Ben Alex
5c883e639f
Add InteractiveAuthenticationSuccessEvent handling to authentication mechanisms.
2005-06-27 03:34:36 +00:00
Ben Alex
60f8095cf2
Make Authenticated.isAuthenticated() behaviour switchable. See http://opensource.atlassian.com/projects/spring/browse/SEC-13 .
2005-06-27 03:05:26 +00:00
Ben Alex
ef8281f534
HttpSessionContextIntegrationFilter elegantly handles IOExceptions and ServletExceptions within filter chain (see http://opensource.atlassian.com/projects/spring/browse/SEC-20 ).
2005-06-27 02:55:01 +00:00
Luke Taylor
25fa471779
First version of web.xml to acegi translator
2005-06-26 17:30:36 +00:00
Ben Alex
a312fede74
Refactor DAO authentication failure events under a consistent abstract superclass (thanks to Mark St Godard for suggestion).
2005-06-22 08:07:52 +00:00
Ben Alex
c0f1d4e19d
Remove getters and setters from JdbcDaoImpl so IoC container cannot modify MappingSqlQuerys (thanks to David Durham for bug report).
2005-06-22 08:06:28 +00:00
Ben Alex
a15691d9d7
Silently catch NotSerializableException in AbstractProcessingFilter if rootCause is not Serializable (thanks to Joseph Dane for reporting this bug).
2005-06-22 07:03:53 +00:00
Ben Alex
5f75e9bf9a
Refactor Authentication.isAuthenticated() handling to be more performance (as per developer list discussion).
2005-06-22 06:30:46 +00:00
Ben Alex
a7b5299e77
Correct synchronization issue with FilterToBeanProxy initialization (thanks to George Franciscus and Volker Malzahn as per acegisecurity-developer discussion 4 June 2005).
2005-06-22 05:22:05 +00:00
Ben Alex
c699f7d40e
Support non-username as primary key.
2005-05-29 09:46:51 +00:00
Ben Alex
25cb085df7
More JavaDocs.
2005-05-29 08:30:28 +00:00
Ben Alex
3401072368
Made Serializable as per acegisecurity-developer list discussion on 20 May 2005.
2005-05-22 03:56:37 +00:00
Ben Alex
4e55780e7c
Performance optimisations thanks to Paulo Neves.
2005-05-20 00:00:22 +00:00
Ben Alex
cfb8271826
Reorder DaoAuthenticationProvider exception logic as per developer list discussion.
2005-05-18 01:40:45 +00:00
Ben Alex
ecbfac2ff8
Made AclEntry Serializable (correct issue with BasicAclEntryCache).
2005-05-17 11:07:00 +00:00
Ben Alex
fa6924a373
Update project workspace settings to Java 1.5. NB: Maven remains at 1.3 compatibility for all subprojects except "domain". It is recommended the Eclipse "Problems" view be customised to not display items containing "Type Safety:" in their description. Developers should NOT introduce 1.5+ dependencies to any projects apart from "domain".
2005-05-09 01:18:31 +00:00
Ben Alex
e08e66dec6
Refactor SecurityContextHolder to return a SecurityContext instead of Authentication.
2005-05-08 23:42:14 +00:00
Ben Alex
6a9abe5d90
Remove ContextHolder and introduce SecurityContext.
2005-05-07 09:11:37 +00:00
Ray Krueger
47989c11bd
HttpSessionEventPublisher now verifies that the ApplicationContext is not null
2005-05-02 20:31:18 +00:00
Ben Alex
d169829f27
AbstractAuthenticationToken.getName() now returns username alone if UserDetails present.
2005-04-29 22:29:00 +00:00
Ray Krueger
54ccbf5617
The SecurityEnforcementFilter was forced to catch Throwable by the FilterInvocation.invoke(...) method. Therefore it was wrapping the throwable in ServletException, which left it wrapping SevletException and IOException in ServletException.
2005-04-29 02:53:02 +00:00
Ray Krueger
2c23c75f91
SecureContextLoginModule as requested from list with Test
2005-04-27 04:47:41 +00:00
Ray Krueger
6f286e2054
AuthorityGranter.grant now returns a java.util.Set of role names, instead of a single role name
2005-04-27 03:39:06 +00:00
Luke Taylor
c29a5731be
Moved credential expiry checking after password check. If the wrong password is presented, BadCredentialsException will now be thrown even if the password has expired.
2005-04-25 23:11:12 +00:00
Ben Alex
cff9ba4988
AnonymousProcessingFilter offers protected method to control when it should execute as per http://forum.springframework.org/viewtopic.php?p=19766 .
2005-04-21 23:02:58 +00:00
Ben Alex
4e1649c2b7
Fix NullPointerException caused by unit tests.
2005-04-20 12:39:14 +00:00
Luke Taylor
1fc79f04f1
Added AntPathMatcher member to bring into line with recent Spring refactoring which breaks the build.
2005-04-18 23:10:54 +00:00
Luke Taylor
48ad6496e4
Javadoc typo corrected
2005-04-18 16:24:33 +00:00
Luke Taylor
ee32874308
Added X509 EhCache tests and fixed glaring bug in X509 EhCache implementation.
2005-04-17 22:18:01 +00:00
Ray Krueger
ec80ae22c1
Templated out event publishing. Added getApplicationContext(). Fixed javadoc formatting
2005-04-17 14:13:13 +00:00
Luke Taylor
1a78f9e15f
Refactored to use Spring Assert class (thanks IntelliJ :).
2005-04-15 01:21:41 +00:00
Ben Alex
fdf5c63033
Add obtainUsername method as per http://forum.springframework.org/viewtopic.php?t=4757 .
2005-04-13 22:17:05 +00:00
Ben Alex
8091b60194
Improve Javadocs.
2005-04-12 04:19:09 +00:00
Luke Taylor
f2788c7cb6
Refactored to use Spring Assert class. Corrected some typos.
2005-04-11 01:18:46 +00:00
Luke Taylor
3d4f8eed31
Refactoring to use Spring mock web classes.
2005-04-11 01:07:04 +00:00
Luke Taylor
d6f2b136ec
Refactored to use Spring mock classes.
2005-04-09 23:37:18 +00:00
Luke Taylor
458a2c9e39
Refactored to use Spring mock classes.
2005-04-09 23:24:22 +00:00
Luke Taylor
021abb7369
Added check for "path parameters" to ensure the filterProcessesUrl matches rewritten URLs with a jsessionid included. Refactored property checking to use Spring Assert class.
2005-04-09 22:50:06 +00:00
Luke Taylor
eaa5feb5f8
Refactored to use Spring mock objects for HttpRequest etc.
2005-04-09 21:48:47 +00:00
Ben Alex
204da55a0b
PasswordDaoAuthenticationProvider no longer stores String against Authentication.setDetails().
2005-04-03 21:48:45 +00:00
Ray Krueger
9649003d57
AbstractProcessingFilter no longer uses a set*FailureUrl approach for every exception, it now uses a properties object that maps authenticationExceptions to failure urls
2005-03-28 17:42:21 +00:00
Ben Alex
798ebb1a3d
Correct NullPointerException as fixture missing an ApplicationContext and attempting to publish an event.
2005-03-27 08:40:09 +00:00
Ben Alex
684d5bc10e
Handle null Authentication.getAuthorities() in AuthorizeTag.
2005-03-27 06:36:41 +00:00
Ben Alex
8ae2276843
TokenBasedRememberMeServices changed to use long instead of int for tokenValiditySeconds.
