEC-1058: Substantial refactoring of AbstractProcessingFilter to use AuthenticationFailureHandler strategy. Also changed attemptAuthentication method to take a response object and have the option of returning null, to allow OpenIDAuthenticationProcessingFilter to work without having to throw exceptions between the template methods (which made the logic very hard to follow). The OpenID filter now redirects to the OpenID provider service from this method, rather than treating it as a temporary failure and throwing OpenIDAuthenticationRequiredException. 2008-12-14 22:20:21 +00:00
Luke Taylor 839279161d SEC-745: Added concrete failure handling strategies. 2008-12-13 23:34:15 +00:00
Luke Taylor 6664f57ff6 SEC-992: Removed the line setting returningObj to false. 2008-12-12 23:22:26 +00:00
Luke Taylor 10e4d1fe1a SEC-1058: Partial refactoring of AbstractProcessingFilter. It now uses the injected SuccssfulAuthenticationHandler strategy instead of managing everything itself. The default implementation is SavedRequestAwareSuccessfulAuthenticationHandler which encapsulates most of the filter's success logic along with the code which was previously in TargetUrlResolver. Removed TargetUrlResolver. 2008-12-12 22:30:57 +00:00
Luke Taylor 615194710e SEC-745: Created AuthenticationFailureHandler and AuthenticationSuccessHandler strategy interfaces. 2008-12-12 17:25:09 +00:00
Luke Taylor 48dce501ce SEC-942: Added createEmptyContext() method to SecurityContextHolderStrategy and SecurityContextHolder to encapsulate the context implemetentation in one place. HttpSessionSecurityContextRepository calls this method when it needs a new context to store in the session. 2008-12-12 14:27:23 +00:00
Luke Taylor aec23749d7 SEC-1056: Remove deprecated FilterToBeanProxy: It's gone 2008-12-12 13:04:37 +00:00
Luke Taylor 3fcc7b5403 SEC-1051: Moved voter and afterinvocation packages into acl package. Also moved filterer classes fom core, as they are used in the acl after-invocation classes 2008-12-12 12:47:42 +00:00
Luke Taylor a443e55832 SEC-1057: Refactored TargetUrlResolver to remove SavedRequest from determineTargetUrl method. 2008-12-11 17:00:13 +00:00
Luke Taylor 093365b2f4 Removed unnecessary cast. 2008-12-11 16:42:25 +00:00
Luke Taylor 30f9b3e72c SEC-995: AbstractSecurityInterceptor exception message improvement. Added the secured object to the exception message to make it easier to track down the originating method which causes a problem with public invocations. 2008-12-10 16:57:40 +00:00
Luke Taylor 3f40604b82 SEC-1055: Converted interfaces and methods using ServletRequest/Response to HttpServletRequest/Response where appropriate. 2008-12-10 13:48:25 +00:00
Luke Taylor acfcac4594 SEC-996: AccessDeniedhandlerimpl doesn't write response code if used with errorPage
Applied supplied patch which checks the committed flag before forwarding to the error page.
2008-12-10 12:36:59 +00:00
Luke Taylor 7fe6a0fc0d SEC-1033: Added support for web IP ranges based on an address and netmask. 2008-12-09 23:14:44 +00:00
Luke Taylor 7767a9ed60 SEC-1033: Add basic equality support for hasIpAddress() expression. 2008-12-09 18:04:08 +00:00
Luke Taylor 3da68a7a82 Java5 stuff 2008-12-09 18:02:58 +00:00
Luke Taylor 046456c142 Removed unused constants. 2008-12-09 14:33:31 +00:00
Luke Taylor 3e8de229be Java5 updates. 2008-12-09 14:30:37 +00:00
Luke Taylor 98422b69a8 Java5 updates. 2008-12-09 14:27:31 +00:00
Luke Taylor c2ac125719 Tidying up. 2008-12-08 21:55:33 +00:00
Luke Taylor a2ef10e65f SEC-1033: Fixed missing AuthenticationTrustResolver in web SecurityExpressionRoot. Converted some logging to trace level. 2008-12-08 21:54:47 +00:00
Luke Taylor 6b4045667a SEC-1033: Completed working version of web expression support.
SEC-999: Added getExpressionParser() method to the security handler interface to allow both web and method expression security to obtain a suitable parser from the configuration for parsing their expression attributes.
