dbee91002e
Deprecate EncryptionUtils.
2010-02-14 23:27:29 +00:00
c12c43da9e
Javadoc fixes.
2010-02-14 23:27:09 +00:00
36612377e2
Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents.
2010-02-14 23:23:23 +00:00
67c9a0b78d
SEC-1389: Added "iterations" property to BaseDigestpasswordEncoder to support "stretching" of passwords.
2010-02-06 17:34:07 +00:00
bd2fd3448b
SEC-1392: Mark PermissionEvaluator and MethodSecurityExpressionHandler as AopInfrastructure beans to prevent them being advised and causing premature use of MethodSecurityMetadataSource before it is initialized properly.
2010-02-06 15:42:01 +00:00
10d787ede2
Javadoc corrections to SessionRegistryImpl
2010-02-03 23:49:36 +00:00
d931495c8a
SEC-1380: Trim whitespace from config attributes when building a list in SecurityConfig.
2010-01-23 02:12:30 +00:00
1a7f71fc0f
SEC-1372: Return an empty list rather than null from SessionRegistryImpl.getAllSessions()
...
If the principal has no sessions, null is returned which contradicts the interface contract. In practice it didn't matter as the null was checked for, but it is cleaner to disallow a null value.
2010-01-19 01:07:33 +00:00
51dfc0fb39
Set versions to 3.0.2-CI-SNAPSHOT, post release.
2010-01-15 18:15:19 +00:00
05634f97dc
Updated version numbers for 3.0.1 release.
2010-01-15 18:04:28 +00:00
0f90e69004
SEC-1362: Updated French messages translation.
2010-01-13 15:37:18 +00:00
b323098167
Added gradle build files for taglibs, tutorial, contacts and openid.
...
Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).
2010-01-10 23:31:23 +00:00
052537c8b0
Removing $Id$ markers and stripping trailing whitespace from the codebase.
2010-01-08 21:05:13 +00:00
93973a4b75
SEC-1304: Removed compareTo method from GrantedAuthorityImpl
...
This method had been left by mistake when the Comparable
interface was removed. See also SEC-1347.
2010-01-04 19:13:49 +00:00
80aacf447f
Refactored JaasAuthenticationProvider
...
The toUrl() method on File gives a deprecation warning with Java 6, so I reimplemented
the logic for building the Jaas config URL.
2010-01-03 16:28:44 +00:00
893f212fa5
Tidying
2010-01-02 19:53:19 +00:00
bcb1ff8921
SEC-1342: Introduced extra factory method in SecurityConfig to get round problem with Spring converting a string with commas to an array
2009-12-23 14:12:59 +00:00
115d5b84ff
[maven-release-plugin] prepare for next development iteration
2009-12-22 22:20:01 +00:00
6c6ef08353
[maven-release-plugin] prepare release spring-security-3.0.0.RELEASE
2009-12-22 22:19:38 +00:00
e64866ae6a
Updated bundlor templates and introduced spring.version variable
2009-12-22 01:10:04 +00:00
fcce29f8df
SEC-1326: Updating dependencies to match Spring versions. Removing unused deps.
2009-12-21 17:32:38 +00:00
aeed49393c
Switching StringBuffer to StringBuilder throughout the codebase (APIs permitting).
2009-12-18 18:44:42 +00:00
354b043fd1
SEC-1337: Add Serializable interface to internal comparator
2009-12-18 14:12:32 +00:00
55679971f0
SEC-1337: Make User serializable by moving anonymous comparator class
2009-12-18 13:49:02 +00:00
cad32ffe39
SEC-1325: Tighten up Authentication interface contract to disallow null authorities. Modified internals of AbstractAuthenticationToken to use an empty list instead of null. Clarified Javadoc. removed unnecessary null checks in classes which use the interface.
2009-12-13 17:37:24 +00:00
ef3d9c7877
Tidying Javadoc.
2009-12-13 16:20:28 +00:00
1e8ea55030
SEC-1320: JaasAuthenticationProvider can not find jaas realm defined inside service archive. Added flag to control refresh of configuration on startup.
2009-12-13 16:19:53 +00:00
520e733cb2
[maven-release-plugin] prepare for next development iteration
2009-12-08 21:19:41 +00:00
f2cf17bd49
[maven-release-plugin] prepare release spring-security-3.0.0.RC2
2009-12-08 21:19:20 +00:00
adfac7e718
Added gradle file for cas and standardised ehcache version
2009-12-08 01:54:15 +00:00
33b109f0b3
Made session maps final in SessionRegistryImpl.
