Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,228 Commits 29 Branches 320 Tags 104 MiB
Commit Graph

2072 Commits

Author SHA1 Message Date
Luke Taylor 520e733cb2 [maven-release-plugin] prepare for next development iteration 2009-12-08 21:19:41 +00:00
Luke Taylor f2cf17bd49 [maven-release-plugin] prepare release spring-security-3.0.0.RC2 2009-12-08 21:19:20 +00:00
Luke Taylor adfac7e718 Added gradle file for cas and standardised ehcache version 2009-12-08 01:54:15 +00:00
Luke Taylor 33b109f0b3 Made session maps final in SessionRegistryImpl. 2009-12-08 01:33:01 +00:00
Luke Taylor 558737363f Added some extra tracing to SessionRegistryImpl. 2009-12-08 01:28:47 +00:00
Luke Taylor cde9cd6b36 Correct toString() method in User class. 2009-12-08 00:16:08 +00:00
Luke Taylor 02a9db7bcf SEC-1317: Removed check in ProviderManager.getProviders() for empty provider list. A ProviderManager with a non-null parent may have an empty provider list. The afterPropertiesSet() method performs the necessary checks. 2009-12-07 21:38:40 +00:00
Luke Taylor dab76249db Added gradle build files (experimental) 2009-12-04 21:33:17 +00:00
Scott Battaglia dada789814 NOJIRA 
removed unnecessary cast and use StringBuilder rather than non-final String and concatenation.
 2009-12-01 15:19:56 +00:00
Luke Taylor ed92d5ea71 SEC-1304: Removed unused compareTo method from custom GrantedAuthority. 2009-12-01 14:32:57 +00:00
Luke Taylor 8a0f69b955 SEC-1295: Placing Security on Roo Aspected method fails. Added suggested fix - check for null target and use Signature.declaredType instead. 2009-11-30 22:00:49 +00:00
Luke Taylor 7e0c7ffc0e SEC-1304: Removed "Comparable" from GrantedAuthority 2009-11-30 21:27:13 +00:00
Luke Taylor e72cfd58d4 SEC-1304: Remove Comparable interface from GrantedAuthority to enable it to be imlemented by an enum. 2009-11-30 21:22:11 +00:00
Luke Taylor 1df82654e3 SEC-1310: Added toString() implementations to Pre and PostInvocationExpressionAttribute classes. 2009-11-30 17:32:03 +00:00
Luke Taylor 69699431b1 SEC-1303: Added internal Hex and Base64 classes, and moved commons-codec dependency to test scope 2009-11-24 09:31:03 +00:00
Luke Taylor b39db5b711 Removed jaxen from template.mf 2009-11-17 14:25:20 +00:00
Luke Taylor d4d5012035 SEC-1272: <authentication-manager> does not register default event handler DefaultAuthenticationEventPublisher. Update AuthenticationManagerBeanDefinitionParser to register a DefaultAuthenticationeventPublisher and set it on the registered ProviderManager. 2009-11-17 12:55:53 +00:00
Luke Taylor 1898b4df52 Updated scope of commons collections to 'test' 2009-11-17 00:00:59 +00:00
Luke Taylor 248e826342 SEC-1282: Clarified javadoc 2009-11-03 16:31:55 +00:00
Luke Taylor 3f963ef8ca Restore versions and svn URLs in trunk (release plugin fail) 2009-10-11 21:59:38 +00:00
Luke Taylor af563e826c [maven-release-plugin] prepare release spring-security-3.0.0.RC1 2009-10-11 21:43:42 +00:00
Luke Taylor 0615b94f55 Converted expression test to use static method. 2009-10-09 23:42:23 +00:00
Luke Taylor 4dcb9de67a SEC-1257: Some additional API changes to use Collection instead of List... 2009-10-07 21:08:20 +00:00
Luke Taylor f213cc5d9e SEC-1257: APIs using List<ConfigAttribute> should use a Collection instead. Converted. 2009-10-06 19:46:44 +00:00