2008-12-08 01:01:14 +00:00
Luke Taylor fd3990c1f8 SEC-1033: Refactored DefaultFilterInvocationDefinitionSource to remove legacy methods and make it immutable. 2008-12-07 22:46:36 +00:00
Luke Taylor bed00e10f5 Reduced visibility of attribute names in HttpSecurityBDP. 2008-12-07 13:46:09 +00:00
Luke Taylor 9bb64d1974 Removed out of date javadoc reference to SecurityEnforcementFilter. 2008-12-06 17:56:24 +00:00
Luke Taylor 7265a70f0a SEC-1012: Java5 - use of vararg methods. 2008-12-06 17:33:19 +00:00
Luke Taylor c3d216e7bb SEC-1012: Minor improvements to SecurityContextHolderAwareRequestFilter and conversion to use jmock for test. 2008-12-06 17:31:53 +00:00
Luke Taylor 953a4ab9ea SEC-1036: Removed deprecated class and unnecessary mock. 2008-12-05 22:30:26 +00:00
Luke Taylor 6293541b73 SEC-1036: Updated DefaultSpringSecurityContextSource to enable pooling for "manager" users by default but not when binding directly as a user. 2008-12-05 22:04:51 +00:00
Luke Taylor bc6878c1c5 SEC-1044: Removed remember-me functionality from http auto-config namespace configuration. Added explicit <remember-me> elements to contacts and tutorial sample configurations. 2008-12-05 16:36:43 +00:00
Luke Taylor 58c237fa74 SEC-1015: Removed final packages/directories for old acl code. 2008-12-05 16:07:40 +00:00
Luke Taylor 38f466dcfc SEC-1039: Refactored post-request session-creation logic into separate method. Some comment improvements. 2008-12-05 15:51:29 +00:00
Luke Taylor 48874d69a7 SEC-1039: Made sure "old" security context session key points to new one so they always match. 2008-12-05 14:54:01 +00:00
Luke Taylor fd7fc0c8a5 SEC-1039: Corrected reference to security context key to match new value. 2008-12-05 14:52:52 +00:00
Luke Taylor c5e1fd77ec SEC-1045: Added testsfor use of external context storage strategy through the namespace 2008-12-04 14:25:55 +00:00
Luke Taylor 7dfbcf2ddf SEC-990: Clarify the semantics of the ConsensusBased ADM. Added the suggested patch to the Javadoc for this class. 2008-12-04 13:32:35 +00:00
Luke Taylor ffc8637def Tidying up. 2008-12-03 11:02:56 +00:00
Luke Taylor 8587d4c635 Switch to non-deprecated methods. 2008-12-03 10:21:27 +00:00
Luke Taylor 3e2930d785 SEC-1045: Added security-context-repository-ref attribute to <http> 2008-12-02 16:14:03 +00:00
Luke Taylor f2969392a6 SEC-1043: Improved Javadoc for LdapAuthenticationProvider user details mapping methods. 2008-12-02 14:32:44 +00:00
Luke Taylor 9ab69ddcaf Converted to use jmock. 2008-12-02 13:58:20 +00:00
Luke Taylor 72eee6f1ca Removing unused mock classes. 2008-12-02 13:07:06 +00:00
Luke Taylor fba57bdf5b Removed unused MockAccessDecisionManager class 2008-12-02 12:56:04 +00:00
Luke Taylor 283b932fe0 Minor tidying up. 2008-12-02 12:53:48 +00:00
Luke Taylor f3387cd879 2008-12-02 12:49:13 +00:00
Luke Taylor a09b15ce5f Added tests for AuthenticationDetailsSourceImpl (and AuthenticationDetails). 2008-12-01 15:50:31 +00:00
Luke Taylor 8283074097 Tidying. 2008-12-01 15:49:35 +00:00
Luke Taylor e3dd12021b Added extra calls to exercise CachingUserDetailsService 2008-12-01 15:49:13 +00:00
Luke Taylor a2f7b7e4f1 Added optional args argument to constructor. 2008-12-01 14:29:58 +00:00
Luke Taylor 3fe112f769 Added tests for AbstractAclVoter. 2008-12-01 14:28:24 +00:00
Luke Taylor e864dfa796 SEC-1039: Converted HttpBeanDefinitionParser to use new context persistence filter instead of HttpSessionContextIntegrationFilter 2008-12-01 12:37:31 +00:00
Luke Taylor 08ea70909d Fixed broken test due to missing context file. 2008-12-01 00:36:13 +00:00
Luke Taylor a318aacc4f Converted MethodSecurityInterceptorTests to use mocks and deleted app context file. 2008-11-30 23:20:16 +00:00
Luke Taylor bfd4bcfdb7 SEC-1012: Java5ing of RunAsUserToken constructor. 2008-11-30 23:16:39 +00:00
Luke Taylor b25d6958d7 SEC-1036: Removed references to SpringSecurityContextSource 2008-11-29 12:15:51 +00:00
Luke Taylor 66897e1849 SEC-1036: Upgraded Spring LDAP to 1.3 and made corresponding code changes. Also some general tidying up of LDAP code. Removed deprecated context factory classes. 2008-11-28 22:22:51 +00:00
Luke Taylor 1918c50fd7 SEC-1039: Deprecated HttpSessionContextIntegrationFilter and made it extend SecurityContextPersistenceFilter. 2008-11-28 18:01:34 +00:00
