Commit Graph

3022 Commits

Author SHA1 Message Date
Luke Taylor 7461d0e5f1 Added authentication, method security and start of LDAP ns info 2008-08-07 19:12:56 +00:00
Luke Taylor 566f656eba Added ldap-server xml:id 2008-08-07 19:11:43 +00:00
Luke Taylor e5d2578aec Added example of @Secured use and some extra explanation 2008-08-07 19:10:53 +00:00
Luke Taylor fb3d0b7f25 Fixed link 2008-08-07 19:09:49 +00:00
Luke Taylor 2d0b594a97 Fixed missing section closing tag 2008-08-07 15:21:25 +00:00
Luke Taylor 42af39a59e Some corrections to explicit FilterChainProxy information 2008-08-07 13:33:36 +00:00
Luke Taylor 930be9338b Added info on default target options when using form-login 2008-08-07 12:41:12 +00:00
Luke Taylor c1a6ae0832 Added faq on required dependencies 2008-08-07 12:40:25 +00:00
Luke Taylor c49bc7ffbb SEC-910: Finishing off http part of namespace appendix 2008-08-07 10:47:59 +00:00
Luke Taylor 25814d341d Tidying. 2008-08-06 16:18:05 +00:00
Luke Taylor 21eb70c576 Corrected context file name in petclinic tutorial 2008-08-06 15:40:01 +00:00
Luke Taylor e951c42c2b Improved javadoc. Some tidying up. 2008-08-06 15:28:04 +00:00
Luke Taylor 7258d30e13 Reinstated missing author tag and some minor tidying (de-jalopying). Removed unused logger. 2008-08-06 13:41:01 +00:00
Luke Taylor 22a64c1555 Added faq on missing session listener 2008-08-06 11:03:53 +00:00
Luke Taylor ff13df03ac SEC-910: More updates to namespace appendix 2008-08-06 00:21:46 +00:00
Luke Taylor ecd63cabda Added use of ANY_CHANNEL attribute to channel-security docbook 2008-08-06 00:20:58 +00:00
Luke Taylor f31bcbee07 Minor formatting 2008-08-06 00:19:46 +00:00
Luke Taylor 3ee3591feb SEC-947: Added check on "before" and "after" values to make sure they don't overflow when decremented/incremented respectfully. 2008-08-05 23:26:01 +00:00
Luke Taylor fbeb47d559 SEC-947: Added clarification to docs that FIRST and LAST should be used with position attribute 2008-08-05 23:24:49 +00:00
Luke Taylor 1c9c8f0883 SEC-910: Updates to ns appendix 2008-08-05 12:03:50 +00:00
Luke Taylor f821b0f0f8 Fix issues with move of TestingAuthenticationToken 2008-08-04 20:42:48 +00:00
Luke Taylor 4165e15861 Fix issues with move of TestingAuthenticationToken 2008-08-04 20:14:20 +00:00
Luke Taylor aa75b2fa6d Fixes to match TestingAuthenticationToken changes 2008-08-04 13:50:27 +00:00
Luke Taylor d6918c88a7 Fixes to match TestingAuthenticationToken changes 2008-08-04 13:48:44 +00:00
Luke Taylor b6d088e40d SEC-944: Minor updates to schema appendix 2008-08-04 13:29:42 +00:00
Luke Taylor 069a75b8fc minor change to wording 2008-08-04 13:29:06 +00:00
Luke Taylor 1af7eed433 SEC-883: RoleHierarchyVoter
http://jira.springframework.org/browse/SEC-883. Added RoleHierarchyVoter and deprecated existing approach. Also moved TestingAuthenticationToken to test package structure.
2008-08-04 13:08:03 +00:00
Luke Taylor e982e91846 SEC-944: Added db schema reference (and start of namespace appendix) 2008-08-01 13:57:42 +00:00
Luke Taylor 54ac7b3e46 SEC-935: Updated schema to include OpenID filter name. Also updated some doc comments and added default schema name (spring-security.xsd) to schemas. 2008-08-01 12:51:31 +00:00
Luke Taylor 3049b933d9 Moved XML test snippet to ConfigTestUtils class and removed context files from core-tiger tests in favour of in-memory XML 2008-07-31 21:35:29 +00:00
Luke Taylor c8b22d8e36 SEC-923: Fixed broken build due to missing test class. 2008-07-31 21:22:19 +00:00
Luke Taylor 1d96283876 Removed commented out line. 2008-07-31 20:45:25 +00:00
Luke Taylor ef44bd91f2 SEC-933: Added test for security pointcut applied to a UserDetailsService. 2008-07-31 20:32:43 +00:00
Luke Taylor d7926f3557 SEC-943: Forgot to commit tests. 2008-07-31 20:30:56 +00:00
Luke Taylor e5d86b13b7 SEC-941: Embedded ldap-server uses hard-coded ldap url for importing ldif files
http://jira.springframework.org/browse/SEC-941. Changed LdapUtils.parseRootDnFromUrl to use URI.getRawPath() so the returned root value still contains the escaping. I think this should be Ok.
