cacc31004f
Javadoc typo corrected.
2005-03-16 23:31:19 +00:00
bb7d428617
Commence method now returns 403 error
2005-03-16 18:26:41 +00:00
452604ff3b
Minor Javadoc corrections.
2005-03-16 16:57:28 +00:00
52c42a7a40
Corrected Authz parsing of whitespace in GrantedAuthoritys. Contributed by Francois Beausoleil.
2005-03-14 06:09:33 +00:00
632617f693
Test that the ConcurrentSessioncontrollerImpl implements ApplicationListener. This is critical and was left out once.
2005-03-13 22:35:17 +00:00
ff45047f5a
This MUST implement ApplicationListener in order to receive the HttpSessionDestroyedEvents
2005-03-13 22:30:06 +00:00
169449bf24
In response to: http://forum.springframework.org/viewtopic.php?t=3874
...
JaasAuthenticationProvider now checks that the java.security.auth.login.config is null before attempting to use it.
Also, The loginConfig resource is attempted as a file first as spaces in the path name can cause FileNotFoundExceptions for URLs
2005-03-13 22:26:56 +00:00
df91d352cb
AbstractBasicAclEntry improved compatibility with Hibernate, as per http://forum.springframework.org/viewtopic.php?t=3949 .
2005-03-13 21:01:16 +00:00
f594fdf751
Tidying and tests to bring Dao populator up to full coverage.
2005-03-12 21:56:04 +00:00
76f868c777
More tests.
2005-03-12 21:27:22 +00:00
765cc02599
Tidying.
2005-03-12 21:24:55 +00:00
9f62da7d1c
Better test method names.
2005-03-12 21:20:43 +00:00
0a4fc1731a
Tests added to bring X509ProcessingFilter up to full coverage.
2005-03-12 20:47:58 +00:00
c3c5487b93
Now sets WebAuthenticationDetails on authentication request token.
2005-03-12 20:46:58 +00:00
acee1ef696
Added "details" property
2005-03-12 20:40:05 +00:00
5d1cd29dfb
Added tearDown method which resets the context to null to prevent occasional breaking of other test classes.
2005-03-12 13:44:00 +00:00
f578915728
Test class for X509 filter.
2005-03-11 17:42:39 +00:00
af02c42e9f
First version that works.
2005-03-11 03:15:54 +00:00
fbb4bc0873
Added regexp matching within the DN to extract the user name.
2005-03-11 02:47:43 +00:00
29050b29b2
Dao populator tests for X.509. Tests matching of regexps in the certificate Subject to extract the user name.
2005-03-11 02:08:07 +00:00
4763f953d3
FilterChainProxy now supports replacement of ServletRequest and ServetResponse by Filter beans.
2005-03-11 01:41:43 +00:00
5c86b97f37
First working (kind of) version.
2005-03-11 00:39:36 +00:00
c5fe428400
Patch by Matt Raible which returns null if Authentication is anonymous.
2005-03-10 12:00:30 +00:00
b898b87ffb
Enhance test coverage as part of diagnosis of reported bug at http://forum.springframework.org/viewtopic.php?p=15751 .
2005-03-10 11:39:32 +00:00
15535fff41
SecurityEnforcementFilter caused NullPointerException when anonymous authentication used with BasicProcessingFilterEntryPoint.
2005-03-10 11:11:25 +00:00
08dbf66880
(Currently functionless) entry point implementation for X.509
2005-03-10 03:21:25 +00:00
aabcef4c69
Dao populator for X509, mirroring the CAS one.
2005-03-10 03:20:25 +00:00
fea1725f39
Removed inappropriate inheritance from AbstractProcessingFilter (doesn't make sense for X509 case).
2005-03-10 03:16:45 +00:00
ae91b58685
First stab at X509 authentication provider
2005-03-09 02:14:30 +00:00
da3801b914
Javadoc improvements.
2005-03-09 02:02:05 +00:00
559f480f4b
Corrected Javadoc typos.
2005-03-07 22:35:28 +00:00
ab6d43ff08
Corrected Javadoc typo.
2005-03-07 16:53:42 +00:00
051a34f859
Support credentialsExpiredUrl as per request made in http://forum.springframework.org/viewtopic.php?t=3862 .
2005-03-07 12:23:48 +00:00
5c3799cd16
Changed "opal ticket" to "opaque ticket" in Javadoc.
2005-03-05 19:48:02 +00:00
124f33bb09
Corrected Javadoc typo
2005-03-05 18:27:05 +00:00
6b12779902
Minor Javadoc corrections
2005-03-05 18:23:04 +00:00
4ef54828c0
corrected javadoc link
2005-03-05 01:05:23 +00:00
f1e071b0f1
Added remember-me services.
2005-03-01 02:30:38 +00:00
0d33b06990
Fix NullPointerException if a pattern is given without any config attributes (eg /**/*.css=). Contributed by Konstantin Shaposhnikov.
2005-02-28 22:06:53 +00:00
873c3f6c3d
Improve Linux and non-Sun JDK (specifically IBM JDK) compatibility.
2005-02-28 03:02:32 +00:00
d47a2190f7
Correct test failure on high performance JREs.
2005-02-27 07:16:38 +00:00
44397bb05d
Committing ConcurrentSessionController feature and tests. Documentation is needed.
2005-02-26 21:48:07 +00:00
4125db5650
Added in a default constructor to use the original sessionid and a constructor for specifying the sessionId
2005-02-25 05:24:10 +00:00
693ac5a24a
Anonymous principal support. As requested by the community at various times, including in http://forum.springframework.org/viewtopic.php?t=1925 .
