7461d0e5f1
Added authentication, method security and start of LDAP ns info
2008-08-07 19:12:56 +00:00
566f656eba
Added ldap-server xml:id
2008-08-07 19:11:43 +00:00
e5d2578aec
Added example of @Secured use and some extra explanation
2008-08-07 19:10:53 +00:00
fb3d0b7f25
Fixed link
2008-08-07 19:09:49 +00:00
2d0b594a97
Fixed missing section closing tag
2008-08-07 15:21:25 +00:00
42af39a59e
Some corrections to explicit FilterChainProxy information
2008-08-07 13:33:36 +00:00
930be9338b
Added info on default target options when using form-login
2008-08-07 12:41:12 +00:00
c1a6ae0832
Added faq on required dependencies
2008-08-07 12:40:25 +00:00
c49bc7ffbb
SEC-910: Finishing off http part of namespace appendix
2008-08-07 10:47:59 +00:00
25814d341d
Tidying.
2008-08-06 16:18:05 +00:00
21eb70c576
Corrected context file name in petclinic tutorial
2008-08-06 15:40:01 +00:00
e951c42c2b
Improved javadoc. Some tidying up.
2008-08-06 15:28:04 +00:00
7258d30e13
Reinstated missing author tag and some minor tidying (de-jalopying). Removed unused logger.
2008-08-06 13:41:01 +00:00
22a64c1555
Added faq on missing session listener
2008-08-06 11:03:53 +00:00
ff13df03ac
SEC-910: More updates to namespace appendix
2008-08-06 00:21:46 +00:00
ecd63cabda
Added use of ANY_CHANNEL attribute to channel-security docbook
2008-08-06 00:20:58 +00:00
f31bcbee07
Minor formatting
2008-08-06 00:19:46 +00:00
3ee3591feb
SEC-947: Added check on "before" and "after" values to make sure they don't overflow when decremented/incremented respectfully.
2008-08-05 23:26:01 +00:00
fbeb47d559
SEC-947: Added clarification to docs that FIRST and LAST should be used with position attribute
2008-08-05 23:24:49 +00:00
1c9c8f0883
SEC-910: Updates to ns appendix
2008-08-05 12:03:50 +00:00
f821b0f0f8
Fix issues with move of TestingAuthenticationToken
2008-08-04 20:42:48 +00:00
4165e15861
Fix issues with move of TestingAuthenticationToken
2008-08-04 20:14:20 +00:00
aa75b2fa6d
Fixes to match TestingAuthenticationToken changes
2008-08-04 13:50:27 +00:00
d6918c88a7
Fixes to match TestingAuthenticationToken changes
2008-08-04 13:48:44 +00:00
b6d088e40d
SEC-944: Minor updates to schema appendix
2008-08-04 13:29:42 +00:00
069a75b8fc
minor change to wording
2008-08-04 13:29:06 +00:00
1af7eed433
SEC-883: RoleHierarchyVoter
...
http://jira.springframework.org/browse/SEC-883 . Added RoleHierarchyVoter and deprecated existing approach. Also moved TestingAuthenticationToken to test package structure.
2008-08-04 13:08:03 +00:00
e982e91846
SEC-944: Added db schema reference (and start of namespace appendix)
2008-08-01 13:57:42 +00:00
54ac7b3e46
SEC-935: Updated schema to include OpenID filter name. Also updated some doc comments and added default schema name (spring-security.xsd) to schemas.
2008-08-01 12:51:31 +00:00
3049b933d9
Moved XML test snippet to ConfigTestUtils class and removed context files from core-tiger tests in favour of in-memory XML
2008-07-31 21:35:29 +00:00
c8b22d8e36
SEC-923: Fixed broken build due to missing test class.
2008-07-31 21:22:19 +00:00
1d96283876
Removed commented out line.
2008-07-31 20:45:25 +00:00
ef44bd91f2
SEC-933: Added test for security pointcut applied to a UserDetailsService.
2008-07-31 20:32:43 +00:00
d7926f3557
SEC-943: Forgot to commit tests.
2008-07-31 20:30:56 +00:00
e5d86b13b7
SEC-941: Embedded ldap-server uses hard-coded ldap url for importing ldif files
...
http://jira.springframework.org/browse/SEC-941 . Changed LdapUtils.parseRootDnFromUrl to use URI.getRawPath() so the returned root value still contains the escaping. I think this should be Ok.