2009-12-08 01:33:01 +00:00
558737363f
Added some extra tracing to SessionRegistryImpl.
2009-12-08 01:28:47 +00:00
cde9cd6b36
Correct toString() method in User class.
2009-12-08 00:16:08 +00:00
02a9db7bcf
SEC-1317: Removed check in ProviderManager.getProviders() for empty provider list. A ProviderManager with a non-null parent may have an empty provider list. The afterPropertiesSet() method performs the necessary checks.
2009-12-07 21:38:40 +00:00
dab76249db
Added gradle build files (experimental)
2009-12-04 21:33:17 +00:00
dada789814
NOJIRA
...
removed unnecessary cast and use StringBuilder rather than non-final String and concatenation.
2009-12-01 15:19:56 +00:00
ed92d5ea71
SEC-1304: Removed unused compareTo method from custom GrantedAuthority.
2009-12-01 14:32:57 +00:00
8a0f69b955
SEC-1295: Placing Security on Roo Aspected method fails. Added suggested fix - check for null target and use Signature.declaredType instead.
2009-11-30 22:00:49 +00:00
7e0c7ffc0e
SEC-1304: Removed "Comparable" from GrantedAuthority
2009-11-30 21:27:13 +00:00
e72cfd58d4
SEC-1304: Remove Comparable interface from GrantedAuthority to enable it to be imlemented by an enum.
2009-11-30 21:22:11 +00:00
1df82654e3
SEC-1310: Added toString() implementations to Pre and PostInvocationExpressionAttribute classes.
2009-11-30 17:32:03 +00:00
69699431b1
SEC-1303: Added internal Hex and Base64 classes, and moved commons-codec dependency to test scope
2009-11-24 09:31:03 +00:00
b39db5b711
Removed jaxen from template.mf
2009-11-17 14:25:20 +00:00
d4d5012035
SEC-1272: <authentication-manager> does not register default event handler DefaultAuthenticationEventPublisher. Update AuthenticationManagerBeanDefinitionParser to register a DefaultAuthenticationeventPublisher and set it on the registered ProviderManager.
2009-11-17 12:55:53 +00:00
1898b4df52
Updated scope of commons collections to 'test'
2009-11-17 00:00:59 +00:00
248e826342
SEC-1282: Clarified javadoc
2009-11-03 16:31:55 +00:00
3f963ef8ca
Restore versions and svn URLs in trunk (release plugin fail)
2009-10-11 21:59:38 +00:00
af563e826c
[maven-release-plugin] prepare release spring-security-3.0.0.RC1
2009-10-11 21:43:42 +00:00
0615b94f55
Converted expression test to use static method.
2009-10-09 23:42:23 +00:00
4dcb9de67a
SEC-1257: Some additional API changes to use Collection instead of List...
2009-10-07 21:08:20 +00:00
f213cc5d9e
SEC-1257: APIs using List<ConfigAttribute> should use a Collection instead. Converted.
2009-10-06 19:46:44 +00:00
caff3ee9ba
SEC-1231: Authentication.getAuthorities should be of type Collection<GrantedAuthority> and not List<GrantedAuthority>. Refactored the interface and related classes to match (UserDetails etc).
2009-10-05 19:28:53 +00:00
acf13c74ca
SEC-1229: Refactored authentication.concurrent in core, moving classes into core.session
2009-10-05 15:51:00 +00:00
2a1430f1ce
SEC-1229: Removed legacy concurrency classes
2009-09-29 16:18:25 +00:00
9639340fef
SEC-1049: RoleHierarchy in SidRetrievalStrategy. Added optional RoleHierarchy injection to SidRetrievalStrategyImpl
2009-09-16 19:59:37 +00:00
1c4a809e09
SEC-1245: Add role hierarchy support to expression handlers. Done.
2009-09-15 17:17:21 +00:00
897960cd70
Add expression string to failed expression evaluation exception message to help clarify the context.
2009-09-13 22:29:07 +00:00
6851655ea9
SEC-1177: MethodInvocationUtils Returns Null With Valid Method String and Class. Added very simple checking of declared methods on class.