2005-02-23 06:09:56 +00:00
3c4faf58c7
HttpSessionEventPublisher, HttpSessionCreatedEvent, HttpSessionDestroyedEvent
...
Used together to provide published events in the ApplicationContext about HttpSessions.
Useful for things like Single Session logins.
2005-02-23 02:54:41 +00:00
8b24b1cf7a
MockFilterChain extended TestCase but had no public constructor and no test methods.
...
The expectedToProceed test is internally handled by a static call to TestCase.assertTrue() and TestCase.fail()
2005-02-23 02:47:31 +00:00
a3818184f4
Added Digest Authentication support (RFC 2617 and RFC 2069).
2005-02-22 06:14:44 +00:00
dda66a0454
Significantly refactor "well-known location model" to authentication processing mechanism and HttpSessionContextIntegrationFilter model.
2005-02-21 06:48:31 +00:00
ba02d45677
Clean up imports.
2005-02-21 06:34:16 +00:00
e52f3eacb1
Use WebAuthenticationDetails for Authentication.getDetails() by default.
2005-02-21 00:09:49 +00:00
a5ea6f5436
Rewrite FilterChainProxy to separate functionality from FilterToBeanProxy and properly implement filter chaining issues.
2005-02-20 05:40:18 +00:00
57842d4ba8
IoC container vs servlet container lifecycle separation.
2005-02-20 05:38:57 +00:00
44f1c83dab
Move MockFilterChain to external class.
2005-02-20 05:38:14 +00:00
6d693ac0d4
Improve logging.
2005-02-20 05:37:13 +00:00
7c9fad0477
Added filter chain
2005-02-18 20:08:03 +00:00
0b296e7cf0
Correct issue with JdbcDaoImpl default SQL query not using consistent case sensitivity as per http://forum.springframework.org/viewtopic.php?t=3526 .
2005-02-15 07:14:59 +00:00
1949c3b27e
Added AuthenticationException to the commence method signature of the AutenticationEntryPoint. The best example of this
...
is the BasicProcessingFilterEntryPoint where the authException.getMessage() is used to send back an informative 401,
instead of just the error code.
Added AccessDeniedException to the sendAccessDeniedError method signature. The accessDeniedException.getMessage() result
is used to send an invormative 403 error back to the servletResponse by default.
2005-02-15 03:28:18 +00:00
beadf24610
Use static HttpServletResponse.SC_UNAUTHORIZED instead of 401 HTTP response code.
2005-02-13 00:59:48 +00:00
6370fadfdc
FilterSecurityInterceptor now only executes once per request (improves performance with SiteMesh). Suggested by Sanjiv Jivan.
2005-02-11 05:49:41 +00:00
cbe53e21b9
HttpSessionIntegrationFilter no longer creates a HttpSession unnecessarily.
2005-02-10 07:15:20 +00:00
834f69168d
Support getUserPrincipal().
2005-02-04 22:38:07 +00:00
0be77abe75
Allow empty passwords as per http://forum.springframework.org/viewtopic.php?p=13343 .
2005-02-04 09:43:33 +00:00
4e6a4742bd
Tapestry integration improvements, as per http://forum.springframework.org/viewtopic.php?p=13327
2005-02-04 07:36:46 +00:00
82c15b1874
The JaasAuthenticationCallbackHandler handle method now takes a callback and the authentication in progress, the setAuthentication method has been removed.
...
The JaasAuthenticationProvider afterPropertiesSet method now makes use of the java.security.auth.login.config System property before trying to use the login.config.url.X properties.
2005-01-31 05:16:32 +00:00
debc67fa6d
Allow site deployment from each subproject
2005-01-19 22:18:37 +00:00
cc669f4e35
Retrieve bean from parent bean factory if not found, as per http://forum.springframework.org/viewtopic.php?t=3005 .
2005-01-19 21:21:07 +00:00
7e234869a5
Make Serializable.
2005-01-19 21:09:39 +00:00
99088fe14c
Fix JavaDoc error.
2005-01-16 03:57:43 +00:00
fd2cc5dbc7
Add subclass hook so it can customise request properties.
2005-01-06 20:32:36 +00:00
bb1e96c85a
Add notice.txt to generated artifacts.
2005-01-04 22:05:40 +00:00
d6207106c0
Expand test coverage.
2005-01-04 20:20:21 +00:00
9176aa0efb
Add new AuthenticationFailure* events.
2005-01-04 20:19:42 +00:00
c939bcb176
Add account expiration and credentials expiration capabilities.
2005-01-03 01:14:26 +00:00
6c1e2f23b2
Allow last attempted username to be displayed in views.
2004-12-25 23:38:39 +00:00
c77cb84f52
Fix group names etc as required to ensure a multiproject:install works from /docs if there is a CLEAN (empty) Maven repository.
2004-12-25 07:02:31 +00:00
5689807f38
Make Maven sign generated JARs. The last stage of the transition from Ant.
2004-12-24 05:48:54 +00:00
61a631af26
JavaDocs fix.
2004-12-22 23:49:25 +00:00
8fb64e1e1b
Fix repository URLs so "viewcvs" URLs (associated with changelog plugin) are all correct.
2004-12-22 03:47:55 +00:00
dc726ac75c
Clarify and enforce interface interface contract for AuthenticationDao.
2004-12-21 20:53:32 +00:00
4bcc1222e1
Modifications to support EH-CACHE upgrade (EH-CACHE appears to have changed the way the default cache configuration file gets handled).
2004-12-21 13:04:11 +00:00
823a2e990b
Add hook methods to AbstractProcessingFilter.
