Luke Taylor
|
5546698fef
|
SEC-1253: Decouple spring-security-config module from spring-security-web. Added ClassUtils.isPresent() check for FilterChainProxy before attempting to register web-related parsers and decorators. Added use of namespace to dms sample for testing.
|
2009-11-17 23:39:42 +00:00 |
|
Luke Taylor
|
66b1b1957c
|
SEC-1298: Deleted custom-filter BeanDefinitionDecorator
|
2009-11-17 21:36:11 +00:00 |
|
Luke Taylor
|
3444b31615
|
SEC-1291: Add logout namespace support for custom success handler. Added attribute "success-handler-ref" to <logout> element in namespace.
|
2009-11-17 17:29:43 +00:00 |
|
Luke Taylor
|
9eae7b899c
|
SEC-1284: Added proxy-target-class attribute to method security namespace
|
2009-11-17 16:19:05 +00:00 |
|
Luke Taylor
|
afdd80235c
|
SEC-1272: <authentication-manager> does not register default event handler DefaultAuthenticationEventPublisher. Fixed Spring RC1 - RC2 regression problem with test (addApplicationListener() behaviour has changed).
|
2009-11-17 14:34:43 +00:00 |
|
Luke Taylor
|
d4d5012035
|
SEC-1272: <authentication-manager> does not register default event handler DefaultAuthenticationEventPublisher. Update AuthenticationManagerBeanDefinitionParser to register a DefaultAuthenticationeventPublisher and set it on the registered ProviderManager.
|
2009-11-17 12:55:53 +00:00 |
|
Luke Taylor
|
a2468c523a
|
SEC-1283: AuthenticationConfigBuilder.createAnonymousFilter uses httpElt instead of anonymousElt. Corrected element name.
|
2009-11-04 17:39:26 +00:00 |
|
Luke Taylor
|
197737a2b4
|
SEC-1281: make sure correct 'key' value is used for RememberMeAuthenticationProvider when external RememberMeServices is used
|
2009-11-04 14:55:58 +00:00 |
|
Luke Taylor
|
799b96520b
|
SEC-1269: Combining <form-login> and <open-id> fails to find entry point. Fixed entry point choice conditions when using openID and/or form-login
|
2009-10-14 00:30:28 +00:00 |
|
Luke Taylor
|
3f963ef8ca
|
Restore versions and svn URLs in trunk (release plugin fail)
|
2009-10-11 21:59:38 +00:00 |
|
Luke Taylor
|
af563e826c
|
[maven-release-plugin] prepare release spring-security-3.0.0.RC1
|
2009-10-11 21:43:42 +00:00 |
|
Luke Taylor
|
73df14c912
|
Allow any ordering of authentication-provider elements within authentication-manager
|
2009-10-11 19:58:04 +00:00 |
|
Luke Taylor
|
ed2ddf9323
|
SEC-1263: Add FactoryBean for namespace AuthenticationManager. <http> now uses AuthenticationManagerFactoryBean. Method security already uses a delegate object to lookup the AuthenticationManager. This now uses the same error message if the bean isn't found, rather than allowing the BeanFactory NoSuchBeanDefinitionException to be thrown directly.
|
2009-10-09 14:41:34 +00:00 |
|
Luke Taylor
|
ac5237c127
|
SEC:1263: Added FactoryBean for AuthenticationManager
|
2009-10-09 12:11:45 +00:00 |
|
Luke Taylor
|
e398922f85
|
Removing elements that are no longer supported from the namespace
|
2009-10-08 14:40:52 +00:00 |
|
Luke Taylor
|
80eb47c6fe
|
SEC-1261: Convert FilterChainOrder to an enum (SecurityFilters).
|
2009-10-08 13:18:32 +00:00 |
|
Luke Taylor
|
4dcb9de67a
|
SEC-1257: Some additional API changes to use Collection instead of List...
|
2009-10-07 21:08:20 +00:00 |
|
Luke Taylor
|
1286741c7c
|
SEC-1259: Improve consistency of authentication filter names.
|
2009-10-07 14:43:55 +00:00 |
|
Luke Taylor
|
f213cc5d9e
|
SEC-1257: APIs using List<ConfigAttribute> should use a Collection instead. Converted.
