4d786d74cf
Reworded CASSampleSpec test method to reflect single logout
2011-05-12 22:17:43 -05:00
4c43bde064
Set log levels to ERROR level when running CAS integration tests
2011-05-12 22:17:43 -05:00
9525403385
Added CAS Server overlay to make single logout be synchronous and enabled itests for the cas sample
2011-05-12 22:17:43 -05:00
d2175468ee
Disable CAS interation tests until CI problems are resolved.
2011-04-28 19:17:29 +01:00
06faea8cfc
Typos.
2011-04-28 18:55:38 +01:00
97afb0c9ac
SEC-965: Added assert to LoginPage.at
2011-04-18 23:52:20 -05:00
01fb4bdb6d
SEC-1718: Update documentation and sample application to demonstrate how to use a PGT to authenticate to stateless services using a PT
2011-04-17 18:17:14 -05:00
abfa558c3c
Removed Dummy.java from cas sample
2011-04-17 18:14:16 -05:00
11331d34d9
SEC-1717: Document how to perform Single Logout with CAS and added integration test for sample application to test Single Logout
2011-04-17 18:14:16 -05:00
761d5af6ec
SEC-965: Added integration tests for CAS Sample Application
2011-04-17 18:14:14 -05:00
f1c064b3b9
SEC-965: Updated CAS Sample application for proxy authentication
...
* Configured for proxy authentication
* Cleaned up the jsps
* Changed the cas sample context root to cas-sample so the CAS Server's JSESSIONID cookie doesn't remove the cas samples
2011-04-17 18:00:37 -05:00
ddaf9eb64f
SEC-1705: Make sure a single OpenIDAuthenticationFilter bean is created by the namespace. Likewise for UsernamePasswordAuthenticationFilter.
2011-03-31 21:09:54 +01:00
a50c9afbab
Modified jaas sample's LoginModule to prevent empty string username/password
2011-03-07 22:25:19 -06:00
9e5d35235c
Made the principal for jaas sample serializable
2011-03-07 22:25:16 -06:00
72f031253f
Remove unnecessary dependency repos and update GAE version.
2011-02-28 15:43:25 +00:00
d58dd79a52
SEC-1494: Updated the tutorial webapp to use CSS and make use of the securityHiddenUI element when UI security is disabled.
2011-01-25 13:16:46 +00:00
19e56f4397
Stripping out unnecessary dependencies from sample jars.
2011-01-10 17:27:58 +00:00
7316bcff75
Updated outdated CAS sample readme with instructions for running CAS using gradle
2010-12-20 22:22:19 +00:00
bbcc611af5
CAS server version upgrade and minor tweaks to CAS sample build file.
2010-12-20 22:12:35 +00:00
4a40d80da1
SEC-1418: Deprecate GrantedAuthorityImpl in favour of final SimpleGrantedAuthority.
...
It should be noted that equality checks or lookups with Strings or other authority types will now fail where they would have succeeded before.
2010-12-03 16:41:46 +00:00
51a53ddbaa
Minor refactoring of GAE code to use specific GrantedAuthority type.
2010-11-17 14:15:11 +00:00
fc00d7ef1d
Move the unix scripts for the tutorial sample into a subdirectory
2010-11-12 15:19:46 +00:00
37810a19c4
SEC-1619: Added check in GAE sample for change of Google user while still logged into the app.
...
Also updated GAE version and build script. Uploading to GAE now works when run from the gradle build file using the command 'gradle gaeDeploy'.
2010-11-10 15:37:42 +00:00
ffccc5f446
SEC-1617: Added spring-security-taglibs as a runtime dependency to jaas.gradle
2010-11-08 19:27:44 -06:00
685e0417a7
SEC-1544: Update the tutorial sample to attempt to delete the JSESSIONID cookie on logout.
2010-09-19 18:30:52 +01:00
de819378fc
SEC-1536: added JAAS API Integration, updated doc, updated jaas sample
2010-09-13 13:12:45 -05:00
58d9903ebc
SEC-1564: JAAS Configuration can now be injected into DefaultJaasAuthenticationProvider
2010-09-10 20:17:22 -05:00
f4d57ab5e8
SEC-1456: Remove maven poms as we are now using gradle for the build.
2010-08-30 19:02:19 +01:00
bdb906e588
Enable parameterization for log levels in logback files to allow the use of command-line options for controlling log output.
2010-08-24 18:25:39 +01:00
b39b63bf3d
Add logback configuration for contacts sample.
2010-08-22 22:43:49 +01:00
b2fc1d8491
Fix namespace schema version in CAS sample.
2010-08-22 22:43:10 +01:00
07d8275ee6
Modify order of saxon and xerces deps in dependency list to prevent Aelfred parser from being used in build.
2010-08-22 22:31:01 +01:00
102bc2d6a0
Reduce unnecessary use of aspectj as a build dependency
2010-08-19 23:23:03 +01:00
c37ca1c2a9
Sample app build adjustments to remove unwanted deps such as jsp-api, tidy up use of JSTL, make sure all are using servlet 2.5 etc.
2010-08-19 22:41:51 +01:00
6abfa2e887
Update minimum required schema to 3.1.
2010-08-17 02:19:55 +01:00
992566b6cb
SEC-1527: Internationalization of contacts sample (Adding message resource bundle and RequestContextFilter). Re-working of L12n section of manual to mention existing localized message files and use of RequestContextFilter.
