131 Commits

Author	SHA1	Message	Date
Luke Taylor	eddde8ea28	SEC-1309: Namespace configurations should support Spring EL. Removed premature conversion of URL paths to lower case, which messes up if they are case-sensitive expressions or placeholders. Some other minor changes to suppport EL configuration.	2009-12-01 14:23:58 +00:00
Luke Taylor	e9402fa0f9	Removed commented deps from pom.	2009-11-24 09:34:05 +00:00
Luke Taylor	69699431b1	SEC-1303: Added internal Hex and Base64 classes, and moved commons-codec dependency to test scope	2009-11-24 09:31:03 +00:00
Luke Taylor	5546698fef	SEC-1253: Decouple spring-security-config module from spring-security-web. Added ClassUtils.isPresent() check for FilterChainProxy before attempting to register web-related parsers and decorators. Added use of namespace to dms sample for testing.	2009-11-17 23:39:42 +00:00
Luke Taylor	66b1b1957c	SEC-1298: Deleted custom-filter BeanDefinitionDecorator	2009-11-17 21:36:11 +00:00
Luke Taylor	3444b31615	SEC-1291: Add logout namespace support for custom success handler. Added attribute "success-handler-ref" to <logout> element in namespace.	2009-11-17 17:29:43 +00:00
Luke Taylor	9eae7b899c	SEC-1284: Added proxy-target-class attribute to method security namespace	2009-11-17 16:19:05 +00:00
Luke Taylor	afdd80235c	SEC-1272: <authentication-manager> does not register default event handler DefaultAuthenticationEventPublisher. Fixed Spring RC1 - RC2 regression problem with test (addApplicationListener() behaviour has changed).	2009-11-17 14:34:43 +00:00
Luke Taylor	d4d5012035	SEC-1272: <authentication-manager> does not register default event handler DefaultAuthenticationEventPublisher. Update AuthenticationManagerBeanDefinitionParser to register a DefaultAuthenticationeventPublisher and set it on the registered ProviderManager.	2009-11-17 12:55:53 +00:00
Luke Taylor	a2468c523a	SEC-1283: AuthenticationConfigBuilder.createAnonymousFilter uses httpElt instead of anonymousElt. Corrected element name.	2009-11-04 17:39:26 +00:00
Luke Taylor	197737a2b4	SEC-1281: make sure correct 'key' value is used for RememberMeAuthenticationProvider when external RememberMeServices is used	2009-11-04 14:55:58 +00:00
Luke Taylor	799b96520b	SEC-1269: Combining <form-login> and <open-id> fails to find entry point. Fixed entry point choice conditions when using openID and/or form-login	2009-10-14 00:30:28 +00:00
Luke Taylor	3f963ef8ca	Restore versions and svn URLs in trunk (release plugin fail)	2009-10-11 21:59:38 +00:00
Luke Taylor	af563e826c	[maven-release-plugin] prepare release spring-security-3.0.0.RC1	2009-10-11 21:43:42 +00:00
Luke Taylor	73df14c912	Allow any ordering of authentication-provider elements within authentication-manager	2009-10-11 19:58:04 +00:00
Luke Taylor	ed2ddf9323	SEC-1263: Add FactoryBean for namespace AuthenticationManager. <http> now uses AuthenticationManagerFactoryBean. Method security already uses a delegate object to lookup the AuthenticationManager. This now uses the same error message if the bean isn't found, rather than allowing the BeanFactory NoSuchBeanDefinitionException to be thrown directly.	2009-10-09 14:41:34 +00:00
Luke Taylor	ac5237c127	SEC:1263: Added FactoryBean for AuthenticationManager	2009-10-09 12:11:45 +00:00
Luke Taylor	e398922f85	Removing elements that are no longer supported from the namespace	2009-10-08 14:40:52 +00:00
Luke Taylor	80eb47c6fe	SEC-1261: Convert FilterChainOrder to an enum (SecurityFilters).	2009-10-08 13:18:32 +00:00
Luke Taylor	4dcb9de67a	SEC-1257: Some additional API changes to use Collection instead of List...	2009-10-07 21:08:20 +00:00
Luke Taylor	1286741c7c	SEC-1259: Improve consistency of authentication filter names.	2009-10-07 14:43:55 +00:00
Luke Taylor	f213cc5d9e	SEC-1257: APIs using List<ConfigAttribute> should use a Collection instead. Converted.	2009-10-06 19:46:44 +00:00
Luke Taylor	5d486a51b6	SEC-1256: Added support for expression attributes in filter-security-metadata-source configuration.	2009-10-06 16:39:56 +00:00
Luke Taylor	07d7c0ddae	Renamed form and openID filters to shorten names	2009-10-05 17:33:34 +00:00