2009-09-09 19:49:44 +00:00
ef2df77889
SEC-1239: Special characters in JAAS config file location. Fix - convert Resource to a File before obtaining the URL from it. The URL.toString() obtained this way is different from the one obtained from Resource.getURL().toString().
2009-09-09 17:41:35 +00:00
8081a1a3cc
Set Id svn keyword.
2009-09-03 19:55:18 +00:00
e14a904306
SEC-1181: fixed recursive import in template.mf
2009-09-02 15:31:22 +00:00
660b408e6e
SEC-1181: added import to template.mf for the DNS classes
2009-09-02 15:20:26 +00:00
58ee9a364e
SEC-1181: DNS helper classes, will primarily be use for lookup of Active Directory servers.
2009-09-02 14:29:35 +00:00
bfd421016e
SEC-1228
...
added constructor so a wrapper can be instanciated in one line of code.
2009-09-01 19:52:43 +00:00
471206a29d
SEC-1229: Redesign Concurrent Session Control implementation. Added ConcurrentSessionControlAuthenticatedSessionStrategy
2009-08-27 10:43:01 +00:00
9bf8656d66
SEC-1201: PropertyPlaceholderConfigurer does not work for intercept-url attributes. Added use of ManagedMaps and BeanDefinitions to support placeholders in the pattern and access attributes.
2009-08-22 21:09:34 +00:00
bb4d818862
SEC-1188: Added "getContexHolderStrategy" method to SecurityContextHolder.
2009-08-22 13:31:13 +00:00
5a8772df5b
Reset pom versions post release
2009-08-21 12:02:49 +00:00
0e5aa7008d
[maven-release-plugin] prepare release spring-security-3.0.0.M2
2009-08-20 15:51:26 +00:00
b807f7cbdd
Added comment to pom to explain spring-web requirement
2009-08-10 14:05:16 +00:00
972cd0a53c
javadoc
2009-08-10 12:10:04 +00:00
d65b1b3581
SEC-1200: Ukranian messages file
2009-08-10 11:41:24 +00:00
0f6642d3ab
SEC-1216: Replacement of custom-after-invocation-provider with after-invocation-provider element. Some changes to help prevent proxying of aop infrastructure classes (use of AopInfrastructureBean marker interface)
2009-08-04 00:18:07 +00:00
5953af0f6b
SEC-1196: Change use of <authentication-manager> to actually register the global ProviderManager instance. This element now registers the global ProviderManager instance and must contain any authentication-provider elements (or ldap-authentication-provider elements).
2009-08-03 00:21:11 +00:00
fdb7325cbc
Javadoc update
2009-07-24 15:21:59 +00:00
efd1dbf54a
Removed public modifier from getSessionController() method on ProviderManager.
2009-07-17 23:37:45 +00:00
1afa67c954
SEC-1195: Added internal AuthenticationManager for use by beans which are generated by the <http> block.
2009-07-15 23:09:47 +00:00
6346e31517
SEC-1195: Change <http> parsing behaviour to use an internal AuthenticationManager instance. Implemented "parent" AuthenticationManager in ProviderManager which is delegated to when no authentication is returned by the instances list of authentication providers. Extracted the Authentication success/failure publishing into a separate strategy.
2009-07-15 01:28:28 +00:00
1ca2e6e6fc
Tidying.
2009-07-13 23:12:32 +00:00
5d389d953d
RoleVoter test class.
2009-07-13 23:11:15 +00:00
946f3d1067
Converted to use mockito.
2009-07-13 23:10:52 +00:00
3b1cdc3ab4
Tidying.
2009-07-08 23:27:53 +00:00
8a3930e673
Refactoring of ProviderManager to ensure that any AuthenticationException from the ConcurrentSessionController will prevent further polling of providers.
2009-07-08 23:20:46 +00:00
6b53703e37
SEC-1187: Moved pre-authentication status check inside try/catch block and repeated the call after reloading the user during the "cacheWasUsed" logic.
2009-07-07 17:09:44 +00:00
980b9b73b8
deprecate property editor
2009-06-26 12:49:23 +00:00
c6b9371029
Updated to latest Spring build snapshot. Required minor EL changes to parser class name
2009-06-15 23:41:20 +00:00
db3f08cce4
SEC-1156: Added check for enableAuthorities setting in deleteUser method of JdbcUserDetailsManager.
