Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-22 14:24:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,298 Commits 33 Branches 337 Tags
Commit Graph

2249 Commits

Author SHA1 Message Date
Luke Taylor
bdb906e588 Enable parameterization for log levels in logback files to allow the use of command-line options for controlling log output. 2010-08-24 18:25:39 +01:00
Luke Taylor
1680807470 Added eclipse plugin to build. Some minor fixes to remove eclipse warnings. 2010-08-18 14:11:16 +01:00
Luke Taylor
3c02989d67 Removal of jmock test dependency and upgrading of mockito version to 1.8.5. Minor adjustments to other build deps and configurations (e.g. prevent groovy from being used as a transitive dep, since we only use it for tests). 2010-08-18 02:32:43 +01:00
Luke Taylor
281d77271e SEC-1486, SEC-1538, SEC-1537: Generification of AuthenticationDetailsSource. Deprecation of non-web pre-authentication classes and other unnecessary classes. Removal of reflection in WebAuthenticationDetailsSource. 2010-08-13 15:51:05 +01:00
Luke Taylor
2222a7be07 Use Integer.valueOf() in preference to new Integer() 2010-08-11 18:17:23 +01:00
Luke Taylor
dca0fd871c SEC-1532: Add cache of previously matched beans to ProtectPointcutPostProcessor to ensure that it doesn't perform pointcut matching every time a new prototype bean is created. 2010-08-09 17:16:43 +01:00
Luke Taylor
85c4c91e0e IDEA inspection refactorings. 2010-08-05 23:28:07 +01:00
Luke Taylor
64375484a1 More build and logging tuning. 2010-08-04 22:55:17 +01:00
Luke Taylor
c4ee46824c Removing log4j.properties files and adding logback config ones. 2010-08-04 21:16:05 +01:00
Luke Taylor
ab248b2583 SEC-1454: Added use of Spring's new AopProxyUtils.ultimateTargetClass() method when resolving the target class in MethodSecurityEvaluationContext. 2010-07-30 14:36:41 +01:00
Luke Taylor
b854e67952 SEC-1522: Treat empty attribute collection the same as null when returned by SecurityMetadataSource. Both are now treated as public invocations. 2010-07-27 02:20:09 +01:00
Luke Taylor
2afccfc633 Remove commons-logging dependency properly and switch tutorial sample to logback/slf4j. 2010-07-23 01:57:31 +01:00
Luke Taylor
443ac0487a SEC-1093: Namespace support for jee element. 
Adds a J2eePreAuthenticatedProcessingFilter to the stack, using a SimpleAttributes2GrantedAuthoritiesMapper to process the role attributes defined in the "mappable-roles" attribute. Provider uses a PreAuthenticatedGrantedAuthoritiesUserDetailsService by default.
 2010-07-07 22:42:26 +01:00
Luke Taylor
03fa8fce4d SEC-1507: Applied patch to return empty authority list rather than null from RoleHierarchyImpl. 2010-07-02 19:51:00 +01:00
Luke Taylor
026517f674 Removal of deprecated methods and classes. 2010-06-26 16:23:42 +01:00
Luke Taylor
db913f6857 SEC-1493: Added CredentialsContainer interface and implemented it in User, AbstractAuthenticationToken and UsernamePasswordAuthenticationToken. ProviderManager makes use of this to erase the credentials of the returned Authentication object (and its contents) if configured to do so by setting the 'eraseCredentialsAfterAuthentication' property. 2010-06-20 21:09:33 +01:00
Luke Taylor
d56adb8ffb SEC-1495: Convert User class equals and hashcode methods to only use the "username" property. 
This prevents situations where other data may have changed when a User object is reloaded (during a subsequent authentication attempt, in which case and Set.contains()/Map.containsKey() will return false even though the collection in question contains a principal representing the same user.
 2010-06-10 22:27:50 +01:00
Luke Taylor
efb600166a SEC-1488: Remove commons-logging dependencies from maven poms. 2010-05-28 13:10:59 +01:00
Luke Taylor
0e57ce2dc3 SEC-1481: Updated constructors of Authentication types to use a generic wildcard for authorities collection. 2010-05-21 15:59:50 +01:00
Luke Taylor
c95cf6ec7d SEC-1483: Change User constructor to use a generic wildcard for authorities collection. 2010-05-21 15:58:35 +01:00
Luke Taylor
b3aad4cf19 Javadoc fixes. 2010-05-06 20:02:08 +01:00
Luke Taylor
e7646a65f4 SEC-1421: Add setters to JdbcUserDetailsManager for group sql operations. 2010-05-03 14:53:06 +01:00
Luke Taylor
3c3aabf5be SEC-1465: Change empty check to a null check for list of delegates for DelegatingMethodSecurityMetadataSource. 2010-04-25 22:11:35 +01:00
Luke Taylor
a421370a3d SEC-1465: Change DelegatingMethodSecurityMetadataSource to use constructor injection to get round the problem of it being invoked before it has been initialized properly. Also changed the contacts tests to use the same app context and loading order as the actual webapp, to give better reassurance that the app will run successfully. 2010-04-25 22:00:25 +01:00
Luke Taylor
3bbbf07235 SEC-1464: Fix broken test (flags in returned user object were not being copied from stored user). 2010-04-25 20:12:00 +01:00
Luke Taylor
024e6904ff SEC-1464: Deprecate UserMap, InMemoryDaoImpl and other related classes in favour of the simpler (non-property editor based) InMemoryUserDetailsManager. 2010-04-25 04:27:09 +01:00
Luke Taylor
f5859fabcf SEC-1464: Created InMemoryUserDetailsManager and converted user-service BDP to use it for its in-memory database. 2010-04-25 04:26:45 +01:00
Luke Taylor
d3d9c5db59 Refactoring of UserDetailsService injection (for X509, OpenID and RememberMeServices) to use a factory bean rather than a post-processor. 2010-04-20 23:47:47 +01:00
Luke Taylor
74896f217b SEC-1459: Generifying AuthenticationUserDetailsService. Now parameterized with <? extends Authentication>. 2010-04-20 23:47:47 +01:00
Luke Taylor
0521d10069 SEC-1294: Enable access to beans from ApplicationContext in EL expressions. 
