Luke Taylor
9ab69ddcaf
Converted to use jmock.
2008-12-02 13:58:20 +00:00
Luke Taylor
72eee6f1ca
Removing unused mock classes.
2008-12-02 13:07:06 +00:00
Luke Taylor
fba57bdf5b
Removed unused MockAccessDecisionManager class
2008-12-02 12:56:04 +00:00
Luke Taylor
283b932fe0
Minor tidying up.
2008-12-02 12:53:48 +00:00
Luke Taylor
f3387cd879
2008-12-02 12:49:13 +00:00
Luke Taylor
a09b15ce5f
Added tests for AuthenticationDetailsSourceImpl (and AuthenticationDetails).
2008-12-01 15:50:31 +00:00
Luke Taylor
8283074097
Tidying.
2008-12-01 15:49:35 +00:00
Luke Taylor
e3dd12021b
Added extra calls to exercise CachingUserDetailsService
2008-12-01 15:49:13 +00:00
Luke Taylor
a2f7b7e4f1
Added optional args argument to constructor.
2008-12-01 14:29:58 +00:00
Luke Taylor
3fe112f769
Added tests for AbstractAclVoter.
2008-12-01 14:28:24 +00:00
Luke Taylor
e864dfa796
SEC-1039: Converted HttpBeanDefinitionParser to use new context persistence filter instead of HttpSessionContextIntegrationFilter
2008-12-01 12:37:31 +00:00
Luke Taylor
08ea70909d
Fixed broken test due to missing context file.
2008-12-01 00:36:13 +00:00
Luke Taylor
a318aacc4f
Converted MethodSecurityInterceptorTests to use mocks and deleted app context file.
2008-11-30 23:20:16 +00:00
Luke Taylor
bfd4bcfdb7
SEC-1012: Java5ing of RunAsUserToken constructor.
2008-11-30 23:16:39 +00:00
Luke Taylor
b25d6958d7
SEC-1036: Removed references to SpringSecurityContextSource
2008-11-29 12:15:51 +00:00
Luke Taylor
66897e1849
SEC-1036: Upgraded Spring LDAP to 1.3 and made corresponding code changes. Also some general tidying up of LDAP code. Removed deprecated context factory classes.
2008-11-28 22:22:51 +00:00
Luke Taylor
1918c50fd7
SEC-1039: Deprecated HttpSessionContextIntegrationFilter and made it extend SecurityContextPersistenceFilter.
2008-11-28 18:01:34 +00:00
Luke Taylor
8cfd515b27
SEC-988: Added Javadoc for UserDetailsChecker interface.
2008-11-27 21:21:25 +00:00
Luke Taylor
d508adbf8b
SEC-1037: Made LdapAuthenticationProvider implement MessageSourceAware.
2008-11-27 21:12:43 +00:00
Luke Taylor
843d0e6910
SEC-985: Added hideUsernameNotFoundException property to LdapAuthenticationProvider and set default to true.
2008-11-27 21:08:01 +00:00
Luke Taylor
4d81d750cd
SEC-1039: Created new filter SecurityContextPersistenceFilter and SecurityContextRepository strategy to replace HttpSessionContextIntegrationFilter functionality.
2008-11-27 20:18:54 +00:00
Luke Taylor
789be71d8c
SEC-398: Rolled back addition of erroneous test method for this issue (the fix was incorrect and the test method does nothing useful).
2008-11-27 10:41:08 +00:00
Luke Taylor
2dfd006665
SEC-1012: Converted Groupsmanager to use List<String>
2008-11-26 11:17:15 +00:00
Luke Taylor
1f78974073
Improved javadoc and debug message relating to clearing of security context.
2008-11-26 10:35:06 +00:00
Luke Taylor
dca0505d23
SEC-1012: generification
2008-11-21 12:39:30 +00:00
Luke Taylor
05e753de61
Converted to use jmock for mocks.
2008-11-21 12:26:56 +00:00
Luke Taylor
6b24637fbc
Further SavedRequestWrapper related tests and tidying up.
2008-11-21 12:17:43 +00:00
Luke Taylor
1cf59b249a
Added test class for DefaultLoginPageGeneratingFilter.
2008-11-16 05:07:33 +00:00
Luke Taylor
13caa48a24
Added clearContext() in @After. Test was leaving a TestingAuthenticationToken in the context.