2004-12-20 11:14:34 +00:00
c5ea35d093
Extend After ACL provider to also filter arrays. Thanks to Joni Suominen.
2004-12-17 21:56:05 +00:00
cb61c88478
Increased test coverate to 100%
2004-12-09 23:53:11 +00:00
8853ba28e2
Replaced $author$ stuff in javadocs with Ray Krueger
2004-12-09 22:35:53 +00:00
41310f26a6
Missed a DOCUMENT ME! spot...
2004-12-09 22:29:12 +00:00
3eb6149877
New LoginExceptionResolver interface and base implementation to handle LoginExceptions thrown in the Jaas API. I am commiting this now so that it isn't lost, while a PropertyEditor based solution is investigated.
2004-12-09 22:09:35 +00:00
c5900cab9c
Added a ContextHolderAwareRequestWrapper to integrate with getRemoteUser() and isUserInRole(String). Thanks to Orlando Garcia Carmona ("paramosyermos" on Spring forums).
2004-12-05 06:11:18 +00:00
e3b9920d9c
Fix default query string to remove ambiguous columns. Thanks to Aaron Tang.
2004-12-05 05:30:06 +00:00
89ba20f057
Fix Tomcat compatibility issue where HttpSession unavailable during "logoff". Thanks to Aaron Tang.
2004-12-05 05:29:25 +00:00
82ed7253d4
Refactor AbstractFilterInvocationDefinitionSource to use a standard URL String in its lookup method, rather than a full FilterInvocation. This will make it easier for views (taglibs etc) to access URI security details without needing to construct a MockFilterInvocation.
2004-12-05 05:04:52 +00:00
76c82db196
Refactor EH-CACHE integration classes to work with Spring IoC provided Cache rather than manage our own cache internally.
2004-12-05 04:37:05 +00:00
41b41ba316
Expand test coverage. Clover via Maven (without excluding appropriate patterns like *Exception and debug messages) has modified coverage from 77.2% to 95%.
2004-12-03 06:46:41 +00:00
07e2037251
Find target domain object argument in a manner that works if nulls are presented for the domain object argument.
2004-12-03 06:43:17 +00:00
e75fc613b1
Gracefully handle null ContextHolder / Authentication etc.
2004-12-03 06:42:26 +00:00
7a4a46cc7b
General refactoring of taglibs.
2004-12-03 06:41:48 +00:00
1b660d4d5b
Handle usernames that are empty Strings.
2004-12-03 06:41:02 +00:00
ab6df6cfce
Make InternalMethodInvocation package protected for better unit test support.
2004-12-03 06:40:11 +00:00
f73fc735c2
Improve startup error detection and eliminate unnecessary checks for null application context.
2004-12-03 06:39:07 +00:00
4c1c7dcff5
Fix bugs.
2004-12-03 06:38:10 +00:00
22f8cd0c44
Improve null handling.
2004-12-01 02:55:01 +00:00
3a0e43337c
Improve test coverage and error detection at startup time.
2004-12-01 02:22:24 +00:00
699f97929a
Fix bug where class should delegate to setDetails method - not set the details directly.
2004-12-01 02:09:15 +00:00
89eed486e2
Add alwaysUseDefaultTargetUrl feature to AbstractProcessingFilter.
2004-11-22 21:38:14 +00:00
b0f6c5179a
Documentation improvement
2004-11-20 10:28:01 +00:00
a159d89ffd
Initial commit.
2004-11-20 05:24:16 +00:00
4ca1e2fd99
Add logging.
2004-11-20 04:10:05 +00:00
f251436a99
Improve logging and enable ACL determination to use an Object obtained from an internal method of the located processDomainObjectClass.
2004-11-20 04:09:14 +00:00
61580d1973
Move RMI context propagation support classes to core, and rename and document to more clearly reflect function.
2004-11-20 04:07:47 +00:00
ba16c01b90
Add toString() method so more informative when context propagation takes place, such as via ContextPropagatingRemoteInvocation.
2004-11-20 04:06:47 +00:00
58306157df
*** empty log message ***
2004-11-19 22:20:49 +00:00
177c00556d
Support just creating the acl_object_identity, without necessarily an acl_permission as well.
2004-11-16 12:22:43 +00:00
af5917b685
Added BasicAclExtendedDao interface and JdbcExtendedDaoImpl for ACL CRUD.
2004-11-15 13:04:12 +00:00
bc9a599bf7
Remove noisy logging.
2004-11-15 02:43:21 +00:00
d6beb9804f
Place authz taglib in correct JAR location (META-INF).
2004-11-15 01:46:23 +00:00
612971e134
Initial commit of a concrete AfterInvocationManager.
2004-11-15 01:45:03 +00:00
694bdb603d
Initial commit.
2004-11-15 01:44:20 +00:00
5f6aa9c49e
Refactoring to support "after invocation" processing.
2004-11-15 01:43:48 +00:00
03a530b36b
Improve JavaDocs.
2004-11-15 01:42:47 +00:00
d639e5c02f
Expand logging.
2004-11-15 01:41:45 +00:00
9972c69408
Support Authentication.getPrincipal() of UserDetails and improve logging.
2004-11-15 01:40:18 +00:00
e462c5a201
Minor polishing.
2004-11-15 01:36:41 +00:00
68dc38841f
Add an Authentication and Acl taglib.
2004-11-15 00:46:18 +00:00
70a9c76f69
Remove unnecessary console output from tests.
2004-11-15 00:37:00 +00:00
ef2e45df77
Update tests to support incompatible collaborator detection now in AbstractSecurityInterceptor.