2010-08-14 01:07:51 +01:00
281d77271e
SEC-1486, SEC-1538, SEC-1537: Generification of AuthenticationDetailsSource. Deprecation of non-web pre-authentication classes and other unnecessary classes. Removal of reflection in WebAuthenticationDetailsSource.
2010-08-13 15:51:05 +01:00
1a838c2049
SEC-1533: AclAuthorizationStrategyImpl can now take either one or three GrantedAuthority arguments. If only one is supplied, it will be used for all 3 of the permissions supported by the class.
2010-08-07 14:41:25 +01:00
85c4c91e0e
IDEA inspection refactorings.
2010-08-05 23:28:07 +01:00
413b2a06e3
Improvements in up-to-date checking and use of parallel tests where possible.
2010-08-05 02:11:00 +01:00
64375484a1
More build and logging tuning.
2010-08-04 22:55:17 +01:00
c4ee46824c
Removing log4j.properties files and adding logback config ones.
2010-08-04 21:16:05 +01:00
d1279aeda2
Logging adjustments for gae sample.
2010-08-02 19:51:24 +01:00
6ba8257cab
Renamed file to fix case-sensitivity issue.
2010-08-02 12:13:58 +01:00
52edf115ce
Workaround for repeated attempt to download CAS server poms (GRADLE-1072)
2010-07-28 20:04:15 +01:00
2d9a848265
Added missing gradle build files for remaining samples. Some related reordering, dependency fixing etc. CAS sample no longer requires two separate subprojects as both client and server app can be run from a single gradle build.
2010-07-27 02:20:36 +01:00
a74077f9b1
SEC-1490: Minor changes to GAE sample. Simplification of redirect to registration page (only needs to be done after authentication).
2010-07-25 20:46:00 +01:00
e659e15f90
Tidying.
2010-07-23 01:57:45 +01:00
2afccfc633
Remove commons-logging dependency properly and switch tutorial sample to logback/slf4j.
2010-07-23 01:57:31 +01:00
a681dee0e1
Minor sample build changes. JSTL dependency update.
2010-07-20 23:45:20 +01:00
e5a302b5c4
SEC-1490: Correct loggedout URL.
2010-07-20 23:43:43 +01:00
5d35919ca3
SEC-1490: Code for GAE Sample webapp
2010-07-20 23:41:31 +01:00
c1c8fd1874
SEC-1171: Changed attribute name/value from secured="false" to security="none" to allow future extension by adding extra options (e.g. contextOnly to provide security context information during the request).
2010-07-20 19:46:47 +01:00
565ef7383d
SEC-1513
...
upgraded to latest version of cas client
2010-07-06 22:09:24 -04:00
026517f674
Removal of deprecated methods and classes.
2010-06-26 16:23:42 +01:00
5939f17708
Fix openid sample configuration.
2010-06-09 22:52:43 +01:00
6a37e4be86
Fix OpenID sample to use new syntax for excluding requests.
2010-06-05 16:53:01 +01:00
efb600166a
SEC-1488: Remove commons-logging dependencies from maven poms.
2010-05-28 13:10:59 +01:00
080430150a
SEC-187: Refactoring contact Dao to use JdbcTemplate, and removing unused query objects (which have been there since 2004!)
2010-05-25 16:47:57 +01:00
64d59e1d32
Some extra FAQs and added comment to samples runall.sh script to explain that it's for dev only.
2010-05-03 14:56:22 +01:00
a421370a3d
SEC-1465: Change DelegatingMethodSecurityMetadataSource to use constructor injection to get round the problem of it being invoked before it has been initialized properly. Also changed the contacts tests to use the same app context and loading order as the actual webapp, to give better reassurance that the app will run successfully.
2010-04-25 22:00:25 +01:00
def5f88c8c
SEC-1431: Added openid-selector to openid sample, plus AX configuration for myopenid.com.
2010-04-21 17:16:03 +01:00
2f025fba6c
SEC-1460: Added AxFetchListFactory which matches OpenID identifiers to lists of attributes to use in a fetch-request.
...
This allows different configurations to be used based on the identity-provider (google, yahoo etc). The default implementation iterates through a map of regex patterns to attribute lists. The namespace has also been extended to support this facility, with the "identifier-match" attribute being added to the attribute-exchange element. Multiple attribute-exchange elements can now be defined, each matching a different identifier.
2010-04-20 23:47:48 +01:00
ee1fd1bc50
SEC-1431: Modify OpenID sample to use a custom UserDetailsService which allows any user to authenticate, allocating them a standard role and "registers" their ID in a map, allowing it to be retrieved in subsequent logins.
2010-04-20 23:47:48 +01:00
12a6ae2ffa
SEC-1232: Add config dependency to maven build for aspectj sample.
2010-03-31 19:58:59 +01:00
a3ef8255d8
SEC-1232: GlobalMethodSecurityBeanDefinitionParser support for mode='aspectj'
...
Also added this syntax to the aspectj sample.
2010-03-31 18:31:28 +01:00
d334f6fa09
Latest gradle syntax updates.
2010-03-28 23:54:41 +01:00
55de2cfcb1
SEC-1262: Added new (replacement) AspectJ interceptor which wraps the JoinPoint in a MethodInvocation adapter to provide compatibility with classes which only support MethodInvocation instances.
...
Also deprecated the existing AspectJ interceptors. This will also allow future simplification of the AbstractMethodSecurityMetadataSource, as it no longer needs to support JoinPoints.