2008-11-16 00:09:35 +00:00
Luke Taylor
18e74e7d3f
Import cleaning.
2008-11-16 00:03:42 +00:00
Luke Taylor
22cca49d4a
Added clearContext() call in @Before method. Test class appears to be failing on the build server because of a left over security context from a previous test
2008-11-16 00:03:01 +00:00
Luke Taylor
67c06d3d52
SEC-1012: Adding generics and general tidying up of tests etc
2008-11-15 13:00:38 +00:00
Luke Taylor
a535c5bd05
Removed unused imports.
2008-11-15 11:09:40 +00:00
Luke Taylor
9dc50bce82
SEC-1013: Removed ConfigAttributeDefinition
2008-11-15 10:55:23 +00:00
Luke Taylor
e259fe43a9
SEC-1034: Removed classes for converting a FilterInvocationDefinitionSource to a map for use in FilterChainProxy
2008-11-15 10:26:35 +00:00
Luke Taylor
31375b7212
SEC-1012: Futher generification. Also changed method signature of ObjectDefinitionSource.getAllConfigAtributes to return a single collection
2008-11-15 09:35:11 +00:00
Luke Taylor
5c1f4e60e3
Tidying stuff
2008-11-14 07:16:49 +00:00
Luke Taylor
3261fcb174
Tidying stuff
2008-11-14 07:16:30 +00:00
Luke Taylor
fa630a430d
Removed unused test files
2008-11-14 06:23:34 +00:00
Luke Taylor
3ce5ea7710
Add missing @Test attributes
2008-11-14 06:22:43 +00:00
Luke Taylor
df26b2447c
SEC-1035: Switch to using spring-el from the Spring 3 build
2008-11-14 06:21:24 +00:00
Luke Taylor
bd9b199599
Import cleaning.
2008-11-14 00:28:54 +00:00
Luke Taylor
648ba1c43a
SEC-1034: Fix broken tests.
2008-11-13 08:57:43 +00:00
Luke Taylor
ae05e74085
Replace use of deprecated Spring methods (addConstructorArg) with non-deprecated versions.
2008-11-13 08:56:59 +00:00
Luke Taylor
7a8bd8a673
SEC-1034: Removed FilterInvocationDefinitionSourceEditor.
2008-11-13 07:46:21 +00:00
Luke Taylor
464da0f0df
SEC-999: Refactored namespace to take an expression handler instead of a permission evaluator, allowig fo greater cusomtomization and for a single handler to be used in both web and method security expressions.
2008-11-13 07:41:21 +00:00
Luke Taylor
ee13be47b7
Call setAuthenticated() in constructor with authorities to mimic behaviour of UsernamePasswordAuthenticationToken
2008-11-13 07:29:43 +00:00
Luke Taylor
3ef34122fc
Converted to using JMock.
2008-11-13 06:50:55 +00:00
Luke Taylor
e18971fdf0
Fix test. BasicProcessingFilter doesn't work with TestingAuthenticationToken.
2008-11-13 06:30:39 +00:00
Luke Taylor
3acd515c6c
SEC-999: Refactored expression security classes for better separation of concerns and of method vs web authorization expressions.
2008-11-12 04:07:56 +00:00
Luke Taylor
0bbab88504
SEC-1031: LdapShaPasswordEncoder.isPasswordValid startOfHash off by one
...
http://jira.springframework.org/browse/SEC-1031 . Fixed startOfHash value and added tests to check full length of password is used.
2008-11-11 23:34:40 +00:00
Luke Taylor
0ba690fb0e
SEC-1015: Removed acl package from core and also related taglib declaration and implementation class (AclTag).
2008-11-11 09:21:51 +00:00
Luke Taylor
e5b1073501
SEC-1012: Added more generics and warning suppression
2008-11-11 09:06:50 +00:00
Luke Taylor
be34724207
Matchers for use with JMock expectations
2008-11-11 08:43:17 +00:00
Luke Taylor
62986c700b
SEC-1027: Removed bnd plugin and 'bundle' package types from pom.xml files
2008-11-11 01:09:37 +00:00
Luke Taylor
e11114ce77
SEC-1023: Add hasPermission() support to SecurityExpressionRoot
...
http://jira.springframework.org/browse/SEC-1023 .
hasPermission() now delegates to a PermissionEvaluator interface, with a default implementation provided by the Acl module. The contacts sample now uses expressions on the ContactManager interface. The permission-evaluator element on global-method-security can be used to set the instance to an AclPermissionEvaluator. If not set, all hasPermission() expressions will evaluate to 'false'.