2005-03-25 22:07:00 +00:00
Ray Krueger
10c1926385
Added the ConcurrentSessionViolationEvent that will be published by the ConcurrentSessionControllerImpl before throwing the ConcurrentSessionViolationException
2005-03-25 00:53:46 +00:00
Ben Alex
8884ca51af
Add credentialsExpiredFailureUrl getter/setter to AbstractProcessingFilter.
2005-03-23 23:22:51 +00:00
Ben Alex
9f66c0eae9
Update to current Spring JAR dependencies.
2005-03-22 11:17:22 +00:00
Ben Alex
c936801842
DigestProcessingFilter now provides userCache getter and setter.
2005-03-21 08:03:11 +00:00
Ben Alex
0530351f0d
Provide toString() method on User.
2005-03-21 05:33:51 +00:00
Ben Alex
a2b9da7e22
StringSplitUtils.split() ignored delimiter argument.
2005-03-21 05:14:48 +00:00
Ben Alex
6f31ecb04b
UserDetails now indicates locked accounts.
2005-03-21 03:22:59 +00:00
Luke Taylor
ae47fb722d
sendError now returns less informative forbidden message rather than the exception message.
2005-03-20 19:12:51 +00:00
Luke Taylor
944d11bb1a
Changed to using DN in cache log messages rather than entire certificate.
2005-03-19 18:07:24 +00:00
Luke Taylor
918fc7c15a
License header added.
2005-03-18 01:00:36 +00:00
Luke Taylor
e755687a19
Updated to use Spring Assert class.
2005-03-18 00:59:32 +00:00
Luke Taylor
2a6c68deb6
Entry point tests
2005-03-18 00:52:23 +00:00
Ben Alex
a056946c49
HttpSessionContextIntegrationFilter now handles HttpSession invalidation without redirection.
2005-03-18 00:50:12 +00:00
Luke Taylor
8592e3bcbf
Added tearDown method which resets the Context to null
2005-03-18 00:45:48 +00:00
Luke Taylor
04366d2b12
Corrected Javadoc
2005-03-18 00:33:30 +00:00
Ben Alex
07e46fe4d5
Proper handling if the account is no longer allowed login.
2005-03-18 00:06:09 +00:00
Ben Alex
748f427a80
Prove SecureContextImpl.equals works as we want it to, in light of HttpSessionContextIntegrationFilter's attempts to avoid unnecessary HttpSession creation.
2005-03-17 23:35:29 +00:00
Luke Taylor
abe9dfd234
Added caching and use of Spring's Assert to X509 provider
2005-03-17 21:43:42 +00:00
Luke Taylor
90914be3c2
Import cleaning
2005-03-17 19:58:08 +00:00
Luke Taylor
7db94cb5b7
X509 UserDetails cache interface and implementation
2005-03-17 19:57:12 +00:00
Luke Taylor
7c6a2911c9
Added package.html files
2005-03-17 19:49:18 +00:00
Luke Taylor
562a015aeb
Javadoc typo corrected.
2005-03-17 14:14:18 +00:00
Luke Taylor
cacc31004f
Javadoc typo corrected.
2005-03-16 23:31:19 +00:00
Luke Taylor
bb7d428617
Commence method now returns 403 error
2005-03-16 18:26:41 +00:00
Luke Taylor
452604ff3b
Minor Javadoc corrections.
2005-03-16 16:57:28 +00:00
Ben Alex
52c42a7a40
Corrected Authz parsing of whitespace in GrantedAuthoritys. Contributed by Francois Beausoleil.
2005-03-14 06:09:33 +00:00
Ray Krueger
632617f693
Test that the ConcurrentSessioncontrollerImpl implements ApplicationListener. This is critical and was left out once.
2005-03-13 22:35:17 +00:00
Ray Krueger
ff45047f5a
This MUST implement ApplicationListener in order to receive the HttpSessionDestroyedEvents
2005-03-13 22:30:06 +00:00
Ray Krueger
169449bf24
In response to: http://forum.springframework.org/viewtopic.php?t=3874
...
JaasAuthenticationProvider now checks that the java.security.auth.login.config is null before attempting to use it.
Also, The loginConfig resource is attempted as a file first as spaces in the path name can cause FileNotFoundExceptions for URLs
2005-03-13 22:26:56 +00:00
Ben Alex
df91d352cb
AbstractBasicAclEntry improved compatibility with Hibernate, as per http://forum.springframework.org/viewtopic.php?t=3949 .
2005-03-13 21:01:16 +00:00
Luke Taylor
f594fdf751
Tidying and tests to bring Dao populator up to full coverage.
2005-03-12 21:56:04 +00:00
Luke Taylor
76f868c777
More tests.
2005-03-12 21:27:22 +00:00
Luke Taylor
765cc02599
Tidying.
2005-03-12 21:24:55 +00:00
Luke Taylor
9f62da7d1c
Better test method names.
2005-03-12 21:20:43 +00:00
Luke Taylor
0a4fc1731a
Tests added to bring X509ProcessingFilter up to full coverage.
2005-03-12 20:47:58 +00:00
Luke Taylor
c3c5487b93
Now sets WebAuthenticationDetails on authentication request token.
2005-03-12 20:46:58 +00:00
Luke Taylor
acee1ef696
Added "details" property
2005-03-12 20:40:05 +00:00
Luke Taylor
5d1cd29dfb
Added tearDown method which resets the context to null to prevent occasional breaking of other test classes.
2005-03-12 13:44:00 +00:00
Luke Taylor
f578915728
Test class for X509 filter.
2005-03-11 17:42:39 +00:00
Luke Taylor
af02c42e9f
First version that works.
2005-03-11 03:15:54 +00:00
Luke Taylor
fbb4bc0873
Added regexp matching within the DN to extract the user name.
2005-03-11 02:47:43 +00:00
Luke Taylor
29050b29b2
Dao populator tests for X.509. Tests matching of regexps in the certificate Subject to extract the user name.
2005-03-11 02:08:07 +00:00
Ben Alex
4763f953d3
FilterChainProxy now supports replacement of ServletRequest and ServetResponse by Filter beans.
2005-03-11 01:41:43 +00:00
Luke Taylor
5c86b97f37
First working (kind of) version.
2005-03-11 00:39:36 +00:00
Ben Alex
c5fe428400
Patch by Matt Raible which returns null if Authentication is anonymous.
2005-03-10 12:00:30 +00:00
Ben Alex
b898b87ffb
Enhance test coverage as part of diagnosis of reported bug at http://forum.springframework.org/viewtopic.php?p=15751 .
2005-03-10 11:39:32 +00:00
Ben Alex
15535fff41
SecurityEnforcementFilter caused NullPointerException when anonymous authentication used with BasicProcessingFilterEntryPoint.
2005-03-10 11:11:25 +00:00
Luke Taylor
08dbf66880
(Currently functionless) entry point implementation for X.509
2005-03-10 03:21:25 +00:00
Luke Taylor
aabcef4c69
Dao populator for X509, mirroring the CAS one.
2005-03-10 03:20:25 +00:00
Luke Taylor
fea1725f39
Removed inappropriate inheritance from AbstractProcessingFilter (doesn't make sense for X509 case).
2005-03-10 03:16:45 +00:00
Luke Taylor
ae91b58685
First stab at X509 authentication provider
2005-03-09 02:14:30 +00:00
Luke Taylor
da3801b914
Javadoc improvements.
2005-03-09 02:02:05 +00:00
Luke Taylor
559f480f4b
Corrected Javadoc typos.
2005-03-07 22:35:28 +00:00
Luke Taylor
ab6d43ff08
Corrected Javadoc typo.
2005-03-07 16:53:42 +00:00
Ben Alex
051a34f859
Support credentialsExpiredUrl as per request made in http://forum.springframework.org/viewtopic.php?t=3862 .