2010-03-11 01:51:59 +00:00
f3264ba9ab
Addition of commons-logging exclusions and adjustments to pom generation.
2010-03-07 21:58:25 +00:00
b147652193
Make hsqldb a testRuntime/runtime dependency.
2010-03-01 01:10:58 +00:00
5aae545949
SEC-1232: Re-enable aspects module and aspectj sample in maven build.
2010-02-25 20:09:01 +00:00
e2a8f81ae8
Update aspectj version in sample to 1.6.8
2010-02-20 18:50:36 +00:00
b37d2ed978
SEC-593: Added PermissionCacheOptimizer strategy interface and implementation in Acl module.
...
This is used by DefaultMethodSecurityExpressionHandler to allow permissions to be cached before repeatedly evaluating an expression for a collection of domain objects.
2010-02-20 18:02:12 +00:00
2ee7696bf4
Update version number to 3.1.0.CI-SNAPSHOT.
2010-02-19 17:35:19 +00:00
44f45d21f0
3.0.2 release. Update version in build files.
2010-02-19 01:22:21 +00:00
2f40088fe7
Change spring-aop dep to compile scope in contacts sample
2010-02-08 12:34:19 +00:00
15c309a2ed
Add spring-aop to acl and contacts compile dependencies following changes for SEC-1390.
...
AopInfrastructureBean interface is now required.
2010-02-06 21:22:12 +00:00
0974e21fb6
SEC-1379: Added creation of a session if session timeout is detected (requested session ID is invalid).
...
This prevents problems with repeated detection of the same invalid session when the redirected request comes in.
2010-01-23 02:12:30 +00:00
a5dde8b28f
Updated doc on invalid session detection.
...
Invalid session URL must typically be omitted from the filter chain to prevent an infinite loop.
2010-01-17 14:41:24 +00:00
51dfc0fb39
Set versions to 3.0.2-CI-SNAPSHOT, post release.
2010-01-15 18:15:19 +00:00
05634f97dc
Updated version numbers for 3.0.1 release.
2010-01-15 18:04:28 +00:00
b323098167
Added gradle build files for taglibs, tutorial, contacts and openid.
...
Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).
2010-01-10 23:31:23 +00:00
e211f9b35f
SEC-1349: Allow configuration of OpenID with parameters which should be transferred to the return_to URL.
...
The OpenIDAuthenticationFilter now has a returnToUrlParameters property (a Set). If this is set, the named parameters will be copied from the incoming submitted request to the return_to URL. If not set, it defaults to the "parameter" property of the AbstractRememberMeServices of the parent class. If remember-me is not in use, it defaults to the empty set.
Enabled remember-me in the OpenID sample.
2010-01-09 01:04:13 +00:00
052537c8b0
Removing $Id$ markers and stripping trailing whitespace from the codebase.
2010-01-08 21:05:13 +00:00
be72ed1350
Remove commented out beans from contacts sample app context.
...
These were left when the app was updated to use Spring MVC @Controller syntax and scanning.
2010-01-06 22:21:34 +00:00
893f212fa5
Tidying
2010-01-02 19:53:19 +00:00
115d5b84ff
[maven-release-plugin] prepare for next development iteration
2009-12-22 22:20:01 +00:00
6c6ef08353
[maven-release-plugin] prepare release spring-security-3.0.0.RELEASE
2009-12-22 22:19:38 +00:00
a7770a64d3
Update cas server version in runall.sh
2009-12-22 21:31:26 +00:00
aad7d01c84
Updated CAS server version for sample use to 3.3.5
2009-12-22 19:35:20 +00:00
fcce29f8df
SEC-1326: Updating dependencies to match Spring versions. Removing unused deps.
2009-12-21 17:32:38 +00:00
aeed49393c
Switching StringBuffer to StringBuilder throughout the codebase (APIs permitting).
2009-12-18 18:44:42 +00:00
fac07ba8ff
Schema updates to Spring 3.0
2009-12-18 18:44:17 +00:00
85a58fd473
SEC-1331: Modify namespace to allow omission of user passwords in user-service element and generate random ones internally, preventing authentication against the data..
2009-12-18 15:39:13 +00:00
520e733cb2
[maven-release-plugin] prepare for next development iteration
2009-12-08 21:19:41 +00:00
f2cf17bd49
[maven-release-plugin] prepare release spring-security-3.0.0.RC2
2009-12-08 21:19:20 +00:00
94d185a6be
Updated slf4j version in ldap sample
2009-12-08 20:24:12 +00:00
5546698fef
SEC-1253: Decouple spring-security-config module from spring-security-web. Added ClassUtils.isPresent() check for FilterChainProxy before attempting to register web-related parsers and decorators. Added use of namespace to dms sample for testing.
2009-11-17 23:39:42 +00:00
4d8956a227
SEC-1288: Changed claimedIdentityFieldName in OpenIDAuthenticationFilter to "openid_identifier", as recommended by the 2.0 spec.
2009-11-17 22:05:38 +00:00
8f5c414b00
Improve cleanup in sample script
2009-10-17 13:00:24 +00:00
3f963ef8ca
Restore versions and svn URLs in trunk (release plugin fail)
2009-10-11 21:59:38 +00:00
af563e826c
[maven-release-plugin] prepare release spring-security-3.0.0.RC1
2009-10-11 21:43:42 +00:00
5f3ff97ce0
Disable aspectj sample
2009-10-11 21:39:14 +00:00
cf5e713812
Fixes to samples and improved test workout script
2009-10-10 23:50:33 +00:00
cb643f73de
Tidying up.