Luke Taylor caff3ee9ba SEC-1231: Authentication.getAuthorities should be of type Collection<GrantedAuthority> and not List<GrantedAuthority>. Refactored the interface and related classes to match (UserDetails etc). 2009-10-05 19:28:53 +00:00
Luke Taylor acf13c74ca SEC-1229: Refactored authentication.concurrent in core, moving classes into core.session 2009-10-05 15:51:00 +00:00
Luke Taylor 2a1430f1ce SEC-1229: Removed legacy concurrency classes 2009-09-29 16:18:25 +00:00
Luke Taylor 9639340fef SEC-1049: RoleHierarchy in SidRetrievalStrategy. Added optional RoleHierarchy injection to SidRetrievalStrategyImpl 2009-09-16 19:59:37 +00:00
Luke Taylor 1c4a809e09 SEC-1245: Add role hierarchy support to expression handlers. Done. 2009-09-15 17:17:21 +00:00
Luke Taylor 897960cd70 Add expression string to failed expression evaluation exception message to help clarify the context. 2009-09-13 22:29:07 +00:00
Luke Taylor 6851655ea9 SEC-1177: MethodInvocationUtils Returns Null With Valid Method String and Class. Added very simple checking of declared methods on class. 2009-09-09 19:49:44 +00:00
Luke Taylor ef2df77889 SEC-1239: Special characters in JAAS config file location. Fix - convert Resource to a File before obtaining the URL from it. The URL.toString() obtained this way is different from the one obtained from Resource.getURL().toString(). 2009-09-09 17:41:35 +00:00
Luke Taylor 8081a1a3cc Set Id svn keyword. 2009-09-03 19:55:18 +00:00
Mike Wiesner e14a904306 SEC-1181: fixed recursive import in template.mf 2009-09-02 15:31:22 +00:00
Mike Wiesner 660b408e6e SEC-1181: added import to template.mf for the DNS classes 2009-09-02 15:20:26 +00:00
Mike Wiesner 58ee9a364e SEC-1181: DNS helper classes, will primarily be use for lookup of Active Directory servers. 2009-09-02 14:29:35 +00:00
Scott Battaglia bfd421016e SEC-1228 
added constructor so a wrapper can be instanciated in one line of code.
 2009-09-01 19:52:43 +00:00
Luke Taylor 471206a29d SEC-1229: Redesign Concurrent Session Control implementation. Added ConcurrentSessionControlAuthenticatedSessionStrategy 2009-08-27 10:43:01 +00:00
Luke Taylor 9bf8656d66 SEC-1201: PropertyPlaceholderConfigurer does not work for intercept-url attributes. Added use of ManagedMaps and BeanDefinitions to support placeholders in the pattern and access attributes. 2009-08-22 21:09:34 +00:00
Luke Taylor bb4d818862 SEC-1188: Added "getContexHolderStrategy" method to SecurityContextHolder. 2009-08-22 13:31:13 +00:00
Luke Taylor 5a8772df5b Reset pom versions post release 2009-08-21 12:02:49 +00:00
Luke Taylor 0e5aa7008d [maven-release-plugin] prepare release spring-security-3.0.0.M2 2009-08-20 15:51:26 +00:00
Luke Taylor b807f7cbdd Added comment to pom to explain spring-web requirement 2009-08-10 14:05:16 +00:00
Luke Taylor 972cd0a53c javadoc 2009-08-10 12:10:04 +00:00
Luke Taylor d65b1b3581 SEC-1200: Ukranian messages file 2009-08-10 11:41:24 +00:00
Luke Taylor 0f6642d3ab SEC-1216: Replacement of custom-after-invocation-provider with after-invocation-provider element. Some changes to help prevent proxying of aop infrastructure classes (use of AopInfrastructureBean marker interface) 2009-08-04 00:18:07 +00:00
Luke Taylor 5953af0f6b SEC-1196: Change use of <authentication-manager> to actually register the global ProviderManager instance. This element now registers the global ProviderManager instance and must contain any authentication-provider elements (or ldap-authentication-provider elements). 2009-08-03 00:21:11 +00:00