2005-03-07 12:23:48 +00:00
Luke Taylor
5c3799cd16
Changed "opal ticket" to "opaque ticket" in Javadoc.
2005-03-05 19:48:02 +00:00
Luke Taylor
124f33bb09
Corrected Javadoc typo
2005-03-05 18:27:05 +00:00
Luke Taylor
6b12779902
Minor Javadoc corrections
2005-03-05 18:23:04 +00:00
Luke Taylor
4ef54828c0
corrected javadoc link
2005-03-05 01:05:23 +00:00
Ben Alex
f1e071b0f1
Added remember-me services.
2005-03-01 02:30:38 +00:00
Ben Alex
0d33b06990
Fix NullPointerException if a pattern is given without any config attributes (eg /**/*.css=). Contributed by Konstantin Shaposhnikov.
2005-02-28 22:06:53 +00:00
Ben Alex
873c3f6c3d
Improve Linux and non-Sun JDK (specifically IBM JDK) compatibility.
2005-02-28 03:02:32 +00:00
Ben Alex
d47a2190f7
Correct test failure on high performance JREs.
2005-02-27 07:16:38 +00:00
Ray Krueger
44397bb05d
Committing ConcurrentSessionController feature and tests. Documentation is needed.
2005-02-26 21:48:07 +00:00
Ray Krueger
4125db5650
Added in a default constructor to use the original sessionid and a constructor for specifying the sessionId
2005-02-25 05:24:10 +00:00
Ben Alex
693ac5a24a
Anonymous principal support. As requested by the community at various times, including in http://forum.springframework.org/viewtopic.php?t=1925 .
2005-02-23 06:09:56 +00:00
Ray Krueger
3c4faf58c7
HttpSessionEventPublisher, HttpSessionCreatedEvent, HttpSessionDestroyedEvent
...
Used together to provide published events in the ApplicationContext about HttpSessions.
Useful for things like Single Session logins.
2005-02-23 02:54:41 +00:00
Ray Krueger
8b24b1cf7a
MockFilterChain extended TestCase but had no public constructor and no test methods.
...
The expectedToProceed test is internally handled by a static call to TestCase.assertTrue() and TestCase.fail()
2005-02-23 02:47:31 +00:00
Ben Alex
a3818184f4
Added Digest Authentication support (RFC 2617 and RFC 2069).
2005-02-22 06:14:44 +00:00
Ben Alex
dda66a0454
Significantly refactor "well-known location model" to authentication processing mechanism and HttpSessionContextIntegrationFilter model.
2005-02-21 06:48:31 +00:00
Ben Alex
ba02d45677
Clean up imports.
2005-02-21 06:34:16 +00:00
Ben Alex
e52f3eacb1
Use WebAuthenticationDetails for Authentication.getDetails() by default.
2005-02-21 00:09:49 +00:00
Ben Alex
a5ea6f5436
Rewrite FilterChainProxy to separate functionality from FilterToBeanProxy and properly implement filter chaining issues.
2005-02-20 05:40:18 +00:00
Ben Alex
57842d4ba8
IoC container vs servlet container lifecycle separation.
2005-02-20 05:38:57 +00:00
Ben Alex
44f1c83dab
Move MockFilterChain to external class.
2005-02-20 05:38:14 +00:00
Ben Alex
6d693ac0d4
Improve logging.
2005-02-20 05:37:13 +00:00
Carlos Sanchez
7c9fad0477
Added filter chain
2005-02-18 20:08:03 +00:00
Ben Alex
0b296e7cf0
Correct issue with JdbcDaoImpl default SQL query not using consistent case sensitivity as per http://forum.springframework.org/viewtopic.php?t=3526 .
2005-02-15 07:14:59 +00:00
Ray Krueger
1949c3b27e
Added AuthenticationException to the commence method signature of the AutenticationEntryPoint. The best example of this
...
is the BasicProcessingFilterEntryPoint where the authException.getMessage() is used to send back an informative 401,
instead of just the error code.
Added AccessDeniedException to the sendAccessDeniedError method signature. The accessDeniedException.getMessage() result
is used to send an invormative 403 error back to the servletResponse by default.
2005-02-15 03:28:18 +00:00
Ben Alex
beadf24610
Use static HttpServletResponse.SC_UNAUTHORIZED instead of 401 HTTP response code.
2005-02-13 00:59:48 +00:00
Ben Alex
6370fadfdc
FilterSecurityInterceptor now only executes once per request (improves performance with SiteMesh). Suggested by Sanjiv Jivan.
2005-02-11 05:49:41 +00:00
Ben Alex
cbe53e21b9
HttpSessionIntegrationFilter no longer creates a HttpSession unnecessarily.
2005-02-10 07:15:20 +00:00
Ben Alex
834f69168d
Support getUserPrincipal().
2005-02-04 22:38:07 +00:00
Ben Alex
0be77abe75
Allow empty passwords as per http://forum.springframework.org/viewtopic.php?p=13343 .
2005-02-04 09:43:33 +00:00
Ben Alex
4e6a4742bd
Tapestry integration improvements, as per http://forum.springframework.org/viewtopic.php?p=13327
2005-02-04 07:36:46 +00:00
Ray Krueger
82c15b1874
The JaasAuthenticationCallbackHandler handle method now takes a callback and the authentication in progress, the setAuthentication method has been removed.
...
The JaasAuthenticationProvider afterPropertiesSet method now makes use of the java.security.auth.login.config System property before trying to use the login.config.url.X properties.
2005-01-31 05:16:32 +00:00
Carlos Sanchez
debc67fa6d
Allow site deployment from each subproject
2005-01-19 22:18:37 +00:00
Ben Alex
cc669f4e35
Retrieve bean from parent bean factory if not found, as per http://forum.springframework.org/viewtopic.php?t=3005 .
2005-01-19 21:21:07 +00:00
Ben Alex
7e234869a5
Make Serializable.
2005-01-19 21:09:39 +00:00
Ben Alex
99088fe14c
Fix JavaDoc error.
2005-01-16 03:57:43 +00:00
Ben Alex
fd2cc5dbc7
Add subclass hook so it can customise request properties.
2005-01-06 20:32:36 +00:00
Ben Alex
bb1e96c85a
Add notice.txt to generated artifacts.
2005-01-04 22:05:40 +00:00
Ben Alex
d6207106c0
Expand test coverage.
2005-01-04 20:20:21 +00:00
Ben Alex
9176aa0efb
Add new AuthenticationFailure* events.
2005-01-04 20:19:42 +00:00
Ben Alex
c939bcb176
Add account expiration and credentials expiration capabilities.
2005-01-03 01:14:26 +00:00
Ben Alex
6c1e2f23b2
Allow last attempted username to be displayed in views.
2004-12-25 23:38:39 +00:00
Ben Alex
c77cb84f52
Fix group names etc as required to ensure a multiproject:install works from /docs if there is a CLEAN (empty) Maven repository.
2004-12-25 07:02:31 +00:00
Ben Alex
5689807f38
Make Maven sign generated JARs. The last stage of the transition from Ant.
2004-12-24 05:48:54 +00:00
Ben Alex
61a631af26
JavaDocs fix.
2004-12-22 23:49:25 +00:00
Ben Alex
8fb64e1e1b
Fix repository URLs so "viewcvs" URLs (associated with changelog plugin) are all correct.
2004-12-22 03:47:55 +00:00
Ben Alex
dc726ac75c
Clarify and enforce interface interface contract for AuthenticationDao.
2004-12-21 20:53:32 +00:00
Ben Alex
4bcc1222e1
Modifications to support EH-CACHE upgrade (EH-CACHE appears to have changed the way the default cache configuration file gets handled).