2008-11-10 04:27:25 +00:00
Luke Taylor
d6bb6ccbf5
Removed .cvsignore files
2008-11-06 01:11:08 +00:00
Luke Taylor
d33b13e52e
SEC-1023: Added support for hasPermission() based on Id and type
2008-11-05 22:44:46 +00:00
Luke Taylor
a207acf7cb
SEC-999: Fix broken test which was failing due to use of incorrect authentication object.
2008-11-05 01:09:14 +00:00
Luke Taylor
56141e9c5f
SEC-999: Refactoring out specific dependencies on Spring EL into SecurityExpressionHandler.
...
SEC:1023: Updates to expression root to allow evaluationof permissions.
2008-11-04 23:30:56 +00:00
Luke Taylor
dabb719456
SEC-1023: Add hasPermission() support to SecurityExpressionRoot
...
http://jira.springframework.org/browse/SEC-1023 . PermissionEvaluator interface for use by expressions when evaluating hasPermisson() expressions.
2008-11-04 22:46:21 +00:00
Luke Taylor
b42fc7221f
Upgraded to jmock 2.5.1
2008-11-04 05:37:56 +00:00
Luke Taylor
514bca669f
SEC-999: Introduced custom SecurityExpressionEvaluationContext which is responsible for lazy initialization of parameter values in the context. Also some further conversion of code using GrantedAuthority arrays.
2008-10-31 11:40:11 +00:00
Luke Taylor
ec44f2bdfe
SEC-1012: Refactoring of use of GrantedAuthority[] to generified collections
2008-10-31 03:53:00 +00:00
Luke Taylor
e891b334e6
SEC-1009: removed additional container adapter specific code
2008-10-30 05:45:13 +00:00
Luke Taylor
09cc58d7ac
SEC-1009: removed additional container adapter specific code
2008-10-30 05:44:38 +00:00
Luke Taylor
3521af4cae
Added missing test class.
2008-10-30 04:32:22 +00:00
Luke Taylor
a7d046357b
SEC-1013: Refactored out use of ConfigAttributeDefinition from remaining interfaces
2008-10-30 04:10:54 +00:00
Luke Taylor
c7abdadc06
SEC-999: Moved caching from AbstractFallbackMethodDefinitionSource to DelegatingMethodDefinitionSource, to allow ExpressionBasedMethodDefinitionSource to take advantage of it. The latter no-longer uses the fallback approach as it requires its own strategy to combine annotations which may be defined at method-on-class, class, method-on-interface or interface level.
2008-10-28 06:37:04 +00:00
Luke Taylor
f2ec8c978a
Moved MethodDefinitionSource to standalone class.
2008-10-27 21:51:58 +00:00
Luke Taylor
f592357c27
SEC-999,SEC-1013: removed ConfigAtributeDefinition from ObjectDefinitionSource and implementations. Modified el-authz to allow methods which use an annotation without explicitly specifying a PreAuthorize condition
2008-10-27 09:04:22 +00:00
Luke Taylor
5174693c64
SEC-999: Expression language based access decision support
...
http://jira.springframework.org/browse/SEC-999 . Added missing test class.
2008-10-24 00:57:52 +00:00
Luke Taylor
4aa32f7d06
SEC-999: First commit of expression-based authorization implementation
2008-10-24 00:38:36 +00:00
Luke Taylor
91c44a47fd
SEC-999: Added spel-annotations to newly created 2.5 schema file.
...
http://jira.springframework.org/browse/SEC-999
2008-10-21 05:54:42 +00:00
Luke Taylor
b031124f61
SEC-991: Removed deprecated getAttributes() method from LdapUserDetails interface
2008-10-17 05:12:11 +00:00
Luke Taylor
b589f78918
SEC-954: Deprecate AbstractMethodDefinitionSource
2008-10-17 01:06:21 +00:00
Luke Taylor
c947d42146
SEC-1010: Moved TestingAuthenticationProvider and token to main core src tree and updated poms to match
2008-10-15 06:35:11 +00:00
Luke Taylor
6c8a82fa13
Updated poms to Spring 2.5 and fixed up sandbox to work with latest build
2008-10-15 05:52:40 +00:00
Luke Taylor
7cc0965383
SEC-1001: Move core tiger code into core and adjust pom files
2008-10-03 15:23:31 +00:00
Luke Taylor
97381fb448
SEC-974: Made getExceptionMappings() protected.