2009-10-07 21:08:57 +00:00
1286741c7c
SEC-1259: Improve consistency of authentication filter names.
2009-10-07 14:43:55 +00:00
1042305cfe
Renamed web.wrapper to web.servletapi. Added some package.html files.
2009-10-05 16:59:37 +00:00
7247902911
SEC-1229: Updated sample and itest namespace concurrency configs.
2009-09-29 16:18:01 +00:00
aa153681bf
SEC-1229: Added session-management element to namespace and refactored existing session-related attributes and concurrency control. Refactored <http> parsing code to split it up into more manageable units.
2009-09-29 00:29:09 +00:00
3f70d79df5
SEC-1022: Remove use of static methods/initializers in Acl Permissions. Converted PermissionFactory to a strategy which is used to convert integers and names to Permission instances.
2009-09-16 12:45:53 +00:00
731402e9f5
SEC-525: [PATCH] Add AccessCheckerTag based on URL resource access permissions. Added functionality to "authorize" tag to allow evaluation of whether a particual url is accessible to the user. Uses a WebInvocationPrivilegeEvaluator registered in the application context.
2009-09-16 00:23:13 +00:00
b531a81176
SEC-1246: Introduce EL-based authorization tag. Added optional access expression to authorize tag.
2009-09-15 16:34:05 +00:00
1d00b92d25
Removed portlet sample
2009-09-09 20:53:19 +00:00
aec730ae7e
SEC-1238: Disable portlet module
2009-09-09 20:03:00 +00:00
5bdfd8cd77
Tidying imports etc to remove compiler warnings.
2009-09-05 14:14:58 +00:00
ed0686cacf
Upgraded to AspectJ 1.6.5 and fixes some maven plugin config bugs
2009-09-04 15:25:23 +00:00
a1751aec2c
SEC-1232: Added the aspect library needed for <global-method-security mode="aspectj"/> and a small sample
2009-09-04 13:53:55 +00:00
0d7b990e0a
SEC-1184: Moved ACL cache classes and interface out of jdbc package.
2009-08-31 22:15:37 +00:00
092d7b5c2b
Fix CAS filter configuration.
2009-08-25 20:26:12 +00:00
5a8772df5b
Reset pom versions post release
2009-08-21 12:02:49 +00:00
0e5aa7008d
[maven-release-plugin] prepare release spring-security-3.0.0.M2
2009-08-20 15:51:26 +00:00
984b2835d6
Update CAS sample to use new namespace syntax for authentication providers.
2009-08-20 14:58:59 +00:00
48988bde84
SEC-935: Support for OpenID attribute exchange and changes to namespace syntax to allow simple configuration of attributes to request.
2009-08-13 23:55:25 +00:00
faa6be2011
SEC-935: Updated to OpenID4Java 0.9.5 release
2009-08-10 16:06:19 +00:00
5953af0f6b
SEC-1196: Change use of <authentication-manager> to actually register the global ProviderManager instance. This element now registers the global ProviderManager instance and must contain any authentication-provider elements (or ldap-authentication-provider elements).
2009-08-03 00:21:11 +00:00
0a37aed4b9
SEC-1207. Fixed class name in jsp
2009-07-22 16:37:22 +00:00
1afa67c954
SEC-1195: Added internal AuthenticationManager for use by beans which are generated by the <http> block.
2009-07-15 23:09:47 +00:00
853b4c8753
SEC-1186: Make sure an Element is always supplied when registering the AuthenticationManager. Fixes broken tests.
2009-06-28 13:36:54 +00:00
408e982b96
Minor JSP classname fixes etc in samples
2009-06-18 13:28:44 +00:00
5808da12ff
SEC-1094: Simplified WebXml attribute mapping. Removed generic jaxen-based implementation on which it was based in favour of simple DOM model traversal. Updated sample.
2009-06-08 15:23:41 +00:00
0134a5646d
Changed to use expressions in commented-out XML instead of outdated syntax.
2009-05-31 21:26:52 +00:00
131ba5c62e
Reset poms to 3.0.0.CI-SNAPSHOT after tagging M1 release
2009-05-27 00:12:30 +00:00
e2c218e8c9
[maven-release-plugin] prepare release spring-security-3.0.0.M1
2009-05-26 23:44:11 +00:00
f976080d1d
Fixes to sample app context files
2009-05-26 22:15:05 +00:00
1788dfdba0
Removed duplicate logging from cas sample
2009-05-26 22:14:34 +00:00
45c54c558c
Updated build to use maven.springframework.org deps
2009-05-13 06:16:05 +00:00
a8215fa2cb
SEC-1160: Renaming of authentication filters and entry points and associated doc changes
2009-05-12 05:37:11 +00:00
4bad213b19
SEC-1132: Moved remaining preauth code from core to web
2009-05-12 00:11:06 +00:00
1a69a4d45a
SEC-1132: Restructuring of ACL packages
2009-05-11 05:37:36 +00:00
14c4739605
SEC-1158: Decoupling of Pre/Post annotations implementation from Spring EL.
2009-05-11 05:18:20 +00:00
29fafbbf18
Misc tidying up of old files and refactoring of tests
2009-05-05 13:29:59 +00:00
331a04c07c
Some changes to make it easier to run the sample with the database driver as part of the jetty plugin configuration, preventing classloader leaks.