2004-12-21 13:04:11 +00:00
Ben Alex
823a2e990b
Add hook methods to AbstractProcessingFilter.
2004-12-20 11:14:34 +00:00
Ben Alex
c5ea35d093
Extend After ACL provider to also filter arrays. Thanks to Joni Suominen.
2004-12-17 21:56:05 +00:00
Ray Krueger
cb61c88478
Increased test coverate to 100%
2004-12-09 23:53:11 +00:00
Ray Krueger
8853ba28e2
Replaced $author$ stuff in javadocs with Ray Krueger
2004-12-09 22:35:53 +00:00
Ray Krueger
41310f26a6
Missed a DOCUMENT ME! spot...
2004-12-09 22:29:12 +00:00
Ray Krueger
3eb6149877
New LoginExceptionResolver interface and base implementation to handle LoginExceptions thrown in the Jaas API. I am commiting this now so that it isn't lost, while a PropertyEditor based solution is investigated.
2004-12-09 22:09:35 +00:00
Ben Alex
c5900cab9c
Added a ContextHolderAwareRequestWrapper to integrate with getRemoteUser() and isUserInRole(String). Thanks to Orlando Garcia Carmona ("paramosyermos" on Spring forums).
2004-12-05 06:11:18 +00:00
Ben Alex
e3b9920d9c
Fix default query string to remove ambiguous columns. Thanks to Aaron Tang.
2004-12-05 05:30:06 +00:00
Ben Alex
89ba20f057
Fix Tomcat compatibility issue where HttpSession unavailable during "logoff". Thanks to Aaron Tang.
2004-12-05 05:29:25 +00:00
Ben Alex
82ed7253d4
Refactor AbstractFilterInvocationDefinitionSource to use a standard URL String in its lookup method, rather than a full FilterInvocation. This will make it easier for views (taglibs etc) to access URI security details without needing to construct a MockFilterInvocation.
2004-12-05 05:04:52 +00:00
Ben Alex
76c82db196
Refactor EH-CACHE integration classes to work with Spring IoC provided Cache rather than manage our own cache internally.
2004-12-05 04:37:05 +00:00
Ben Alex
41b41ba316
Expand test coverage. Clover via Maven (without excluding appropriate patterns like *Exception and debug messages) has modified coverage from 77.2% to 95%.
2004-12-03 06:46:41 +00:00
Ben Alex
07e2037251
Find target domain object argument in a manner that works if nulls are presented for the domain object argument.
2004-12-03 06:43:17 +00:00
Ben Alex
e75fc613b1
Gracefully handle null ContextHolder / Authentication etc.
2004-12-03 06:42:26 +00:00
Ben Alex
7a4a46cc7b
General refactoring of taglibs.
2004-12-03 06:41:48 +00:00
Ben Alex
1b660d4d5b
Handle usernames that are empty Strings.
2004-12-03 06:41:02 +00:00
Ben Alex
ab6df6cfce
Make InternalMethodInvocation package protected for better unit test support.
2004-12-03 06:40:11 +00:00
Ben Alex
f73fc735c2
Improve startup error detection and eliminate unnecessary checks for null application context.
2004-12-03 06:39:07 +00:00
Ben Alex
4c1c7dcff5
Fix bugs.
2004-12-03 06:38:10 +00:00
Ben Alex
22f8cd0c44
Improve null handling.
2004-12-01 02:55:01 +00:00
Ben Alex
3a0e43337c
Improve test coverage and error detection at startup time.
2004-12-01 02:22:24 +00:00
Ben Alex
699f97929a
Fix bug where class should delegate to setDetails method - not set the details directly.
2004-12-01 02:09:15 +00:00
Ben Alex
89eed486e2
Add alwaysUseDefaultTargetUrl feature to AbstractProcessingFilter.
2004-11-22 21:38:14 +00:00
Carlos Sanchez
b0f6c5179a
Documentation improvement
2004-11-20 10:28:01 +00:00
Ben Alex
a159d89ffd
Initial commit.
2004-11-20 05:24:16 +00:00
Ben Alex
4ca1e2fd99
Add logging.
2004-11-20 04:10:05 +00:00
Ben Alex
f251436a99
Improve logging and enable ACL determination to use an Object obtained from an internal method of the located processDomainObjectClass.
2004-11-20 04:09:14 +00:00
Ben Alex
61580d1973
Move RMI context propagation support classes to core, and rename and document to more clearly reflect function.
2004-11-20 04:07:47 +00:00
Ben Alex
ba16c01b90
Add toString() method so more informative when context propagation takes place, such as via ContextPropagatingRemoteInvocation.
2004-11-20 04:06:47 +00:00
Carlos Sanchez
58306157df
*** empty log message ***
2004-11-19 22:20:49 +00:00
Ben Alex
177c00556d
Support just creating the acl_object_identity, without necessarily an acl_permission as well.
2004-11-16 12:22:43 +00:00
Ben Alex
af5917b685
Added BasicAclExtendedDao interface and JdbcExtendedDaoImpl for ACL CRUD.
2004-11-15 13:04:12 +00:00
Ben Alex
bc9a599bf7
Remove noisy logging.
2004-11-15 02:43:21 +00:00
Ben Alex
d6beb9804f
Place authz taglib in correct JAR location (META-INF).
2004-11-15 01:46:23 +00:00
Ben Alex
612971e134
Initial commit of a concrete AfterInvocationManager.
2004-11-15 01:45:03 +00:00
Ben Alex
694bdb603d
Initial commit.
2004-11-15 01:44:20 +00:00
Ben Alex
5f6aa9c49e
Refactoring to support "after invocation" processing.
2004-11-15 01:43:48 +00:00
Ben Alex
03a530b36b
Improve JavaDocs.
2004-11-15 01:42:47 +00:00
Ben Alex
d639e5c02f
Expand logging.
2004-11-15 01:41:45 +00:00
Ben Alex
9972c69408
Support Authentication.getPrincipal() of UserDetails and improve logging.
2004-11-15 01:40:18 +00:00
Ben Alex
e462c5a201
Minor polishing.
2004-11-15 01:36:41 +00:00
Ben Alex
68dc38841f
Add an Authentication and Acl taglib.
2004-11-15 00:46:18 +00:00
Ben Alex
70a9c76f69
Remove unnecessary console output from tests.
2004-11-15 00:37:00 +00:00
Ben Alex
ef2e45df77
Update tests to support incompatible collaborator detection now in AbstractSecurityInterceptor.
2004-11-15 00:36:12 +00:00
Ben Alex
e83c66bb37
Expand test coverage so GrantedAuthorityEffectiveAclsResolver properly handles Authentication with a principal of type UserDetails.
2004-11-15 00:34:32 +00:00
Ben Alex
695948c31d
Remove unused import.
2004-11-12 01:07:59 +00:00
Ben Alex
f1d993f47b
Made BasicAclProvider to only respond to specified ACL object requests.
2004-11-09 21:09:14 +00:00
Carlos Sanchez
cd56f2ed4a
Moved from test to main
2004-11-03 22:35:12 +00:00
Carlos Sanchez
8cf6867cba
Moved name to subprojects
2004-11-01 20:05:42 +00:00
Ben Alex
fde59c2f29
Ad mock method implementation now we're using HttpSession.removeAttribute().
2004-10-30 23:32:53 +00:00
Ben Alex
565c2e580b
Remove debug messages.