2008-10-01 16:25:20 +00:00
Luke Taylor
4542f00b14
SEC-975: Namespace security syntax does not interpret properties
...
http://jira.springframework.org/browse/SEC-975 . Changed creation of AccessDeniedHandler to use a BeanDefinition to make sure placeholders work OK.
2008-09-12 19:06:53 +00:00
Luke Taylor
5e4634d216
Minor Javadoc improvement.
2008-09-12 14:57:21 +00:00
Luke Taylor
d291def963
Removed invalid comment.
2008-09-12 10:18:40 +00:00
Luke Taylor
df59cb9dcd
Import cleaning.
2008-09-11 14:41:00 +00:00
Luke Taylor
ef0389ae79
SEC-976: Removed checks for presence of core-tiger classes.
2008-09-11 14:37:55 +00:00
Luke Taylor
5b9bb8ba54
[maven-release-plugin] prepare for next development iteration
2008-09-05 19:04:22 +00:00
Luke Taylor
73eed2656d
[maven-release-plugin] prepare release spring-security-parent-2.0.4
2008-09-05 18:57:43 +00:00
Luke Taylor
8661e17df9
OPEN - issue SEC-960: DN Encoding in LDAPUserDetailsManager.changePassword() causes bind errors
...
http://jira.springframework.org/browse/SEC-960 . Replaced call to toUrl() with toString() to prevent URL encoding when setting up principal name for reconnect() in changePassword() method.
2008-09-05 13:49:38 +00:00
Luke Taylor
5102be3a59
SEC-971: getter for cookieName in AbstractRememberMeServices
...
http://jira.springframework.org/browse/SEC-971 . Added getCookieName() method.
2008-09-04 16:05:34 +00:00
Luke Taylor
4e2d6f8b2e
SEC-967: TextUtils.java does not escape ampersand character
...
http://jira.springframework.org/browse/SEC-967 . Added escaping of '&' character
2008-08-29 12:01:45 +00:00
Luke Taylor
d781deffe7
OPEN - issue SEC-966: Consider adding escapeXml attribute to security:authentication
...
http://jira.springframework.org/browse/SEC-966 . Added escaping of rendered text as default.
2008-08-26 16:21:29 +00:00
Luke Taylor
a4e4120443
SEC-963: LDAP Group Search Root
...
http://jira.springframework.org/browse/SEC-963 . Changed namespace instances of DefaultAuthoritiesPopulator to use the root as the default search location.
2008-08-26 13:51:01 +00:00
Luke Taylor
83868a7334
SEC-955: ability to externalize port mapping for secured channel to a property file
...
http://jira.springframework.org/browse/SEC-955 . Changed schema to make port-mapping type xsd:string to allow placeholders.
2008-08-26 13:20:01 +00:00
Luke Taylor
150f3d97d0
SEC-832: NamingEnumeration.hasMore fails on MS AD with PartialResultException
...
http://jira.springframework.org/browse/SEC-832 . Changed searchForSingleEntry method to ignore PartialResultException, similar to Spring LDAP's approach.
2008-08-26 12:49:37 +00:00
Luke Taylor
7f28a8bc5d
Refactored DefaultLdapAuthoritiesPopulator to remove contextSource field and setter method.
2008-08-26 12:38:02 +00:00
Luke Taylor
1cfd886517
SEC-922: Spring Security should respect Spring XML boolean operators for AJ pointcut
...
http://jira.springframework.org/browse/SEC-922 . Added method to substitute boolean operators "and, not, or" with aspectj versions "&&, !, ||".
2008-08-18 23:31:14 +00:00
Luke Taylor
bb457e1d07
SEC-957: logger.debug without guard causing massive performance hit
...
http://jira.springframework.org/browse/SEC-957 . Added debug logging guard as requested.
