Commit Graph

1694 Commits

Author SHA1 Message Date
Ben Alex 8b9f02e2e7 Expand test coverage. 2004-07-13 02:01:58 +00:00
Ben Alex 491fb00ffd Make Authentication serializable (Weblogic support). 2004-07-12 22:40:33 +00:00
Ben Alex 957e28252e Log stack trace to assist debugging. 2004-07-08 21:50:42 +00:00
Ben Alex 2cb3703253 Relax restriction on empty Strings for proxy callback URL, as this should be an empty String if no proxy callback was requested during service ticket validation. 2004-07-03 00:47:46 +00:00
Luke Taylor b957b5e25b Convert database URL to use absolute path. Fixes test with Maven. 2004-07-02 14:07:26 +00:00
Ben Alex ce712eaccf Improve organisation of DaoAuthenticationProvider to facilitate subclassing. 2004-06-30 23:18:47 +00:00
Ben Alex fe91639b15 Allow custom SecureContext implementations to be selected by user. 2004-06-29 23:28:59 +00:00
Ben Alex 6314aa4efa Refactor User to an interface. 2004-06-24 23:24:14 +00:00
Ben Alex 04dea9e403 Patch by Mark St.Godard to resolve issues with WebSphere 5. 2004-06-23 05:52:49 +00:00
Ben Alex 46f17bed79 Make isPasswordCorrect protected to facilitate subclass use. 2004-06-21 06:17:20 +00:00
Ben Alex 1a0bec5bf1 Make User available from Authentication via DaoAuthenticationProvider. 2004-06-21 06:10:14 +00:00
Ben Alex 27d89f3e91 Patch by Mike Youngstrom to fix Jameleon stripping of slash. 2004-06-17 01:23:13 +00:00
Ben Alex b3e2d78c5d Fix issue when encoded passwords are used. Modify Contacts sample to test encoded passwords. 2004-06-08 12:54:42 +00:00
Ben Alex b5cbcdc591 Refactor DaoAuthenticationProvider cache model. 2004-06-06 06:31:28 +00:00
Ben Alex 1b24ff5ea8 Refactor DaoAuthenticationProvider cache model. 2004-05-31 04:41:22 +00:00
Ben Alex d9f77a7ed1 Initial commit. 2004-05-31 02:37:29 +00:00
Ben Alex b6cb84e937 Improve robustness so if ApplicationContext not shutdown correctly (thus destroy() not called) the cache will not fail on subsequent startups. 2004-05-31 02:08:34 +00:00
Ben Alex e300a90890 Improve test coverage. 2004-05-31 01:19:18 +00:00
Ben Alex 0cbea9b452 Improve HTTP redirect URL encoding. 2004-05-26 22:17:14 +00:00
Ben Alex d5c14142d1 Add event capabilities. 2004-05-24 00:09:27 +00:00
Ben Alex 42ccbfbad7 Store additional information about the authentication request. 2004-05-24 00:06:54 +00:00
Ben Alex b6e0c3076f Fixed issue with hot redeploy as cache not being closed. 2004-05-24 00:04:49 +00:00
Ben Alex 369ea24215 Extra mock functionality for new unit tests. 2004-05-24 00:02:09 +00:00
Ben Alex 3f6961d855 Improved exception handling if response already committed. 2004-05-23 23:57:29 +00:00
Francois Beausoleil d5a6ea044d Implemented a fix for a NullPointerException as reported by Pierre-Antoine Gr�goire (pa.gregoire@free.fr)
"The error comes from line 115 in AuthorizeTag....It seems there's no control
for a null value here..."

* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java:
  Added a new test to confirm the existence of the bug.

* src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java:
  And fixed the failing test.
