d64efe9747
SEC-1492: Added GrantedAuthoritiesMapper to provide mapping of loaded authorities to those which are eventually stored in the user Authentication object.
2010-11-25 15:19:37 +00:00
7754882ba9
SEC-1550: Additional signature change (in AnonymousAuthenticationToken)
2010-11-09 13:48:57 +00:00
1c8d28501c
SEC-1550: Convert signatures to use Collection<? extends GrantedAuthority> where appropriate.
2010-11-03 13:48:59 +00:00
337477de6a
SEC-1604: Change log level to debug for "Validated configuration attributes" message.
2010-11-02 20:06:42 +00:00
43ec2beec0
SEC-1183: Modified Attributes2GrantedAuthoritiesMapper to return Collection<? extends GrantedAuthority>.
2010-11-02 14:02:55 +00:00
2671e52d5a
Expand message on incorrect Spring version to suggest checking the classpath for unwanted jars.
2010-11-02 12:31:44 +00:00
deef2706ef
SEC-1607: Report correct version for Spring Security (not Spring version).
2010-11-02 11:13:32 +00:00
21ed5feb8d
SEC-1600: Added Implementation-Version and Implementation-Title to manifest templates and checking of version numbers in namespace config module and core. Config checks the version of core it is running against and core checks the Spring version, reporting any mismatches or situations where the app is running with less than the recommended Spring version.
2010-10-27 13:25:40 +01:00
091a6d26f1
SEC-1548: Added extra logging to Dao-authentication classes to clarify reasons for authentication failure (missing user vs wrong password etc.).
2010-10-27 13:25:40 +01:00
54694d5ab7
SEC-1583: Added hasAuthority and hasAnyAuthority imlementations to SecurityExpressionRoot.
2010-10-27 13:25:39 +01:00
695c8f4ad6
Import cleaning and suppression of deprecation warnings.
2010-10-27 13:25:39 +01:00
8249492ce9
SEC-1578: Use ThreadLocal.remove() instead of ThreadLocal.set(null)
2010-10-04 17:07:04 -05:00
62cbd51d54
SEC-1562: Made SecurityExpressionRootPropertyAccessor a package private class as it is no longer referenced from multiple packages.
2010-09-13 13:52:24 +01:00
829444d59b
SEC-1564: testCompile configurations should include jcl-over-slf4j rather than logback.
2010-09-11 11:01:12 +01:00
58d9903ebc
SEC-1564: JAAS Configuration can now be injected into DefaultJaasAuthenticationProvider
2010-09-10 20:17:22 -05:00
8bf1b8420a
SEC-1563: Move PermissionEvaluator and related methods to SecurityExpressionRoot
2010-09-08 15:06:00 +01:00
ca44ebd3cc
SEC-1338: Applied submitted patch, making use of java.util.concurrent classes in place of traditional synchronization.
2010-09-08 12:59:49 +01:00
af56f4844d
SEC-1562: Created SecurityExpressionHandler interface and AbstractSecurityExpressionHandler.
2010-09-07 19:46:45 +01:00
577ec27507
Polishing.
2010-08-30 19:03:47 +01:00
f4d57ab5e8
SEC-1456: Remove maven poms as we are now using gradle for the build.
2010-08-30 19:02:19 +01:00
696150f3c3
Remove unused import.
2010-08-30 11:52:52 +01:00
1a1372ab84
Removed deprecated AspectJInterceptor classes since these cannot be used with the existing MethodSecurityMetadataSource implementations (which no longer support JoinPoin as a secured object). Added some more tests.
2010-08-28 21:41:19 +01:00
f71d9df7fe
Deprecate unnecessary method in SecurityConfig
2010-08-24 18:26:38 +01:00
bdb906e588
Enable parameterization for log levels in logback files to allow the use of command-line options for controlling log output.
2010-08-24 18:25:39 +01:00
1680807470
Added eclipse plugin to build. Some minor fixes to remove eclipse warnings.
2010-08-18 14:11:16 +01:00
3c02989d67
Removal of jmock test dependency and upgrading of mockito version to 1.8.5. Minor adjustments to other build deps and configurations (e.g. prevent groovy from being used as a transitive dep, since we only use it for tests).
2010-08-18 02:32:43 +01:00
281d77271e
SEC-1486, SEC-1538, SEC-1537: Generification of AuthenticationDetailsSource. Deprecation of non-web pre-authentication classes and other unnecessary classes. Removal of reflection in WebAuthenticationDetailsSource.
