Commit Graph

4100 Commits

Author SHA1 Message Date
Luke Taylor 3a8daa1bf4 Gradle build improvements.
Added generation of source archives and trial support for maven deployment and pom generation, with "provided" configuration mapped to "provided" scope.
2010-01-13 00:44:05 +00:00
Luke Taylor f62d97b092 SEC-1356: Fix broken tests.
Test cookies now require that the path be set in order for them to be recognised for auto-login purposes..
2010-01-12 01:32:02 +00:00
Luke Taylor 6eff4d90b7 SEC-1356: Modify AbstractRememberMeService to check the cookie path as well as the name when extracting it from the incoming request.
This makes things consistent with the cookie setting methods. If someone wants to share a cookie between multiple applications then they should modify the cookie extraction and setting methods to use a less-specific path.
2010-01-12 00:49:53 +00:00
Luke Taylor d900829921 Added bundlor and maven support to gradle build 2010-01-12 00:35:20 +00:00
Luke Taylor fa42d9d5ec Fix taglibs template.mf
Was missing sub-packages of org.sfw.security.acls.
2010-01-12 00:33:20 +00:00
Luke Taylor 2023ca283e SEC-1358: Support empty context path in DefaultWebInvocationPrivilegeEvaluator
This class was failing when an application was deployed at the root context because of an assertion which checked that the contexPath was not empty. An empty context path doesn't actually cause problems for the class so I've removed the assertion.
2010-01-12 00:30:27 +00:00
Luke Taylor b323098167 Added gradle build files for taglibs, tutorial, contacts and openid.
Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).
2010-01-10 23:31:23 +00:00
Luke Taylor e211f9b35f SEC-1349: Allow configuration of OpenID with parameters which should be transferred to the return_to URL.
The OpenIDAuthenticationFilter now has a returnToUrlParameters property (a Set). If this is set, the named parameters will be copied from the incoming submitted request to the return_to URL. If not set, it defaults to the "parameter" property of the AbstractRememberMeServices of the parent class. If remember-me is not in use, it defaults to the empty set.

