Luke Taylor
|
68364f06a2
|
Minor itest updates
|
2009-07-29 16:05:47 +00:00 |
Luke Taylor
|
3e6054b69f
|
SEC-1211: Rename SessionFixationProtectionFilter to SessionManagementFilter, since it no longer performs session-fixation protection directly, but just executes the AuthenticatedSessionStrategy.
|
2009-07-29 00:52:30 +00:00 |
Luke Taylor
|
5e285b3692
|
SEC-1211: Set the default AuthenticatedSessionStrategy to a null implementation to preserve existing behaviour.
|
2009-07-28 23:57:46 +00:00 |
Luke Taylor
|
609a68b12a
|
SEC-1077: Added DefaultAuthenticatedSessionStrategy test to check that saved request attribute is retained when migrateAttributes is false.
|
2009-07-28 23:47:26 +00:00 |
Luke Taylor
|
db90122179
|
SEC-1211: Create strategy for session handling on successful authentication. Added AuthenticatedSessionStrategy interface and default implementation which encapsulates the functionality that was previously in SessionFixationProtectionFilter and AbstractAuthentictationProcessingFilter. Updated the namespace to make use of these.
|
2009-07-28 18:00:24 +00:00 |
Luke Taylor
|
4a12b80470
|
Minor updates to x509 doc and update of remember-me doc (no longer part of auto-config)
|
2009-07-27 22:27:48 +00:00 |
Luke Taylor
|
fdb7325cbc
|
Javadoc update
|
2009-07-24 15:21:59 +00:00 |
Luke Taylor
|
9c27bced5b
|
Corrected typo
|
2009-07-23 20:42:04 +00:00 |
Luke Taylor
|
40efe6db57
|
Minor doc updates
|
2009-07-22 17:24:05 +00:00 |
Luke Taylor
|
0a37aed4b9
|
SEC-1207. Fixed class name in jsp
|
2009-07-22 16:37:22 +00:00 |
Luke Taylor
|
719a5e09d8
|
SEC-1205: Added comment to Javadoc for PasswordComparisonAuthenticator to indicate that it won't work with SSHA passwords
|
2009-07-22 16:11:24 +00:00 |
Luke Taylor
|
931cf90dbb
|
SEC-1203: Allow configuration of X509 subject-dn-regex attribute using PropertyPlaceholderConfigurer. Modified parser to use a BeanDefinition for the SubjectPrincipalDnExtractor to allow property subsititution.
|
2009-07-21 00:14:57 +00:00 |
Luke Taylor
|
8b115e2a21
|
SEC-1167: Added setRequestCache to SavedRequestAwareAuthenticationSuccessHandler and updated namespace parsing to set PortResolver on created HttpRequestCache.
|
2009-07-20 22:52:48 +00:00 |
Luke Taylor
|
f404bb3d74
|
SEC-1167: Introduce more flexible SavedRequest handling. Separated the concept of SavedRequest from SecurityContextHolderAwareFilter since the two are orthogonal requirements. This no longer takes a wrapper class property or uses reflection. SavedRequest functionality is accessed through the RequestCache interface, with the default implementation being HttpSessionRequestCache. A separate filter RequestCacheAwareFilter is now responsible for reconstituting the SavedRequest if it matches the current request. The functionality for matching and returning the wrapper is contained in the RequestCache method though.
|
2009-07-20 22:34:40 +00:00 |
Luke Taylor
|
efd1dbf54a
|
Removed public modifier from getSessionController() method on ProviderManager.
|
2009-07-17 23:37:45 +00:00 |
Luke Taylor
|
491837ae34
|
SEC-1197: Moved support from session-controller-ref from authentication-manager to concurrent-session-control element. Plus refactoring of config classes into separate packages.
|
2009-07-17 23:36:35 +00:00 |
Luke Taylor
|
83da7be2ea
|
Remove (ticket) cache package from CAS module. Unnecesary and has a circular reference.
|
2009-07-17 23:33:55 +00:00 |
Luke Taylor
|
1afa67c954
|
SEC-1195: Added internal AuthenticationManager for use by beans which are generated by the <http> block.
|
2009-07-15 23:09:47 +00:00 |
Luke Taylor
|
6346e31517
|
SEC-1195: Change <http> parsing behaviour to use an internal AuthenticationManager instance. Implemented "parent" AuthenticationManager in ProviderManager which is delegated to when no authentication is returned by the instances list of authentication providers. Extracted the Authentication success/failure publishing into a separate strategy.
|
2009-07-15 01:28:28 +00:00 |
Luke Taylor
|
1ca2e6e6fc
|
Tidying.
|
2009-07-13 23:12:32 +00:00 |
Luke Taylor
|
5d389d953d
|
RoleVoter test class.