2004-11-15 00:36:12 +00:00
e83c66bb37
Expand test coverage so GrantedAuthorityEffectiveAclsResolver properly handles Authentication with a principal of type UserDetails.
2004-11-15 00:34:32 +00:00
695948c31d
Remove unused import.
2004-11-12 01:07:59 +00:00
f1d993f47b
Made BasicAclProvider to only respond to specified ACL object requests.
2004-11-09 21:09:14 +00:00
cd56f2ed4a
Moved from test to main
2004-11-03 22:35:12 +00:00
8cf6867cba
Moved name to subprojects
2004-11-01 20:05:42 +00:00
fde59c2f29
Ad mock method implementation now we're using HttpSession.removeAttribute().
2004-10-30 23:32:53 +00:00
565c2e580b
Remove debug messages.
2004-10-30 23:32:28 +00:00
d27fb49803
*** empty log message ***
2004-10-30 22:49:58 +00:00
55624cf5dd
Moved resources from java dir to resources dir
2004-10-30 22:49:12 +00:00
928498b53d
Removed AutoIntegrationFilter
2004-10-30 22:45:35 +00:00
b25a6e002b
*** empty log message ***
2004-10-30 17:15:54 +00:00
89f6fcf5c9
Refactor to use an application context, thus enabling event publishing and use of DefaultAdvisorAutoProxyCreator.
2004-10-30 06:09:09 +00:00
537a58d754
Added net.sf.acegisecurity.intercept.event package.
2004-10-30 06:07:17 +00:00
26f5f1a9b3
Add the AccessDeniedException to the HttpSession as per http://forum.springframework.org/viewtopic.php?t=1515 .
2004-10-30 03:06:05 +00:00
21f29bbbb3
Fix JRun rejection of null in httpSession.setAttribute() as per http://livedocs.macromedia.com/jrun/4/javadocs/jrun/servlet/session/JRunSession.html .
...
Discussed at http://forum.springframework.org/viewtopic.php?t=1417 .
2004-10-30 02:56:01 +00:00
73349bf8f8
Add convenience method so subclasses can specify Authentication.setDetails().
2004-10-30 01:19:22 +00:00
7b0145fba7
Initial AspectJ support.
2004-10-18 06:41:20 +00:00
992cf44b36
Refactor MethodDefinitionMap to use Method, not MethodInvocation. Refactor AbstractSecurityInterceptor to not force use of Throwable. Move AOP Alliance based MethodSecurityInterceptor to separate package.
2004-10-18 06:38:44 +00:00
ba163d51ae
Documentation correction.
2004-10-17 07:56:19 +00:00
f123e9c333
Make MethodDefinitionMap query interfaces defined by secure objects, to properly support MethodDefinitionSourceAdvisor.
2004-10-15 03:47:53 +00:00
8ec0d89fe4
Improve documentation for abstract contract.
2004-10-15 03:17:57 +00:00
8d973af603
Added MethodDefinitionSourceAdvisor for performance and autoproxying.
2004-10-15 00:29:24 +00:00
333fe84ee8
Clarify interface contract for ObjectDefinitionSource when no ConfigAttributes exist for a given secure object invocation, plus unit tests and fixes for concrete implementations. Thanks to Sean Radford for spotting the inconsistency.
2004-09-11 06:14:58 +00:00
8a32fde12a
Additional convenience methods as suggested by Sean Radford.
2004-09-11 06:13:54 +00:00
defc79c283
Minor Javadoc correction.
2004-09-06 20:06:42 +00:00
ec166e086b
Refactored UsernamePasswordAuthenticationToken.getDetails() to Object.
2004-09-01 21:19:05 +00:00
fa2920baa7
Ensure delegate is not null before calling destroy method.
2004-09-01 21:03:34 +00:00
d7c98f95ca
Made FilterToBeanProxy compatible with ContextLoaderServlet (lazy initialisation on first HTTP request).
2004-09-01 02:37:55 +00:00
1a92434914
Add support for password-validating DAOs, such as LDAP. Contributed by Karel Miarka.
2004-08-30 01:24:12 +00:00
aaebd3ef5a
Added DaoAuthenticationProvider.hideUserNotFoundExceptions property. Defaults to true, so BadCredentialsException is thrown instead of UsernameNotFoundException if a user cannot be found.
2004-08-26 23:19:00 +00:00
5cd65887d5
Improved ConfigAttributeEditor so it trims preceding and trailing spaces.
2004-08-25 21:43:00 +00:00
3f87849f31
Fixed GrantedAuthorityEffectiveAclsResolver if null ACLs provided to method.
2004-08-23 02:03:46 +00:00
eb9c7d0852
Extracted removeUserFromCache(String) to UserCache interface.
2004-08-20 05:52:05 +00:00
bf53abf46e
Improve JavaDocs.
2004-08-18 22:59:00 +00:00
04f4c9881d
Added original Authentication.getDetails() to DaoAuthenticationProvider response.
2004-08-13 01:07:32 +00:00
08ee5deaa9
Fix unit test compatibility if no username provided.
2004-08-12 01:25:53 +00:00
da5469fed0
Additional event when user not found. Contributed by Karel Miarka.
2004-08-12 00:07:08 +00:00
6867efd6ac
Fix NPE problems with patch provided by Karel Miarka.
2004-08-10 00:22:53 +00:00
e006f521f4
Fix formatting.
2004-08-04 06:40:06 +00:00
0c43fe1f4a
Make SecurityEnforcementFilter more subclass friendly.
2004-08-02 23:08:52 +00:00
c1e109da74
Initial commit of remote client authentication interface.
2004-08-01 07:49:16 +00:00
29f8097c64
Increase test coverage.