Luke Taylor 8cfd515b27 SEC-988: Added Javadoc for UserDetailsChecker interface. 2008-11-27 21:21:25 +00:00
Luke Taylor d508adbf8b SEC-1037: Made LdapAuthenticationProvider implement MessageSourceAware. 2008-11-27 21:12:43 +00:00
Luke Taylor 843d0e6910 SEC-985: Added hideUsernameNotFoundException property to LdapAuthenticationProvider and set default to true. 2008-11-27 21:08:01 +00:00
Luke Taylor 4d81d750cd SEC-1039: Created new filter SecurityContextPersistenceFilter and SecurityContextRepository strategy to replace HttpSessionContextIntegrationFilter functionality. 2008-11-27 20:18:54 +00:00
Luke Taylor 789be71d8c SEC-398: Rolled back addition of erroneous test method for this issue (the fix was incorrect and the test method does nothing useful). 2008-11-27 10:41:08 +00:00
Luke Taylor 2dfd006665 SEC-1012: Converted Groupsmanager to use List<String> 2008-11-26 11:17:15 +00:00
Luke Taylor 1f78974073 Improved javadoc and debug message relating to clearing of security context. 2008-11-26 10:35:06 +00:00
Luke Taylor dca0505d23 SEC-1012: generification 2008-11-21 12:39:30 +00:00
Luke Taylor 05e753de61 Converted to use jmock for mocks. 2008-11-21 12:26:56 +00:00
Luke Taylor 6b24637fbc Further SavedRequestWrapper related tests and tidying up. 2008-11-21 12:17:43 +00:00
Luke Taylor 1cf59b249a Added test class for DefaultLoginPageGeneratingFilter. 2008-11-16 05:07:33 +00:00
Luke Taylor 13caa48a24 Added clearContext() in @After. Test was leaving a TestingAuthenticationToken in the context. 2008-11-16 00:09:35 +00:00
Luke Taylor 18e74e7d3f Import cleaning. 2008-11-16 00:03:42 +00:00
Luke Taylor 22cca49d4a Added clearContext() call in @Before method. Test class appears to be failing on the build server because of a left over security context from a previous test 2008-11-16 00:03:01 +00:00
Luke Taylor 67c06d3d52 SEC-1012: Adding generics and general tidying up of tests etc 2008-11-15 13:00:38 +00:00
Luke Taylor a535c5bd05 Removed unused imports. 2008-11-15 11:09:40 +00:00
Luke Taylor 9dc50bce82 SEC-1013: Removed ConfigAttributeDefinition 2008-11-15 10:55:23 +00:00
Luke Taylor e259fe43a9 SEC-1034: Removed classes for converting a FilterInvocationDefinitionSource to a map for use in FilterChainProxy 2008-11-15 10:26:35 +00:00
Luke Taylor 31375b7212 SEC-1012: Futher generification. Also changed method signature of ObjectDefinitionSource.getAllConfigAtributes to return a single collection 2008-11-15 09:35:11 +00:00
Luke Taylor 5c1f4e60e3 Tidying stuff 2008-11-14 07:16:49 +00:00
Luke Taylor 3261fcb174 Tidying stuff 2008-11-14 07:16:30 +00:00
Luke Taylor fa630a430d Removed unused test files 2008-11-14 06:23:34 +00:00
Luke Taylor 3ce5ea7710 Add missing @Test attributes 2008-11-14 06:22:43 +00:00
Luke Taylor df26b2447c SEC-1035: Switch to using spring-el from the Spring 3 build 2008-11-14 06:21:24 +00:00
Luke Taylor bd9b199599 Import cleaning. 2008-11-14 00:28:54 +00:00
Luke Taylor 648ba1c43a SEC-1034: Fix broken tests. 2008-11-13 08:57:43 +00:00
Luke Taylor ae05e74085 Replace use of deprecated Spring methods (addConstructorArg) with non-deprecated versions. 2008-11-13 08:56:59 +00:00
Luke Taylor 7a8bd8a673 SEC-1034: Removed FilterInvocationDefinitionSourceEditor. 2008-11-13 07:46:21 +00:00
Luke Taylor 464da0f0df SEC-999: Refactored namespace to take an expression handler instead of a permission evaluator, allowig fo greater cusomtomization and for a single handler to be used in both web and method security expressions. 2008-11-13 07:41:21 +00:00
Luke Taylor ee13be47b7 Call setAuthenticated() in constructor with authorities to mimic behaviour of UsernamePasswordAuthenticationToken 2008-11-13 07:29:43 +00:00
Luke Taylor 3ef34122fc Converted to using JMock. 2008-11-13 06:50:55 +00:00
Luke Taylor e18971fdf0 Fix test. BasicProcessingFilter doesn't work with TestingAuthenticationToken. 2008-11-13 06:30:39 +00:00
Luke Taylor 3acd515c6c SEC-999: Refactored expression security classes for better separation of concerns and of method vs web authorization expressions. 2008-11-12 04:07:56 +00:00
Luke Taylor 0bbab88504 SEC-1031: LdapShaPasswordEncoder.isPasswordValid startOfHash off by one
http://jira.springframework.org/browse/SEC-1031. Fixed startOfHash value and added tests to check full length of password is used.
