Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-01-22 14:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,626 Commits 49 Branches 370 Tags
Commit Graph

88 Commits

Author SHA1 Message Date
Luke Taylor
731402e9f5 SEC-525: [PATCH] Add AccessCheckerTag based on URL resource access permissions. Added functionality to "authorize" tag to allow evaluation of whether a particual url is accessible to the user. Uses a WebInvocationPrivilegeEvaluator registered in the application context. 2009-09-16 00:23:13 +00:00
Luke Taylor
b531a81176 SEC-1246: Introduce EL-based authorization tag. Added optional access expression to authorize tag. 2009-09-15 16:34:05 +00:00
Luke Taylor
5953af0f6b SEC-1196: Change use of <authentication-manager> to actually register the global ProviderManager instance. This element now registers the global ProviderManager instance and must contain any authentication-provider elements (or ldap-authentication-provider elements). 2009-08-03 00:21:11 +00:00
Luke Taylor
1afa67c954 SEC-1195: Added internal AuthenticationManager for use by beans which are generated by the <http> block. 2009-07-15 23:09:47 +00:00
Luke Taylor
853b4c8753 SEC-1186: Make sure an Element is always supplied when registering the AuthenticationManager. Fixes broken tests. 2009-06-28 13:36:54 +00:00
Luke Taylor
0134a5646d Changed to use expressions in commented-out XML instead of outdated syntax. 2009-05-31 21:26:52 +00:00
Luke Taylor
f976080d1d Fixes to sample app context files 2009-05-26 22:15:05 +00:00
Luke Taylor
14c4739605 SEC-1158: Decoupling of Pre/Post annotations implementation from Spring EL. 2009-05-11 05:18:20 +00:00
Luke Taylor
e94baf38b3 Tidying up to remove warnings (generics, use of deprecated test classes etc). 2009-04-28 06:49:43 +00:00
Luke Taylor
13af4b95a2 Sample package name updates 2009-04-18 06:04:56 +00:00
Luke Taylor
ca7d055c2b SEC-1132: Created core and authentication packages within core module. 2009-04-13 13:43:23 +00:00
Luke Taylor
9efb5a7007 SEC-1132: Moved access-control/authorization specific code to org.sf.security.access package. Created provisioning package for user management classes to remove cyclical deps. Some other moving of classes to remove code tangles. Restructuring of portlet module under org.sf.security.portlet 2009-04-12 12:23:23 +00:00
Luke Taylor
bec84f874a SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples. 2009-03-26 07:18:36 +00:00
Luke Taylor
4a41416c9b Tidying up and removing compiler warnings. 2008-12-21 16:36:16 +00:00
Luke Taylor
cc5966bc7e Tidying up, removing compiler warnings etc. 2008-12-20 00:16:49 +00:00
Luke Taylor
2927b8464f SEC-1058: Substantial refactoring of AbstractProcessingFilter to use AuthenticationFailureHandler strategy. Also changed attemptAuthentication method to take a response object and have the option of returning null, to allow OpenIDAuthenticationProcessingFilter to work without having to throw exceptions between the template methods (which made the logic very hard to follow). The OpenID filter now redirects to the OpenID provider service from this method, rather than treating it as a temporary failure and throwing OpenIDAuthenticationRequiredException. 2008-12-14 22:20:21 +00:00
Luke Taylor
6ccdcec629 SEC-1033: Added web expressions to tutorial sample configuration. 2008-12-08 21:56:44 +00:00
Luke Taylor
bc6878c1c5 SEC-1044: Removed remember-me functionality from http auto-config namespace configuration. Added explicit <remember-me> elements to contacts and tutorial sample configurations. 2008-12-05 16:36:43 +00:00
Ben Alex
7e562031cc Better demonstrate the new EL-based "overdraft" authorization rules. 2008-11-19 09:32:04 +00:00
Luke Taylor
d6cd392a9e Tidying up some stuff in tutorial app 2008-11-07 06:55:00 +00:00
Luke Taylor
a7d046357b SEC-1013: Refactored out use of ConfigAttributeDefinition from remaining interfaces 2008-10-30 04:10:54 +00:00
Luke Taylor
4f6b4e4bfd Make sample login pages use c:out for data output 2008-05-15 12:48:13 +00:00
Luke Taylor