Enabled remember-me in the OpenID sample.
2010-01-09 01:04:13 +00:00
Luke Taylor bc02fc2de1 Corrected "incorrect numer of tokens" error message in TokenBasedRememberMeServices. 2010-01-08 23:57:27 +00:00
Luke Taylor 51abedcbef Parameterize getFilter() method in HttpSecurityBeanDefinitionParserTests.
Removes the need for casting to specific filter type.
2010-01-08 23:20:16 +00:00
Luke Taylor f40a1fda34 SEC-1357: Use getClass().getClassLoader() in SecurityNamespaceHandler to check for web classes.
This is used in preference to ClassUtils.getDefaultClassLoader() which fails to find the web classes in some situations.
2010-01-08 21:12:36 +00:00
Luke Taylor 052537c8b0 Removing $Id$ markers and stripping trailing whitespace from the codebase. 2010-01-08 21:05:13 +00:00
Luke Taylor 9a323f15bc Bring versions in itext module up-to-date 2010-01-07 17:56:32 +00:00
Luke Taylor 68ae49ebe1 SEC-1355: Update manual code snippet to cast to OpenIDAuthenticationToken. 2010-01-07 17:22:45 +00:00
Luke Taylor 4e4242d010 SEC-1354: Added integration tests for combinations of @PreAuthorize and @Secured annotations. 2010-01-06 22:23:01 +00:00
Luke Taylor 846aa40a7b Updated "heavyduty" sample version information. 2010-01-06 22:21:59 +00:00
Luke Taylor be72ed1350 Remove commented out beans from contacts sample app context.
These were left when the app was updated to use Spring MVC @Controller syntax and scanning.
2010-01-06 22:21:34 +00:00
Luke Taylor 9730600777 Revert bundlor version update.
Config was wrong, but even with the correct config
the maven jar plugin generates its own manifest
file and ignores the one generated by bundlor.
2010-01-05 23:47:27 +00:00
Luke Taylor 3c97d68346 Upgrade to bundlor RC1 2010-01-05 22:34:27 +00:00
Luke Taylor dc5417f1d5 SEC-1352: Added support for placeholders in <user-service>
The username, password and authorities attributes can now be placeholders.
2010-01-05 22:34:10 +00:00
Luke Taylor f5d36aef65 SEC-1350: Improved Javadoc for AbstractPreAuthenticatedProcessingFilter
Added clarification that the credentials returned
by the subclass should not be null or they will
typically be rejected by the provider. Also added
some general overview.
2010-01-05 16:01:55 +00:00
Luke Taylor 93973a4b75 SEC-1304: Removed compareTo method from GrantedAuthorityImpl
This method had been left by mistake when the Comparable 
interface was removed. See also SEC-1347.
2010-01-04 19:13:49 +00:00
Luke Taylor c6b8fe5e55 SEC-1346: Added missing 'return' statements after redirects.
ConcurrentSessionFilter and SessionManagementFilter now return immediately after redirecting to the expired URL and invalid session URLs respectively. Extra tests added to check.
2010-01-03 19:06:58 +00:00
Luke Taylor 80aacf447f Refactored JaasAuthenticationProvider
The toUrl() method on File gives a deprecation warning with Java 6, so I reimplemented
the logic for building the Jaas config URL.
2010-01-03 16:28:44 +00:00
Luke Taylor 893f212fa5 Tidying 2010-01-02 19:53:19 +00:00
Luke Taylor b737fa451d SEC-1344: Minor CAS doc updates 2009-12-29 14:45:29 +00:00
Luke Taylor 0aab19ed4b Added additional info on concurrent session usage 2009-12-28 14:32:54 +00:00
Luke Taylor 744ed95b51 SEC-1343: ref manual typos 2009-12-28 13:59:21 +00:00
Scott Battaglia 7e817b9640 NOJIRA formatting fix 2009-12-24 14:40:24 +00:00
Scott Battaglia 4afe6c2c6a SEC-1341
made it more extensible
2009-12-24 14:39:40 +00:00
Scott Battaglia 3bb5ca5d4b NOJIRA
upgraded to latest CAS client (3.1.10)
2009-12-24 14:26:58 +00:00
Luke Taylor bcb1ff8921 SEC-1342: Introduced extra factory method in SecurityConfig to get round problem with Spring converting a string with commas to an array 2009-12-23 14:12:59 +00:00
Luke Taylor 115d5b84ff [maven-release-plugin] prepare for next development iteration 2009-12-22 22:20:01 +00:00
Luke Taylor 6c6ef08353 [maven-release-plugin] prepare release spring-security-3.0.0.RELEASE 2009-12-22 22:19:38 +00:00
Luke Taylor d695c85ad8 Removed maven structure from sandbox, and 'other' module, which is out of date. 2009-12-22 22:00:34 +00:00
Luke Taylor a7770a64d3 Update cas server version in runall.sh 2009-12-22 21:31:26 +00:00
Luke Taylor 48be79108a Gradle build file for 'heavyduty' sample 2009-12-22 19:55:53 +00:00
Luke Taylor aad7d01c84 Updated CAS server version for sample use to 3.3.5 2009-12-22 19:35:20 +00:00
Luke Taylor b96b14c5d0 Changed 'Advanced Topics' to more general 'Additional Topics' 2009-12-22 19:02:34 +00:00
Luke Taylor 1af9f8efea SEC-1327: Minor doc update 2009-12-22 13:40:05 +00:00
Luke Taylor be56d72912 SEC-1340: Minor doc corrections 2009-12-22 13:25:10 +00:00
Luke Taylor e64866ae6a Updated bundlor templates and introduced spring.version variable 2009-12-22 01:10:04 +00:00
Luke Taylor 052685e154 Add taglibs chapter to manual 2009-12-22 01:09:56 +00:00
Luke Taylor 3418aab46e SEC-1327: Javadoc additions to clarify some behaviour 2009-12-21 17:32:54 +00:00
Luke Taylor dd90f9332c SEC-1326: Removed unncecessary exclusions 2009-12-21 17:32:45 +00:00
Luke Taylor fcce29f8df SEC-1326: Updating dependencies to match Spring versions. Removing unused deps. 2009-12-21 17:32:38 +00:00
Luke Taylor 89809e9029 SEC-1329: Added info on attribute-exchange configuration to the namespace chapter 2009-12-19 18:32:57 +00:00
Luke Taylor 97a31cae04 SEC-1333: Added error message for invalid redirect URL assertion 2009-12-18 19:29:36 +00:00
Luke Taylor aeed49393c Switching StringBuffer to StringBuilder throughout the codebase (APIs permitting). 2009-12-18 18:44:42 +00:00
Luke Taylor fac07ba8ff Schema updates to Spring 3.0 2009-12-18 18:44:17 +00:00