2010-08-13 15:51:05 +01:00
2222a7be07
Use Integer.valueOf() in preference to new Integer()
2010-08-11 18:17:23 +01:00
dca0fd871c
SEC-1532: Add cache of previously matched beans to ProtectPointcutPostProcessor to ensure that it doesn't perform pointcut matching every time a new prototype bean is created.
2010-08-09 17:16:43 +01:00
85c4c91e0e
IDEA inspection refactorings.
2010-08-05 23:28:07 +01:00
64375484a1
More build and logging tuning.
2010-08-04 22:55:17 +01:00
c4ee46824c
Removing log4j.properties files and adding logback config ones.
2010-08-04 21:16:05 +01:00
ab248b2583
SEC-1454: Added use of Spring's new AopProxyUtils.ultimateTargetClass() method when resolving the target class in MethodSecurityEvaluationContext.
2010-07-30 14:36:41 +01:00
b854e67952
SEC-1522: Treat empty attribute collection the same as null when returned by SecurityMetadataSource. Both are now treated as public invocations.
2010-07-27 02:20:09 +01:00
2afccfc633
Remove commons-logging dependency properly and switch tutorial sample to logback/slf4j.
2010-07-23 01:57:31 +01:00
443ac0487a
SEC-1093: Namespace support for jee element.
...
Adds a J2eePreAuthenticatedProcessingFilter to the stack, using a SimpleAttributes2GrantedAuthoritiesMapper to process the role attributes defined in the "mappable-roles" attribute. Provider uses a PreAuthenticatedGrantedAuthoritiesUserDetailsService by default.
2010-07-07 22:42:26 +01:00
03fa8fce4d
SEC-1507: Applied patch to return empty authority list rather than null from RoleHierarchyImpl.
2010-07-02 19:51:00 +01:00
026517f674
Removal of deprecated methods and classes.
2010-06-26 16:23:42 +01:00
db913f6857
SEC-1493: Added CredentialsContainer interface and implemented it in User, AbstractAuthenticationToken and UsernamePasswordAuthenticationToken. ProviderManager makes use of this to erase the credentials of the returned Authentication object (and its contents) if configured to do so by setting the 'eraseCredentialsAfterAuthentication' property.
2010-06-20 21:09:33 +01:00
d56adb8ffb
SEC-1495: Convert User class equals and hashcode methods to only use the "username" property.
...
This prevents situations where other data may have changed when a User object is reloaded (during a subsequent authentication attempt, in which case and Set.contains()/Map.containsKey() will return false even though the collection in question contains a principal representing the same user.
2010-06-10 22:27:50 +01:00
efb600166a
SEC-1488: Remove commons-logging dependencies from maven poms.
2010-05-28 13:10:59 +01:00
0e57ce2dc3
SEC-1481: Updated constructors of Authentication types to use a generic wildcard for authorities collection.
2010-05-21 15:59:50 +01:00
c95cf6ec7d
SEC-1483: Change User constructor to use a generic wildcard for authorities collection.
2010-05-21 15:58:35 +01:00
b3aad4cf19
Javadoc fixes.
2010-05-06 20:02:08 +01:00
e7646a65f4
SEC-1421: Add setters to JdbcUserDetailsManager for group sql operations.
2010-05-03 14:53:06 +01:00
3c3aabf5be
SEC-1465: Change empty check to a null check for list of delegates for DelegatingMethodSecurityMetadataSource.
2010-04-25 22:11:35 +01:00
a421370a3d
SEC-1465: Change DelegatingMethodSecurityMetadataSource to use constructor injection to get round the problem of it being invoked before it has been initialized properly. Also changed the contacts tests to use the same app context and loading order as the actual webapp, to give better reassurance that the app will run successfully.
2010-04-25 22:00:25 +01:00
3bbbf07235
SEC-1464: Fix broken test (flags in returned user object were not being copied from stored user).
2010-04-25 20:12:00 +01:00
024e6904ff
SEC-1464: Deprecate UserMap, InMemoryDaoImpl and other related classes in favour of the simpler (non-property editor based) InMemoryUserDetailsManager.
2010-04-25 04:27:09 +01:00
f5859fabcf
SEC-1464: Created InMemoryUserDetailsManager and converted user-service BDP to use it for its in-memory database.
2010-04-25 04:26:45 +01:00
Luke Taylor
Rob Winch