ExpressionHandlers are now ApplicationContextAware and set the app context on the SecurityExpressionRoot. A custom PropertyAccessor resolves the properties against the root by looking them up in the app context.
 2010-04-01 01:24:23 +01:00
Luke Taylor
020e0aa49a SEC-1448: Fixed failure to resolve generic method argument names in MethodSecurityEvaluationContext. 
Changed to use AopUtils.getMostSpecificMethod() when obtaining the method on which the parameter resolution should be performed. Also added better error handling and log warning when parameter names cannot be resolved. The exception will then be a SpEL one, rather than a NPE.
 2010-03-30 15:52:40 +01:00
Luke Taylor
977bc2b164 SEC-1433: Reduce the number of direct dependencies on DataAccessException from spring-tx. 
It is still required as a compile-time dependency by classes which use Spring's JDBC support, but it doesn't really have to be used in many interfaces and classes which are not necessarily backed by JDBC implementations.
 2010-03-26 18:05:28 +00:00
Luke Taylor
472c1fac84 SEC-1450: Replace use of ClassUtils.getMostSpecificMethod() in AbstractFallbackMethodDefinitionSource with AopUtils.getMostSpecificMethod() equivalent. 
Ensures protect-pointcut expressions match methods with generic parameters.
 2010-03-24 20:57:03 +00:00
Luke Taylor
e60108ca8c SEC-1443: Modify Jsr250Voter to handle multiple "RolesAllowed" roles. 
It now votes to abstain if there are no Jsr250 attributes present. If any are found, it will either deny or grant access. For multiple "RoleAllowed" attributes, access will be granted if any user authority matches or denied if no match is found.
 2010-03-22 16:26:04 +00:00
Luke Taylor
9e049dfef4 SEC-1438: Removed JoinPoint support from AbstractMethodSecurityMetadataSource 2010-03-11 21:51:19 +00:00
Luke Taylor
c09cd3a9cb Remove unused inner class in MethodSecurityMetadataSourceAdvisor 2010-03-11 01:52:07 +00:00
Luke Taylor
55de2cfcb1 SEC-1262: Added new (replacement) AspectJ interceptor which wraps the JoinPoint in a MethodInvocation adapter to provide compatibility with classes which only support MethodInvocation instances. 
Also deprecated the existing AspectJ interceptors. This will also allow future simplification of the AbstractMethodSecurityMetadataSource, as it no longer needs to support JoinPoints.
 2010-03-11 01:51:59 +00:00
Luke Taylor
f3264ba9ab Addition of commons-logging exclusions and adjustments to pom generation. 2010-03-07 21:58:25 +00:00
Luke Taylor
b38b8e55ac SEC-1432: Convert map keys to lower-case in UserMap.setUsers(). 
Otherwise the lookup on mixed-case fails, since the lookup is performed with a lower-case key.
 2010-03-05 17:55:29 +00:00
Luke Taylor
530ab3ae30 SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect. 2010-03-04 21:21:07 +00:00
Luke Taylor
0551dd89ac SEC-1420: Add htmlEscape attribute to authentication JSP tag. 
This allows HTML escaping to be disabled if required.
 2010-03-04 00:47:22 +00:00
Luke Taylor
b147652193 Make hsqldb a testRuntime/runtime dependency. 2010-03-01 01:10:58 +00:00
Luke Taylor
f3f84da625 Increase upper bounds of Spring and Spring Security versions in bundlor templates to 3.2.0. 2010-02-21 23:25:36 +00:00
Luke Taylor
ea7ccc718d SEC-1399: Removed AbstractAuthenticationManager. 
MockAuthenticationManager was the only other subclass (apart from the main ProviderManager) and has been removed also.
 2010-02-20 21:35:39 +00:00
Luke Taylor
dacb8dd25a SEC-1382: Removed deprecated label-based voter and related classes. 2010-02-20 20:50:16 +00:00
Luke Taylor
b37d2ed978 SEC-593: Added PermissionCacheOptimizer strategy interface and implementation in Acl module. 
This is used by DefaultMethodSecurityExpressionHandler to allow permissions to be cached before repeatedly evaluating an expression for a collection of domain objects.
 2010-02-20 18:02:12 +00:00
Luke Taylor
2ee7696bf4 Update version number to 3.1.0.CI-SNAPSHOT. 2010-02-19 17:35:19 +00:00
Luke Taylor
44f45d21f0 3.0.2 release. Update version in build files. 2010-02-19 01:22:21 +00:00
Luke Taylor
d2b2ca3bc6 SEC-1387: Use a transient object as the advice monitor, rather than a Serializable. 
No need for an anonymous inner class.
 2010-02-19 01:02:22 +00:00
Luke Taylor
10dc72b017 SEC-1387: Support serialization of security advised beans. 
MethodSecurityMetadataSourceAdvisor now takes the SecurityMetadataSource bean name as an extra constructor argument and re-obtains the bean from the BeanFactory in its readObject method. Beans that are advised using <global-method-security> should therefore now be serializable.
 2010-02-19 00:53:14 +00:00