2004-05-19 12:34:52 +00:00
Ben Alex 4cac2f1a62 Made serializable as per request by Mike Youngstrom. 2004-05-15 23:37:03 +00:00
Ben Alex 614f12448e Create a NullRunAsManager, which is used by default by the AbstractSecurityInterceptor. 2004-05-06 23:13:32 +00:00
Ben Alex 8713d4d52c Authentication subclasses Principal, so it's directly usable by classes that want a Principal. No implementations need to change if they subclass AbstractAuthenticationToken, as it implements the one and only method required by Principal. 2004-05-04 07:35:41 +00:00
Ben Alex 4152df1225 Allow filter to update multiple HttpSession attributes (useful if servlets etc expect to find an Authentication object in a given HttpSession attribute, like Jakarta Slide). 2004-05-04 07:27:57 +00:00
Ben Alex eaa92cd80a Fixed issue with caching by making AbstractIntegrationFilter (and its subclasses) write the new Authentication object to the well-known location. 2004-04-30 05:16:08 +00:00
Ben Alex ecac5a2eed Make ChannelDecisionManagerImpl iterate through a list of channel security processors. 2004-04-29 02:17:07 +00:00
Ben Alex 2421268baa Improve IE 6 bug detection logic. 2004-04-29 02:14:20 +00:00
Ben Alex b61c05ff89 Change classes to use PortMapperImpl and PortResolverImpl by default. 2004-04-28 00:10:56 +00:00
Ben Alex 901c7d4752 Significantly enhance channel processing filter. 2004-04-27 06:21:00 +00:00
Ben Alex e555d77d4e Move port mapping functionality into separate classes to allow reuse. Permit implementations to override the source port (required given some browsers do not respond to HTTP redirects correctly). 2004-04-27 06:17:53 +00:00
Ben Alex c6a1b2b608 Clarify how URLs are constructed. 2004-04-27 06:14:57 +00:00
Ben Alex 8a4edca136 Support new key requirement on DAO authentication provider. 2004-04-27 06:00:39 +00:00
Ben Alex 2c97583f27 Filter to ensure web requests are received over a suitable secure channel. 2004-04-23 08:57:43 +00:00
Ben Alex d65b0e0bd2 Add correct supports() method and tests. 2004-04-23 06:28:23 +00:00
Ben Alex ed68b701b2 Add toString() method and test. 2004-04-23 06:27:50 +00:00
Ben Alex e0d57de330 Add DaoAuthenticationProvider caching support. 2004-04-23 05:01:57 +00:00
Ben Alex babb908fea Increase test coverage. 2004-04-23 04:51:56 +00:00
Ben Alex 83d871cd5d Enhance equals() method to detect key variances. 2004-04-23 03:45:16 +00:00
Colin Sampaleanu 6eb0a47632 fix FilterInvocation so it doesn't lose the tail end (past the servlet path) of the request url 2004-04-23 02:29:18 +00:00
Ben Alex 0537900357 Remove unnecessary code. 2004-04-23 02:08:58 +00:00
Colin Sampaleanu e2de3c9dbc Enhance AuthenticationProcessingFilterEntryPoint and related classes, to support a property forcing the login page to be access via https even if the original intercepted request came in as http. 2004-04-22 21:47:05 +00:00
Colin Sampaleanu 20025da7c7 work on unit test, still some functionality to cover later 2004-04-22 11:54:52 +00:00
Colin Sampaleanu 2a46a975a5 allow automatic switch from http to https for login form.
unit tests will be updated tomorow to cover new functionality.
2004-04-22 03:56:55 +00:00
Colin Sampaleanu ab9e783f79 after invocation, restore pre-RunAs Authentication regardless of exception that may be thrown by method being intercepted 2004-04-21 21:09:39 +00:00
Ben Alex fa9b872570 Initial CAS support. 2004-04-19 07:34:32 +00:00
Ben Alex b3f9f6f4e9 Updated tests to relocate common filter authentication functionality to an abstract parent. 2004-04-18 12:57:49 +00:00
Ben Alex 4500aba050 Expand unit test coverage. 2004-04-18 12:05:20 +00:00
Ben Alex 0a856b7f15 Expand coverage to test SaltProvider integration. 2004-04-18 12:04:43 +00:00
Ben Alex 872ace9164 Modify contract of AuthenticationProvider to allow AuthenticationProvider implementations to return null if they do not wish to process a given Authentication request, despite asserting they support it. 2004-04-18 12:03:07 +00:00
Ben Alex a6b5b8d828 Initial commit. 2004-04-18 12:01:18 +00:00
Ben Alex 1cf2b333bd Relocate common filter authentication functionality to an abstract parent, and update JavaDocs accordingly. 2004-04-18 12:00:02 +00:00
Ben Alex 96fa2a5a75 Update encoders so they process salts. 2004-04-18 11:56:50 +00:00
Ben Alex b06833e0d7 Unit tests must be named *Tests (note the plural). 2004-04-18 11:55:49 +00:00
Ben Alex 5dbef97a1d Expand unit test coverage. 2004-04-18 11:54:51 +00:00
Ben Alex 5b16c42e15 Enhance mock so it is told whether to grant or deny access. 2004-04-18 11:35:24 +00:00
Ben Alex f38ed01b29 Detect nulls within GrantedAuthority[] passed to constructor. This ensures end-user DAO implementations are creating the User correctly. 2004-04-18 11:23:01 +00:00
Ben Alex a0f809991d JavaDoc updates. 2004-04-18 05:56:07 +00:00
Colin Sampaleanu 3ceb492cb2 move password encoder tests to proper packages.