Luke Taylor fdb7325cbc Javadoc update 2009-07-24 15:21:59 +00:00
Luke Taylor efd1dbf54a Removed public modifier from getSessionController() method on ProviderManager. 2009-07-17 23:37:45 +00:00
Luke Taylor 1afa67c954 SEC-1195: Added internal AuthenticationManager for use by beans which are generated by the <http> block. 2009-07-15 23:09:47 +00:00
Luke Taylor 6346e31517 SEC-1195: Change <http> parsing behaviour to use an internal AuthenticationManager instance. Implemented "parent" AuthenticationManager in ProviderManager which is delegated to when no authentication is returned by the instances list of authentication providers. Extracted the Authentication success/failure publishing into a separate strategy. 2009-07-15 01:28:28 +00:00
Luke Taylor 1ca2e6e6fc Tidying. 2009-07-13 23:12:32 +00:00
Luke Taylor 5d389d953d RoleVoter test class. 2009-07-13 23:11:15 +00:00
Luke Taylor 946f3d1067 Converted to use mockito. 2009-07-13 23:10:52 +00:00
Luke Taylor 3b1cdc3ab4 Tidying. 2009-07-08 23:27:53 +00:00
Luke Taylor 8a3930e673 Refactoring of ProviderManager to ensure that any AuthenticationException from the ConcurrentSessionController will prevent further polling of providers. 2009-07-08 23:20:46 +00:00
Luke Taylor 6b53703e37 SEC-1187: Moved pre-authentication status check inside try/catch block and repeated the call after reloading the user during the "cacheWasUsed" logic. 2009-07-07 17:09:44 +00:00
Luke Taylor 980b9b73b8 deprecate property editor 2009-06-26 12:49:23 +00:00
Luke Taylor c6b9371029 Updated to latest Spring build snapshot. Required minor EL changes to parser class name 2009-06-15 23:41:20 +00:00
Luke Taylor db3f08cce4 SEC-1156: Added check for enableAuthorities setting in deleteUser method of JdbcUserDetailsManager. 2009-06-14 22:31:14 +00:00
Luke Taylor ab7f06c108 SEC-1156: Modified JdbcUserDetailsManager to only save/update authorities if enableAuthorities is set 2009-06-14 22:26:44 +00:00
Luke Taylor 05ba2ff3f3 Improved Javadoc 2009-06-14 20:50:29 +00:00
Luke Taylor 3f603dfdd8 Removed invalid Javadoc reference to HttpSCIF 2009-06-10 12:44:06 +00:00
Luke Taylor 4e0d3c644f Committed deletion of previous AuthorityUtilsTests 2009-06-09 01:50:35 +00:00
Luke Taylor 4768e4b13c Removed methods relating to current context from AuthorityUtils, making it a simple factory for GrantedAuthority lists etc. 2009-06-09 01:42:37 +00:00
Luke Taylor ab69a0a101 SEC-884: As per discussion in this issue. Added Javadoc to specify that Authentication object passed to decide method must not be null. 2009-06-09 01:14:55 +00:00
Luke Taylor d2a8e43a55 SEC-1170: Some updates to UserDetails-related Javadoc. 2009-06-09 00:57:34 +00:00
Luke Taylor cb6aa81701 Forgot to remove file 2009-06-08 19:21:22 +00:00
Luke Taylor 5808da12ff SEC-1094: Simplified WebXml attribute mapping. Removed generic jaxen-based implementation on which it was based in favour of simple DOM model traversal. Updated sample. 2009-06-08 15:23:41 +00:00
Luke Taylor 43144cd75d Javadoc updates. 2009-05-31 21:29:36 +00:00
Luke Taylor 67ad0456a1 Javadoc updates. 2009-05-31 21:28:50 +00:00
Luke Taylor 206598172c Javadoc updates. 2009-05-31 21:26:03 +00:00
Luke Taylor d1efb4eeed generifying RowMappers in JdbcDaoImpl. 2009-05-30 13:52:39 +00:00
Luke Taylor 131ba5c62e Reset poms to 3.0.0.CI-SNAPSHOT after tagging M1 release 2009-05-27 00:12:30 +00:00
