2eefbf3a23
SEC-1657: Added support for 'name' attribute in <http> element to expose filter chain as a list bean.
2011-01-14 17:21:22 +00:00
f20649f035
SEC-1648: added null check for getTargetUrlParameter() in SavedRequestAwareAuthenticationSuccessHandler.onAuthenticationSuccess and updated validation for AbstractAuthenticationTargetUrlRequestHandler.setTargetUrlParameter
2011-01-13 20:29:37 -06:00
075b30ab44
SEC-1651: Added paragraph to FAQ mentioning dependencies appendix.
2011-01-12 15:27:30 +00:00
8da0de459b
SEC-1651: Added remaining module information to dependencies appendix.
2011-01-12 15:09:01 +00:00
79b8edbd1e
Update CAS client to 3.1.12
2011-01-12 14:56:16 +00:00
eeb466b613
SEC-1648: Implemented Rob's suggestion to use a null value for the targetUrlParameter rather than a boolean property. It should thus only be used if this value is set.
2011-01-12 13:26:05 +00:00
6de2197c0f
SEC-1653: Ensure UserDetailsServiceFactoryBean is registered using the tools API to prevent errors in STS.
2011-01-11 00:10:07 +00:00
19e56f4397
Stripping out unnecessary dependencies from sample jars.
2011-01-10 17:27:58 +00:00
39b48c6d95
Update gradle wrapper to 0.9.1 in order to use mavenLocal() repo syntax.
2011-01-10 17:27:22 +00:00
bf59c75886
Test class to improve coverage of WAS-specific preauth code.
2011-01-07 19:49:50 +00:00
b858b23927
SEC-1651: Added first draft of dependencies appendix to reference manual.
2011-01-07 19:23:06 +00:00
6779822325
Remove GRADLE-1090 workarounds from config.gradle.
2011-01-07 18:28:21 +00:00
8d7830a1ee
SEC-1603: Add support in namespace for use of AuthenticationSuccessHandler with remember-me.
2011-01-06 15:16:13 +00:00
7fd3aa2b45
SEC-1603: Add support for injecting an AuthenticationSuccessHandler into RememberMeAuthenticationFilter.
2011-01-06 13:02:38 +00:00
c1f2fa1983
SEC-1558: Changed signatures of PrePostInvocationAttributeFactory to take strings rather than annotation types to allow the metadata to be obtained from other sources (not just annotations).
2011-01-05 16:56:28 +00:00
423f9eae7a
SEC-1648: Added a useTargetUrlparameter property to AbstractAuthenticationTargetUrlRequestHandler which defaults to false.
...
This ensures that users will think about the context in which they are enabling the use of a parameter to determine the redirect location.
2011-01-05 13:14:02 +00:00
313fe78cc1
Corrected snapshot version
2010-12-20 23:04:49 +00:00
2487a3e27b
Reset to snapshot version
2010-12-20 23:02:58 +00:00
0ca5157f47
Set project release version to 3.1.0.M2
2010-12-20 22:46:54 +00:00
7316bcff75
Updated outdated CAS sample readme with instructions for running CAS using gradle
2010-12-20 22:22:19 +00:00
bbcc611af5
CAS server version upgrade and minor tweaks to CAS sample build file.
2010-12-20 22:12:35 +00:00
592782dc7f
Added test for getAdditionalRoles in DefaultLdapAuthoritiesPopulator.
2010-12-20 17:31:14 +00:00
eebcfd28ef
Move Ldap authorities populator tests to the correct package.
2010-12-20 17:23:43 +00:00
dbe270f132
SEC-1641: Correct code and test for null groupSearchBase.
2010-12-20 16:50:37 +00:00
428a0b7dce
SEC-1639: Removed url argument from FilterChainProxy's VirtualFilterChain, since this can be directly computed from the request instance in the debug statements.
2010-12-20 14:13:13 +00:00
5f6dab67e1
SEC-1492: Added SimpleAuthoritiesMapper which provides a one-to-one authority mapping with case-conversion and the addition of a "role" prefix to the authority name.
2010-12-19 17:33:27 +00:00
3547cfcc92
SEC-1641: Remove the private setGroupSearchBase method and allowed a null value to be set for the group search base in the constructor.