2009-05-05 03:21:07 +00:00
6d655aa514
SEC-1132: More refactoring to remove cycles ad reduce complexity metrics
2009-05-04 14:24:54 +00:00
e1bc1819da
SEC-1150: Update Contacts sample to use modernized Spring MVC controllers
2009-05-04 09:22:31 +00:00
e94baf38b3
Tidying up to remove warnings (generics, use of deprecated test classes etc).
2009-04-28 06:49:43 +00:00
21e36e0a57
Updated version number from 2.5.0-SNPSHOT to 3.0.0.CI-SNAPSHOT
2009-04-22 12:55:52 +00:00
13af4b95a2
Sample package name updates
2009-04-18 06:04:56 +00:00
ace6d225b4
SEC-1131: Correct portlet API version (again).
2009-04-17 05:26:14 +00:00
446bcb9b1d
SEC-1131: Correct portlet API version.
2009-04-17 04:56:59 +00:00
101203b44d
SEC-1132: Updates to samples to reflect ACL refactoring.
2009-04-15 10:07:23 +00:00
93bdcccaee
SEC-1132: Moved userdetails into core and added core/authority sub-package
2009-04-15 07:39:21 +00:00
c770998d92
SEC-1132: Move authoritymapping to core as it is actually used in loading authorities for a use, not in making access decisions.
2009-04-14 04:22:57 +00:00
ca7d055c2b
SEC-1132: Created core and authentication packages within core module.
2009-04-13 13:43:23 +00:00
9efb5a7007
SEC-1132: Moved access-control/authorization specific code to org.sf.security.access package. Created provisioning package for user management classes to remove cyclical deps. Some other moving of classes to remove code tangles. Restructuring of portlet module under org.sf.security.portlet
2009-04-12 12:23:23 +00:00
7c4d54f356
SEC-1131: Applied patch for portlet upgrade
2009-04-12 05:52:20 +00:00
f746a20ab4
SEC-1132: package refactoring of non-core modules
2009-03-27 05:01:03 +00:00
bec84f874a
SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples.
2009-03-26 07:18:36 +00:00
2a9a8a41db
SEC-1125: Created separate web module spring-security-web
2009-03-25 06:28:18 +00:00
2c985a1c36
SEC-1126: separated out spring-security-config module containing namespace configuration classes and resources
2009-03-23 04:23:48 +00:00
4aff4b2350
SEC-1123: Renamed ObjectDefinitionSource to SecurityMetadataSourceand performed related refactoring
2009-03-20 04:32:06 +00:00
4aae5ec42e
SEC-1124: Refactored LDAP code into separate module
2009-03-19 06:30:32 +00:00
591681c180
Upgrade to Spring M2 and correct expression classes and pom files to match changes
2009-03-19 01:17:16 +00:00
ef3ea65fdb
Switching back to 2.5.0-SNAPSHOT after tagging M1 release
2009-01-03 07:42:19 +00:00
fc5f50501e
[maven-release-plugin] prepare release 2.5.0.M1
2009-01-03 07:08:25 +00:00
4eb4d08825
Added -o to mven:jetty-run in runall.sh to speed up script
2009-01-03 06:45:41 +00:00
d6ee9a9a93
Commented out hessian and burlap remoting beans to avoid missing class exceptions on startup
2009-01-03 05:51:45 +00:00
0ead104b86
Update CAS server information to latest version
2009-01-03 05:20:22 +00:00
65a78ce4a4
SEC-745: updated cas sample filter bean configuration
2008-12-29 01:33:27 +00:00
4a41416c9b
Tidying up and removing compiler warnings.
2008-12-21 16:36:16 +00:00
0d7002e322
SEC-1012: Extra fixes to dependent modules following changes to Acl APIs.
2008-12-21 02:06:55 +00:00
cc5966bc7e
Tidying up, removing compiler warnings etc.
2008-12-20 00:16:49 +00:00
8154161ef5
SEC-1035: Updated build to use Spring 3.0.0.M1 Release
2008-12-18 02:37:00 +00:00
7fa9a959b5
Added webAppRootKey context-param to samples to prevent conflicts when run together in Tomcat.
2008-12-16 21:13:03 +00:00
681f1ee00c
Fix duplicate logging.
2008-12-16 19:07:31 +00:00
2927b8464f
SEC-1058: Substantial refactoring of AbstractProcessingFilter to use AuthenticationFailureHandler strategy. Also changed attemptAuthentication method to take a response object and have the option of returning null, to allow OpenIDAuthenticationProcessingFilter to work without having to throw exceptions between the template methods (which made the logic very hard to follow). The OpenID filter now redirects to the OpenID provider service from this method, rather than treating it as a temporary failure and throwing OpenIDAuthenticationRequiredException.
2008-12-14 22:20:21 +00:00
df771038b4
SEC-1051: Fixed class names in dms sample app context.
2008-12-12 17:43:09 +00:00
6ccdcec629
SEC-1033: Added web expressions to tutorial sample configuration.
2008-12-08 21:56:44 +00:00
bc6878c1c5
SEC-1044: Removed remember-me functionality from http auto-config namespace configuration. Added explicit <remember-me> elements to contacts and tutorial sample configurations.
2008-12-05 16:36:43 +00:00
3cbad3ebd7
Corrected comment.
2008-12-05 16:04:22 +00:00
781b09e889
SEC-1036: Updated ldap sample pom
2008-11-29 14:16:08 +00:00
7e562031cc
Better demonstrate the new EL-based "overdraft" authorization rules.