Luke Taylor	1042305cfe	Renamed web.wrapper to web.servletapi. Added some package.html files.	2009-10-05 16:59:37 +00:00
Luke Taylor	673cf300fb	SEC-1229: Refactoring to remove package cycles.	2009-10-05 16:40:32 +00:00
Luke Taylor	acf13c74ca	SEC-1229: Refactored authentication.concurrent in core, moving classes into core.session	2009-10-05 15:51:00 +00:00
Luke Taylor	2b89ebdfbb	SEC-1229: Further doc and mods to namespace config/naming to make it more consistent	2009-10-03 16:08:51 +00:00
Luke Taylor	073198886d	SEC-1255: Modified UrlUtils. Full request URL for redirects uses the requestURI (which is encoded). The URL for path comparsions is built using the servletpath, as before.	2009-10-02 17:29:43 +00:00
Luke Taylor	c34d719004	SEC-1252: Remove 2.0.x schemas from 3.0. Removed files and updated spring.schemas to remove 2.0.x versions	2009-09-29 17:56:01 +00:00
Luke Taylor	2a1430f1ce	SEC-1229: Removed legacy concurrency classes	2009-09-29 16:18:25 +00:00
Luke Taylor	ebada9fd12	SEC-1229: Added support for parsing error URL in session-management	2009-09-29 16:17:05 +00:00
Luke Taylor	203cc5a8dc	SEC-1229: Added error-url to concurrency-control element and changed "exception-if-max-exceeded" to "error-if-max-exceeded"	2009-09-29 16:16:06 +00:00
Luke Taylor	7109b7e183	Import cleaning.	2009-09-29 00:30:29 +00:00
Luke Taylor	aa153681bf	SEC-1229: Added session-management element to namespace and refactored existing session-related attributes and concurrency control. Refactored <http> parsing code to split it up into more manageable units.	2009-09-29 00:29:09 +00:00
Luke Taylor	731402e9f5	SEC-525: [PATCH] Add AccessCheckerTag based on URL resource access permissions. Added functionality to "authorize" tag to allow evaluation of whether a particual url is accessible to the user. Uses a WebInvocationPrivilegeEvaluator registered in the application context.	2009-09-16 00:23:13 +00:00
Luke Taylor	71ab83255d	SEC-1242: Check that RememberMeServices is an instance of AbstractRememberMeServices before attempting to inject a UserDetailsService.	2009-09-11 21:10:16 +00:00
Luke Taylor	fa7404741b	SEC-1167: Introduce more flexible SavedRequest handling. Add namespace support for a custom RequestCache through the request-cache element.	2009-09-09 21:40:12 +00:00
Luke Taylor	aec730ae7e	SEC-1238: Disable portlet module	2009-09-09 20:03:00 +00:00
Luke Taylor	6640eab9dc	SEC-1240: Added {ssha} support to PasswordEncoderParser.	2009-09-09 12:12:29 +00:00
Luke Taylor	d099d14e9b	SEC-1235: Added test to attempt to verify (failed to reproduce).	2009-09-05 14:14:12 +00:00
Luke Taylor	8632946f30	SEC-1213: Added "order" atrribute to global-method-security	2009-09-04 15:54:42 +00:00
Luke Taylor	245fc96137	SEC-1075: Update the embedded LDAP server to use Apache DS 1.5. Updated to use the new 1.5.5 release for the embedded server.	2009-09-01 23:21:44 +00:00
Luke Taylor	2039200617	SEC-1217: AbstractRememberMeServices should set 'secure' attribute on remember-me cookie if in secure context. Added "useSecureCookie" configuration property and corresponding use-secure-cookie attribute in namespace.	2009-09-01 16:08:20 +00:00
Luke Taylor	dbcb13ad14	SEC-1229: Redesign Concurrent Session Control implementation. Renamed session strategy interface and introduced SessionAuthenticationException for rejection of session/Authentication combination.	2009-08-31 22:48:49 +00:00
Luke Taylor	0d7b990e0a	SEC-1184: Moved ACL cache classes and interface out of jdbc package.	2009-08-31 22:15:37 +00:00
Luke Taylor	471206a29d	SEC-1229: Redesign Concurrent Session Control implementation. Added ConcurrentSessionControlAuthenticatedSessionStrategy	2009-08-27 10:43:01 +00:00
Luke Taylor	fe33f08b73	SEC-1201: Allow requires-channel attribute to take placeholders.	2009-08-23 16:42:06 +00:00
Luke Taylor	00352227ac	Tidying.	2009-08-23 16:03:40 +00:00
Luke Taylor	ea01e9cdf7	SEC-1201: PropertyPlaceholderConfigurer does not work for intercept-url attributes. Ensure that channel processing handles paths which are placeholders.	2009-08-23 15:57:59 +00:00