2009-06-14 22:31:14 +00:00
ab7f06c108
SEC-1156: Modified JdbcUserDetailsManager to only save/update authorities if enableAuthorities is set
2009-06-14 22:26:44 +00:00
05ba2ff3f3
Improved Javadoc
2009-06-14 20:50:29 +00:00
3f603dfdd8
Removed invalid Javadoc reference to HttpSCIF
2009-06-10 12:44:06 +00:00
4e0d3c644f
Committed deletion of previous AuthorityUtilsTests
2009-06-09 01:50:35 +00:00
4768e4b13c
Removed methods relating to current context from AuthorityUtils, making it a simple factory for GrantedAuthority lists etc.
2009-06-09 01:42:37 +00:00
ab69a0a101
SEC-884: As per discussion in this issue. Added Javadoc to specify that Authentication object passed to decide method must not be null.
2009-06-09 01:14:55 +00:00
d2a8e43a55
SEC-1170: Some updates to UserDetails-related Javadoc.
2009-06-09 00:57:34 +00:00
cb6aa81701
Forgot to remove file
2009-06-08 19:21:22 +00:00
5808da12ff
SEC-1094: Simplified WebXml attribute mapping. Removed generic jaxen-based implementation on which it was based in favour of simple DOM model traversal. Updated sample.
2009-06-08 15:23:41 +00:00
43144cd75d
Javadoc updates.
2009-05-31 21:29:36 +00:00
67ad0456a1
Javadoc updates.
2009-05-31 21:28:50 +00:00
206598172c
Javadoc updates.
2009-05-31 21:26:03 +00:00
d1efb4eeed
generifying RowMappers in JdbcDaoImpl.
2009-05-30 13:52:39 +00:00
131ba5c62e
Reset poms to 3.0.0.CI-SNAPSHOT after tagging M1 release
2009-05-27 00:12:30 +00:00
e2c218e8c9
[maven-release-plugin] prepare release spring-security-3.0.0.M1
2009-05-26 23:44:11 +00:00
b6f3d82dac
Remove commented-out dependencies.
2009-05-26 22:18:53 +00:00
45c54c558c
Updated build to use maven.springframework.org deps
2009-05-13 06:16:05 +00:00
ef388529ae
Javadoc update.
2009-05-12 00:12:22 +00:00
4bad213b19
SEC-1132: Moved remaining preauth code from core to web
2009-05-12 00:11:06 +00:00
c7a2e12c65
Moved python script to correct directory
2009-05-11 06:03:59 +00:00
03d39f1e88
Minor package info updates.
2009-05-11 05:48:09 +00:00
76438b3347
SEC-1132: Refactoring of access/intercept package to extract packages and classes which are externally depended on or potentially may be used outside of the standard interceptor model (e.g. SecurityMetadataSource)
2009-05-11 05:44:31 +00:00
14c4739605
SEC-1158: Decoupling of Pre/Post annotations implementation from Spring EL.
2009-05-11 05:18:20 +00:00
39f1536d5a
Upgrade to Spring 3.0 M3
2009-05-07 08:24:41 +00:00
6d655aa514
SEC-1132: More refactoring to remove cycles ad reduce complexity metrics
2009-05-04 14:24:54 +00:00
73cfeecd0c
Make sure argumentsAdded flag is set correctly.
2009-05-04 12:36:16 +00:00
5b543f83ec
Removed web dependency on core-tests
2009-05-04 02:25:49 +00:00
4bc788828c
SEC-1147: Remove use of SessionRegistryUtils. Inlined the methods.
2009-05-01 06:45:34 +00:00
39cc865a36
SEC-1143: Fixed by using BeanDefinitionRegistry.isBeanNameInUse() instead of containsBeanDefinition() to check for the SessionRegistry availability. The former picks up the alias registration of the standard bean Id for user's bean Id.
2009-04-28 12:08:48 +00:00
e94baf38b3
Tidying up to remove warnings (generics, use of deprecated test classes etc).
2009-04-28 06:49:43 +00:00
50ac9d3b05
More generification to remove last warnings in core package.
2009-04-26 10:17:09 +00:00
1454cbb78e
SEC-1132: Moved TextUtils to web module and StringSplit utils into Digest authentication package (as they aren't used elsewhere).