2004-08-01 07:48:14 +00:00
b4a0e45e76
Increase test coverage.
2004-08-01 02:19:25 +00:00
f7b491b699
Refactor ACL database tables.
2004-07-31 06:38:40 +00:00
13d5a2dbca
Refactor ACL database tables.
2004-07-31 03:42:18 +00:00
e366c65d17
Almost forgot this piece of the jaas tests
2004-07-29 16:56:26 +00:00
3b284231da
Increased test coverage of the .jaas package to 93.7%
2004-07-29 16:54:02 +00:00
56829872b6
Initial commit of ACL capabilities.
2004-07-29 07:51:22 +00:00
1cc46544ed
Javadoc removal of warning.
2004-07-29 05:04:49 +00:00
2426bb9e8e
Make JdbcDaoTests use in-memory database.
2004-07-29 03:32:23 +00:00
8c74d459c5
Delete files with old, non-Camel Case name.
2004-07-28 23:06:04 +00:00
f29e6763d4
Renamed all JAAS* classes to Jaas*
2004-07-28 15:03:03 +00:00
3648073461
Fix EH-CACHE after web context refresh (patch thanks to Travis Gregg).
2004-07-26 22:56:00 +00:00
d1fa12a312
Fix Javadocs warning.
2004-07-26 06:52:55 +00:00
3f7f8e26fa
Reduce setAuthentication scope now that it should only be called by AbstractAuthenticationManager.
2004-07-24 07:21:18 +00:00
951c1a02df
Store failed Authentication request in AuthenticationException, using template pattern (patch thanks to Wesley Hall).
2004-07-24 07:18:04 +00:00
7ac3706eb9
Allow subclasses to add their own custom GrantedAuthority[]s.
2004-07-24 07:15:06 +00:00
3d23119b56
Following a suggestion from Scott Evans, added support for EL in the authz tag
...
library:
http://www.mail-archive.com/acegisecurity-developer%40lists.sourceforge.net/msg00189.html
* lib/spring/spring-mock.jar:
Added Spring's 1.0.2 mock JAR.
* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagExpressionLanguageTests.java:
New tests to assert that the taglib recognizes and parses EL expressions.
* src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java:
Implemented AuthorizeTagExpressionLanguageTests by using Spring's
ExpressionEvaluationUtils.
2004-07-23 01:24:55 +00:00
f798e56d75
Contribution by Wesley Hall to improve exception handling.
2004-07-22 04:56:17 +00:00
2996d67b06
Fix bug related to detecting incorrect use of SecureContext property.
2004-07-21 02:04:42 +00:00
3e37b74e3f
Added Javadoc to all classes
2004-07-19 19:42:14 +00:00
da7895087b
Added correct @author and @version tags, more Javadocs to follow
2004-07-19 17:27:28 +00:00
3360e2d51a
Added in javadoc
2004-07-19 17:24:38 +00:00
0c7a07e4db
Adding in JAASAuthenticationProvider tests
2004-07-19 00:44:01 +00:00
1947819d73
Adding in JAASAuthenticationProvider support
2004-07-19 00:43:28 +00:00
2f2b054b7a
Resolve a Weblogic compatibility issue (patch thanks to Patrick Burleson).
2004-07-15 23:27:59 +00:00
e3be8f20bb
Refactor CasAuthoritiesPopulator to use UserDetails rather than GrantedAuthority[].
2004-07-14 09:54:09 +00:00
48b1cb7c85
Move UserDetails interface to net.sf.acegisecurity package.
2004-07-13 22:38:20 +00:00
064cd3c7bf
Add a getter for the context.
2004-07-13 22:10:52 +00:00
8b9f02e2e7
Expand test coverage.
2004-07-13 02:01:58 +00:00
491fb00ffd
Make Authentication serializable (Weblogic support).
2004-07-12 22:40:33 +00:00
957e28252e
Log stack trace to assist debugging.
2004-07-08 21:50:42 +00:00
2cb3703253
Relax restriction on empty Strings for proxy callback URL, as this should be an empty String if no proxy callback was requested during service ticket validation.
2004-07-03 00:47:46 +00:00
b957b5e25b
Convert database URL to use absolute path. Fixes test with Maven.
2004-07-02 14:07:26 +00:00
ce712eaccf
Improve organisation of DaoAuthenticationProvider to facilitate subclassing.
2004-06-30 23:18:47 +00:00
fe91639b15
Allow custom SecureContext implementations to be selected by user.
2004-06-29 23:28:59 +00:00
6314aa4efa
Refactor User to an interface.
2004-06-24 23:24:14 +00:00
04dea9e403
Patch by Mark St.Godard to resolve issues with WebSphere 5.
2004-06-23 05:52:49 +00:00
46f17bed79
Make isPasswordCorrect protected to facilitate subclass use.
2004-06-21 06:17:20 +00:00
1a0bec5bf1
Make User available from Authentication via DaoAuthenticationProvider.
2004-06-21 06:10:14 +00:00
27d89f3e91
Patch by Mike Youngstrom to fix Jameleon stripping of slash.
2004-06-17 01:23:13 +00:00
b3e2d78c5d
Fix issue when encoded passwords are used. Modify Contacts sample to test encoded passwords.
2004-06-08 12:54:42 +00:00
b5cbcdc591
Refactor DaoAuthenticationProvider cache model.
2004-06-06 06:31:28 +00:00
1b24ff5ea8
Refactor DaoAuthenticationProvider cache model.
2004-05-31 04:41:22 +00:00
d9f77a7ed1
Initial commit.