2004-10-30 23:32:28 +00:00
Carlos Sanchez
d27fb49803
*** empty log message ***
2004-10-30 22:49:58 +00:00
Carlos Sanchez
55624cf5dd
Moved resources from java dir to resources dir
2004-10-30 22:49:12 +00:00
Carlos Sanchez
928498b53d
Removed AutoIntegrationFilter
2004-10-30 22:45:35 +00:00
Carlos Sanchez
b25a6e002b
*** empty log message ***
2004-10-30 17:15:54 +00:00
Ben Alex
89f6fcf5c9
Refactor to use an application context, thus enabling event publishing and use of DefaultAdvisorAutoProxyCreator.
2004-10-30 06:09:09 +00:00
Ben Alex
537a58d754
Added net.sf.acegisecurity.intercept.event package.
2004-10-30 06:07:17 +00:00
Ben Alex
26f5f1a9b3
Add the AccessDeniedException to the HttpSession as per http://forum.springframework.org/viewtopic.php?t=1515 .
2004-10-30 03:06:05 +00:00
Ben Alex
21f29bbbb3
Fix JRun rejection of null in httpSession.setAttribute() as per http://livedocs.macromedia.com/jrun/4/javadocs/jrun/servlet/session/JRunSession.html .
...
Discussed at http://forum.springframework.org/viewtopic.php?t=1417 .
2004-10-30 02:56:01 +00:00
Ben Alex
73349bf8f8
Add convenience method so subclasses can specify Authentication.setDetails().
2004-10-30 01:19:22 +00:00
Ben Alex
7b0145fba7
Initial AspectJ support.
2004-10-18 06:41:20 +00:00
Ben Alex
992cf44b36
Refactor MethodDefinitionMap to use Method, not MethodInvocation. Refactor AbstractSecurityInterceptor to not force use of Throwable. Move AOP Alliance based MethodSecurityInterceptor to separate package.
2004-10-18 06:38:44 +00:00
Ben Alex
ba163d51ae
Documentation correction.
2004-10-17 07:56:19 +00:00
Ben Alex
f123e9c333
Make MethodDefinitionMap query interfaces defined by secure objects, to properly support MethodDefinitionSourceAdvisor.
2004-10-15 03:47:53 +00:00
Ben Alex
8ec0d89fe4
Improve documentation for abstract contract.
2004-10-15 03:17:57 +00:00
Ben Alex
8d973af603
Added MethodDefinitionSourceAdvisor for performance and autoproxying.
2004-10-15 00:29:24 +00:00
Ben Alex
333fe84ee8
Clarify interface contract for ObjectDefinitionSource when no ConfigAttributes exist for a given secure object invocation, plus unit tests and fixes for concrete implementations. Thanks to Sean Radford for spotting the inconsistency.
2004-09-11 06:14:58 +00:00
Ben Alex
8a32fde12a
Additional convenience methods as suggested by Sean Radford.
2004-09-11 06:13:54 +00:00
Luke Taylor
defc79c283
Minor Javadoc correction.
2004-09-06 20:06:42 +00:00
Ben Alex
ec166e086b
Refactored UsernamePasswordAuthenticationToken.getDetails() to Object.
2004-09-01 21:19:05 +00:00
Ben Alex
fa2920baa7
Ensure delegate is not null before calling destroy method.
2004-09-01 21:03:34 +00:00
Ben Alex
d7c98f95ca
Made FilterToBeanProxy compatible with ContextLoaderServlet (lazy initialisation on first HTTP request).
2004-09-01 02:37:55 +00:00
Ben Alex
1a92434914
Add support for password-validating DAOs, such as LDAP. Contributed by Karel Miarka.
2004-08-30 01:24:12 +00:00
Ben Alex
aaebd3ef5a
Added DaoAuthenticationProvider.hideUserNotFoundExceptions property. Defaults to true, so BadCredentialsException is thrown instead of UsernameNotFoundException if a user cannot be found.
2004-08-26 23:19:00 +00:00
Ben Alex
5cd65887d5
Improved ConfigAttributeEditor so it trims preceding and trailing spaces.
2004-08-25 21:43:00 +00:00
Ben Alex
3f87849f31
Fixed GrantedAuthorityEffectiveAclsResolver if null ACLs provided to method.
2004-08-23 02:03:46 +00:00
Ben Alex
eb9c7d0852
Extracted removeUserFromCache(String) to UserCache interface.
2004-08-20 05:52:05 +00:00
Ben Alex
bf53abf46e
Improve JavaDocs.
2004-08-18 22:59:00 +00:00
Ben Alex
04f4c9881d
Added original Authentication.getDetails() to DaoAuthenticationProvider response.
2004-08-13 01:07:32 +00:00
Ben Alex
08ee5deaa9
Fix unit test compatibility if no username provided.
2004-08-12 01:25:53 +00:00
Ben Alex
da5469fed0
Additional event when user not found. Contributed by Karel Miarka.
2004-08-12 00:07:08 +00:00
Ben Alex
6867efd6ac
Fix NPE problems with patch provided by Karel Miarka.
2004-08-10 00:22:53 +00:00
Ben Alex
e006f521f4
Fix formatting.
2004-08-04 06:40:06 +00:00
Ben Alex
0c43fe1f4a
Make SecurityEnforcementFilter more subclass friendly.
2004-08-02 23:08:52 +00:00
Ben Alex
c1e109da74
Initial commit of remote client authentication interface.
2004-08-01 07:49:16 +00:00
Ben Alex
29f8097c64
Increase test coverage.
2004-08-01 07:48:14 +00:00
Ben Alex
b4a0e45e76
Increase test coverage.
2004-08-01 02:19:25 +00:00
Ben Alex
f7b491b699
Refactor ACL database tables.
2004-07-31 06:38:40 +00:00
Ben Alex
13d5a2dbca
Refactor ACL database tables.
2004-07-31 03:42:18 +00:00
Ray Krueger
e366c65d17
Almost forgot this piece of the jaas tests
2004-07-29 16:56:26 +00:00
Ray Krueger
3b284231da
Increased test coverage of the .jaas package to 93.7%
2004-07-29 16:54:02 +00:00
Ben Alex
56829872b6
Initial commit of ACL capabilities.
2004-07-29 07:51:22 +00:00
Ben Alex
1cc46544ed
Javadoc removal of warning.
2004-07-29 05:04:49 +00:00
Ben Alex
2426bb9e8e
Make JdbcDaoTests use in-memory database.
2004-07-29 03:32:23 +00:00
Ben Alex
8c74d459c5
Delete files with old, non-Camel Case name.
2004-07-28 23:06:04 +00:00
Ray Krueger
f29e6763d4
Renamed all JAAS* classes to Jaas*
2004-07-28 15:03:03 +00:00
Ben Alex
3648073461
Fix EH-CACHE after web context refresh (patch thanks to Travis Gregg).
2004-07-26 22:56:00 +00:00
Ben Alex
d1fa12a312
Fix Javadocs warning.
2004-07-26 06:52:55 +00:00
Ben Alex
3f7f8e26fa
Reduce setAuthentication scope now that it should only be called by AbstractAuthenticationManager.
2004-07-24 07:21:18 +00:00
Ben Alex
951c1a02df
Store failed Authentication request in AuthenticationException, using template pattern (patch thanks to Wesley Hall).
2004-07-24 07:18:04 +00:00
Ben Alex
7ac3706eb9
Allow subclasses to add their own custom GrantedAuthority[]s.
2004-07-24 07:15:06 +00:00
Francois Beausoleil
3d23119b56
Following a suggestion from Scott Evans, added support for EL in the authz tag
...
library:
http://www.mail-archive.com/acegisecurity-developer%40lists.sourceforge.net/msg00189.html
* lib/spring/spring-mock.jar:
Added Spring's 1.0.2 mock JAR.
* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagExpressionLanguageTests.java:
New tests to assert that the taglib recognizes and parses EL expressions.