|
2009-10-06 19:46:44 +00:00 |
|
Luke Taylor
|
5d486a51b6
|
SEC-1256: Added support for expression attributes in filter-security-metadata-source configuration.
|
2009-10-06 16:39:56 +00:00 |
|
Luke Taylor
|
07d7c0ddae
|
Renamed form and openID filters to shorten names
|
2009-10-05 17:33:34 +00:00 |
|
Luke Taylor
|
1042305cfe
|
Renamed web.wrapper to web.servletapi. Added some package.html files.
|
2009-10-05 16:59:37 +00:00 |
|
Luke Taylor
|
673cf300fb
|
SEC-1229: Refactoring to remove package cycles.
|
2009-10-05 16:40:32 +00:00 |
|
Luke Taylor
|
acf13c74ca
|
SEC-1229: Refactored authentication.concurrent in core, moving classes into core.session
|
2009-10-05 15:51:00 +00:00 |
|
Luke Taylor
|
2b89ebdfbb
|
SEC-1229: Further doc and mods to namespace config/naming to make it more consistent
|
2009-10-03 16:08:51 +00:00 |
|
Luke Taylor
|
073198886d
|
SEC-1255: Modified UrlUtils. Full request URL for redirects uses the requestURI (which is encoded). The URL for path comparsions is built using the servletpath, as before.
|
2009-10-02 17:29:43 +00:00 |
|
Luke Taylor
|
c34d719004
|
SEC-1252: Remove 2.0.x schemas from 3.0. Removed files and updated spring.schemas to remove 2.0.x versions
|
2009-09-29 17:56:01 +00:00 |
|
Luke Taylor
|
2a1430f1ce
|
SEC-1229: Removed legacy concurrency classes
|
2009-09-29 16:18:25 +00:00 |
|
Luke Taylor
|
ebada9fd12
|
SEC-1229: Added support for parsing error URL in session-management
|
2009-09-29 16:17:05 +00:00 |
|
Luke Taylor
|
203cc5a8dc
|
SEC-1229: Added error-url to concurrency-control element and changed "exception-if-max-exceeded" to "error-if-max-exceeded"
|
2009-09-29 16:16:06 +00:00 |
|
Luke Taylor
|
7109b7e183
|
Import cleaning.
|
2009-09-29 00:30:29 +00:00 |
|
Luke Taylor
|
aa153681bf
|
SEC-1229: Added session-management element to namespace and refactored existing session-related attributes and concurrency control. Refactored <http> parsing code to split it up into more manageable units.
|
2009-09-29 00:29:09 +00:00 |
|
Luke Taylor
|
731402e9f5
|
SEC-525: [PATCH] Add AccessCheckerTag based on URL resource access permissions. Added functionality to "authorize" tag to allow evaluation of whether a particual url is accessible to the user. Uses a WebInvocationPrivilegeEvaluator registered in the application context.
|
2009-09-16 00:23:13 +00:00 |
|
Luke Taylor
|
71ab83255d
|
SEC-1242: Check that RememberMeServices is an instance of AbstractRememberMeServices before attempting to inject a UserDetailsService.
|
2009-09-11 21:10:16 +00:00 |
|
Luke Taylor
|
fa7404741b
|
SEC-1167: Introduce more flexible SavedRequest handling. Add namespace support for a custom RequestCache through the request-cache element.
|
2009-09-09 21:40:12 +00:00 |
|
Luke Taylor
|
aec730ae7e
|
SEC-1238: Disable portlet module
|
2009-09-09 20:03:00 +00:00 |
|
Luke Taylor
|
6640eab9dc
|
SEC-1240: Added {ssha} support to PasswordEncoderParser.
|
2009-09-09 12:12:29 +00:00 |
|
Luke Taylor
|
d099d14e9b
|
SEC-1235: Added test to attempt to verify (failed to reproduce).
|
2009-09-05 14:14:12 +00:00 |
|
Luke Taylor
|
8632946f30
|
SEC-1213: Added "order" atrribute to global-method-security
|
2009-09-04 15:54:42 +00:00 |
|
Luke Taylor
|
245fc96137
|
SEC-1075: Update the embedded LDAP server to use Apache DS 1.5. Updated to use the new 1.5.5 release for the embedded server.