2009-04-25 08:04:26 +00:00
a76cbee4bc
SEC-1132: Moved ThrowableAnalyzer code to web module as it is only used in ExceptionTranslationFilter
2009-04-25 07:03:15 +00:00
22e7142f45
SEC-998: Bundlor enabled in web, ldap, config and core modules
2009-04-24 09:12:53 +00:00
2e3189cf83
SEC-998: Enabled bundlor in core
2009-04-22 13:00:14 +00:00
21e36e0a57
Updated version number from 2.5.0-SNPSHOT to 3.0.0.CI-SNAPSHOT
2009-04-22 12:55:52 +00:00
a73016b898
SEC-998: Initial bundlor template.mf for core
2009-04-22 12:47:44 +00:00
305ce125fb
SEC-863: Hierarchical roles should use the interface GrantedAuthority. Applied submitted patch.
2009-04-22 05:53:59 +00:00
d7f202a111
Addition of final to constructor set fields to improve immutability of authentication and user objects
2009-04-22 04:11:38 +00:00
ba6664f77f
SEC-1012: Refactor SessionRegistry interface to use Java 5 generics.
2009-04-21 06:57:21 +00:00
cac2bce382
Refactored SessionRegistryImpl to remove servlet API deps and moved back into core, along with other concurrent authentication package classes.
2009-04-21 06:05:14 +00:00
06040853da
Javadoc tidying
2009-04-21 03:16:57 +00:00
56ec1b4b05
Tidying beforeInvocation method.
2009-04-20 01:01:34 +00:00
292926518b
SEC-1136: Converted base exceptions to extend RuntimeException rather than NestedRuntimeException.
2009-04-15 10:19:37 +00:00
93bdcccaee
SEC-1132: Moved userdetails into core and added core/authority sub-package
2009-04-15 07:39:21 +00:00
5d0d1bd404
Fixed Javadoc typo.
2009-04-14 12:56:16 +00:00
db9afc36ab
Refactored internal context holder strategy implementations to be package private and final and refactored getContext() methods to use a single call to ThreadLocal.get().
2009-04-14 11:04:49 +00:00
c770998d92
SEC-1132: Move authoritymapping to core as it is actually used in loading authorities for a use, not in making access decisions.
2009-04-14 04:22:57 +00:00
550715e73f
SEC-1136: Removed SpringSecurityException and last import.
2009-04-14 01:51:22 +00:00
10673780db
OPEN - issue SEC-1136: Removed SpringSecurityException. Introduced new AclException as base class for Acl module. Refactored JAAS authentication to map to AuthenticationExcpetions rather than SpringSecurityException. Modified ExceptionTranslationFilter to look explicitly for AuthenticationException or AccessDeniedException (which it should do since these are the only two it handles).
2009-04-13 14:56:49 +00:00
ca7d055c2b
SEC-1132: Created core and authentication packages within core module.
2009-04-13 13:43:23 +00:00
9efb5a7007
SEC-1132: Moved access-control/authorization specific code to org.sf.security.access package. Created provisioning package for user management classes to remove cyclical deps. Some other moving of classes to remove code tangles. Restructuring of portlet module under org.sf.security.portlet
2009-04-12 12:23:23 +00:00
7c4d54f356
SEC-1131: Applied patch for portlet upgrade
2009-04-12 05:52:20 +00:00
365ae3936e
Moved MockAuthenticationManager to test package.
2009-04-12 05:13:18 +00:00
1b43e3661a
SEC-1132: Moved switch user event class to web module as it is only used by SwitchUserProcessingFilter.
2009-04-12 04:16:46 +00:00
bec84f874a
SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples.
2009-03-26 07:18:36 +00:00
2a9a8a41db
SEC-1125: Created separate web module spring-security-web
2009-03-25 06:28:18 +00:00
2c985a1c36
SEC-1126: separated out spring-security-config module containing namespace configuration classes and resources
2009-03-23 04:23:48 +00:00
a45ba138f7
SEC-1121: InMemoryResource.equals() is wrong. Corrected as suggested.
2009-03-20 04:44:39 +00:00
4aff4b2350
SEC-1123: Renamed ObjectDefinitionSource to SecurityMetadataSourceand performed related refactoring
2009-03-20 04:32:06 +00:00
4aae5ec42e
SEC-1124: Refactored LDAP code into separate module
2009-03-19 06:30:32 +00:00
a0f3015ac6
SEC-1086: AccessDecisionManager implementations now log debug messages giving the results returned by each voter polled.