2008-08-18 18:20:48 +00:00
Luke Taylor
09cf90258f
SEC-758: Both AspectJSecurityInterceptor and AspectJAnnotationSecurityInterceptor not usable with @AspectJ notation
...
http://jira.springframework.org/browse/SEC-758 . Added "throws Throwable" to AspectJAnnotationCallback signature.
2008-08-18 14:47:28 +00:00
Luke Taylor
e15d7a78cd
SEC-956: Remove MapBasedMethodDefinitionSource.lookupAttributes
...
http://jira.springframework.org/browse/SEC-956 . Done.
2008-08-18 13:13:18 +00:00
Luke Taylor
3bf5e406b7
SEC-936: NPE in AbstractFallbackMethodDefinitionSource
...
http://jira.springframework.org/browse/SEC-936 . Changed to check if the value of MethodInvocation.getThis() is null to prevent NPE. MapBasedMethodDefinitionSource now ignores calls to findAttributes() with a null target class (all its entries require a class) and the fallback option in AbstractFallbackMethodDefinitionSource is used if the targetClass is null (i.e. Method.getDeclaringClass() will be used as the Class)
2008-08-16 02:31:36 +00:00
Luke Taylor
55d357f42d
OPEN - issue SEC-905: <protect-pointcut /> pointcuts do not respect method arguments
...
http://jira.springframework.org/browse/SEC-905 . Added extra registration method to MapBasedMethodDefinitionSource which takes a Method instance rather than the method name.
2008-08-12 17:11:38 +00:00
Luke Taylor
d9ab0758ee
SEC-954: Removed test dependency on AbstractMethodDefinitionSource.
2008-08-12 17:08:55 +00:00
Luke Taylor
36b35e3b1f
CLOSED - issue SEC-953: Query string isn't ignored while url - filterchain pattern matching
...
http://jira.springframework.org/browse/SEC-953 . Fixed autoboxing issue.
2008-08-11 21:15:09 +00:00
Luke Taylor
39a656eb78
OPEN - issue SEC-953: Query string isn't ignored while url - filterchain pattern matching
...
http://jira.springframework.org/browse/SEC-953 . Added stripQueryStringFromUrls parameter to FilterChainProxy which works the same as the one on DefaultFilterInvocationDefinitionSource. This defaults to true when used with ant path matching.
2008-08-11 19:15:33 +00:00
Luke Taylor
b6dec19e90
SEC-932: Added supplied class and test class.
2008-08-11 16:36:01 +00:00
Luke Taylor
3ab9fcdcaf
Tidying.
2008-08-11 15:05:16 +00:00
Luke Taylor
3a9eb018ba
SEC-950: Added test to attempt to reproduce problem.
2008-08-08 15:41:14 +00:00
Luke Taylor
b3a23b4377
Some minor improvements to schema comments
2008-08-07 19:15:13 +00:00
Luke Taylor
25814d341d
Tidying.
2008-08-06 16:18:05 +00:00
Luke Taylor
e951c42c2b
Improved javadoc. Some tidying up.
2008-08-06 15:28:04 +00:00
Luke Taylor
7258d30e13
Reinstated missing author tag and some minor tidying (de-jalopying). Removed unused logger.
2008-08-06 13:41:01 +00:00
Luke Taylor
3ee3591feb
SEC-947: Added check on "before" and "after" values to make sure they don't overflow when decremented/incremented respectfully.
2008-08-05 23:26:01 +00:00
Luke Taylor
1af7eed433
SEC-883: RoleHierarchyVoter
...
http://jira.springframework.org/browse/SEC-883 . Added RoleHierarchyVoter and deprecated existing approach. Also moved TestingAuthenticationToken to test package structure.
2008-08-04 13:08:03 +00:00
Luke Taylor
54ac7b3e46
SEC-935: Updated schema to include OpenID filter name. Also updated some doc comments and added default schema name (spring-security.xsd) to schemas.
2008-08-01 12:51:31 +00:00
Luke Taylor
3049b933d9
Moved XML test snippet to ConfigTestUtils class and removed context files from core-tiger tests in favour of in-memory XML
2008-07-31 21:35:29 +00:00
Luke Taylor
1d96283876
Removed commented out line.
2008-07-31 20:45:25 +00:00
Luke Taylor
d7926f3557
SEC-943: Forgot to commit tests.