rename saltSource param in PasswordEncoder interfce to salt. It was already called salt in subclasses, and is in fact supposed to be the salt, not the source for the salt, although depending on the implementation it may still be treated as the latter.
2004-04-17 02:18:46 +00:00
Ben Alex da5101cfb4 Make salt sources pluggable. 2004-04-17 01:29:52 +00:00
Ben Alex 03efc3e51f Improve JavaDocs. 2004-04-17 01:28:38 +00:00
Ben Alex ae16d96121 Moved to net.sf.acegisecurity.providers.encoding. 2004-04-17 01:28:05 +00:00
Ben Alex 6815e693a7 Make SecurityEnforcementFilter support pluggable authentication entry points. Enhance BASIC authentication so it's a viable alternative to form-based authentication for user agents like IE and Netscape. 2004-04-16 14:22:15 +00:00
Ben Alex 7e85bbc054 Relaxed requirement so targetClass OR targetBean can be used (targetBean no longer requires targetClass to be specified as well). 2004-04-16 12:37:58 +00:00
Ben Alex 38835da164 Provide a proxy so filters can be loaded directly from the application context. 2004-04-16 06:31:48 +00:00
Ben Alex 7b59d5f189 Expand test coverage now that prefix is configurable. 2004-04-16 06:28:21 +00:00
Colin Sampaleanu 3d089aaa67 move and rename password encoding classes.
change saltSource arument to salt argument, which impl may or may not use.
2004-04-16 03:44:04 +00:00
Colin Sampaleanu 5d9d734735 more final version of the various PasswordEncoder implementations.
add unit tests for PasswordEncoder implementations.
remove ignore password case and ignore username case flags and handling from DaoAuthenticationProvider.
remove requirement described in JavaDoc for AuthenticationDao that it ignore case when returning a user by username. Implementations may still do so if configured as such.
2004-04-15 16:32:09 +00:00
Colin Sampaleanu 41a837f8cd add back HSQL db in test dir, as it turns out _it is_ supposed to be in CVS
modify JdbcDaoTests to test for role prefix functionality
fix glitch in JdbcDaoImpl
modify Eclipse classpath so HSQL lib is loaded, so unit tests can run in Eclipse as well.
2004-04-15 03:34:18 +00:00
Colin Sampaleanu 18d5c59532 'ant format' strikes again. 2004-04-14 21:31:22 +00:00
Colin Sampaleanu aed9d2a1d8 initial cut at allowing pluggable digest strategy for use in password handling in DaoAuthenticationProvider 2004-04-14 21:30:59 +00:00
Colin Sampaleanu fad252b0fe allow special ROLE_ prefix to be overriden 2004-04-14 03:38:10 +00:00
Colin Sampaleanu a09f2a4c18 ant format seems to have reformated these differently than what is in CVS 2004-04-13 21:59:02 +00:00
Colin Sampaleanu 2786312b8e allow query strings to be specified
allow MappingSqlQuery to be specified
2004-04-13 21:58:03 +00:00
Ben Alex f1abf780b5 Add support for HTTP Basic Authentication. 2004-04-11 12:09:08 +00:00
Ben Alex 670d007630 JavaDoc updates. 2004-04-11 12:05:46 +00:00
Ben Alex bd35a47233 Support configuration via Apache Ant paths (not only regular expressions). 2004-04-09 09:51:23 +00:00
Ben Alex 5488bf4ca8 Renamed to RegExpBasedFilterDefinitionMapTests. 2004-04-09 09:49:07 +00:00
Ben Alex 7eefbd3bb2 Update to use contextConfigLocation. 2004-04-09 05:41:42 +00:00
Colin Sampaleanu 6c26e79a0f change AuthenticationProcessingFilter and SecurityEnforcementFilter to use Spring's WebApplicationContextUtils by defualt to find their config context. 2004-04-09 02:44:17 +00:00
Francois Beausoleil ea0e6b2577 * test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagAttributeTests.java,
src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java:
  Added three new tests to assert that whitespace is ignored in the
  attribute's content.