2004-05-31 02:37:29 +00:00
b6cb84e937
Improve robustness so if ApplicationContext not shutdown correctly (thus destroy() not called) the cache will not fail on subsequent startups.
2004-05-31 02:08:34 +00:00
e300a90890
Improve test coverage.
2004-05-31 01:19:18 +00:00
0cbea9b452
Improve HTTP redirect URL encoding.
2004-05-26 22:17:14 +00:00
d5c14142d1
Add event capabilities.
2004-05-24 00:09:27 +00:00
42ccbfbad7
Store additional information about the authentication request.
2004-05-24 00:06:54 +00:00
b6e0c3076f
Fixed issue with hot redeploy as cache not being closed.
2004-05-24 00:04:49 +00:00
369ea24215
Extra mock functionality for new unit tests.
2004-05-24 00:02:09 +00:00
3f6961d855
Improved exception handling if response already committed.
2004-05-23 23:57:29 +00:00
d5a6ea044d
Implemented a fix for a NullPointerException as reported by Pierre-Antoine Gr�goire (pa.gregoire@free.fr)
...
"The error comes from line 115 in AuthorizeTag....It seems there's no control
for a null value here..."
* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java:
Added a new test to confirm the existence of the bug.
* src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java:
And fixed the failing test.
2004-05-19 12:34:52 +00:00
4cac2f1a62
Made serializable as per request by Mike Youngstrom.
2004-05-15 23:37:03 +00:00
614f12448e
Create a NullRunAsManager, which is used by default by the AbstractSecurityInterceptor.
2004-05-06 23:13:32 +00:00
8713d4d52c
Authentication subclasses Principal, so it's directly usable by classes that want a Principal. No implementations need to change if they subclass AbstractAuthenticationToken, as it implements the one and only method required by Principal.
2004-05-04 07:35:41 +00:00
4152df1225
Allow filter to update multiple HttpSession attributes (useful if servlets etc expect to find an Authentication object in a given HttpSession attribute, like Jakarta Slide).
2004-05-04 07:27:57 +00:00
eaa92cd80a
Fixed issue with caching by making AbstractIntegrationFilter (and its subclasses) write the new Authentication object to the well-known location.
2004-04-30 05:16:08 +00:00
ecac5a2eed
Make ChannelDecisionManagerImpl iterate through a list of channel security processors.
2004-04-29 02:17:07 +00:00
2421268baa
Improve IE 6 bug detection logic.
2004-04-29 02:14:20 +00:00
b61c05ff89
Change classes to use PortMapperImpl and PortResolverImpl by default.
2004-04-28 00:10:56 +00:00
901c7d4752
Significantly enhance channel processing filter.
2004-04-27 06:21:00 +00:00
e555d77d4e
Move port mapping functionality into separate classes to allow reuse. Permit implementations to override the source port (required given some browsers do not respond to HTTP redirects correctly).
2004-04-27 06:17:53 +00:00
c6a1b2b608
Clarify how URLs are constructed.
2004-04-27 06:14:57 +00:00
8a4edca136
Support new key requirement on DAO authentication provider.
2004-04-27 06:00:39 +00:00
2c97583f27
Filter to ensure web requests are received over a suitable secure channel.
2004-04-23 08:57:43 +00:00
d65b0e0bd2
Add correct supports() method and tests.
2004-04-23 06:28:23 +00:00
ed68b701b2
Add toString() method and test.
2004-04-23 06:27:50 +00:00
e0d57de330
Add DaoAuthenticationProvider caching support.
2004-04-23 05:01:57 +00:00
babb908fea
Increase test coverage.
2004-04-23 04:51:56 +00:00
83d871cd5d
Enhance equals() method to detect key variances.
2004-04-23 03:45:16 +00:00
6eb0a47632
fix FilterInvocation so it doesn't lose the tail end (past the servlet path) of the request url
2004-04-23 02:29:18 +00:00
0537900357
Remove unnecessary code.
2004-04-23 02:08:58 +00:00
e2de3c9dbc
Enhance AuthenticationProcessingFilterEntryPoint and related classes, to support a property forcing the login page to be access via https even if the original intercepted request came in as http.
2004-04-22 21:47:05 +00:00
20025da7c7
work on unit test, still some functionality to cover later
2004-04-22 11:54:52 +00:00
2a46a975a5
allow automatic switch from http to https for login form.
...
unit tests will be updated tomorow to cover new functionality.
2004-04-22 03:56:55 +00:00
ab9e783f79
after invocation, restore pre-RunAs Authentication regardless of exception that may be thrown by method being intercepted
2004-04-21 21:09:39 +00:00
fa9b872570
Initial CAS support.
2004-04-19 07:34:32 +00:00
b3f9f6f4e9
Updated tests to relocate common filter authentication functionality to an abstract parent.
2004-04-18 12:57:49 +00:00
4500aba050
Expand unit test coverage.
2004-04-18 12:05:20 +00:00
0a856b7f15
Expand coverage to test SaltProvider integration.
2004-04-18 12:04:43 +00:00
872ace9164
Modify contract of AuthenticationProvider to allow AuthenticationProvider implementations to return null if they do not wish to process a given Authentication request, despite asserting they support it.
2004-04-18 12:03:07 +00:00
a6b5b8d828
Initial commit.
2004-04-18 12:01:18 +00:00
1cf2b333bd
Relocate common filter authentication functionality to an abstract parent, and update JavaDocs accordingly.
2004-04-18 12:00:02 +00:00
96fa2a5a75
Update encoders so they process salts.
2004-04-18 11:56:50 +00:00
b06833e0d7
Unit tests must be named *Tests (note the plural).