2008-07-31 20:30:56 +00:00
Luke Taylor
e5d86b13b7
SEC-941: Embedded ldap-server uses hard-coded ldap url for importing ldif files
...
http://jira.springframework.org/browse/SEC-941 . Changed LdapUtils.parseRootDnFromUrl to use URI.getRawPath() so the returned root value still contains the escaping. I think this should be Ok.
2008-07-31 19:50:08 +00:00
Luke Taylor
67e5afbb79
OPEN - issue SEC-881: PreAuthenticatedFilter continues filter chain after unsuccessfulAuthentication(...)
...
http://jira.springframework.org/browse/SEC-881 . Updated Javadoc.
2008-07-31 15:56:37 +00:00
Luke Taylor
000bb1cbed
OPEN - issue SEC-881: PreAuthenticatedFilter continues filter chain after unsuccessfulAuthentication(...)
...
http://jira.springframework.org/browse/SEC-881 . Added test class.
2008-07-31 15:42:04 +00:00
Luke Taylor
243c4f22d4
OPEN - issue SEC-899: GrantedAuthorityImpl.compareTo should handle null roles
...
http://jira.springframework.org/browse/SEC-899 . Changed to return -1 when compared to custom auhority which returns null from getAuthority()
2008-07-31 13:01:22 +00:00
Luke Taylor
d4c105d8ba
OPEN - issue SEC-934: security:intercept-url throws NPE if defined twice with the same url
...
http://jira.springframework.org/browse/SEC-934 . Added log warning when the same url is used multiple times.
2008-07-30 15:03:47 +00:00
Luke Taylor
f6ff958411
Renamed rnc file.
2008-07-30 11:05:44 +00:00
Luke Taylor
4bb3eb12c3
SEC-933: global-method-security and aop:aspectj-autoproxy throws NullPointerException in some situations
...
http://jira.springframework.org/browse/SEC-933 . Removed the setting of the attributeSource field from the interceptor in MethodDefinitionSourceAdvisor as this was overwriting the version supplied with the constructor with null (causing the NPE).
Also implemented lazy initialization of the authentication provider list from the bean factory in a custom NamespaceAuthenticationManager (extends ProviderManager and introspects the BeanFactory when getProviders() is first called). This should prevent the perennial problem of the eager initialization of UserDetailsService and other beans when the interceptor is eagerly initialized by something like aspectj-autoproxy.
2008-07-30 11:01:23 +00:00
Luke Taylor
f453264bde
SEC-909: custom remember me services doesn't get registered as logout handler
...
http://jira.springframework.org/browse/SEC-909 . HttpSecurityBeanDefinitionParser now passes the resolved RememberMeServices bean name to the LogoutBeanDefinitionparser so that it an use it explicitly.
2008-07-15 18:22:53 +00:00
Luke Taylor
1ddc033fe5
SEC-903: Wrong attribute mapping when using jdbc-user-service bean
...
http://jira.springframework.org/browse/SEC-903 . Corrected property name set by JdbcUserServiceBeanDefinitionParser (was setting authorities query rather than groups one).
2008-07-15 16:43:57 +00:00
Luke Taylor
e303e8b71a
SEC-924: Implement automatic injection of namespace created RememberMeServices into custom AbstractProcessingFilter based beans.
...
http://jira.springframework.org/browse/SEC-924 . Delayed setting of NullRememberMeServices in AbstractProcessingFilter until afterPropertiesSet method is called, allowing the null value to be read by the namespace and the confgiured RememberMeServices bean injected.
2008-07-15 14:52:13 +00:00
Luke Taylor
bf5896600e
OPEN - issue SEC-913: SwitchUserProcessingFilter modifies the switchFailureUrl member variable on failure
...
http://jira.springframework.org/browse/SEC-913 . Applied patch as suggested (use sendRedirect method for failure URL).
2008-07-15 13:42:30 +00:00
Luke Taylor
b4c63db680
SEC-921: Improved messages_zh_CN.properties for Chinese
...
http://jira.springframework.org/browse/SEC-921 . Added contributed file.
2008-07-15 11:11:21 +00:00
Luke Taylor
a56c13fb22
SEC-912: Added callback methods to BasicProcessingFilter for successful and unsuccessful authentication.
2008-07-12 17:40:39 +00:00
Luke Taylor
697c7c5f48
SEC-918: Added more info on DB schema to javadoc
2008-07-12 15:21:24 +00:00
Luke Taylor
6d179122d3
SEC-916: Added Spanish messages contribution.