Luke Taylor e2c218e8c9 [maven-release-plugin] prepare release spring-security-3.0.0.M1 2009-05-26 23:44:11 +00:00
Luke Taylor b6f3d82dac Remove commented-out dependencies. 2009-05-26 22:18:53 +00:00
Luke Taylor 45c54c558c Updated build to use maven.springframework.org deps 2009-05-13 06:16:05 +00:00
Luke Taylor ef388529ae Javadoc update. 2009-05-12 00:12:22 +00:00
Luke Taylor 4bad213b19 SEC-1132: Moved remaining preauth code from core to web 2009-05-12 00:11:06 +00:00
Luke Taylor c7a2e12c65 Moved python script to correct directory 2009-05-11 06:03:59 +00:00
Luke Taylor 03d39f1e88 Minor package info updates. 2009-05-11 05:48:09 +00:00
Luke Taylor 76438b3347 SEC-1132: Refactoring of access/intercept package to extract packages and classes which are externally depended on or potentially may be used outside of the standard interceptor model (e.g. SecurityMetadataSource) 2009-05-11 05:44:31 +00:00
Luke Taylor 14c4739605 SEC-1158: Decoupling of Pre/Post annotations implementation from Spring EL. 2009-05-11 05:18:20 +00:00
Luke Taylor 39f1536d5a Upgrade to Spring 3.0 M3 2009-05-07 08:24:41 +00:00
Luke Taylor 6d655aa514 SEC-1132: More refactoring to remove cycles ad reduce complexity metrics 2009-05-04 14:24:54 +00:00
Luke Taylor 73cfeecd0c Make sure argumentsAdded flag is set correctly. 2009-05-04 12:36:16 +00:00
Luke Taylor 5b543f83ec Removed web dependency on core-tests 2009-05-04 02:25:49 +00:00
Luke Taylor 4bc788828c SEC-1147: Remove use of SessionRegistryUtils. Inlined the methods. 2009-05-01 06:45:34 +00:00
Luke Taylor 39cc865a36 SEC-1143: Fixed by using BeanDefinitionRegistry.isBeanNameInUse() instead of containsBeanDefinition() to check for the SessionRegistry availability. The former picks up the alias registration of the standard bean Id for user's bean Id. 2009-04-28 12:08:48 +00:00
Luke Taylor e94baf38b3 Tidying up to remove warnings (generics, use of deprecated test classes etc). 2009-04-28 06:49:43 +00:00
Luke Taylor 50ac9d3b05 More generification to remove last warnings in core package. 2009-04-26 10:17:09 +00:00
Luke Taylor 1454cbb78e SEC-1132: Moved TextUtils to web module and StringSplit utils into Digest authentication package (as they aren't used elsewhere). 2009-04-25 08:04:26 +00:00
Luke Taylor a76cbee4bc SEC-1132: Moved ThrowableAnalyzer code to web module as it is only used in ExceptionTranslationFilter 2009-04-25 07:03:15 +00:00
Luke Taylor 22e7142f45 SEC-998: Bundlor enabled in web, ldap, config and core modules 2009-04-24 09:12:53 +00:00
Luke Taylor 2e3189cf83 SEC-998: Enabled bundlor in core 2009-04-22 13:00:14 +00:00
Luke Taylor 21e36e0a57 Updated version number from 2.5.0-SNPSHOT to 3.0.0.CI-SNAPSHOT 2009-04-22 12:55:52 +00:00
Luke Taylor a73016b898 SEC-998: Initial bundlor template.mf for core 2009-04-22 12:47:44 +00:00
Luke Taylor 305ce125fb SEC-863: Hierarchical roles should use the interface GrantedAuthority. Applied submitted patch. 2009-04-22 05:53:59 +00:00
Luke Taylor d7f202a111 Addition of final to constructor set fields to improve immutability of authentication and user objects 2009-04-22 04:11:38 +00:00
Luke Taylor ba6664f77f SEC-1012: Refactor SessionRegistry interface to use Java 5 generics. 2009-04-21 06:57:21 +00:00
Luke Taylor cac2bce382 Refactored SessionRegistryImpl to remove servlet API deps and moved back into core, along with other concurrent authentication package classes. 2009-04-21 06:05:14 +00:00