|
2009-09-01 23:21:44 +00:00 |
|
Luke Taylor
|
2039200617
|
SEC-1217: AbstractRememberMeServices should set 'secure' attribute on remember-me cookie if in secure context. Added "useSecureCookie" configuration property and corresponding use-secure-cookie attribute in namespace.
|
2009-09-01 16:08:20 +00:00 |
|
Luke Taylor
|
dbcb13ad14
|
SEC-1229: Redesign Concurrent Session Control implementation. Renamed session strategy interface and introduced SessionAuthenticationException for rejection of session/Authentication combination.
|
2009-08-31 22:48:49 +00:00 |
|
Luke Taylor
|
0d7b990e0a
|
SEC-1184: Moved ACL cache classes and interface out of jdbc package.
|
2009-08-31 22:15:37 +00:00 |
|
Luke Taylor
|
471206a29d
|
SEC-1229: Redesign Concurrent Session Control implementation. Added ConcurrentSessionControlAuthenticatedSessionStrategy
|
2009-08-27 10:43:01 +00:00 |
|
Luke Taylor
|
fe33f08b73
|
SEC-1201: Allow requires-channel attribute to take placeholders.
|
2009-08-23 16:42:06 +00:00 |
|
Luke Taylor
|
00352227ac
|
Tidying.
|
2009-08-23 16:03:40 +00:00 |
|
Luke Taylor
|
ea01e9cdf7
|
SEC-1201: PropertyPlaceholderConfigurer does not work for intercept-url attributes. Ensure that channel processing handles paths which are placeholders.
|
2009-08-23 15:57:59 +00:00 |
|
Luke Taylor
|
9bf8656d66
|
SEC-1201: PropertyPlaceholderConfigurer does not work for intercept-url attributes. Added use of ManagedMaps and BeanDefinitions to support placeholders in the pattern and access attributes.
|
2009-08-22 21:09:34 +00:00 |
|
Luke Taylor
|
579644fa95
|
SEC-1225: Use bean references for authentication providers. Updated AuthenticationManagerBDP to regsiter the providers as top level beans.
|
2009-08-22 12:37:14 +00:00 |
|
Luke Taylor
|
24911eb606
|
Corrected links in manual, comment in schema file.
|
2009-08-22 01:54:31 +00:00 |
|
Luke Taylor
|
5a8772df5b
|
Reset pom versions post release
|
2009-08-21 12:02:49 +00:00 |
|
Luke Taylor
|
0e5aa7008d
|
[maven-release-plugin] prepare release spring-security-3.0.0.M2
|
2009-08-20 15:51:26 +00:00 |
|
Luke Taylor
|
48988bde84
|
SEC-935: Support for OpenID attribute exchange and changes to namespace syntax to allow simple configuration of attributes to request.
|
2009-08-13 23:55:25 +00:00 |
|
Luke Taylor
|
f536c80020
|
SEC-1202: Removed SpringSecurityFilter and replaced with use of GenericFilterBean from spring-web
|
2009-08-10 14:18:18 +00:00 |
|
Luke Taylor
|
966f3e4101
|
SEC-1182: Added tst to confirm that this is no longer an issue due to other changes
|
2009-08-10 11:32:02 +00:00 |
|
Luke Taylor
|
b4bb489638
|
SEC-1164: Further registering on bean components for tooling and removal of global ids.
|
2009-08-08 21:08:12 +00:00 |
|
Luke Taylor
|
b387d63aba
|
Removing unnecessary global bean names.
|
2009-08-08 18:57:51 +00:00 |
|
Luke Taylor
|
a67448c867
|
SEC-1216: Remove unused code.
|
2009-08-08 18:51:15 +00:00 |
|
Luke Taylor
|
229866e293
|
SEC-1142: Support for session timeout detection. Added namespace support for invalid-session-url
|
2009-08-07 23:57:10 +00:00 |
|
Luke Taylor
|
0f6642d3ab
|
SEC-1216: Replacement of custom-after-invocation-provider with after-invocation-provider element. Some changes to help prevent proxying of aop infrastructure classes (use of AopInfrastructureBean marker interface)
|
2009-08-04 00:18:07 +00:00 |
|
Luke Taylor
|
eaa0dc4fce
|
typo
|
2009-08-03 16:30:26 +00:00 |
|
Luke Taylor
|
e40b9fbc75
|
SEC-1196: Introduce AuthenticationManagerDelegator is MethodSecurityInterceptor which is configured by global-method-security. Prevents regression of SEC-933 caused by eager init of AuthenitcationManager and dependent beans
|
2009-08-03 01:44:49 +00:00 |
|
Luke Taylor
|
997faabe1e
|
SEC-1196: Removed ConfigUtils (no longer used).