2008-07-31 19:50:08 +00:00
3393ea7aaa
SEC-923: Realm support for discovering relying parties.
...
A new "realmMapping" property can be configured on the OpenIDAuthenticationProcessingFilter to map the "return_to" url to a realm. If there is no mapping present the "return_to" url will be parsed and the protocol, hostname and port will be used with a trailing "/"
2008-07-31 19:23:12 +00:00
67e5afbb79
OPEN - issue SEC-881: PreAuthenticatedFilter continues filter chain after unsuccessfulAuthentication(...)
...
http://jira.springframework.org/browse/SEC-881 . Updated Javadoc.
2008-07-31 15:56:37 +00:00
000bb1cbed
OPEN - issue SEC-881: PreAuthenticatedFilter continues filter chain after unsuccessfulAuthentication(...)
...
http://jira.springframework.org/browse/SEC-881 . Added test class.
2008-07-31 15:42:04 +00:00
243c4f22d4
OPEN - issue SEC-899: GrantedAuthorityImpl.compareTo should handle null roles
...
http://jira.springframework.org/browse/SEC-899 . Changed to return -1 when compared to custom auhority which returns null from getAuthority()
2008-07-31 13:01:22 +00:00
d4c105d8ba
OPEN - issue SEC-934: security:intercept-url throws NPE if defined twice with the same url
...
http://jira.springframework.org/browse/SEC-934 . Added log warning when the same url is used multiple times.
2008-07-30 15:03:47 +00:00
f6ff958411
Renamed rnc file.
2008-07-30 11:05:44 +00:00
4bb3eb12c3
SEC-933: global-method-security and aop:aspectj-autoproxy throws NullPointerException in some situations
...
http://jira.springframework.org/browse/SEC-933 . Removed the setting of the attributeSource field from the interceptor in MethodDefinitionSourceAdvisor as this was overwriting the version supplied with the constructor with null (causing the NPE).
Also implemented lazy initialization of the authentication provider list from the bean factory in a custom NamespaceAuthenticationManager (extends ProviderManager and introspects the BeanFactory when getProviders() is first called). This should prevent the perennial problem of the eager initialization of UserDetailsService and other beans when the interceptor is eagerly initialized by something like aspectj-autoproxy.
2008-07-30 11:01:23 +00:00
f538a36cd3
SEC-939: Changed XML header to include schema locations for clarification.
2008-07-29 10:40:50 +00:00
6e06789a28
SEC-937: Added CAS logout filter to sample application
2008-07-28 10:53:55 +00:00
6b45eda37c
SEC-877, SEC-553: Added code to sandbox/other
2008-07-17 17:46:11 +00:00
f453264bde
SEC-909: custom remember me services doesn't get registered as logout handler
...
http://jira.springframework.org/browse/SEC-909 . HttpSecurityBeanDefinitionParser now passes the resolved RememberMeServices bean name to the LogoutBeanDefinitionparser so that it an use it explicitly.
2008-07-15 18:22:53 +00:00
1ddc033fe5
SEC-903: Wrong attribute mapping when using jdbc-user-service bean
...
http://jira.springframework.org/browse/SEC-903 . Corrected property name set by JdbcUserServiceBeanDefinitionParser (was setting authorities query rather than groups one).
2008-07-15 16:43:57 +00:00
e303e8b71a
SEC-924: Implement automatic injection of namespace created RememberMeServices into custom AbstractProcessingFilter based beans.
...
http://jira.springframework.org/browse/SEC-924 . Delayed setting of NullRememberMeServices in AbstractProcessingFilter until afterPropertiesSet method is called, allowing the null value to be read by the namespace and the confgiured RememberMeServices bean injected.
2008-07-15 14:52:13 +00:00
bf5896600e
OPEN - issue SEC-913: SwitchUserProcessingFilter modifies the switchFailureUrl member variable on failure
...
http://jira.springframework.org/browse/SEC-913 . Applied patch as suggested (use sendRedirect method for failure URL).
2008-07-15 13:42:30 +00:00
b4c63db680
SEC-921: Improved messages_zh_CN.properties for Chinese
...
http://jira.springframework.org/browse/SEC-921 . Added contributed file.
2008-07-15 11:11:21 +00:00
Luke Taylor
Ray Krueger