2008-11-11 23:34:40 +00:00
Luke Taylor 0ba690fb0e SEC-1015: Removed acl package from core and also related taglib declaration and implementation class (AclTag). 2008-11-11 09:21:51 +00:00
Luke Taylor e5b1073501 SEC-1012: Added more generics and warning suppression 2008-11-11 09:06:50 +00:00
Luke Taylor be34724207 Matchers for use with JMock expectations 2008-11-11 08:43:17 +00:00
Luke Taylor 62986c700b SEC-1027: Removed bnd plugin and 'bundle' package types from pom.xml files 2008-11-11 01:09:37 +00:00
Luke Taylor e11114ce77 SEC-1023: Add hasPermission() support to SecurityExpressionRoot
http://jira.springframework.org/browse/SEC-1023.

hasPermission() now delegates to a PermissionEvaluator interface, with a default implementation provided by the Acl module. The contacts sample now uses expressions on the ContactManager interface. The permission-evaluator element on global-method-security can be used to set the instance to an AclPermissionEvaluator. If not set, all hasPermission() expressions will evaluate to 'false'.
2008-11-10 04:27:25 +00:00
Luke Taylor d6bb6ccbf5 Removed .cvsignore files 2008-11-06 01:11:08 +00:00
Luke Taylor d33b13e52e SEC-1023: Added support for hasPermission() based on Id and type 2008-11-05 22:44:46 +00:00
Luke Taylor a207acf7cb SEC-999: Fix broken test which was failing due to use of incorrect authentication object. 2008-11-05 01:09:14 +00:00
Luke Taylor 56141e9c5f SEC-999: Refactoring out specific dependencies on Spring EL into SecurityExpressionHandler.
SEC:1023: Updates to expression root to allow evaluationof permissions.
2008-11-04 23:30:56 +00:00
Luke Taylor dabb719456 SEC-1023: Add hasPermission() support to SecurityExpressionRoot
http://jira.springframework.org/browse/SEC-1023. PermissionEvaluator interface for use by expressions when evaluating hasPermisson() expressions.
2008-11-04 22:46:21 +00:00
Luke Taylor b42fc7221f Upgraded to jmock 2.5.1 2008-11-04 05:37:56 +00:00
Luke Taylor 514bca669f SEC-999: Introduced custom SecurityExpressionEvaluationContext which is responsible for lazy initialization of parameter values in the context. Also some further conversion of code using GrantedAuthority arrays. 2008-10-31 11:40:11 +00:00
Luke Taylor ec44f2bdfe SEC-1012: Refactoring of use of GrantedAuthority[] to generified collections 2008-10-31 03:53:00 +00:00
Luke Taylor e891b334e6 SEC-1009: removed additional container adapter specific code 2008-10-30 05:45:13 +00:00
Luke Taylor 09cc58d7ac SEC-1009: removed additional container adapter specific code 2008-10-30 05:44:38 +00:00
Luke Taylor 3521af4cae Added missing test class. 2008-10-30 04:32:22 +00:00
Luke Taylor a7d046357b SEC-1013: Refactored out use of ConfigAttributeDefinition from remaining interfaces 2008-10-30 04:10:54 +00:00
Luke Taylor c7abdadc06 SEC-999: Moved caching from AbstractFallbackMethodDefinitionSource to DelegatingMethodDefinitionSource, to allow ExpressionBasedMethodDefinitionSource to take advantage of it. The latter no-longer uses the fallback approach as it requires its own strategy to combine annotations which may be defined at method-on-class, class, method-on-interface or interface level. 2008-10-28 06:37:04 +00:00
Luke Taylor f2ec8c978a Moved MethodDefinitionSource to standalone class. 2008-10-27 21:51:58 +00:00
Luke Taylor f592357c27 SEC-999,SEC-1013: removed ConfigAtributeDefinition from ObjectDefinitionSource and implementations. Modified el-authz to allow methods which use an annotation without explicitly specifying a PreAuthorize condition 2008-10-27 09:04:22 +00:00
Luke Taylor 5174693c64 SEC-999: Expression language based access decision support
http://jira.springframework.org/browse/SEC-999. Added missing test class.
2008-10-24 00:57:52 +00:00
Luke Taylor 4aa32f7d06 SEC-999: First commit of expression-based authorization implementation 2008-10-24 00:38:36 +00:00
Luke Taylor 91c44a47fd SEC-999: Added spel-annotations to newly created 2.5 schema file.
http://jira.springframework.org/browse/SEC-999
2008-10-21 05:54:42 +00:00
Luke Taylor b031124f61 SEC-991: Removed deprecated getAttributes() method from LdapUserDetails interface 2008-10-17 05:12:11 +00:00
Luke Taylor b589f78918 SEC-954: Deprecate AbstractMethodDefinitionSource 2008-10-17 01:06:21 +00:00
Luke Taylor c947d42146 SEC-1010: Moved TestingAuthenticationProvider and token to main core src tree and updated poms to match 2008-10-15 06:35:11 +00:00
Luke Taylor 6c8a82fa13 Updated poms to Spring 2.5 and fixed up sandbox to work with latest build 2008-10-15 05:52:40 +00:00
Luke Taylor 7cc0965383 SEC-1001: Move core tiger code into core and adjust pom files 2008-10-03 15:23:31 +00:00
Luke Taylor 97381fb448 SEC-974: Made getExceptionMappings() protected. 2008-10-01 16:25:20 +00:00
Luke Taylor 4542f00b14 SEC-975: Namespace security syntax does not interpret properties
http://jira.springframework.org/browse/SEC-975. Changed creation of AccessDeniedHandler to use a BeanDefinition to make sure placeholders work OK.