|
2009-08-03 00:22:47 +00:00 |
|
Luke Taylor
|
5953af0f6b
|
SEC-1196: Change use of <authentication-manager> to actually register the global ProviderManager instance. This element now registers the global ProviderManager instance and must contain any authentication-provider elements (or ldap-authentication-provider elements).
|
2009-08-03 00:21:11 +00:00 |
|
Luke Taylor
|
c5d6484b54
|
SEC-1210: RememberMe filter misses UserDetailsService in default <http /> tag config when it is declared in parent app context. Fixed by getting the UserDetailsServiceInjectionPostProcessor to check ancestor bean factories for a UserDetailsService if one isn't found in the current bean factory.
|
2009-07-31 19:40:20 +00:00 |
|
Luke Taylor
|
160aa512a1
|
Remove "infrastructure" type from authentication provider bean.
|
2009-07-31 19:38:16 +00:00 |
|
Luke Taylor
|
6ae61f95db
|
Minor updates to test XML context implementation.
|
2009-07-31 19:37:05 +00:00 |
|
Luke Taylor
|
a4a0aab66f
|
SEC-1164: Add additional component definitions so that Spring IDE picks them up and doesn;t report missing bean definitions
|
2009-07-31 00:18:16 +00:00 |
|
Luke Taylor
|
5d5df0c63d
|
Added extra 'manual' security interceptor config
|
2009-07-29 16:08:04 +00:00 |
|
Luke Taylor
|
3e6054b69f
|
SEC-1211: Rename SessionFixationProtectionFilter to SessionManagementFilter, since it no longer performs session-fixation protection directly, but just executes the AuthenticatedSessionStrategy.
|
2009-07-29 00:52:30 +00:00 |
|
Luke Taylor
|
609a68b12a
|
SEC-1077: Added DefaultAuthenticatedSessionStrategy test to check that saved request attribute is retained when migrateAttributes is false.
|
2009-07-28 23:47:26 +00:00 |
|
Luke Taylor
|
db90122179
|
SEC-1211: Create strategy for session handling on successful authentication. Added AuthenticatedSessionStrategy interface and default implementation which encapsulates the functionality that was previously in SessionFixationProtectionFilter and AbstractAuthentictationProcessingFilter. Updated the namespace to make use of these.
|
2009-07-28 18:00:24 +00:00 |
|
Luke Taylor
|
931cf90dbb
|
SEC-1203: Allow configuration of X509 subject-dn-regex attribute using PropertyPlaceholderConfigurer. Modified parser to use a BeanDefinition for the SubjectPrincipalDnExtractor to allow property subsititution.
|
2009-07-21 00:14:57 +00:00 |
|
Luke Taylor
|
8b115e2a21
|
SEC-1167: Added setRequestCache to SavedRequestAwareAuthenticationSuccessHandler and updated namespace parsing to set PortResolver on created HttpRequestCache.
|
2009-07-20 22:52:48 +00:00 |
|
Luke Taylor
|
f404bb3d74
|
SEC-1167: Introduce more flexible SavedRequest handling. Separated the concept of SavedRequest from SecurityContextHolderAwareFilter since the two are orthogonal requirements. This no longer takes a wrapper class property or uses reflection. SavedRequest functionality is accessed through the RequestCache interface, with the default implementation being HttpSessionRequestCache. A separate filter RequestCacheAwareFilter is now responsible for reconstituting the SavedRequest if it matches the current request. The functionality for matching and returning the wrapper is contained in the RequestCache method though.
|
2009-07-20 22:34:40 +00:00 |
|
Luke Taylor
|
491837ae34
|
SEC-1197: Moved support from session-controller-ref from authentication-manager to concurrent-session-control element. Plus refactoring of config classes into separate packages.
|
2009-07-17 23:36:35 +00:00 |
|
Luke Taylor
|
1afa67c954
|
SEC-1195: Added internal AuthenticationManager for use by beans which are generated by the <http> block.