* src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java:
Implemented AuthorizeTagExpressionLanguageTests by using Spring's
ExpressionEvaluationUtils.
2004-07-23 01:24:55 +00:00
Ben Alex
f798e56d75
Contribution by Wesley Hall to improve exception handling.
2004-07-22 04:56:17 +00:00
Ben Alex
2996d67b06
Fix bug related to detecting incorrect use of SecureContext property.
2004-07-21 02:04:42 +00:00
Ray Krueger
3e37b74e3f
Added Javadoc to all classes
2004-07-19 19:42:14 +00:00
Ray Krueger
da7895087b
Added correct @author and @version tags, more Javadocs to follow
2004-07-19 17:27:28 +00:00
Ray Krueger
3360e2d51a
Added in javadoc
2004-07-19 17:24:38 +00:00
Ray Krueger
0c7a07e4db
Adding in JAASAuthenticationProvider tests
2004-07-19 00:44:01 +00:00
Ray Krueger
1947819d73
Adding in JAASAuthenticationProvider support
2004-07-19 00:43:28 +00:00
Ben Alex
2f2b054b7a
Resolve a Weblogic compatibility issue (patch thanks to Patrick Burleson).
2004-07-15 23:27:59 +00:00
Ben Alex
e3be8f20bb
Refactor CasAuthoritiesPopulator to use UserDetails rather than GrantedAuthority[].
2004-07-14 09:54:09 +00:00
Ben Alex
48b1cb7c85
Move UserDetails interface to net.sf.acegisecurity package.
2004-07-13 22:38:20 +00:00
Ben Alex
064cd3c7bf
Add a getter for the context.
2004-07-13 22:10:52 +00:00
Ben Alex
8b9f02e2e7
Expand test coverage.
2004-07-13 02:01:58 +00:00
Ben Alex
491fb00ffd
Make Authentication serializable (Weblogic support).
2004-07-12 22:40:33 +00:00
Ben Alex
957e28252e
Log stack trace to assist debugging.
2004-07-08 21:50:42 +00:00
Ben Alex
2cb3703253
Relax restriction on empty Strings for proxy callback URL, as this should be an empty String if no proxy callback was requested during service ticket validation.
2004-07-03 00:47:46 +00:00
Luke Taylor
b957b5e25b
Convert database URL to use absolute path. Fixes test with Maven.
2004-07-02 14:07:26 +00:00
Ben Alex
ce712eaccf
Improve organisation of DaoAuthenticationProvider to facilitate subclassing.
2004-06-30 23:18:47 +00:00
Ben Alex
fe91639b15
Allow custom SecureContext implementations to be selected by user.
2004-06-29 23:28:59 +00:00
Ben Alex
6314aa4efa
Refactor User to an interface.
2004-06-24 23:24:14 +00:00
Ben Alex
04dea9e403
Patch by Mark St.Godard to resolve issues with WebSphere 5.
2004-06-23 05:52:49 +00:00
Ben Alex
46f17bed79
Make isPasswordCorrect protected to facilitate subclass use.
2004-06-21 06:17:20 +00:00
Ben Alex
1a0bec5bf1
Make User available from Authentication via DaoAuthenticationProvider.
2004-06-21 06:10:14 +00:00
Ben Alex
27d89f3e91
Patch by Mike Youngstrom to fix Jameleon stripping of slash.
2004-06-17 01:23:13 +00:00
Ben Alex
b3e2d78c5d
Fix issue when encoded passwords are used. Modify Contacts sample to test encoded passwords.
2004-06-08 12:54:42 +00:00
Ben Alex
b5cbcdc591
Refactor DaoAuthenticationProvider cache model.
2004-06-06 06:31:28 +00:00
Ben Alex
1b24ff5ea8
Refactor DaoAuthenticationProvider cache model.
2004-05-31 04:41:22 +00:00
Ben Alex
d9f77a7ed1
Initial commit.
2004-05-31 02:37:29 +00:00
Ben Alex
b6cb84e937
Improve robustness so if ApplicationContext not shutdown correctly (thus destroy() not called) the cache will not fail on subsequent startups.
2004-05-31 02:08:34 +00:00
Ben Alex
e300a90890
Improve test coverage.
2004-05-31 01:19:18 +00:00
Ben Alex
0cbea9b452
Improve HTTP redirect URL encoding.
2004-05-26 22:17:14 +00:00
Ben Alex
d5c14142d1
Add event capabilities.
2004-05-24 00:09:27 +00:00
Ben Alex
42ccbfbad7
Store additional information about the authentication request.
2004-05-24 00:06:54 +00:00
Ben Alex
b6e0c3076f
Fixed issue with hot redeploy as cache not being closed.
2004-05-24 00:04:49 +00:00
Ben Alex
369ea24215
Extra mock functionality for new unit tests.
2004-05-24 00:02:09 +00:00
Ben Alex
3f6961d855
Improved exception handling if response already committed.
2004-05-23 23:57:29 +00:00
Francois Beausoleil
d5a6ea044d
Implemented a fix for a NullPointerException as reported by Pierre-Antoine Gr�goire (pa.gregoire@free.fr)
...
"The error comes from line 115 in AuthorizeTag....It seems there's no control
for a null value here..."
* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java:
Added a new test to confirm the existence of the bug.
* src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java:
And fixed the failing test.
2004-05-19 12:34:52 +00:00
Ben Alex
4cac2f1a62
Made serializable as per request by Mike Youngstrom.
2004-05-15 23:37:03 +00:00
Ben Alex
614f12448e
Create a NullRunAsManager, which is used by default by the AbstractSecurityInterceptor.
2004-05-06 23:13:32 +00:00
Ben Alex
8713d4d52c
Authentication subclasses Principal, so it's directly usable by classes that want a Principal. No implementations need to change if they subclass AbstractAuthenticationToken, as it implements the one and only method required by Principal.
2004-05-04 07:35:41 +00:00
Ben Alex
4152df1225
Allow filter to update multiple HttpSession attributes (useful if servlets etc expect to find an Authentication object in a given HttpSession attribute, like Jakarta Slide).
2004-05-04 07:27:57 +00:00
Ben Alex
eaa92cd80a
Fixed issue with caching by making AbstractIntegrationFilter (and its subclasses) write the new Authentication object to the well-known location.
2004-04-30 05:16:08 +00:00
Ben Alex
ecac5a2eed
Make ChannelDecisionManagerImpl iterate through a list of channel security processors.
2004-04-29 02:17:07 +00:00
Ben Alex
2421268baa
Improve IE 6 bug detection logic.
2004-04-29 02:14:20 +00:00
Ben Alex
b61c05ff89
Change classes to use PortMapperImpl and PortResolverImpl by default.
2004-04-28 00:10:56 +00:00
Ben Alex
901c7d4752
Significantly enhance channel processing filter.
2004-04-27 06:21:00 +00:00
Ben Alex
e555d77d4e
Move port mapping functionality into separate classes to allow reuse. Permit implementations to override the source port (required given some browsers do not respond to HTTP redirects correctly).
2004-04-27 06:17:53 +00:00
Ben Alex
c6a1b2b608
Clarify how URLs are constructed.
2004-04-27 06:14:57 +00:00
Ben Alex
8a4edca136
Support new key requirement on DAO authentication provider.
2004-04-27 06:00:39 +00:00
Ben Alex
2c97583f27
Filter to ensure web requests are received over a suitable secure channel.
2004-04-23 08:57:43 +00:00
Ben Alex
d65b0e0bd2
Add correct supports() method and tests.
2004-04-23 06:28:23 +00:00
Ben Alex
ed68b701b2
Add toString() method and test.