2004-04-02 20:59:16 +00:00
Ben Alex 1b1d119836 Modifications consistent with changes to the objects being tested. 2004-04-02 12:20:41 +00:00
Ben Alex a278db8df9 Functionality moved to new tests or mocks. 2004-04-02 12:18:58 +00:00
Ben Alex eaffc00fc4 Initial commit. 2004-04-02 12:16:39 +00:00
Ben Alex 852cea437c Reflect new secure object API, which is no longer bound to MethodInvocations. 2004-04-02 12:13:56 +00:00
Ben Alex f026b3a08a Documentation improvements. 2004-04-02 12:11:13 +00:00
Ben Alex 15588123ba Additional import statement. 2004-04-02 12:10:31 +00:00
Ben Alex 33edeb5a2f Moved to net.sf.acegisecurity.ui 2004-04-02 12:07:24 +00:00
Ben Alex e54ad9b4e8 Reflect new secure object API, which is no longer bound to MethodInvocations. 2004-04-02 12:05:49 +00:00
Ben Alex 3ece12c386 Moved to net.sf.acegisecurity.intercept.method. 2004-04-02 12:03:18 +00:00
Ben Alex 738fd2161d Initial commit. 2004-04-02 12:02:01 +00:00
Ben Alex dd39d747d5 Improved documentation and added methods to facilitate unit testing. 2004-03-29 13:39:30 +00:00
Ben Alex c220ff583c Initial commit. 2004-03-29 13:36:45 +00:00
Ben Alex 0a17d65d37 Initial commit. 2004-03-29 02:49:51 +00:00
Ben Alex ea05e0b931 Simplified sub-class usage. Made compatible with changes to User constructor. 2004-03-29 02:48:10 +00:00
Ben Alex 1b726825fa Changed internals to use list instead of set, to preserve element ordering. 2004-03-28 12:19:13 +00:00
Ben Alex adb1971873 Enhancements to detect errors and faciltiate easier testing. 2004-03-28 12:17:46 +00:00
Ben Alex d59a5da321 Changed to not detect null returns, as the UserMap will now throw the UsernameNotFoundException. 2004-03-28 12:16:44 +00:00
Ben Alex f203979237 Update to be compatible to changes made to User's no-arg constructor. 2004-03-28 12:15:11 +00:00
Ben Alex 489c941101 Improved detection of invalid parameters in constructors. 2004-03-28 12:14:11 +00:00
Ben Alex 3179f5f1e7 Fixed support for lowercase usernames and passwords. 2004-03-28 12:10:23 +00:00
Ben Alex 1573491fbe Changed no-arg constructor to a form more suitable for unit testing. 2004-03-28 12:09:35 +00:00
Ben Alex cab961bfa6 Enhanced equals() method. 2004-03-28 12:08:20 +00:00
Ben Alex cff8894b99 Changed interface to extend Context. This provides interface-level compatibility with objects requiring a Context, rather than requiring implementations to also implement Context. 2004-03-28 12:07:34 +00:00
Ben Alex c5951ff1c0 Changed no-arg constructor to a form more suitable for unit testing. 2004-03-28 12:02:41 +00:00
Ben Alex 3fa1534c94 Added license information. 2004-03-28 11:58:37 +00:00
Ben Alex 4b1e738bb5 Minor formatting changes. 2004-03-28 11:57:55 +00:00
Ben Alex 8d24027443 Added debug statement at commencement of interception and additional comment re ContextHolder. 2004-03-28 11:56:32 +00:00
Ben Alex cf043ad35f Numerous formatting changes, and methods to facilitate unit testing. 2004-03-28 11:54:10 +00:00
Ben Alex dc6357d504 Improved JavaDocs. 2004-03-28 11:51:23 +00:00
Ben Alex 22b8be49f0 Changed no-arg constructor to a form more suitable for unit testing. Also added an equals() method. 2004-03-28 11:49:24 +00:00
Ben Alex dcf78213a3 Corrected @author tag. 2004-03-28 11:48:35 +00:00