2010-12-19 17:33:26 +00:00
f1fe3ce7e6
Update wrapper to gradle 0.9 release
2010-12-19 14:41:41 +00:00
48ea0a6249
SEC-1638: Added paragraph to docs explaining that for complete security, an app should not switch out of HTTPS at all.
2010-12-17 17:34:08 +00:00
7cf9740fd4
SEC-1638: Added an example configuration to the Javadoc for ChannelProcessingFilter and a pointer from the reference manual.
2010-12-17 17:09:20 +00:00
1ed5227d75
Removed @Override from HttpFirewallBeanDefinitionParser.parse since it does not override a method definition, it implements one.
...
Fixed The method parse(Element, ParserContext) of type HttpFirewallBeanDefinitionParser must override a superclass method HttpFirewallBeanDefinitionParser.java /spring-security-config/src/main/java/org/springframework/security/config/http line 23 Java Problem
2010-12-16 22:20:20 -06:00
7c04fdbc90
SEC-1639: FirewalledRequest is now called on the specific FirewalledRequest instance rather that looping through ServletRequestWrappers.
...
VirtualFilterChain now accepts the FirewalledRequest in the constructor. The reset method is called directly on the instance passed in instead of looping through the ServletRequestWrappers.
2010-12-16 21:57:26 -06:00
46f83c8a08
SEC-1492: Added RoleHierarchyAuthoritiesMapper as the new preferred way of using a RoleHierarchy.
2010-12-16 16:00:43 +00:00
c8820166c8
SEC-1576: Parameterize the secured object type in AccessDecisionVoter.
2010-12-16 15:21:22 +00:00
85d685f7d3
SEC-1611: Make access attribute in authorize tag a runtime expression
2010-12-14 16:55:34 +00:00
ce421f22bf
SEC-1635: Stop security interceptors from calling AfterInvocationManager if exception occurs during invocation
2010-12-14 16:24:51 +00:00
2be2660b13
SEC-1636: Add optimizations for simple pattern cases in AntPathRequestMatcher. "/**" and "**" are treated as universal matches and a trailing "/**" is now optimized using a substring match.
2010-12-11 21:56:35 +00:00
523f6add60
Javadoc fix
2010-12-09 12:39:05 +00:00
4a40d80da1
SEC-1418: Deprecate GrantedAuthorityImpl in favour of final SimpleGrantedAuthority.
...
It should be noted that equality checks or lookups with Strings or other authority types will now fail where they would have succeeded before.
2010-12-03 16:41:46 +00:00
978b7d4707
SEC-1631: Reduced use of reflection in DefaultAuthenticationEventPublisher and added tests.
2010-12-02 18:19:27 +00:00
bfb723feac
SEC-1557: Added getter to DelegatingMethodSecurityMetadataSource. Also added some optimizations of cache lookup key equals method. A class type check is unnecessary since the key class is a private inner class.
2010-12-01 21:55:33 +00:00
441aa25383
SEC-1615: Changed key generation for anonymous provider to only use SecureRandom on demand.
2010-12-01 20:52:37 +00:00
4ad0652787
Removed array of authorities constructor from TestingAuthenticationToken and RunAsUserToken.
2010-12-01 20:52:37 +00:00
ca679e1479
Reformatting.
2010-12-01 20:52:37 +00:00
9b29dcb8bf
SEC-1430: Removed username attribute from WebAttributes class.
2010-11-26 14:20:19 +00:00
43be9ea2a4
SEC-1430: Removed caching of username in session upon failed authentication. Improved Javadoc.
2010-11-26 13:58:49 +00:00
d64efe9747
SEC-1492: Added GrantedAuthoritiesMapper to provide mapping of loaded authorities to those which are eventually stored in the user Authentication object.
2010-11-25 15:19:37 +00:00
89f80659a1
Move docs on request matching to correct file and delete unused one
2010-11-24 00:30:37 +00:00
49242729e4
Added imgSrcPath parameter for use in docbookFopPdf task.
2010-11-24 00:28:59 +00:00
51a53ddbaa
Minor refactoring of GAE code to use specific GrantedAuthority type.
2010-11-17 14:15:11 +00:00
Luke Taylor
Rob Winch
Rob Winch