2004-04-23 06:27:50 +00:00
Ben Alex
e0d57de330
Add DaoAuthenticationProvider caching support.
2004-04-23 05:01:57 +00:00
Ben Alex
babb908fea
Increase test coverage.
2004-04-23 04:51:56 +00:00
Ben Alex
83d871cd5d
Enhance equals() method to detect key variances.
2004-04-23 03:45:16 +00:00
Colin Sampaleanu
6eb0a47632
fix FilterInvocation so it doesn't lose the tail end (past the servlet path) of the request url
2004-04-23 02:29:18 +00:00
Ben Alex
0537900357
Remove unnecessary code.
2004-04-23 02:08:58 +00:00
Colin Sampaleanu
e2de3c9dbc
Enhance AuthenticationProcessingFilterEntryPoint and related classes, to support a property forcing the login page to be access via https even if the original intercepted request came in as http.
2004-04-22 21:47:05 +00:00
Colin Sampaleanu
20025da7c7
work on unit test, still some functionality to cover later
2004-04-22 11:54:52 +00:00
Colin Sampaleanu
2a46a975a5
allow automatic switch from http to https for login form.
...
unit tests will be updated tomorow to cover new functionality.
2004-04-22 03:56:55 +00:00
Colin Sampaleanu
ab9e783f79
after invocation, restore pre-RunAs Authentication regardless of exception that may be thrown by method being intercepted
2004-04-21 21:09:39 +00:00
Ben Alex
fa9b872570
Initial CAS support.
2004-04-19 07:34:32 +00:00
Ben Alex
b3f9f6f4e9
Updated tests to relocate common filter authentication functionality to an abstract parent.
2004-04-18 12:57:49 +00:00
Ben Alex
4500aba050
Expand unit test coverage.
2004-04-18 12:05:20 +00:00
Ben Alex
0a856b7f15
Expand coverage to test SaltProvider integration.
2004-04-18 12:04:43 +00:00
Ben Alex
872ace9164
Modify contract of AuthenticationProvider to allow AuthenticationProvider implementations to return null if they do not wish to process a given Authentication request, despite asserting they support it.
2004-04-18 12:03:07 +00:00
Ben Alex
a6b5b8d828
Initial commit.
2004-04-18 12:01:18 +00:00
Ben Alex
1cf2b333bd
Relocate common filter authentication functionality to an abstract parent, and update JavaDocs accordingly.
2004-04-18 12:00:02 +00:00
Ben Alex
96fa2a5a75
Update encoders so they process salts.
2004-04-18 11:56:50 +00:00
Ben Alex
b06833e0d7
Unit tests must be named *Tests (note the plural).
2004-04-18 11:55:49 +00:00
Ben Alex
5dbef97a1d
Expand unit test coverage.
2004-04-18 11:54:51 +00:00
Ben Alex
5b16c42e15
Enhance mock so it is told whether to grant or deny access.
2004-04-18 11:35:24 +00:00
Ben Alex
f38ed01b29
Detect nulls within GrantedAuthority[] passed to constructor. This ensures end-user DAO implementations are creating the User correctly.
2004-04-18 11:23:01 +00:00
Ben Alex
a0f809991d
JavaDoc updates.
2004-04-18 05:56:07 +00:00
Colin Sampaleanu
3ceb492cb2
move password encoder tests to proper packages.
...
rename saltSource param in PasswordEncoder interfce to salt. It was already called salt in subclasses, and is in fact supposed to be the salt, not the source for the salt, although depending on the implementation it may still be treated as the latter.
2004-04-17 02:18:46 +00:00
Ben Alex
da5101cfb4
Make salt sources pluggable.
2004-04-17 01:29:52 +00:00
Ben Alex
03efc3e51f
Improve JavaDocs.
2004-04-17 01:28:38 +00:00
Ben Alex
ae16d96121
Moved to net.sf.acegisecurity.providers.encoding.
2004-04-17 01:28:05 +00:00
Ben Alex
6815e693a7
Make SecurityEnforcementFilter support pluggable authentication entry points. Enhance BASIC authentication so it's a viable alternative to form-based authentication for user agents like IE and Netscape.
2004-04-16 14:22:15 +00:00
Ben Alex
7e85bbc054
Relaxed requirement so targetClass OR targetBean can be used (targetBean no longer requires targetClass to be specified as well).
2004-04-16 12:37:58 +00:00
Ben Alex
38835da164
Provide a proxy so filters can be loaded directly from the application context.
2004-04-16 06:31:48 +00:00
Ben Alex
7b59d5f189
Expand test coverage now that prefix is configurable.
2004-04-16 06:28:21 +00:00
Colin Sampaleanu
3d089aaa67
move and rename password encoding classes.
...
change saltSource arument to salt argument, which impl may or may not use.
2004-04-16 03:44:04 +00:00
Colin Sampaleanu
5d9d734735
more final version of the various PasswordEncoder implementations.
...
add unit tests for PasswordEncoder implementations.
remove ignore password case and ignore username case flags and handling from DaoAuthenticationProvider.
remove requirement described in JavaDoc for AuthenticationDao that it ignore case when returning a user by username. Implementations may still do so if configured as such.
2004-04-15 16:32:09 +00:00
Colin Sampaleanu
41a837f8cd
add back HSQL db in test dir, as it turns out _it is_ supposed to be in CVS
...
modify JdbcDaoTests to test for role prefix functionality
fix glitch in JdbcDaoImpl
modify Eclipse classpath so HSQL lib is loaded, so unit tests can run in Eclipse as well.
2004-04-15 03:34:18 +00:00
Colin Sampaleanu
18d5c59532
'ant format' strikes again.
2004-04-14 21:31:22 +00:00
Colin Sampaleanu
aed9d2a1d8
initial cut at allowing pluggable digest strategy for use in password handling in DaoAuthenticationProvider
2004-04-14 21:30:59 +00:00
Colin Sampaleanu
fad252b0fe
allow special ROLE_ prefix to be overriden
2004-04-14 03:38:10 +00:00
Colin Sampaleanu
a09f2a4c18
ant format seems to have reformated these differently than what is in CVS
2004-04-13 21:59:02 +00:00
Colin Sampaleanu
2786312b8e
allow query strings to be specified
...
allow MappingSqlQuery to be specified
2004-04-13 21:58:03 +00:00
Ben Alex
f1abf780b5
Add support for HTTP Basic Authentication.
2004-04-11 12:09:08 +00:00
Ben Alex
670d007630
JavaDoc updates.
2004-04-11 12:05:46 +00:00
Ben Alex
bd35a47233
Support configuration via Apache Ant paths (not only regular expressions).
2004-04-09 09:51:23 +00:00
Ben Alex
5488bf4ca8
Renamed to RegExpBasedFilterDefinitionMapTests.
2004-04-09 09:49:07 +00:00
Ben Alex
7eefbd3bb2
Update to use contextConfigLocation.
2004-04-09 05:41:42 +00:00
Colin Sampaleanu
6c26e79a0f
change AuthenticationProcessingFilter and SecurityEnforcementFilter to use Spring's WebApplicationContextUtils by defualt to find their config context.
2004-04-09 02:44:17 +00:00
Francois Beausoleil
ea0e6b2577
* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagAttributeTests.java,
...
src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java:
Added three new tests to assert that whitespace is ignored in the
attribute's content.
2004-04-02 20:59:16 +00:00
Ben Alex
1b1d119836
Modifications consistent with changes to the objects being tested.
2004-04-02 12:20:41 +00:00
Ben Alex
a278db8df9
Functionality moved to new tests or mocks.
2004-04-02 12:18:58 +00:00
Ben Alex
eaffc00fc4
Initial commit.