|
2009-07-15 23:09:47 +00:00 |
|
Luke Taylor
|
6346e31517
|
SEC-1195: Change <http> parsing behaviour to use an internal AuthenticationManager instance. Implemented "parent" AuthenticationManager in ProviderManager which is delegated to when no authentication is returned by the instances list of authentication providers. Extracted the Authentication success/failure publishing into a separate strategy.
|
2009-07-15 01:28:28 +00:00 |
|
Luke Taylor
|
d59bdc0cbc
|
Reducing use of global bean Ids as part of SEC-1186
|
2009-07-08 23:54:26 +00:00 |
|
Luke Taylor
|
7622dfe092
|
SEC-1194: Added support for services-alias to remember-me
|
2009-07-08 23:53:47 +00:00 |
|
Luke Taylor
|
d02bbbf560
|
import cleaning.
|
2009-07-08 17:17:45 +00:00 |
|
Luke Taylor
|
43dab4c3b3
|
SEC-1186: Additional changes to remove custom-filter decorator functionality.
|
2009-07-08 16:50:47 +00:00 |
|
Luke Taylor
|
abddcb044a
|
SEC-1186: Remove functionality from CustomFilterBeanDefinitionDecorator and report a warning instead.
|
2009-07-08 16:49:30 +00:00 |
|
Luke Taylor
|
b3366a1646
|
SEC-1186: Tidying up changes to http parsing
|
2009-07-08 16:19:26 +00:00 |
|
Luke Taylor
|
eae670269d
|
Tidying
|
2009-07-06 10:33:57 +00:00 |
|
Luke Taylor
|
853b4c8753
|
SEC-1186: Make sure an Element is always supplied when registering the AuthenticationManager. Fixes broken tests.
|
2009-06-28 13:36:54 +00:00 |
|
Luke Taylor
|
d5bf5d7adc
|
SEC-1186: validator for filter chain beans
|
2009-06-26 12:47:03 +00:00 |
|
Luke Taylor
|
8ddd96af2b
|
SEC-1186: intermediate commit of namespace changes for improved tooling support
|
2009-06-26 12:44:46 +00:00 |
|
Luke Taylor
|
f6e2e36346
|
Remove use of property editor internally.
|
2009-06-18 23:37:36 +00:00 |
|
Luke Taylor
|
074fa7d629
|
SEC-1186: Refactoring to bring all filter registrations into the HttpBDP parse method in preparation for building the filter chain and map at that point, rather than in a post-processor
|
2009-06-18 22:33:16 +00:00 |
|
Luke Taylor
|
37d3401d0c
|
SEC-1016: Rollback changes.
|
2009-06-14 21:10:02 +00:00 |
|
Luke Taylor
|
a963be4719
|
SEC-1095: Register AuthenticationManager from GlobalMethodSecurityBDP.
|
2009-06-09 01:38:53 +00:00 |
|
Luke Taylor
|
0473cfbfc0
|
SEC-1137: Added support for an external UserDetailsContextMapper using the attribute user-context-mapper-ref.
|
2009-06-08 23:35:05 +00:00 |
|
Luke Taylor
|
bfa2806034
|
Add component definition registration for tooling.
|
2009-06-08 22:27:55 +00:00 |
|
Luke Taylor
|
aa511bb1f4
|
SEC-1175: Changed default anonymous username to match that in the schema docs.
|
2009-06-08 13:09:07 +00:00 |
|
Luke Taylor
|
66f7e8bcc8
|
SEC-1168: Added filter-security-metadat-source to namespace.
|
2009-06-08 12:59:13 +00:00 |
|
Luke Taylor
|
9993a7f6e4
|
Added newlines to filter list to test use of xsd:token.
|
2009-05-31 21:28:16 +00:00 |
|
Luke Taylor
|
545550bb0c
|
Made ApacheDS deps optional
|
2009-05-27 02:15:45 +00:00 |
|
Luke Taylor
|
131ba5c62e
|
Reset poms to 3.0.0.CI-SNAPSHOT after tagging M1 release
|
2009-05-27 00:12:30 +00:00 |
|
Luke Taylor
|
e2c218e8c9
|
[maven-release-plugin] prepare release spring-security-3.0.0.M1
|
2009-05-26 23:44:11 +00:00 |