Luke Taylor 06040853da Javadoc tidying 2009-04-21 03:16:57 +00:00
Luke Taylor 56ec1b4b05 Tidying beforeInvocation method. 2009-04-20 01:01:34 +00:00
Luke Taylor 292926518b SEC-1136: Converted base exceptions to extend RuntimeException rather than NestedRuntimeException. 2009-04-15 10:19:37 +00:00
Luke Taylor 93bdcccaee SEC-1132: Moved userdetails into core and added core/authority sub-package 2009-04-15 07:39:21 +00:00
Luke Taylor 5d0d1bd404 Fixed Javadoc typo. 2009-04-14 12:56:16 +00:00
Luke Taylor db9afc36ab Refactored internal context holder strategy implementations to be package private and final and refactored getContext() methods to use a single call to ThreadLocal.get(). 2009-04-14 11:04:49 +00:00
Luke Taylor c770998d92 SEC-1132: Move authoritymapping to core as it is actually used in loading authorities for a use, not in making access decisions. 2009-04-14 04:22:57 +00:00
Luke Taylor 550715e73f SEC-1136: Removed SpringSecurityException and last import. 2009-04-14 01:51:22 +00:00
Luke Taylor 10673780db OPEN - issue SEC-1136: Removed SpringSecurityException. Introduced new AclException as base class for Acl module. Refactored JAAS authentication to map to AuthenticationExcpetions rather than SpringSecurityException. Modified ExceptionTranslationFilter to look explicitly for AuthenticationException or AccessDeniedException (which it should do since these are the only two it handles). 2009-04-13 14:56:49 +00:00
Luke Taylor ca7d055c2b SEC-1132: Created core and authentication packages within core module. 2009-04-13 13:43:23 +00:00
Luke Taylor 9efb5a7007 SEC-1132: Moved access-control/authorization specific code to org.sf.security.access package. Created provisioning package for user management classes to remove cyclical deps. Some other moving of classes to remove code tangles. Restructuring of portlet module under org.sf.security.portlet 2009-04-12 12:23:23 +00:00
Luke Taylor 7c4d54f356 SEC-1131: Applied patch for portlet upgrade 2009-04-12 05:52:20 +00:00
Luke Taylor 365ae3936e Moved MockAuthenticationManager to test package. 2009-04-12 05:13:18 +00:00
Luke Taylor 1b43e3661a SEC-1132: Moved switch user event class to web module as it is only used by SwitchUserProcessingFilter. 2009-04-12 04:16:46 +00:00
Luke Taylor bec84f874a SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples. 2009-03-26 07:18:36 +00:00
Luke Taylor 2a9a8a41db SEC-1125: Created separate web module spring-security-web 2009-03-25 06:28:18 +00:00
Luke Taylor 2c985a1c36 SEC-1126: separated out spring-security-config module containing namespace configuration classes and resources 2009-03-23 04:23:48 +00:00
Luke Taylor a45ba138f7 SEC-1121: InMemoryResource.equals() is wrong. Corrected as suggested. 2009-03-20 04:44:39 +00:00
Luke Taylor 4aff4b2350 SEC-1123: Renamed ObjectDefinitionSource to SecurityMetadataSourceand performed related refactoring 2009-03-20 04:32:06 +00:00
Luke Taylor 4aae5ec42e SEC-1124: Refactored LDAP code into separate module 2009-03-19 06:30:32 +00:00
Luke Taylor a0f3015ac6 SEC-1086: AccessDecisionManager implementations now log debug messages giving the results returned by each voter polled. 2009-03-19 02:01:24 +00:00
Luke Taylor d163cd7d18 SEC-1099: Translation of message.properties in Brazilian Portuguese. Added file. 2009-03-19 01:47:34 +00:00