2004-04-02 12:16:39 +00:00
Ben Alex
852cea437c
Reflect new secure object API, which is no longer bound to MethodInvocations.
2004-04-02 12:13:56 +00:00
Ben Alex
f026b3a08a
Documentation improvements.
2004-04-02 12:11:13 +00:00
Ben Alex
15588123ba
Additional import statement.
2004-04-02 12:10:31 +00:00
Ben Alex
33edeb5a2f
Moved to net.sf.acegisecurity.ui
2004-04-02 12:07:24 +00:00
Ben Alex
e54ad9b4e8
Reflect new secure object API, which is no longer bound to MethodInvocations.
2004-04-02 12:05:49 +00:00
Ben Alex
3ece12c386
Moved to net.sf.acegisecurity.intercept.method.
2004-04-02 12:03:18 +00:00
Ben Alex
738fd2161d
Initial commit.
2004-04-02 12:02:01 +00:00
Ben Alex
dd39d747d5
Improved documentation and added methods to facilitate unit testing.
2004-03-29 13:39:30 +00:00
Ben Alex
c220ff583c
Initial commit.
2004-03-29 13:36:45 +00:00
Ben Alex
0a17d65d37
Initial commit.
2004-03-29 02:49:51 +00:00
Ben Alex
ea05e0b931
Simplified sub-class usage. Made compatible with changes to User constructor.
2004-03-29 02:48:10 +00:00
Ben Alex
1b726825fa
Changed internals to use list instead of set, to preserve element ordering.
2004-03-28 12:19:13 +00:00
Ben Alex
adb1971873
Enhancements to detect errors and faciltiate easier testing.
2004-03-28 12:17:46 +00:00
Ben Alex
d59a5da321
Changed to not detect null returns, as the UserMap will now throw the UsernameNotFoundException.
2004-03-28 12:16:44 +00:00
Ben Alex
f203979237
Update to be compatible to changes made to User's no-arg constructor.
2004-03-28 12:15:11 +00:00
Ben Alex
489c941101
Improved detection of invalid parameters in constructors.
2004-03-28 12:14:11 +00:00
Ben Alex
3179f5f1e7
Fixed support for lowercase usernames and passwords.
2004-03-28 12:10:23 +00:00
Ben Alex
1573491fbe
Changed no-arg constructor to a form more suitable for unit testing.
2004-03-28 12:09:35 +00:00
Ben Alex
cab961bfa6
Enhanced equals() method.
2004-03-28 12:08:20 +00:00
Ben Alex
cff8894b99
Changed interface to extend Context. This provides interface-level compatibility with objects requiring a Context, rather than requiring implementations to also implement Context.
2004-03-28 12:07:34 +00:00
Ben Alex
c5951ff1c0
Changed no-arg constructor to a form more suitable for unit testing.
2004-03-28 12:02:41 +00:00
Ben Alex
3fa1534c94
Added license information.
2004-03-28 11:58:37 +00:00
Ben Alex
4b1e738bb5
Minor formatting changes.
2004-03-28 11:57:55 +00:00
Ben Alex
8d24027443
Added debug statement at commencement of interception and additional comment re ContextHolder.
2004-03-28 11:56:32 +00:00
Ben Alex
cf043ad35f
Numerous formatting changes, and methods to facilitate unit testing.
2004-03-28 11:54:10 +00:00
Ben Alex
dc6357d504
Improved JavaDocs.
2004-03-28 11:51:23 +00:00
Ben Alex
22b8be49f0
Changed no-arg constructor to a form more suitable for unit testing. Also added an equals() method.
2004-03-28 11:49:24 +00:00
Ben Alex
dcf78213a3
Corrected @author tag.
2004-03-28 11:48:35 +00:00
Ben Alex
4124b1c298
Changed internals to use list instead of set, to preserve element ordering.
2004-03-28 11:44:02 +00:00
Ben Alex
fe379d9712
Initial commit.
2004-03-28 11:41:20 +00:00
Ben Alex
6c5a5cd311
No longer required.
2004-03-28 11:40:29 +00:00
Ben Alex
8808f5e8dd
Expanded unit test coverage.
2004-03-28 11:39:38 +00:00
Ben Alex
6038d56ece
Expanded unit test coverage, moving relevant methods to AbstractAdapterAuthenticationTokenTests.
2004-03-28 11:35:35 +00:00
Ben Alex
bc847f564f
Expanded unit test coverage.
2004-03-28 11:31:22 +00:00
Ben Alex
6a2870d8f0
No longer required.
2004-03-28 11:29:10 +00:00
Ben Alex
ab01d829c5
Initial commit.
2004-03-27 00:46:50 +00:00
Ben Alex
14f27ae683
Make compatible with interface changes to aopalliance.jar.
2004-03-27 00:44:27 +00:00
Ben Alex
e3dc29ae96
No longer required.
2004-03-27 00:43:12 +00:00
Ben Alex
94e384b944
Expand test coverage.
2004-03-26 13:17:48 +00:00
Ben Alex
e153a54406
Expand test coverage.
2004-03-26 12:20:54 +00:00
Ben Alex
02559344bc
Expand test coverage.
2004-03-26 12:02:30 +00:00
Ben Alex
1a040c7ddf
Made no arg constructor protected to enable unit test coverage.
2004-03-26 11:51:47 +00:00
Ben Alex
b4273c62b7
Expand test coverage.
2004-03-26 11:49:43 +00:00
Ben Alex
a8c9b2c96f
No longer required.
2004-03-26 11:18:44 +00:00
Ben Alex
22272223d2
Initial commit.
2004-03-26 11:12:54 +00:00
Ben Alex
f7a82c29b3
Expand test coverage.
2004-03-26 11:12:08 +00:00
Ben Alex
b485c40175
Improve JavaDocs.
2004-03-26 11:05:55 +00:00
Ben Alex
a9569a2f60
Added equals() method.
2004-03-26 11:05:10 +00:00
Ben Alex
ae434bd8b3
Initial commit.
2004-03-26 11:03:36 +00:00
Francois Beausoleil
1e4c234ea7
* src/net/sf/acegisecurity/adapters/AutoIntegrationFilter.java:
...
Use reflection instead of hard-coding the values to determine
if we should integrate with a specific container implementation.
2004-03-24 18:33:19 +00:00
Francois Beausoleil
36a955e197
* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java:
...
Removed testUsesAllAuthoritiesToDetermineAccess(), because it wasn't
asserting anything. Needs to be rewritten.
2004-03-23 17:33:47 +00:00
Francois Beausoleil
d8275171e4
* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java:
...
Bring Clover coverage to 100% by adding a single test.
2004-03-23 17:28:10 +00:00
Ben Alex
c3507b26c9
Change to Apache License version 2.0.
2004-03-23 04:44:48 +00:00
Ben Alex
47a2d03429
Added tearDown() method to clear ContextHolder.
2004-03-23 00:35:43 +00:00
Francois Beausoleil
48b21524ed
* build.xml:
...
Modified to create an acegi-taglib.jar.
* project.properties:
Added new property to build acegi-taglib.jar.
* src/net/sf/acegisecurity/taglibs/authz.tld:
Declare the Acegi Security authz tag library.
* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java,
test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagAttributeTests.java:
A set of tests that force the creation of a javax.servlet.jsp.Tag
implementation that authorizes the output of the tag's body if the
request's principal has or doesn't have certain authorities.
* src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java:
New class. Implements AuthorizeTagTests and
AuthorizeTagAttributeTests.
2004-03-22 16:42:53 +00:00
Ben Alex
35fe1e7b73
Initial commit.
2004-03-16 23:57:17 +00:00