Ben Alex 4124b1c298 Changed internals to use list instead of set, to preserve element ordering. 2004-03-28 11:44:02 +00:00
Ben Alex fe379d9712 Initial commit. 2004-03-28 11:41:20 +00:00
Ben Alex 6c5a5cd311 No longer required. 2004-03-28 11:40:29 +00:00
Ben Alex 8808f5e8dd Expanded unit test coverage. 2004-03-28 11:39:38 +00:00
Ben Alex 6038d56ece Expanded unit test coverage, moving relevant methods to AbstractAdapterAuthenticationTokenTests. 2004-03-28 11:35:35 +00:00
Ben Alex bc847f564f Expanded unit test coverage. 2004-03-28 11:31:22 +00:00
Ben Alex 6a2870d8f0 No longer required. 2004-03-28 11:29:10 +00:00
Ben Alex ab01d829c5 Initial commit. 2004-03-27 00:46:50 +00:00
Ben Alex 14f27ae683 Make compatible with interface changes to aopalliance.jar. 2004-03-27 00:44:27 +00:00
Ben Alex e3dc29ae96 No longer required. 2004-03-27 00:43:12 +00:00
Ben Alex 94e384b944 Expand test coverage. 2004-03-26 13:17:48 +00:00
Ben Alex e153a54406 Expand test coverage. 2004-03-26 12:20:54 +00:00
Ben Alex 02559344bc Expand test coverage. 2004-03-26 12:02:30 +00:00
Ben Alex 1a040c7ddf Made no arg constructor protected to enable unit test coverage. 2004-03-26 11:51:47 +00:00
Ben Alex b4273c62b7 Expand test coverage. 2004-03-26 11:49:43 +00:00
Ben Alex a8c9b2c96f No longer required. 2004-03-26 11:18:44 +00:00
Ben Alex 22272223d2 Initial commit. 2004-03-26 11:12:54 +00:00
Ben Alex f7a82c29b3 Expand test coverage. 2004-03-26 11:12:08 +00:00
Ben Alex b485c40175 Improve JavaDocs. 2004-03-26 11:05:55 +00:00
Ben Alex a9569a2f60 Added equals() method. 2004-03-26 11:05:10 +00:00
Ben Alex ae434bd8b3 Initial commit. 2004-03-26 11:03:36 +00:00
Francois Beausoleil 1e4c234ea7 * src/net/sf/acegisecurity/adapters/AutoIntegrationFilter.java:
Use reflection instead of hard-coding the values to determine
  if we should integrate with a specific container implementation.
2004-03-24 18:33:19 +00:00
Francois Beausoleil 36a955e197 * test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java:
Removed testUsesAllAuthoritiesToDetermineAccess(), because it wasn't
  asserting anything.  Needs to be rewritten.
2004-03-23 17:33:47 +00:00
Francois Beausoleil d8275171e4 * test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java:
Bring Clover coverage to 100% by adding a single test.
2004-03-23 17:28:10 +00:00
Ben Alex c3507b26c9 Change to Apache License version 2.0. 2004-03-23 04:44:48 +00:00
Ben Alex 47a2d03429 Added tearDown() method to clear ContextHolder. 2004-03-23 00:35:43 +00:00
Francois Beausoleil 48b21524ed * build.xml:
Modified to create an acegi-taglib.jar.

* project.properties:
  Added new property to build acegi-taglib.jar.

* src/net/sf/acegisecurity/taglibs/authz.tld:
  Declare the Acegi Security authz tag library.

* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java,
  test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagAttributeTests.java:
  A set of tests that force the creation of a javax.servlet.jsp.Tag
  implementation that authorizes the output of the tag's body if the
  request's principal has or doesn't have certain authorities.

* src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java:
  New class.  Implements AuthorizeTagTests and
  AuthorizeTagAttributeTests.
2004-03-22 16:42:53 +00:00
Ben Alex 35fe1e7b73 Initial commit. 2004-03-16 23:57:17 +00:00