Luke Taylor c0638e9c8d SEC-1110: Localization (messages_ko_KR.properties). Added. 2009-03-19 01:46:05 +00:00
Luke Taylor 591681c180 Upgrade to Spring M2 and correct expression classes and pom files to match changes 2009-03-19 01:17:16 +00:00
Luke Taylor 98593b7c78 SEC-1120: Added Portuguese messages file 2009-03-19 01:02:32 +00:00
Luke Taylor ccf422af5a SEC-1070: AbstractRetryEntryPoint always uses RetryWithHttpEntryPoint logger. Converted to protected (non-static) and used getClass(). 2009-03-16 08:32:16 +00:00
Luke Taylor 9de9f638fe SEC-1083: Removed unnecessary import 2009-03-16 08:07:18 +00:00
Luke Taylor 30748e8615 SEC-1083: PersistentTokenBasedRememberMeServices does not clear tokens on logout. Override logout method to remove tokens for user. 2009-03-16 08:05:02 +00:00
Luke Taylor b7557d017e Corrected Javadoc typo. 2009-03-16 07:10:12 +00:00
Luke Taylor ef3ea65fdb Switching back to 2.5.0-SNAPSHOT after tagging M1 release 2009-01-03 07:42:19 +00:00
Luke Taylor fc5f50501e [maven-release-plugin] prepare release 2.5.0.M1 2009-01-03 07:08:25 +00:00
Luke Taylor ddffdf1699 SEC-745: Renamed failureHandler and successHandler to have prefix 'authentication' 2008-12-28 17:32:25 +00:00
Luke Taylor 4a41416c9b Tidying up and removing compiler warnings. 2008-12-21 16:36:16 +00:00
Luke Taylor f5d2e7a7ce Make error message when multiple UserDetailsServices are found more explicit. 2008-12-21 13:29:42 +00:00
Luke Taylor 9cb361e88a SEC-745: Added LogoutSuccessHandler strategy for use in LogoutFilter. 2008-12-20 23:25:29 +00:00
Luke Taylor 66e586ec67 Added Id keyword. 2008-12-20 15:41:51 +00:00
Luke Taylor cc5966bc7e Tidying up, removing compiler warnings etc. 2008-12-20 00:16:49 +00:00
Luke Taylor 8154161ef5 SEC-1035: Updated build to use Spring 3.0.0.M1 Release 2008-12-18 02:37:00 +00:00
Luke Taylor 8f598e9b11 SEC-1052: Add support for the namespace option 'disable-url-rewriting'. 2008-12-17 01:28:29 +00:00
Luke Taylor 171456a26c SEC-1018: Changes to allow external reference to SaltSource bean from the namespace. 2008-12-17 01:11:43 +00:00
Luke Taylor 00125cddee SEC-1016: Moved the MapBasedDefinitionSource to the top of the list of delegates (before expressions), but changed the code to only add it if there are pointcuts defined, so there should be no unnecessary overhead. 2008-12-17 00:48:32 +00:00
Luke Taylor 585e5f393a Added warning suppression for deprecation. 2008-12-17 00:32:21 +00:00
Luke Taylor d8b5f770e9 Added warning suppression for deprecation. 2008-12-17 00:31:17 +00:00
Luke Taylor db5f1e69f1 SEC-949: Added the option of specifying -1 as the token-validity-seconds value in order to set the cookie maxAge to expire when the browser closes. 2008-12-17 00:14:48 +00:00
Luke Taylor c2e688610c SEC-1011: Introduced methods for extracting the remember-me cookie and for creating the returned token. 2008-12-16 23:25:44 +00:00
Luke Taylor 998f0b3ea1 SEC-993: Updated retrievePassword method to return null if an Authentication object with null credentials is presented (e.g. with OpenID). Prevents NPE when toString() is called. 2008-12-16 20:35:18 +00:00
Luke Taylor d0fcbd9baf Tidying up Javadoc. 2008-12-16 20:29:53 +00:00
Luke Taylor a1bd48733a Minor Javadoc correction. 2008-12-16 20:16:56 +00:00
Luke Taylor 74fd5fe8a4 Finish refactoring JdbcDaoIml to remove MappingSqlQuery objects. Updated Javadoc to avoid user confusion. 2008-12-16 18:55:38 +00:00