2004-04-18 11:55:49 +00:00
5dbef97a1d
Expand unit test coverage.
2004-04-18 11:54:51 +00:00
5b16c42e15
Enhance mock so it is told whether to grant or deny access.
2004-04-18 11:35:24 +00:00
f38ed01b29
Detect nulls within GrantedAuthority[] passed to constructor. This ensures end-user DAO implementations are creating the User correctly.
2004-04-18 11:23:01 +00:00
a0f809991d
JavaDoc updates.
2004-04-18 05:56:07 +00:00
3ceb492cb2
move password encoder tests to proper packages.
...
rename saltSource param in PasswordEncoder interfce to salt. It was already called salt in subclasses, and is in fact supposed to be the salt, not the source for the salt, although depending on the implementation it may still be treated as the latter.
2004-04-17 02:18:46 +00:00
da5101cfb4
Make salt sources pluggable.
2004-04-17 01:29:52 +00:00
03efc3e51f
Improve JavaDocs.
2004-04-17 01:28:38 +00:00
ae16d96121
Moved to net.sf.acegisecurity.providers.encoding.
2004-04-17 01:28:05 +00:00
6815e693a7
Make SecurityEnforcementFilter support pluggable authentication entry points. Enhance BASIC authentication so it's a viable alternative to form-based authentication for user agents like IE and Netscape.
2004-04-16 14:22:15 +00:00
7e85bbc054
Relaxed requirement so targetClass OR targetBean can be used (targetBean no longer requires targetClass to be specified as well).
2004-04-16 12:37:58 +00:00
38835da164
Provide a proxy so filters can be loaded directly from the application context.
2004-04-16 06:31:48 +00:00
7b59d5f189
Expand test coverage now that prefix is configurable.
2004-04-16 06:28:21 +00:00
3d089aaa67
move and rename password encoding classes.
...
change saltSource arument to salt argument, which impl may or may not use.
2004-04-16 03:44:04 +00:00
5d9d734735
more final version of the various PasswordEncoder implementations.
...
add unit tests for PasswordEncoder implementations.
remove ignore password case and ignore username case flags and handling from DaoAuthenticationProvider.
remove requirement described in JavaDoc for AuthenticationDao that it ignore case when returning a user by username. Implementations may still do so if configured as such.
2004-04-15 16:32:09 +00:00
41a837f8cd
add back HSQL db in test dir, as it turns out _it is_ supposed to be in CVS
...
modify JdbcDaoTests to test for role prefix functionality
fix glitch in JdbcDaoImpl
modify Eclipse classpath so HSQL lib is loaded, so unit tests can run in Eclipse as well.
2004-04-15 03:34:18 +00:00
18d5c59532
'ant format' strikes again.
2004-04-14 21:31:22 +00:00
aed9d2a1d8
initial cut at allowing pluggable digest strategy for use in password handling in DaoAuthenticationProvider
2004-04-14 21:30:59 +00:00
fad252b0fe
allow special ROLE_ prefix to be overriden
2004-04-14 03:38:10 +00:00
a09f2a4c18
ant format seems to have reformated these differently than what is in CVS
2004-04-13 21:59:02 +00:00
2786312b8e
allow query strings to be specified
...
allow MappingSqlQuery to be specified
2004-04-13 21:58:03 +00:00
f1abf780b5
Add support for HTTP Basic Authentication.
2004-04-11 12:09:08 +00:00
670d007630
JavaDoc updates.
2004-04-11 12:05:46 +00:00
bd35a47233
Support configuration via Apache Ant paths (not only regular expressions).
2004-04-09 09:51:23 +00:00
5488bf4ca8
Renamed to RegExpBasedFilterDefinitionMapTests.
2004-04-09 09:49:07 +00:00
7eefbd3bb2
Update to use contextConfigLocation.
2004-04-09 05:41:42 +00:00
6c26e79a0f
change AuthenticationProcessingFilter and SecurityEnforcementFilter to use Spring's WebApplicationContextUtils by defualt to find their config context.
2004-04-09 02:44:17 +00:00
ea0e6b2577
* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagAttributeTests.java,
...
src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java:
Added three new tests to assert that whitespace is ignored in the
attribute's content.
2004-04-02 20:59:16 +00:00
1b1d119836
Modifications consistent with changes to the objects being tested.
2004-04-02 12:20:41 +00:00
a278db8df9
Functionality moved to new tests or mocks.
2004-04-02 12:18:58 +00:00
eaffc00fc4
Initial commit.
2004-04-02 12:16:39 +00:00
852cea437c
Reflect new secure object API, which is no longer bound to MethodInvocations.
2004-04-02 12:13:56 +00:00
f026b3a08a
Documentation improvements.
2004-04-02 12:11:13 +00:00
15588123ba
Additional import statement.
2004-04-02 12:10:31 +00:00
33edeb5a2f
Moved to net.sf.acegisecurity.ui
2004-04-02 12:07:24 +00:00
e54ad9b4e8
Reflect new secure object API, which is no longer bound to MethodInvocations.
2004-04-02 12:05:49 +00:00
3ece12c386
Moved to net.sf.acegisecurity.intercept.method.
2004-04-02 12:03:18 +00:00
738fd2161d
Initial commit.
2004-04-02 12:02:01 +00:00
dd39d747d5
Improved documentation and added methods to facilitate unit testing.
2004-03-29 13:39:30 +00:00
c220ff583c
Initial commit.
2004-03-29 13:36:45 +00:00
0a17d65d37
Initial commit.
2004-03-29 02:49:51 +00:00
ea05e0b931
Simplified sub-class usage. Made compatible with changes to User constructor.
