90d6ff1fde
SEC-1406: Create a DelegatingAuthenticationEntryPoint
2010-02-11 13:19:16 +01:00
d32b078a8c
SEC-1406: Create a DelegatingAuthenticationEntryPoint
2010-02-11 09:05:28 +01:00
e678ba7283
Improvements to itest-web subproject.
...
Added to gradle build. Updated deps (testng and jwebunit). New test added for persistent remember-me.
2010-02-11 01:48:21 +00:00
70ef0d8b3e
Added extra test to itest/context as POC of using extra interceptor with http ns.
2010-02-11 01:48:00 +00:00
23511c930f
Standardising slf4j versions.
2010-02-11 01:33:31 +00:00
017dad8f5d
Added support for fop extensions in PDF generation.
2010-02-11 00:19:18 +00:00
2173029216
SEC-1404: Use a factory method to convert the path to lower case for use in the filter-chain map.
...
Delays the conversion till after palceholders have been substituted, preventing the placeholder from being converted (or the value not being converted).
2010-02-10 23:49:26 +00:00
d2413cf237
SEC-1406: Create a DelegatingAuthenticationEntryPoint
2010-02-10 21:25:23 +01:00
5753d69465
SEC-1404: Updated test for placeholders in intercept-url elements to check they work for filter='none' elements
2010-02-10 16:49:53 +00:00
81657d0efc
SEC-1403: Corrected interface name.
2010-02-10 15:24:46 +00:00
08c7155ab5
SEC-1404: Refactored IP subnet matching into IpAddressMatcher class to allow it to be used outside expressions.
2010-02-10 15:06:01 +00:00
1ecd3e228b
SEC-1405: added RequestMatcher interface.
2010-02-10 14:34:14 +00:00
2f40088fe7
Change spring-aop dep to compile scope in contacts sample
2010-02-08 12:34:19 +00:00
15c309a2ed
Add spring-aop to acl and contacts compile dependencies following changes for SEC-1390.
...
AopInfrastructureBean interface is now required.
2010-02-06 21:22:12 +00:00
f54831f2b5
SEC-1398: Minor changes to method security annotation information in namespace chapter.
...
Added some explanation of the different annotation types and their suitability.
2010-02-06 18:03:05 +00:00
67c9a0b78d
SEC-1389: Added "iterations" property to BaseDigestpasswordEncoder to support "stretching" of passwords.
2010-02-06 17:34:07 +00:00
bd2fd3448b
SEC-1392: Mark PermissionEvaluator and MethodSecurityExpressionHandler as AopInfrastructure beans to prevent them being advised and causing premature use of MethodSecurityMetadataSource before it is initialized properly.
2010-02-06 15:42:01 +00:00
984604b026
SEC-1384: Removed check for empty authority list from DefaultWebInvocationPrivilegeEvaluator.
...
The class previously rejected access if the user had no authorities. It will now allow the AccessDecisionManager to make the decision.
2010-02-06 14:38:44 +00:00
8720966d20
SEC-1390: Added null check on claimedIdentifier returned by DiscoveryInformation to prevent NPE.
2010-02-06 14:38:44 +00:00
b1243416fc
Minor corrections to aspectj interceptor docs
2010-02-05 20:24:05 +00:00
38837775a5
Minor corrections to aspectj interceptor docs.
2010-02-05 17:10:27 +00:00
10d787ede2
Javadoc corrections to SessionRegistryImpl
2010-02-03 23:49:36 +00:00
c4d2f59eec
SEC-1381: Update source repo information in docs to point to git rather than subversion.
2010-01-27 01:37:45 +00:00
912e7976da
Added doc upload capability to build.
2010-01-23 02:12:31 +00:00
dcf9ea25a6
Updated access-decision and after-invocation diagrams in manual.
2010-01-23 02:12:30 +00:00
0974e21fb6
SEC-1379: Added creation of a session if session timeout is detected (requested session ID is invalid).
...
This prevents problems with repeated detection of the same invalid session when the redirected request comes in.
2010-01-23 02:12:30 +00:00
d931495c8a
SEC-1380: Trim whitespace from config attributes when building a list in SecurityConfig.
2010-01-23 02:12:30 +00:00
04447bdbf0
SEC-1377: Extended HTML escaping functionality to take account of control characters, whitespace and to handle Unicode supplementary characters (surrogate pairs).