fc498954c6 Updated sample context files to point at 2.0.1 schema 2008-05-01 17:51:48 +00:00
Luke Taylor
882509fb2a Renamed context file 2008-04-24 00:27:37 +00:00
Luke Taylor
eba18675fc Removed old acegi file from tutorial sample as it's causing confusion with users. 2008-04-23 21:08:41 +00:00
Luke Taylor
80cd7f4acc Removed accidental commit of tutorial context file 2008-04-23 13:13:56 +00:00
Luke Taylor
0cf745b85f Updated clean plugin to 2.2 2008-04-22 21:59:40 +00:00
Luke Taylor
c7f182309f Removed excess config from tutorial sample file 2008-04-12 17:17:46 +00:00
Ben Alex
f7ae69880c Minor tweaking so the tutorial is a little more illustrative of the present namespace capabilities. 2008-04-01 17:15:31 +00:00
Ben Alex
1490fe0b0a Various fine-tuning so people can see AspectJ expressions and a simple, minimal configuration. 2008-03-28 00:47:08 +00:00
Ben Alex
595a14dbd5 Sample should permit people to anonymously call all methods except post(Account). 2008-03-28 00:44:42 +00:00
Luke Taylor
ef5b3e2f9c SEC-733: Changed names of <global-method-security> attributes as discussed with Ben and updated sample to reflect the changes. Also changed explicit instantiation of Jsr250 and Secured annotation MethodDefinitionSource beans in GlobalMethodSecurityBDP into bean definitions to make more tooling friendly. 2008-03-26 21:48:24 +00:00
Luke Taylor
743d72ca7b Added log4j support to tutorial app 2008-03-26 15:27:09 +00:00
Ben Alex
0860333a3f SEC-733: AspectJ Pointcut Expression Parsing support. 2008-03-25 08:28:53 +00:00
Luke Taylor
114969f7f7 SEC-706: Removed LDAP dependencies from tutorial app, since we now have a separate sample 2008-03-17 14:06:13 +00:00
Luke Taylor
8c00bb1537 SEC-674: Updated samples to work with new module layout. Changed taglib build to copy tld file to META-INF directory. 
Also standardized JSTL version to 1.1.0 (impl 1.1.2), moving deps to root sample pom.
 2008-02-22 16:21:37 +00:00
Luke Taylor
be62979a01 Switch JSTL back to 1.1.2. 2008-02-15 12:15:20 +00:00
Luke Taylor
10ab4136d1 SEC-309: Patch for Authentication tag to use property of authentication object, rather than invoking an operation on the principal. Allows use of nested properties. 2008-02-09 13:41:05 +00:00
Luke Taylor
adba67326f Removed accidentally committed version of tutorial app context file. 2008-02-04 21:27:35 +00:00
Luke Taylor
84c7ac5e57 SEC-664: Removed validateUserDetails method from AbstractRememberMeServices, wrapped the UserDetailsService in a status-checking one and added a catch block for AccountStatusExceptions. Also some minor tidying up of other remember-me classes. 2008-02-04 21:26:07 +00:00
Luke Taylor
df1def412e Changed to using new alias for security filter chain in samples. 2008-02-01 14:28:04 +00:00
Luke Taylor
5738a51040 SEC-651: Support for ldap-user-service bean. 2008-01-28 00:47:34 +00:00
Luke Taylor
acf5601714 SEC-645: Reimplementation of X509 provider and namespace implementation. 2008-01-27 22:45:44 +00:00
Luke Taylor
82940db6c8 SEC-648: Added custom-authentication-provider support. 2008-01-27 13:31:34 +00:00
Luke Taylor
b85f76e6c1 Added SSL support to the tutorial app Jetty plugin configuration and added a requirement for SSL on the "extremely secure" page. 2008-01-24 16:30:06 +00:00
Luke Taylor
342677fabc Removed auto-config from tutorial sample and added commented out ldap support. Updated ldif file to match sample users. 2008-01-23 22:21:39 +00:00
Luke Taylor
462b4b450f Added use of authz tag to tutorial. Upgraded to use webapp 2.4 xsd. Changed JSTL dependency to 1.2 2008-01-18 18:17:09 +00:00
Luke Taylor
46c99d1991 Converted tutorial context file to match namespace changes. 2007-12-23 16:36:44 +00:00
Luke Taylor
e65cb9b472 Made group names singular and added "teller" role. 2007-12-14 20:41:33 +00:00
Ben Alex
09f68400ec Add <intercept-methods> to example, but it is disabled in favour of @Secured annotation. Still, we include it so people can have a play around and switch between the two syntaxes easily in demos etc. 2007-12-14 19:56:31 +00:00