2004-03-29 02:48:10 +00:00
1b726825fa
Changed internals to use list instead of set, to preserve element ordering.
2004-03-28 12:19:13 +00:00
adb1971873
Enhancements to detect errors and faciltiate easier testing.
2004-03-28 12:17:46 +00:00
d59a5da321
Changed to not detect null returns, as the UserMap will now throw the UsernameNotFoundException.
2004-03-28 12:16:44 +00:00
f203979237
Update to be compatible to changes made to User's no-arg constructor.
2004-03-28 12:15:11 +00:00
489c941101
Improved detection of invalid parameters in constructors.
2004-03-28 12:14:11 +00:00
3179f5f1e7
Fixed support for lowercase usernames and passwords.
2004-03-28 12:10:23 +00:00
1573491fbe
Changed no-arg constructor to a form more suitable for unit testing.
2004-03-28 12:09:35 +00:00
cab961bfa6
Enhanced equals() method.
2004-03-28 12:08:20 +00:00
cff8894b99
Changed interface to extend Context. This provides interface-level compatibility with objects requiring a Context, rather than requiring implementations to also implement Context.
2004-03-28 12:07:34 +00:00
c5951ff1c0
Changed no-arg constructor to a form more suitable for unit testing.
2004-03-28 12:02:41 +00:00
3fa1534c94
Added license information.
2004-03-28 11:58:37 +00:00
4b1e738bb5
Minor formatting changes.
2004-03-28 11:57:55 +00:00
8d24027443
Added debug statement at commencement of interception and additional comment re ContextHolder.
2004-03-28 11:56:32 +00:00
cf043ad35f
Numerous formatting changes, and methods to facilitate unit testing.
2004-03-28 11:54:10 +00:00
dc6357d504
Improved JavaDocs.
2004-03-28 11:51:23 +00:00
22b8be49f0
Changed no-arg constructor to a form more suitable for unit testing. Also added an equals() method.
2004-03-28 11:49:24 +00:00
dcf78213a3
Corrected @author tag.
2004-03-28 11:48:35 +00:00
4124b1c298
Changed internals to use list instead of set, to preserve element ordering.
2004-03-28 11:44:02 +00:00
fe379d9712
Initial commit.
2004-03-28 11:41:20 +00:00
6c5a5cd311
No longer required.
2004-03-28 11:40:29 +00:00
8808f5e8dd
Expanded unit test coverage.
2004-03-28 11:39:38 +00:00
6038d56ece
Expanded unit test coverage, moving relevant methods to AbstractAdapterAuthenticationTokenTests.
2004-03-28 11:35:35 +00:00
bc847f564f
Expanded unit test coverage.
2004-03-28 11:31:22 +00:00
6a2870d8f0
No longer required.
2004-03-28 11:29:10 +00:00
ab01d829c5
Initial commit.
2004-03-27 00:46:50 +00:00
14f27ae683
Make compatible with interface changes to aopalliance.jar.
2004-03-27 00:44:27 +00:00
e3dc29ae96
No longer required.
2004-03-27 00:43:12 +00:00
94e384b944
Expand test coverage.
2004-03-26 13:17:48 +00:00
e153a54406
Expand test coverage.
2004-03-26 12:20:54 +00:00
02559344bc
Expand test coverage.
2004-03-26 12:02:30 +00:00
1a040c7ddf
Made no arg constructor protected to enable unit test coverage.
2004-03-26 11:51:47 +00:00
b4273c62b7
Expand test coverage.
2004-03-26 11:49:43 +00:00
a8c9b2c96f
No longer required.
2004-03-26 11:18:44 +00:00
22272223d2
Initial commit.
2004-03-26 11:12:54 +00:00
f7a82c29b3
Expand test coverage.
2004-03-26 11:12:08 +00:00
b485c40175
Improve JavaDocs.
2004-03-26 11:05:55 +00:00
a9569a2f60
Added equals() method.
2004-03-26 11:05:10 +00:00
ae434bd8b3
Initial commit.
2004-03-26 11:03:36 +00:00
1e4c234ea7
* src/net/sf/acegisecurity/adapters/AutoIntegrationFilter.java:
...
Use reflection instead of hard-coding the values to determine
if we should integrate with a specific container implementation.
2004-03-24 18:33:19 +00:00
36a955e197
* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java:
...
Removed testUsesAllAuthoritiesToDetermineAccess(), because it wasn't
asserting anything. Needs to be rewritten.
2004-03-23 17:33:47 +00:00
d8275171e4
* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java:
...
Bring Clover coverage to 100% by adding a single test.
2004-03-23 17:28:10 +00:00
c3507b26c9
Change to Apache License version 2.0.
2004-03-23 04:44:48 +00:00
47a2d03429
Added tearDown() method to clear ContextHolder.
2004-03-23 00:35:43 +00:00
48b21524ed
* build.xml:
...
Modified to create an acegi-taglib.jar.
* project.properties:
Added new property to build acegi-taglib.jar.
* src/net/sf/acegisecurity/taglibs/authz.tld:
Declare the Acegi Security authz tag library.
* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java,
test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagAttributeTests.java:
A set of tests that force the creation of a javax.servlet.jsp.Tag
implementation that authorizes the output of the tag's body if the
request's principal has or doesn't have certain authorities.
* src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java:
New class. Implements AuthorizeTagTests and
AuthorizeTagAttributeTests.
2004-03-22 16:42:53 +00:00
35fe1e7b73
Initial commit.
2004-03-16 23:57:17 +00:00
Luke Taylor
Ben Alex
Ray Krueger
Carlos Sanchez
Francois Beausoleil
Colin Sampaleanu