2009-03-19 02:01:24 +00:00
d163cd7d18
SEC-1099: Translation of message.properties in Brazilian Portuguese. Added file.
2009-03-19 01:47:34 +00:00
c0638e9c8d
SEC-1110: Localization (messages_ko_KR.properties). Added.
2009-03-19 01:46:05 +00:00
591681c180
Upgrade to Spring M2 and correct expression classes and pom files to match changes
2009-03-19 01:17:16 +00:00
98593b7c78
SEC-1120: Added Portuguese messages file
2009-03-19 01:02:32 +00:00
ccf422af5a
SEC-1070: AbstractRetryEntryPoint always uses RetryWithHttpEntryPoint logger. Converted to protected (non-static) and used getClass().
2009-03-16 08:32:16 +00:00
9de9f638fe
SEC-1083: Removed unnecessary import
2009-03-16 08:07:18 +00:00
30748e8615
SEC-1083: PersistentTokenBasedRememberMeServices does not clear tokens on logout. Override logout method to remove tokens for user.
2009-03-16 08:05:02 +00:00
b7557d017e
Corrected Javadoc typo.
2009-03-16 07:10:12 +00:00
ef3ea65fdb
Switching back to 2.5.0-SNAPSHOT after tagging M1 release
2009-01-03 07:42:19 +00:00
fc5f50501e
[maven-release-plugin] prepare release 2.5.0.M1
2009-01-03 07:08:25 +00:00
ddffdf1699
SEC-745: Renamed failureHandler and successHandler to have prefix 'authentication'
2008-12-28 17:32:25 +00:00
4a41416c9b
Tidying up and removing compiler warnings.
2008-12-21 16:36:16 +00:00
f5d2e7a7ce
Make error message when multiple UserDetailsServices are found more explicit.
2008-12-21 13:29:42 +00:00
9cb361e88a
SEC-745: Added LogoutSuccessHandler strategy for use in LogoutFilter.
2008-12-20 23:25:29 +00:00
66e586ec67
Added Id keyword.
2008-12-20 15:41:51 +00:00
cc5966bc7e
Tidying up, removing compiler warnings etc.
2008-12-20 00:16:49 +00:00
8154161ef5
SEC-1035: Updated build to use Spring 3.0.0.M1 Release
2008-12-18 02:37:00 +00:00
8f598e9b11
SEC-1052: Add support for the namespace option 'disable-url-rewriting'.
2008-12-17 01:28:29 +00:00
171456a26c
SEC-1018: Changes to allow external reference to SaltSource bean from the namespace.
2008-12-17 01:11:43 +00:00
00125cddee
SEC-1016: Moved the MapBasedDefinitionSource to the top of the list of delegates (before expressions), but changed the code to only add it if there are pointcuts defined, so there should be no unnecessary overhead.
2008-12-17 00:48:32 +00:00
585e5f393a
Added warning suppression for deprecation.
2008-12-17 00:32:21 +00:00
d8b5f770e9
Added warning suppression for deprecation.
2008-12-17 00:31:17 +00:00
db5f1e69f1
SEC-949: Added the option of specifying -1 as the token-validity-seconds value in order to set the cookie maxAge to expire when the browser closes.
2008-12-17 00:14:48 +00:00
c2e688610c
SEC-1011: Introduced methods for extracting the remember-me cookie and for creating the returned token.
2008-12-16 23:25:44 +00:00
998f0b3ea1
SEC-993: Updated retrievePassword method to return null if an Authentication object with null credentials is presented (e.g. with OpenID). Prevents NPE when toString() is called.
2008-12-16 20:35:18 +00:00
d0fcbd9baf
Tidying up Javadoc.
2008-12-16 20:29:53 +00:00
a1bd48733a
Minor Javadoc correction.
2008-12-16 20:16:56 +00:00
74fd5fe8a4
Finish refactoring JdbcDaoIml to remove MappingSqlQuery objects. Updated Javadoc to avoid user confusion.
2008-12-16 18:55:38 +00:00
b24cc17dea
SEC-1052: Added "disableUrlRewriting" parameter to HttpSessionSecurityContextRepository.
2008-12-16 17:35:34 +00:00
bf409b5b25
Improvements to Javadoc.