2008-09-12 19:06:53 +00:00
Luke Taylor 5e4634d216 Minor Javadoc improvement. 2008-09-12 14:57:21 +00:00
Luke Taylor d291def963 Removed invalid comment. 2008-09-12 10:18:40 +00:00
Luke Taylor df59cb9dcd Import cleaning. 2008-09-11 14:41:00 +00:00
Luke Taylor ef0389ae79 SEC-976: Removed checks for presence of core-tiger classes. 2008-09-11 14:37:55 +00:00
Luke Taylor 5b9bb8ba54 [maven-release-plugin] prepare for next development iteration 2008-09-05 19:04:22 +00:00
Luke Taylor 73eed2656d [maven-release-plugin] prepare release spring-security-parent-2.0.4 2008-09-05 18:57:43 +00:00
Luke Taylor 8661e17df9 OPEN - issue SEC-960: DN Encoding in LDAPUserDetailsManager.changePassword() causes bind errors
http://jira.springframework.org/browse/SEC-960. Replaced call to toUrl() with toString() to prevent URL encoding when setting up principal name for reconnect() in changePassword() method.
2008-09-05 13:49:38 +00:00
Luke Taylor 5102be3a59 SEC-971: getter for cookieName in AbstractRememberMeServices
http://jira.springframework.org/browse/SEC-971. Added getCookieName() method.
2008-09-04 16:05:34 +00:00
Luke Taylor 4e2d6f8b2e SEC-967: TextUtils.java does not escape ampersand character
http://jira.springframework.org/browse/SEC-967. Added escaping of '&' character
2008-08-29 12:01:45 +00:00
Luke Taylor d781deffe7 OPEN - issue SEC-966: Consider adding escapeXml attribute to security:authentication
http://jira.springframework.org/browse/SEC-966.  Added escaping of rendered text as default.
2008-08-26 16:21:29 +00:00
Luke Taylor a4e4120443 SEC-963: LDAP Group Search Root
http://jira.springframework.org/browse/SEC-963. Changed namespace instances of DefaultAuthoritiesPopulator to use the root as the default search location.
2008-08-26 13:51:01 +00:00
Luke Taylor 83868a7334 SEC-955: ability to externalize port mapping for secured channel to a property file
http://jira.springframework.org/browse/SEC-955. Changed schema to make port-mapping type xsd:string to allow placeholders.
2008-08-26 13:20:01 +00:00
Luke Taylor 150f3d97d0 SEC-832: NamingEnumeration.hasMore fails on MS AD with PartialResultException
http://jira.springframework.org/browse/SEC-832. Changed searchForSingleEntry method to ignore PartialResultException, similar to Spring LDAP's approach.
2008-08-26 12:49:37 +00:00
Luke Taylor 7f28a8bc5d Refactored DefaultLdapAuthoritiesPopulator to remove contextSource field and setter method. 2008-08-26 12:38:02 +00:00
Luke Taylor 1cfd886517 SEC-922: Spring Security should respect Spring XML boolean operators for AJ pointcut
http://jira.springframework.org/browse/SEC-922. Added method to substitute boolean operators "and, not, or" with aspectj versions "&&, !, ||".
2008-08-18 23:31:14 +00:00
Luke Taylor bb457e1d07 SEC-957: logger.debug without guard causing massive performance hit
http://jira.springframework.org/browse/SEC-957. Added debug logging guard as requested.
2008-08-18 18:20:48 +00:00
Luke Taylor 09cf90258f SEC-758: Both AspectJSecurityInterceptor and AspectJAnnotationSecurityInterceptor not usable with @AspectJ notation
http://jira.springframework.org/browse/SEC-758. Added "throws Throwable" to AspectJAnnotationCallback signature.
2008-08-18 14:47:28 +00:00
Luke Taylor e15d7a78cd SEC-956: Remove MapBasedMethodDefinitionSource.lookupAttributes
http://jira.springframework.org/browse/SEC-956. Done.
2008-08-18 13:13:18 +00:00
Luke Taylor 3bf5e406b7 SEC-936: NPE in AbstractFallbackMethodDefinitionSource
http://jira.springframework.org/browse/SEC-936. Changed to check if the value of MethodInvocation.getThis() is null to prevent NPE. MapBasedMethodDefinitionSource now ignores calls to findAttributes() with a null target class (all its entries require a class) and the fallback option in AbstractFallbackMethodDefinitionSource is used if the targetClass is null (i.e. Method.getDeclaringClass() will be used as the Class)
2008-08-16 02:31:36 +00:00
Luke Taylor 55d357f42d OPEN - issue SEC-905: <protect-pointcut /> pointcuts do not respect method arguments
http://jira.springframework.org/browse/SEC-905. Added extra registration method to MapBasedMethodDefinitionSource which takes a Method instance rather than the method name.