2008-11-19 09:32:04 +00:00
f3b3004085
Removed references to Acegi in contacts sample home page
2008-11-15 06:28:01 +00:00
78065ba47c
Fixed up contacts sample: removed casfailed page, corrected debug.jsp errors and fixed incorrect bean reference in context files.
2008-11-15 03:38:49 +00:00
3261fcb174
Tidying stuff
2008-11-14 07:16:30 +00:00
464da0f0df
SEC-999: Refactored namespace to take an expression handler instead of a permission evaluator, allowig fo greater cusomtomization and for a single handler to be used in both web and method security expressions.
2008-11-13 07:41:21 +00:00
e5b1073501
SEC-1012: Added more generics and warning suppression
2008-11-11 09:06:50 +00:00
7731a3df57
Typo.
2008-11-11 03:41:50 +00:00
e11114ce77
SEC-1023: Add hasPermission() support to SecurityExpressionRoot
...
http://jira.springframework.org/browse/SEC-1023 .
hasPermission() now delegates to a PermissionEvaluator interface, with a default implementation provided by the Acl module. The contacts sample now uses expressions on the ContactManager interface. The permission-evaluator element on global-method-security can be used to set the instance to an AclPermissionEvaluator. If not set, all hasPermission() expressions will evaluate to 'false'.
2008-11-10 04:27:25 +00:00
d6cd392a9e
Tidying up some stuff in tutorial app
2008-11-07 06:55:00 +00:00
d6bb6ccbf5
Removed .cvsignore files
2008-11-06 01:11:08 +00:00
a7d046357b
SEC-1013: Refactored out use of ConfigAttributeDefinition from remaining interfaces
2008-10-30 04:10:54 +00:00
4aa32f7d06
SEC-999: First commit of expression-based authorization implementation
2008-10-24 00:38:36 +00:00
6c8a82fa13
Updated poms to Spring 2.5 and fixed up sandbox to work with latest build
2008-10-15 05:52:40 +00:00
a62eae4587
Script for running all the sample apps
2008-10-15 05:49:31 +00:00
7cc0965383
SEC-1001: Move core tiger code into core and adjust pom files
2008-10-03 15:23:31 +00:00
5b9bb8ba54
[maven-release-plugin] prepare for next development iteration
2008-09-05 19:04:22 +00:00
73eed2656d
[maven-release-plugin] prepare release spring-security-parent-2.0.4
2008-09-05 18:57:43 +00:00
6e06789a28
SEC-937: Added CAS logout filter to sample application
2008-07-28 10:53:55 +00:00
d9634bcb39
SEC-920: Update preauth sample to make use of internal authentication manager
...
http://jira.springframework.org/browse/SEC-920 . Updated context file to use <custom-authentication-provider>.
2008-07-11 10:56:57 +00:00
6ff0b969d5
Corrected ldap sample config (traditional bean version was wrong)
2008-06-23 23:43:48 +00:00
775a6c3939
[maven-release-plugin] prepare for next development iteration
2008-06-23 14:10:35 +00:00
87d50aecce
[maven-release-plugin] prepare release spring-security-parent-2.0.3
2008-06-23 14:05:36 +00:00
57558de3ec
Added error page URL to openid login sample
2008-06-23 13:18:35 +00:00
5ec06778f5
removed optional scope from jaxen dependecy in preauth sample as it breaks war file
2008-06-23 13:00:03 +00:00
5b089aea16
SEC-852
...
provided mechanism to do get a proxy ticket
2008-06-18 17:34:14 +00:00
de897ad1ac
SEC-867: Remove superfluous <property /> entry.
2008-06-05 22:51:47 +00:00
ff785a829f
[maven-release-plugin] prepare for next development iteration
2008-06-03 16:07:20 +00:00
db1d8604a6
[maven-release-plugin] prepare release spring-security-parent-2.0.2
2008-06-03 16:05:40 +00:00
d784d854cd
Corrected log file name.
2008-06-03 14:57:40 +00:00
cf4072c517
Context file improvements (based on sts suggestions)
2008-05-25 20:57:07 +00:00
859e99edf4
SEC-851: Fix port number in LDAP sample.
2008-05-23 21:24:48 +00:00
4f6b4e4bfd
Make sample login pages use c:out for data output
2008-05-15 12:48:13 +00:00
d4defb10fe
SEC-833: Fixed login-failure-url in contacts sample app.
2008-05-14 22:41:13 +00:00
5cf0c84e2f
SEC-814: Added standard bean config to ldap example and updated doc to provide some pointers to DefaultLdapAuthoritiesPopulator
2008-05-06 14:50:14 +00:00
a599ef5398
[maven-release-plugin] prepare for next development iteration
2008-05-01 20:09:03 +00:00
3e808335a4
[maven-release-plugin] prepare release spring-security-parent-2.0.1
2008-05-01 20:07:46 +00:00
18a9965b80
Moved dummy file out of default package for easy exclusion from javadoc
2008-05-01 19:45:36 +00:00
fc498954c6
Updated sample context files to point at 2.0.1 schema
2008-05-01 17:51:48 +00:00
014f21ee85
Deleted attributes sample
2008-05-01 17:50:47 +00:00
882509fb2a
Renamed context file
2008-04-24 00:27:37 +00:00
eba18675fc
Removed old acegi file from tutorial sample as it's causing confusion with users.