2008-07-31 19:50:08 +00:00
Ray Krueger 3393ea7aaa SEC-923: Realm support for discovering relying parties.
A new "realmMapping" property can be configured on the OpenIDAuthenticationProcessingFilter to map the "return_to" url to a realm. If there is no mapping present the "return_to" url will be parsed and the protocol, hostname and port will be used with a trailing "/"
2008-07-31 19:23:12 +00:00
Luke Taylor 67e5afbb79 OPEN - issue SEC-881: PreAuthenticatedFilter continues filter chain after unsuccessfulAuthentication(...)
http://jira.springframework.org/browse/SEC-881. Updated Javadoc.
2008-07-31 15:56:37 +00:00
Luke Taylor 000bb1cbed OPEN - issue SEC-881: PreAuthenticatedFilter continues filter chain after unsuccessfulAuthentication(...)
http://jira.springframework.org/browse/SEC-881. Added test class.
2008-07-31 15:42:04 +00:00
Luke Taylor 243c4f22d4 OPEN - issue SEC-899: GrantedAuthorityImpl.compareTo should handle null roles
http://jira.springframework.org/browse/SEC-899. Changed to return -1 when compared to custom auhority which returns null from getAuthority()
2008-07-31 13:01:22 +00:00
Luke Taylor d4c105d8ba OPEN - issue SEC-934: security:intercept-url throws NPE if defined twice with the same url
http://jira.springframework.org/browse/SEC-934. Added log warning when the same url is used multiple times.
2008-07-30 15:03:47 +00:00
Luke Taylor f6ff958411 Renamed rnc file. 2008-07-30 11:05:44 +00:00
Luke Taylor 4bb3eb12c3 SEC-933: global-method-security and aop:aspectj-autoproxy throws NullPointerException in some situations
http://jira.springframework.org/browse/SEC-933. Removed the setting of the attributeSource field from the interceptor in MethodDefinitionSourceAdvisor as this was overwriting the version supplied with the constructor with null (causing the NPE).
Also implemented lazy initialization of the authentication provider list from the bean factory in a custom NamespaceAuthenticationManager (extends ProviderManager and introspects the BeanFactory when getProviders() is first called). This should prevent the perennial problem of the eager initialization of UserDetailsService and other beans when the interceptor is eagerly initialized by something like aspectj-autoproxy.
2008-07-30 11:01:23 +00:00
Luke Taylor f538a36cd3 SEC-939: Changed XML header to include schema locations for clarification. 2008-07-29 10:40:50 +00:00
Luke Taylor 6e06789a28 SEC-937: Added CAS logout filter to sample application 2008-07-28 10:53:55 +00:00
Luke Taylor 6b45eda37c SEC-877, SEC-553: Added code to sandbox/other 2008-07-17 17:46:11 +00:00
Luke Taylor f453264bde SEC-909: custom remember me services doesn't get registered as logout handler
http://jira.springframework.org/browse/SEC-909. HttpSecurityBeanDefinitionParser now passes the resolved RememberMeServices bean name to the LogoutBeanDefinitionparser so that it an use it explicitly.
2008-07-15 18:22:53 +00:00
Luke Taylor 1ddc033fe5 SEC-903: Wrong attribute mapping when using jdbc-user-service bean
http://jira.springframework.org/browse/SEC-903. Corrected property name set by JdbcUserServiceBeanDefinitionParser (was setting authorities query rather than groups one).
2008-07-15 16:43:57 +00:00
Luke Taylor e303e8b71a SEC-924: Implement automatic injection of namespace created RememberMeServices into custom AbstractProcessingFilter based beans.
http://jira.springframework.org/browse/SEC-924. Delayed setting of NullRememberMeServices in AbstractProcessingFilter until afterPropertiesSet method is called, allowing the null value to be read by the namespace and the confgiured RememberMeServices bean injected.
2008-07-15 14:52:13 +00:00
Luke Taylor bf5896600e OPEN - issue SEC-913: SwitchUserProcessingFilter modifies the switchFailureUrl member variable on failure
http://jira.springframework.org/browse/SEC-913. Applied patch as suggested (use sendRedirect method for failure URL).
2008-07-15 13:42:30 +00:00
Luke Taylor b4c63db680 SEC-921: Improved messages_zh_CN.properties for Chinese
http://jira.springframework.org/browse/SEC-921. Added contributed file.
2008-07-15 11:11:21 +00:00