2008-08-12 17:11:38 +00:00
Luke Taylor d9ab0758ee SEC-954: Removed test dependency on AbstractMethodDefinitionSource. 2008-08-12 17:08:55 +00:00
Luke Taylor 36b35e3b1f CLOSED - issue SEC-953: Query string isn't ignored while url - filterchain pattern matching
http://jira.springframework.org/browse/SEC-953. Fixed autoboxing issue.
2008-08-11 21:15:09 +00:00
Luke Taylor 39a656eb78 OPEN - issue SEC-953: Query string isn't ignored while url - filterchain pattern matching
http://jira.springframework.org/browse/SEC-953. Added stripQueryStringFromUrls parameter to FilterChainProxy which works the same as the one on DefaultFilterInvocationDefinitionSource. This defaults to true when used with ant path matching.
2008-08-11 19:15:33 +00:00
Luke Taylor b6dec19e90 SEC-932: Added supplied class and test class. 2008-08-11 16:36:01 +00:00
Luke Taylor 3ab9fcdcaf Tidying. 2008-08-11 15:05:16 +00:00
Luke Taylor 3a9eb018ba SEC-950: Added test to attempt to reproduce problem. 2008-08-08 15:41:14 +00:00
Luke Taylor b3a23b4377 Some minor improvements to schema comments 2008-08-07 19:15:13 +00:00
Luke Taylor 25814d341d Tidying. 2008-08-06 16:18:05 +00:00
Luke Taylor e951c42c2b Improved javadoc. Some tidying up. 2008-08-06 15:28:04 +00:00
Luke Taylor 7258d30e13 Reinstated missing author tag and some minor tidying (de-jalopying). Removed unused logger. 2008-08-06 13:41:01 +00:00
Luke Taylor 3ee3591feb SEC-947: Added check on "before" and "after" values to make sure they don't overflow when decremented/incremented respectfully. 2008-08-05 23:26:01 +00:00
Luke Taylor 1af7eed433 SEC-883: RoleHierarchyVoter
http://jira.springframework.org/browse/SEC-883. Added RoleHierarchyVoter and deprecated existing approach. Also moved TestingAuthenticationToken to test package structure.
2008-08-04 13:08:03 +00:00
Luke Taylor 54ac7b3e46 SEC-935: Updated schema to include OpenID filter name. Also updated some doc comments and added default schema name (spring-security.xsd) to schemas. 2008-08-01 12:51:31 +00:00
Luke Taylor 3049b933d9 Moved XML test snippet to ConfigTestUtils class and removed context files from core-tiger tests in favour of in-memory XML 2008-07-31 21:35:29 +00:00
Luke Taylor 1d96283876 Removed commented out line. 2008-07-31 20:45:25 +00:00
Luke Taylor d7926f3557 SEC-943: Forgot to commit tests. 2008-07-31 20:30:56 +00:00
Luke Taylor e5d86b13b7 SEC-941: Embedded ldap-server uses hard-coded ldap url for importing ldif files
http://jira.springframework.org/browse/SEC-941. Changed LdapUtils.parseRootDnFromUrl to use URI.getRawPath() so the returned root value still contains the escaping. I think this should be Ok.
2008-07-31 19:50:08 +00:00
Luke Taylor 67e5afbb79 OPEN - issue SEC-881: PreAuthenticatedFilter continues filter chain after unsuccessfulAuthentication(...)
http://jira.springframework.org/browse/SEC-881. Updated Javadoc.
2008-07-31 15:56:37 +00:00
Luke Taylor 000bb1cbed OPEN - issue SEC-881: PreAuthenticatedFilter continues filter chain after unsuccessfulAuthentication(...)
http://jira.springframework.org/browse/SEC-881. Added test class.
2008-07-31 15:42:04 +00:00
Luke Taylor 243c4f22d4 OPEN - issue SEC-899: GrantedAuthorityImpl.compareTo should handle null roles
http://jira.springframework.org/browse/SEC-899. Changed to return -1 when compared to custom auhority which returns null from getAuthority()
2008-07-31 13:01:22 +00:00
Luke Taylor d4c105d8ba OPEN - issue SEC-934: security:intercept-url throws NPE if defined twice with the same url
http://jira.springframework.org/browse/SEC-934. Added log warning when the same url is used multiple times.
2008-07-30 15:03:47 +00:00
Luke Taylor f6ff958411 Renamed rnc file. 2008-07-30 11:05:44 +00:00
Luke Taylor 4bb3eb12c3 SEC-933: global-method-security and aop:aspectj-autoproxy throws NullPointerException in some situations
http://jira.springframework.org/browse/SEC-933. Removed the setting of the attributeSource field from the interceptor in MethodDefinitionSourceAdvisor as this was overwriting the version supplied with the constructor with null (causing the NPE).
Also implemented lazy initialization of the authentication provider list from the bean factory in a custom NamespaceAuthenticationManager (extends ProviderManager and introspects the BeanFactory when getProviders() is first called). This should prevent the perennial problem of the eager initialization of UserDetailsService and other beans when the interceptor is eagerly initialized by something like aspectj-autoproxy.