2008-12-16 02:06:26 +00:00
f54d7ee6bc
SEC-535: Added "postOnly" flag to AuthenticationProcessingFilter, defaulting to "true" so that only POST requests are allowed by default.
2008-12-15 23:58:40 +00:00
898ef36d02
SEC-959: Converted SwitchUserFilter to use new Authentication success and failure strategies from SEC-745 for managing redirects.
2008-12-15 19:50:53 +00:00
c3181d9db0
SEC-1063: Moved the justUseSavedRequestOnGet property to ExceptionTranslationFilter. If set, it will not store the SavedRequest for unless the request is a GET.
2008-12-15 02:48:32 +00:00
40ccd3be11
SEC-1058: Further refactoring to remove use of getDefaultTargetUrl(). Subclasses now pass the default value as a constructor argument.
2008-12-15 01:25:12 +00:00
fcc68e636e
SEC-1062: Added authentication-success-handler-ref and authentication-failure-handler-ref to the namespace definition.
2008-12-15 00:56:17 +00:00
a0bcf7184c
SEC-1061: Renamed serverSideRedirect property.
2008-12-14 23:56:30 +00:00
cf3cac90ad
SEC-1058, SEC-745: Updating comments
2008-12-14 23:53:44 +00:00
3f38035057
SEC-1058: Renamed "forwardToDestination" to "useForward" for simplicity and consistency with the namespace.
2008-12-14 22:53:31 +00:00
2927b8464f
SEC-1058: Substantial refactoring of AbstractProcessingFilter to use AuthenticationFailureHandler strategy. Also changed attemptAuthentication method to take a response object and have the option of returning null, to allow OpenIDAuthenticationProcessingFilter to work without having to throw exceptions between the template methods (which made the logic very hard to follow). The OpenID filter now redirects to the OpenID provider service from this method, rather than treating it as a temporary failure and throwing OpenIDAuthenticationRequiredException.
2008-12-14 22:20:21 +00:00
839279161d
SEC-745: Added concrete failure handling strategies.
2008-12-13 23:34:15 +00:00
6664f57ff6
SEC-992: Removed the line setting returningObj to false.
2008-12-12 23:22:26 +00:00
10e4d1fe1a
SEC-1058: Partial refactoring of AbstractProcessingFilter. It now uses the injected SuccssfulAuthenticationHandler strategy instead of managing everything itself. The default implementation is SavedRequestAwareSuccessfulAuthenticationHandler which encapsulates most of the filter's success logic along with the code which was previously in TargetUrlResolver. Removed TargetUrlResolver.
2008-12-12 22:30:57 +00:00
615194710e
SEC-745: Created AuthenticationFailureHandler and AuthenticationSuccessHandler strategy interfaces.
2008-12-12 17:25:09 +00:00
48dce501ce
SEC-942: Added createEmptyContext() method to SecurityContextHolderStrategy and SecurityContextHolder to encapsulate the context implemetentation in one place. HttpSessionSecurityContextRepository calls this method when it needs a new context to store in the session.
2008-12-12 14:27:23 +00:00
aec23749d7
SEC-1056: Remove deprecated FilterToBeanProxy: It's gone
2008-12-12 13:04:37 +00:00
3fcc7b5403
SEC-1051: Moved voter and afterinvocation packages into acl package. Also moved filterer classes fom core, as they are used in the acl after-invocation classes
2008-12-12 12:47:42 +00:00
a443e55832
SEC-1057: Refactored TargetUrlResolver to remove SavedRequest from determineTargetUrl method.
2008-12-11 17:00:13 +00:00
093365b2f4
Removed unnecessary cast.
2008-12-11 16:42:25 +00:00
30f9b3e72c
SEC-995: AbstractSecurityInterceptor exception message improvement. Added the secured object to the exception message to make it easier to track down the originating method which causes a problem with public invocations.
2008-12-10 16:57:40 +00:00
3f40604b82
SEC-1055: Converted interfaces and methods using ServletRequest/Response to HttpServletRequest/Response where appropriate.
2008-12-10 13:48:25 +00:00
acfcac4594
SEC-996: AccessDeniedhandlerimpl doesn't write response code if used with errorPage
...
Applied supplied patch which checks the committed flag before forwarding to the error page.
2008-12-10 12:36:59 +00:00
Luke Taylor
Scott Battaglia
Mike Wiesner