5d71d2a4fa
SEC-1887: Add MethodSecurityOperations interface.
...
This should cater for implementations which want to use
the full filtering capabilities while creating a custom
expression root object.
Also cleaning whitespace.
2012-02-01 15:49:56 +00:00
0f9ee81df1
SEC-1887: Improve extensibility of expression-based security classes
...
Introduces a new SecurityExpressionOperations interface which is
implemented by SecurityExpressionRoot
2012-01-31 19:06:43 +00:00
f97463cdb5
Minor comment fixes
2012-01-16 14:49:59 +00:00
1f835fec43
SEC-1867: Perform null check on Authentication.getCredentials() prior to calling toString()
2011-12-30 14:00:13 -06:00
8ca2927761
Renamed **/Test.java to **/Tests.java to better follow conventions
2011-12-28 17:39:29 -06:00
3dca70403d
Suppress compiler warnings and minor javadoc fix for ProviderManager
2011-11-11 11:45:02 -06:00
8fd2963e6b
Deprecate storage of Authentication object in AuthenticationException.
2011-11-01 13:05:53 +00:00
bce4d81142
Mark overriding "extraInformation" methods in account status exceptions as deprecated.
2011-10-30 21:47:04 +00:00
2953f56b2b
Remove ancient code formatter artifacts.
2011-09-25 21:17:21 +01:00
44364d0101
SEC-1826: Empty attribute list should be treated the same as null in DelegatingMethodSecurityMetadataSource.
2011-09-24 14:36:54 +01:00
be8ee61f82
PreInvocationAuthorizationAdviceVoter was checking the wrong type in its "supports" method.
...
This isn't actually used, but is still incorrect.
2011-09-24 13:13:38 +01:00
359bd7c468
SEC-1804: Updated Javadoc wrt immutability of User class.
2011-08-25 10:50:50 +01:00
8ce6c73802
Add check for empty attributes list as well as null, in DelegatingMethodSecurityMetadataSource
2011-08-19 15:24:44 -07:00
d6b7b52a79
Update to Spring 3.0.6.
2011-08-19 15:06:26 -07:00
a4c05239e5
SEC-1719: Lithuanian messages translation.
2011-08-19 11:17:05 -07:00
59a07175a6
SEC-1744: Do not trust authorities contained in the authentication request in JaasAuthenticationProvider.
2011-08-12 19:44:27 +01:00
5fce0a58bd
SEC-1750: Make sure RunAs replacement is constrained to the SecurityContext of the current thread.
2011-08-12 19:44:27 +01:00
249610c7ed
SEC-1742: Remove deprecated "includeDetailsObject" field from DaoAuthenticationProvider.
2011-08-12 19:44:26 +01:00
1976cb1bf7
SEC-1742: Deprecate use of extraInformation field in AuthenticationException, making it transient and removing any sensitive data in UserDetails objects which are stored in it.
2011-08-12 19:44:26 +01:00
74daa68691
SEC-1796: Check for annotated annotations at class/interface level. Previously only the specific security annotation was checked for. By delegating to Spring's AnnotationUtils, custom annotations carrying the security annotation are also detected.
2011-08-12 14:29:55 +01:00
7399c9a7a5
SEC-1792: Fixed NullPointerException in RunAsUserToken#toString()
2011-07-29 09:55:18 -05:00
dfd467f26e
cleaned imports in RunAsUserToken
2011-07-29 09:39:02 -05:00
56e86dd36f
Adding assertions on constructor arg values.
2011-07-06 20:50:25 +01:00
2d271666a4
Add constructors to facilitate constructor-based injection for required/shared bean properties.
2011-07-05 20:25:49 +01:00
c3a3a5bfbf
Updated core.gradle to include crypto as referenced project in eclipse
2011-06-21 07:22:35 -05:00
d253f5e109
SEC-1768: Use AopProxyUtils.ultimateTargetClass() to cater for the situation where the security interceptor is being applied to a proxy.
2011-06-18 14:35:56 +01:00
571bfc4869
Refactoring to use Utf8 encoder instead of String.getBytes("UTF-8").
2011-06-14 18:47:50 +01:00
361b77685d
Add crypto as an exported dependency of core in IDEA configuration.
2011-06-14 18:47:49 +01:00
2b8d4684a1
SEC-1764: Ensure password encoders use UTF-8 charset when creating strings from byte arrays.
2011-06-14 18:47:49 +01:00
e27f655e9d
SEC-1689: Re-instate crypto as separate library (for use in non-Spring Security apps), as well as packaging with core.
2011-06-10 00:01:25 +01:00
6d04670f87
SEC-1695: Allow customization of the session key under which the SecurityContext is stored.
2011-05-25 19:51:47 +01:00
42e0e158b4
Simplify Digester utility class.
2011-05-25 19:09:08 +01:00
21295a58e5
SEC-1751: Applied patch to use zero-IV for queryable text encryption.
2011-05-23 20:10:16 +01:00
5a4aed238c
SEC-1752: Fixed Utf8 codec to take account of the limit of the ByteBuffer returned by CharsetEncoder.encode().
2011-05-23 18:55:25 +01:00
63f160dc72
SEC-1749: Add support for PageContext lookup of objects and use of PermissionEvaluator when using web access expressions.
2011-05-19 15:27:35 +01:00
c758f36629
Forgot to add version information test previously
2011-05-17 23:54:43 +01:00
295ea27526
SEC-1743: Separate remoting from core into separate module.
2011-05-16 00:19:30 +01:00
396eced291
Add test to check version information.
2011-05-07 17:15:02 +01:00
6a2a636fd7
Update Javadoc for UserDetailsManager to reflect that the new password doesn't need to be stored in the security context (and probably shouldn't be).
2011-05-07 16:20:12 +01:00
a2858240f1
SEC-1728: Remove references to SUN provider and incorrect seeding of SecureRandom in SecureRandomBytesKeyGenerator.
2011-04-27 22:10:17 +01:00
73fb1764b8
SEC-1730: Fix broken KeyGenerators method.
2011-04-26 19:06:45 +01:00
614d8c0321
SEC-1723: Use standard SpEL syntax for accessing beans in the app context by name.
2011-04-22 13:47:59 +01:00
8178371927
SEC-1700: Add fixed serializationVersionUID values to security context, authentication tokens and related classes
2011-04-21 19:55:32 +01:00
5a9aa6d1aa
SEC-1700: Allow for case where JAAS config is not a simple file, but may be a jar resource, for example.
2011-04-20 14:35:09 +01:00
6db7472928
SEC-1181: Added extra I18N messages for LDAP locked, disabled etc.
2011-04-15 20:10:48 +01:00
59ac4c8b96
SEC-1181: Added option to parse AD sub-error codes.
2011-04-15 20:10:48 +01:00
01c9c4e4db
SEC-1697: Don't publish authorization success events in AbstractSecurityInterceptor by default.
2011-04-06 13:58:58 +01:00
8d99918798
SEC-1491: Add support for an external priority SecurityMetadataSource to be referenced from global-method-security.
2011-04-05 15:07:43 +01:00
3084ad878f
SEC-1491: Added AnnotationMetadataExtractor to SecuredAnnotationSecurityMetadataSource to allow a custom security annotation to be used.
2011-04-04 19:48:27 +01:00
244047ffe9
Delete unused test entities.
2011-04-04 18:39:57 +01:00
Luke Taylor
Andrei Stefan
Rob Winch