2008-07-30 11:01:23 +00:00
Luke Taylor f453264bde SEC-909: custom remember me services doesn't get registered as logout handler
http://jira.springframework.org/browse/SEC-909. HttpSecurityBeanDefinitionParser now passes the resolved RememberMeServices bean name to the LogoutBeanDefinitionparser so that it an use it explicitly.
2008-07-15 18:22:53 +00:00
Luke Taylor 1ddc033fe5 SEC-903: Wrong attribute mapping when using jdbc-user-service bean
http://jira.springframework.org/browse/SEC-903. Corrected property name set by JdbcUserServiceBeanDefinitionParser (was setting authorities query rather than groups one).
2008-07-15 16:43:57 +00:00
Luke Taylor e303e8b71a SEC-924: Implement automatic injection of namespace created RememberMeServices into custom AbstractProcessingFilter based beans.
http://jira.springframework.org/browse/SEC-924. Delayed setting of NullRememberMeServices in AbstractProcessingFilter until afterPropertiesSet method is called, allowing the null value to be read by the namespace and the confgiured RememberMeServices bean injected.
2008-07-15 14:52:13 +00:00
Luke Taylor bf5896600e OPEN - issue SEC-913: SwitchUserProcessingFilter modifies the switchFailureUrl member variable on failure
http://jira.springframework.org/browse/SEC-913. Applied patch as suggested (use sendRedirect method for failure URL).
2008-07-15 13:42:30 +00:00
Luke Taylor b4c63db680 SEC-921: Improved messages_zh_CN.properties for Chinese
http://jira.springframework.org/browse/SEC-921. Added contributed file.
2008-07-15 11:11:21 +00:00
Luke Taylor a56c13fb22 SEC-912: Added callback methods to BasicProcessingFilter for successful and unsuccessful authentication. 2008-07-12 17:40:39 +00:00
Luke Taylor 697c7c5f48 SEC-918: Added more info on DB schema to javadoc 2008-07-12 15:21:24 +00:00
Luke Taylor 6d179122d3 SEC-916: Added Spanish messages contribution. 2008-07-10 15:32:01 +00:00
Luke Taylor 2cda6242c8 SEC-904: Moved multi-threaded tests into sandbox 2008-07-02 19:19:21 +00:00
Luke Taylor 479693ced7 SEC-900: Added extra checks on expiry time 2008-07-02 18:40:55 +00:00
Luke Taylor 775a6c3939 [maven-release-plugin] prepare for next development iteration 2008-06-23 14:10:35 +00:00
Luke Taylor 87d50aecce [maven-release-plugin] prepare release spring-security-parent-2.0.3 2008-06-23 14:05:36 +00:00
Luke Taylor 3ee8733261 SEC-879: Added required BeanPostProcessor to set SessionRegistry is set on namespace registered AbstractProcessingFilter and SessionFixationProtectionFilter when using custom ConcurrentSessionController
http://jira.springframework.org/browse/SEC-879.
2008-06-20 22:08:05 +00:00
Luke Taylor d5ee89bb7c Correct typo in error message. 2008-06-19 15:21:03 +00:00
Luke Taylor ff5bfccdba SEC-892: Linked use of create-session='never' in namespace to corresponding properties in ExceptionTranslationFilter and AbstractProcessingFilter 2008-06-19 13:46:45 +00:00
Luke Taylor c56d524bd9 SEC-887: Added setter method for account status checker. 2008-06-18 12:00:45 +00:00
Luke Taylor af5f193ec1 SEC-890: Corrected use of dataSource property name in RememberMeBDP. 2008-06-18 10:35:30 +00:00
Luke Taylor 7d79ae5424 SEC-880: Fix incorrect index value. 2008-06-13 10:58:01 +00:00
Luke Taylor 32b8009bee SEC-875: Removed duplicated parameters from SavedRequestWrapper.getParameterValues() 2008-06-09 23:33:36 +00:00
Luke Taylor 3b775d29d3 SEC-870: Polish messages file contribution 2008-06-08 22:09:47 +00:00
Ben Alex 358f284f42 SEC-760: Correct bug where more than one concurrent JaasAuthenticationProvider used. 2008-06-06 06:13:14 +00:00
Luke Taylor ff785a829f [maven-release-plugin] prepare for next development iteration 2008-06-03 16:07:20 +00:00
Luke Taylor db1d8604a6 [maven-release-plugin] prepare release spring-security-parent-2.0.2 2008-06-03 16:05:40 +00:00
Luke Taylor 9308284bd4 SEC-864: Removed duplicate OpenID provider. 2008-06-03 14:53:43 +00:00
Luke Taylor 122e1c47ed Changed rnc filename prior to 2.0.2 release 2008-06-01 19:34:50 +00:00
Luke Taylor 64ab7e534c Spelling corrections in Javadoc. 2008-06-01 17:26:27 +00:00
Luke Taylor ab6d29d927 SEC-862: Make logoutSuccessUrl accessible to sub-classes. 2008-06-01 16:15:09 +00:00
Luke Taylor 1d9d7eb9a7 Removed accidental commit of SavedRequest clearing code in TargetUrlResolverImpl 2008-05-30 17:53:09 +00:00
Luke Taylor ecd2cc6da7 Added some Assert calls to setters and improved comments. 2008-05-30 15:29:51 +00:00
Luke Taylor f228d013d8 SEC-861: Change default value of justUseSavedRequestOnGet to false 2008-05-30 15:09:51 +00:00
Luke Taylor 4de4bb8e87 SEC-860: Added setter for authenticationDetailsSource to AbstractRememberMeServices 2008-05-30 14:29:32 +00:00
Luke Taylor f8cded10ee Typo. 2008-05-30 11:20:16 +00:00
Luke Taylor c031588975 SEC-606: Added support for customizable credentials character set. 2008-05-29 18:00:15 +00:00
Luke Taylor 36a192b70f SEC-858: Replaced integer properties in schema with strings to allow use of placeholders. 2008-05-29 16:13:14 +00:00
Luke Taylor 980a72f9a0 Removed TODO (done). 2008-05-29 15:54:50 +00:00
Luke Taylor 517a7f117a SEC-857: Make request wrapper getParameterValues() consistent with getParameterMap() etc. 2008-05-29 15:49:43 +00:00
Luke Taylor 244579faf4 OPEN - issue SEC-856: GroupManager JdbcUserDetailsManager implementation: addGroupAuthority() method doesn't work.