|
2009-07-13 23:11:15 +00:00 |
Luke Taylor
|
946f3d1067
|
Converted to use mockito.
|
2009-07-13 23:10:52 +00:00 |
Luke Taylor
|
e63fba3a36
|
Tidying
|
2009-07-08 23:55:42 +00:00 |
Luke Taylor
|
d59bdc0cbc
|
Reducing use of global bean Ids as part of SEC-1186
|
2009-07-08 23:54:26 +00:00 |
Luke Taylor
|
7622dfe092
|
SEC-1194: Added support for services-alias to remember-me
|
2009-07-08 23:53:47 +00:00 |
Luke Taylor
|
b795d22e51
|
Upgraded junit and bundlor deps
|
2009-07-08 23:46:15 +00:00 |
Luke Taylor
|
3b1cdc3ab4
|
Tidying.
|
2009-07-08 23:27:53 +00:00 |
Luke Taylor
|
8a3930e673
|
Refactoring of ProviderManager to ensure that any AuthenticationException from the ConcurrentSessionController will prevent further polling of providers.
|
2009-07-08 23:20:46 +00:00 |
Luke Taylor
|
d02bbbf560
|
import cleaning.
|
2009-07-08 17:17:45 +00:00 |
Luke Taylor
|
43dab4c3b3
|
SEC-1186: Additional changes to remove custom-filter decorator functionality.
|
2009-07-08 16:50:47 +00:00 |
Luke Taylor
|
abddcb044a
|
SEC-1186: Remove functionality from CustomFilterBeanDefinitionDecorator and report a warning instead.
|
2009-07-08 16:49:30 +00:00 |
Luke Taylor
|
b3366a1646
|
SEC-1186: Tidying up changes to http parsing
|
2009-07-08 16:19:26 +00:00 |
Luke Taylor
|
df7c734450
|
SEC-1192: Fix incorrect classname in preauth chapter
|
2009-07-08 14:53:40 +00:00 |
Luke Taylor
|
6b53703e37
|
SEC-1187: Moved pre-authentication status check inside try/catch block and repeated the call after reloading the user during the "cacheWasUsed" logic.
|
2009-07-07 17:09:44 +00:00 |
Luke Taylor
|
eae670269d
|
Tidying
|
2009-07-06 10:33:57 +00:00 |
Luke Taylor
|
be12d93f7a
|
Manual updates
|
2009-07-06 10:33:14 +00:00 |
Luke Taylor
|
853b4c8753
|
SEC-1186: Make sure an Element is always supplied when registering the AuthenticationManager. Fixes broken tests.
|
2009-06-28 13:36:54 +00:00 |
Luke Taylor
|
980b9b73b8
|
deprecate property editor
|
2009-06-26 12:49:23 +00:00 |
Luke Taylor
|
3e9983c744
|
SEC-1186: Removed 'order' from openid filter
|
2009-06-26 12:48:36 +00:00 |
Luke Taylor
|
af0c5f9e7f
|
SEC-1186: Removed 'order' from ntlm and cas filters
|
2009-06-26 12:47:36 +00:00 |
Luke Taylor
|
d5bf5d7adc
|
SEC-1186: validator for filter chain beans
|
2009-06-26 12:47:03 +00:00 |
Luke Taylor
|
8ddd96af2b
|
SEC-1186: intermediate commit of namespace changes for improved tooling support
|
2009-06-26 12:44:46 +00:00 |
Luke Taylor
|
f6e2e36346
|
Remove use of property editor internally.
|
2009-06-18 23:37:36 +00:00 |
Luke Taylor
|
074fa7d629
|
SEC-1186: Refactoring to bring all filter registrations into the HttpBDP parse method in preparation for building the filter chain and map at that point, rather than in a post-processor
|
2009-06-18 22:33:16 +00:00 |
Luke Taylor
|
44487293f0
|
Minor faq updates
|
2009-06-18 13:35:02 +00:00 |
Luke Taylor
|
408e982b96
|
Minor JSP classname fixes etc in samples
|
2009-06-18 13:28:44 +00:00 |
Luke Taylor
|
67a90b36ee
|
SEC-1178: New manual chapters
|
2009-06-16 12:47:26 +00:00 |
Luke Taylor
|
c6b9371029
|
Updated to latest Spring build snapshot. Required minor EL changes to parser class name
|
2009-06-15 23:41:20 +00:00 |
Luke Taylor
|
e92aac225f
|
Minor javadoc.
|
2009-06-15 13:53:56 +00:00 |
Luke Taylor
|
db3f08cce4
|
SEC-1156: Added check for enableAuthorities setting in deleteUser method of JdbcUserDetailsManager.
|
2009-06-14 22:31:14 +00:00 |