2008-04-23 21:08:41 +00:00
80cd7f4acc
Removed accidental commit of tutorial context file
2008-04-23 13:13:56 +00:00
0cf745b85f
Updated clean plugin to 2.2
2008-04-22 21:59:40 +00:00
1663142cf1
SEC-784: removed 'optional' tag on dependencies
2008-04-19 12:40:17 +00:00
b5dc523041
[maven-release-plugin] prepare for next development iteration
2008-04-14 07:06:44 +00:00
0c42670431
[maven-release-plugin] prepare release spring-security-parent-2.0.0
2008-04-14 07:05:46 +00:00
8f52c6a79c
Corrected name in cas samples pom
2008-04-13 21:26:43 +00:00
da72a7dc00
Forgot to add cas samples parent pom
2008-04-13 00:25:11 +00:00
0422cb1f8f
Fixed artifact groups for aspectjrt and added cas sample to project build
2008-04-13 00:08:18 +00:00
83c152e379
SEC-768: Changed exception to error reported through parser context. Added entry-point-ref to cas config
2008-04-13 00:02:46 +00:00
42cd91e259
Some updates to contacts sample to match description in docs, remove unnecessary cas code etc.
2008-04-12 18:08:35 +00:00
c7f182309f
Removed excess config from tutorial sample file
2008-04-12 17:17:46 +00:00
677607bcad
SEC-530: Refactor ACL module so ACE manipulation is index-based as
...
opposed to AccessControlEntry.getId() based.
2008-04-05 20:43:10 +00:00
d5a751e784
Added log4j dependency
2008-04-01 19:14:41 +00:00
f7ae69880c
Minor tweaking so the tutorial is a little more illustrative of the present namespace capabilities.
2008-04-01 17:15:31 +00:00
21e83e8364
[maven-release-plugin] prepare for next development iteration
2008-04-01 15:03:29 +00:00
91ed7dceb6
[maven-release-plugin] prepare release release_2_0_0_RC1
2008-04-01 15:01:30 +00:00
4d306c2c1e
Fix spring-portlet dep at 2.0.8
2008-04-01 12:43:08 +00:00
e05d1da102
Refactored AuthenticationUserDetailsService to userdetails package as it isn't preauth specific
2008-03-31 23:08:30 +00:00
ea489baf6f
SEC-730
...
updated configuration to new CAS client
2008-03-28 18:25:02 +00:00
1490fe0b0a
Various fine-tuning so people can see AspectJ expressions and a simple, minimal configuration.
2008-03-28 00:47:08 +00:00
595a14dbd5
Sample should permit people to anonymously call all methods except post(Account).
2008-03-28 00:44:42 +00:00
ef5b3e2f9c
SEC-733: Changed names of <global-method-security> attributes as discussed with Ben and updated sample to reflect the changes. Also changed explicit instantiation of Jsr250 and Secured annotation MethodDefinitionSource beans in GlobalMethodSecurityBDP into bean definitions to make more tooling friendly.
2008-03-26 21:48:24 +00:00
071c91540c
SEC-722: Added explicit login page to open-id element in openid sample.
2008-03-26 17:01:54 +00:00
743d72ca7b
Added log4j support to tutorial app
2008-03-26 15:27:09 +00:00
1cd7865ed5
SEC-729: Removed version numbers and jstl declarations from sample parent pom
2008-03-26 15:21:41 +00:00
0860333a3f
SEC-733: AspectJ Pointcut Expression Parsing support.
2008-03-25 08:28:53 +00:00
f67c7bcb38
Update dependency versions and POM structure
2008-03-24 09:06:46 +00:00
6ab301981c
Update dependency versions and POM structure.
2008-03-24 09:05:44 +00:00
9a02b9862e
Fixed preauth sample configuration to match recent changes in naming in core code.
2008-03-23 23:03:28 +00:00
b54e3978dc
SEC-729: Organization of pom dependencies, particularly for servlet-api and jstl. Some other adjustments, removal of unrequired deps etc
2008-03-23 00:31:32 +00:00
1d47945893
Added portlet and ldap samples to build
2008-03-22 11:43:24 +00:00
69f2075872
SEC-722: Fix jstl versions in openID sample login page.
2008-03-22 00:05:53 +00:00
563dabda2f
SEC-722: Add Open ID Namespace Support
...
http://jira.springframework.org/browse/SEC-722 . Added OpenIDProvider to bean registry and fixed login page generator to use correct URL for OpenID. Added user-service-ref to namespace element. Changed OpenID sample to use <openid-login />.
2008-03-21 23:47:09 +00:00
d333655b0b
Updated to commons logging 1.1.1 to get rid of servlet api dependency in their pom
2008-03-20 19:43:55 +00:00
f3a6f768ba
SEC-724: Create portlet sample
...
http://jira.springframework.org/browse/SEC-724
2008-03-19 17:58:07 +00:00
8f7b216de3
Import cleaning, removal of unnecessary constructors etc based on eclipse warnings
2008-03-17 14:10:22 +00:00
114969f7f7
SEC-706: Removed LDAP dependencies from tutorial app, since we now have a separate sample
2008-03-17 14:06:13 +00:00
1e28a67410
SEC-706: Added sample app with LDAP configuration
2008-03-14 12:14:27 +00:00
e5a7303015
Remove unnecessary deps
2008-03-06 22:23:40 +00:00
ff16c413dd
[maven-release-plugin] prepare for next development iteration
2008-02-29 14:55:31 +00:00
b8916ffaba
[maven-release-plugin] prepare release release_2_0_M2
2008-02-29 14:54:15 +00:00
45e43073a0
SEC-690: Use consistent naming in OpenID classes
...
http://jira.springframework.org/browse/SEC-690
2008-02-29 12:51:52 +00:00
9eb86194a2
SEC-640: Converted preauth sample to use filter-invocation-definition-source element. (also fixed some recently changed property names).