http://jira.springframework.org/browse/SEC-856. Refactored class to remove the JDBC-related inner classes.
2008-05-28 16:25:28 +00:00
Luke Taylor d63536cc0d SEC-821: Added support for eternal session registry and concurrent session controller to the 2.0.2 namespace. 2008-05-27 13:14:21 +00:00
Luke Taylor 8b5bbe3800 SEC-830: Changed SavedRequestAwareWrapper to make wrapped request parameters take precedence over saved request ones. 2008-05-25 22:57:03 +00:00
Luke Taylor 45c3084502 SEC-836: Made LDAP namespace elements use subtree group searching by default. 2008-05-23 23:57:01 +00:00
Luke Taylor 871e529840 SEC-850: custom-authentication-provider Registering Separate Bean Definitions in App Context and Providers List
http://jira.springframework.org/browse/SEC-850. Added extra test.
2008-05-23 23:32:57 +00:00
Luke Taylor d1005e4cfb SEC-850: custom-authentication-provider Registering Separate Bean Definitions in App Context and Providers List
http://jira.springframework.org/browse/SEC-850. Changed bean decorator to add a bean reference to the ProviderManager rather than a bean definition.
2008-05-23 23:25:09 +00:00
Luke Taylor 9ce0270226 Fixed typo in test name 2008-05-23 22:57:30 +00:00
Luke Taylor 7603ce2f97 SEC-848: Remove all Spring LDAP dependecy loading from namespace parsers
http://jira.springframework.org/browse/SEC-848. Replaced class references with class names.
2008-05-23 21:30:57 +00:00
Luke Taylor 25ba269db0 SEC-835: use setContentType on response for J2EE 1.3 compatibility. 2008-05-23 20:55:10 +00:00
Luke Taylor 11b448c0e0 SEC-847: Updated the xsl file to inline openid-login and other elements 2008-05-23 16:29:44 +00:00
Luke Taylor 08c5fe8925 Fixed autoboxing issue 2008-05-22 12:19:00 +00:00
Luke Taylor fbe3ca48f4 SEC-823, SEC-843: Allow setting of custom RememberMeServices and token validity periodon remember-me namespace element 2008-05-21 16:03:05 +00:00
Luke Taylor 3e33b8a880 Update InMemoryXmlApplicationContext to use 2.0.2 schema 2008-05-20 22:46:37 +00:00
Luke Taylor b60c578b25 SEC-844: Support for SHA-256 hashing. 2008-05-20 22:45:02 +00:00
Luke Taylor 03981ab6a0 SEC-844: Added sec-256 to namespace schema 2008-05-20 22:32:03 +00:00
Luke Taylor e9adbd4d62 SEC-844, SEC-843, SEC-823: Added support for sha-256, custom remember-me services and setting of remember me token validity period to namespace schema. Also added 2.0.2 XSD file 2008-05-20 19:48:32 +00:00
Luke Taylor 29d31b72d0 SEC-837: Add special character filtering to LDAP search filters 2008-05-20 19:25:37 +00:00
Luke Taylor 3fb1f59fde SEC-837: Add special character filtering to LDAP search filterscore/src/test/java/org/springframework/security/ldap 2008-05-20 19:22:49 +00:00
Luke Taylor 5af53da106 Improved doc for'filters' attribute 2008-05-18 11:09:50 +00:00
Luke Taylor 2329dadf48 Removed jalopy parameter comments 2008-05-15 17:58:15 +00:00
Luke Taylor f269373442 IDE-791: Remove explicit Spring LDAP class dependencies from LdapServerBDP. 2008-05-15 14:33:42 +00:00