2010-01-22 01:55:13 +00:00
dbf673ec37
Build updates to include uploading of distro and docs, plus addition of admon graphics path to docbook plugin.
2010-01-21 20:12:12 +00:00
9734e4c82f
Added generation of sha1 of distro archive to build.
2010-01-21 20:00:17 +00:00
56849dc41e
Added tasks for apidocs, doc and distro archive generation to the build file.
2010-01-21 19:59:48 +00:00
10cd080090
SEC-1356: Update createUser method in LdapUserDetailsManager to create the LDAP entry before adding authorities. Prevents removal of authorities for an existing user.
2010-01-20 18:51:29 +00:00
0c10efbbf8
Revert SEC-1356.
...
Checking the path of a submitted cookie will never work as the path is not sent by the browser, so will be null.
2010-01-19 22:26:21 +00:00
1a7f71fc0f
SEC-1372: Return an empty list rather than null from SessionRegistryImpl.getAllSessions()
...
If the principal has no sessions, null is returned which contradicts the interface contract. In practice it didn't matter as the null was checked for, but it is cleaner to disallow a null value.
2010-01-19 01:07:33 +00:00
8137a8bcd0
Enabled detection of release builds and s3 maven deployment capability to gradle build.
...
The s3 deployment requires an updated snapshot of the spring aws-maven dependency, as the old one was incompatible with changes in the latest version (1.0-beta6) of the Maven "wagon" api.
2010-01-18 02:02:28 +00:00
a5dde8b28f
Updated doc on invalid session detection.
...
Invalid session URL must typically be omitted from the filter chain to prevent an infinite loop.
2010-01-17 14:41:24 +00:00
51dfc0fb39
Set versions to 3.0.2-CI-SNAPSHOT, post release.
2010-01-15 18:15:19 +00:00
05634f97dc
Updated version numbers for 3.0.1 release.
2010-01-15 18:04:28 +00:00
e1d41177bb
Update docbook plugin use to new gradle 0.9+ syntax.
2010-01-14 15:49:05 +00:00
81f91d28eb
Add docbook note and tip images.
2010-01-14 15:48:36 +00:00
670297c55d
SEC-1369: Make sure beans aren't registered twice in case allowBeanDefinitionOverriding=false in the app context.
...
The use of registerBeanComponent() also registers the bean definition, which causes an error if overriding is disallowed and the bean has already been registered using registerBeanDefinition(). I've also set the allowBeanDefinitionOverriding to 'false' on InMemoryXmlApplicationContext to detect future mistakes of this kind in testing.
2010-01-14 15:48:14 +00:00
0f90e69004
SEC-1362: Updated French messages translation.
2010-01-13 15:37:18 +00:00
a9567a58d8
SEC-1359,SEC-1360,SEC-1361,SEC-1363,SEC-1364,SEC-1365,SEC-1366,SEC-1367: Minor doc and Javadoc typos.
2010-01-13 15:36:58 +00:00
3a8daa1bf4
Gradle build improvements.
...
Added generation of source archives and trial support for maven deployment and pom generation, with "provided" configuration mapped to "provided" scope.
2010-01-13 00:44:05 +00:00
f62d97b092
SEC-1356: Fix broken tests.
...
Test cookies now require that the path be set in order for them to be recognised for auto-login purposes..
2010-01-12 01:32:02 +00:00
6eff4d90b7
SEC-1356: Modify AbstractRememberMeService to check the cookie path as well as the name when extracting it from the incoming request.
...
This makes things consistent with the cookie setting methods. If someone wants to share a cookie between multiple applications then they should modify the cookie extraction and setting methods to use a less-specific path.
2010-01-12 00:49:53 +00:00
d900829921
Added bundlor and maven support to gradle build
2010-01-12 00:35:20 +00:00
fa42d9d5ec
Fix taglibs template.mf
...
Was missing sub-packages of org.sfw.security.acls.
2010-01-12 00:33:20 +00:00
2023ca283e
SEC-1358: Support empty context path in DefaultWebInvocationPrivilegeEvaluator
...
This class was failing when an application was deployed at the root context because of an assertion which checked that the contexPath was not empty. An empty context path doesn't actually cause problems for the class so I've removed the assertion.
2010-01-12 00:30:27 +00:00
b323098167
Added gradle build files for taglibs, tutorial, contacts and openid.
...
Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).
2010-01-10 23:31:23 +00:00
Mike Wiesner
Luke Taylor