2008-02-28 19:31:16 +00:00
25c3b84149
Remove security taglib dependency in OpenID sample.
2008-02-25 16:56:15 +00:00
18f6cb1565
Setting svn:ignore for new (and existing) modules
2008-02-25 16:51:06 +00:00
8c00bb1537
SEC-674: Updated samples to work with new module layout. Changed taglib build to copy tld file to META-INF directory.
...
Also standardized JSTL version to 1.1.0 (impl 1.1.2), moving deps to root sample pom.
2008-02-22 16:21:37 +00:00
659fe5308a
Corrected wrong bean reference in cas sample and removed dependence on taglibs. Upgraded ehcache version to match core.
2008-02-22 16:15:30 +00:00
2dd9faabc0
SEC-674: Created new project modules for cas, captcha, acls and taglibs
2008-02-19 20:30:53 +00:00
38237341b4
Removed unused getContactManager method
2008-02-15 18:06:59 +00:00
503e426707
Inlined destroyContext method.
2008-02-15 17:07:53 +00:00
be62979a01
Switch JSTL back to 1.1.2.
2008-02-15 12:15:20 +00:00
e2bf583fe9
Removed unused MessageSource from contacts app-context file.
2008-02-09 15:57:06 +00:00
dd47689687
Updated contact app to make more use of namespace configuration (now uses intercept-methods in target bean to set up method interceptor).
2008-02-09 15:41:29 +00:00
10ab4136d1
SEC-309: Patch for Authentication tag to use property of authentication object, rather than invoking an operation on the principal. Allows use of nested properties.
2008-02-09 13:41:05 +00:00
bd5a64825d
SEC-552: Replaced authorites populators in CAS and OpenID with a plain UserDetailsService
2008-02-08 13:23:43 +00:00
842c49c890
SEC-665: Renaming of rolemapping package to authoritymapping, and corresponding refactoring of classes.
2008-02-08 12:01:10 +00:00
eb998b6554
Updated jetty plugin version.
2008-02-08 11:57:10 +00:00
ca16a9608c
Corrected typo
2008-02-08 11:26:38 +00:00
adba67326f
Removed accidentally committed version of tutorial app context file.
2008-02-04 21:27:35 +00:00
84c7ac5e57
SEC-664: Removed validateUserDetails method from AbstractRememberMeServices, wrapped the UserDetailsService in a status-checking one and added a catch block for AccountStatusExceptions. Also some minor tidying up of other remember-me classes.
2008-02-04 21:26:07 +00:00
26fa0c143b
Added myself to the users list because I can :P
2008-02-04 14:25:12 +00:00
b93583164d
SEC-659: Change CAS sample to use authentication-manager element.
2008-02-04 00:12:56 +00:00
3da2471b7f
Some tidying up of OpenID login form.
2008-02-01 16:01:34 +00:00
287726335a
OpenID sample application.
2008-02-01 14:32:54 +00:00
df1def412e
Changed to using new alias for security filter chain in samples.
2008-02-01 14:28:04 +00:00
86f7b47fac
Updated jetty plugin to 6.1.7
2008-02-01 14:18:23 +00:00
5394350cc8
SEC-576: Renamed PreAuthenticateduserDetailsService to AuthenticationUserdetailsService and changed signature accordingly.
2008-01-31 14:24:12 +00:00
46a69b6d93
SEC-652: CAS sample application and server using maven jetty plugin.
2008-01-28 16:03:28 +00:00
511ebb5af4
Reformat pom.xml.
2008-01-28 14:30:15 +00:00
eb620f09eb
Switched preauth default namespace to "beans" for readability.
2008-01-28 13:22:50 +00:00
5738a51040
SEC-651: Support for ldap-user-service bean.
2008-01-28 00:47:34 +00:00
acf5601714
SEC-645: Reimplementation of X509 provider and namespace implementation.
2008-01-27 22:45:44 +00:00
aeba732ba5
SEC-647: Created separate "certificates" directory so SSL certificates and keys can be shared between different sample applications. Added key for user "scott" and separate certificate authority pem file (can be installed in a browser).
2008-01-27 20:42:10 +00:00
82940db6c8
SEC-648: Added custom-authentication-provider support.
2008-01-27 13:31:34 +00:00
e44e641106
SEC-647: Updated server keystore (new certificate using our own Test CA) and added client certificates for users rod and dianne.
2008-01-26 17:21:23 +00:00
483068d486
SEC-647: Delete unused certificated directory and outdated certificates.
2008-01-26 11:28:36 +00:00
b85f76e6c1
Added SSL support to the tutorial app Jetty plugin configuration and added a requirement for SSL on the "extremely secure" page.
2008-01-24 16:30:06 +00:00
342677fabc
Removed auto-config from tutorial sample and added commented out ldap support. Updated ldif file to match sample users.
2008-01-23 22:21:39 +00:00
837ecd85ec
SEC-576: Tidied up code, added preauth sample demo app.
2008-01-23 20:02:11 +00:00
Rob Winch
Luke Taylor
Luke Taylor
Scott Battaglia
Mike Wiesner
Ben Alex
Ray Krueger