2008-07-10 15:32:01 +00:00
Luke Taylor
2cda6242c8
SEC-904: Moved multi-threaded tests into sandbox
2008-07-02 19:19:21 +00:00
Luke Taylor
479693ced7
SEC-900: Added extra checks on expiry time
2008-07-02 18:40:55 +00:00
Luke Taylor
775a6c3939
[maven-release-plugin] prepare for next development iteration
2008-06-23 14:10:35 +00:00
Luke Taylor
87d50aecce
[maven-release-plugin] prepare release spring-security-parent-2.0.3
2008-06-23 14:05:36 +00:00
Luke Taylor
3ee8733261
SEC-879: Added required BeanPostProcessor to set SessionRegistry is set on namespace registered AbstractProcessingFilter and SessionFixationProtectionFilter when using custom ConcurrentSessionController
...
http://jira.springframework.org/browse/SEC-879 .
2008-06-20 22:08:05 +00:00
Luke Taylor
d5ee89bb7c
Correct typo in error message.
2008-06-19 15:21:03 +00:00
Luke Taylor
ff5bfccdba
SEC-892: Linked use of create-session='never' in namespace to corresponding properties in ExceptionTranslationFilter and AbstractProcessingFilter
2008-06-19 13:46:45 +00:00
Luke Taylor
c56d524bd9
SEC-887: Added setter method for account status checker.
2008-06-18 12:00:45 +00:00
Luke Taylor
af5f193ec1
SEC-890: Corrected use of dataSource property name in RememberMeBDP.
2008-06-18 10:35:30 +00:00
Luke Taylor
7d79ae5424
SEC-880: Fix incorrect index value.
2008-06-13 10:58:01 +00:00
Luke Taylor
32b8009bee
SEC-875: Removed duplicated parameters from SavedRequestWrapper.getParameterValues()
2008-06-09 23:33:36 +00:00
Luke Taylor
3b775d29d3
SEC-870: Polish messages file contribution
2008-06-08 22:09:47 +00:00
Ben Alex
358f284f42
SEC-760: Correct bug where more than one concurrent JaasAuthenticationProvider used.
2008-06-06 06:13:14 +00:00
Luke Taylor
ff785a829f
[maven-release-plugin] prepare for next development iteration
2008-06-03 16:07:20 +00:00
Luke Taylor
db1d8604a6
[maven-release-plugin] prepare release spring-security-parent-2.0.2
2008-06-03 16:05:40 +00:00
Luke Taylor
9308284bd4
SEC-864: Removed duplicate OpenID provider.
2008-06-03 14:53:43 +00:00
Luke Taylor
122e1c47ed
Changed rnc filename prior to 2.0.2 release
2008-06-01 19:34:50 +00:00
Luke Taylor
64ab7e534c
Spelling corrections in Javadoc.
2008-06-01 17:26:27 +00:00
Luke Taylor
ab6d29d927
SEC-862: Make logoutSuccessUrl accessible to sub-classes.
2008-06-01 16:15:09 +00:00
Luke Taylor
1d9d7eb9a7
Removed accidental commit of SavedRequest clearing code in TargetUrlResolverImpl
2008-05-30 17:53:09 +00:00
Luke Taylor
ecd2cc6da7
Added some Assert calls to setters and improved comments.
2008-05-30 15:29:51 +00:00
Luke Taylor
f228d013d8
SEC-861: Change default value of justUseSavedRequestOnGet to false
2008-05-30 15:09:51 +00:00
Luke Taylor
4de4bb8e87
SEC-860: Added setter for authenticationDetailsSource to AbstractRememberMeServices
2008-05-30 14:29:32 +00:00
Luke Taylor
f8cded10ee
Typo.
2008-05-30 11:20:16 +00:00
Luke Taylor
c031588975
SEC-606: Added support for customizable credentials character set.
2008-05-29 18:00:15 +00:00
Luke Taylor
36a192b70f
SEC-858: Replaced integer properties in schema with strings to allow use of placeholders.
2008-05-29 16:13:14 +00:00
Luke Taylor
980a72f9a0
Removed TODO (done).
2008-05-29 15:54:50 +00:00
Luke Taylor
517a7f117a
SEC-857: Make request wrapper getParameterValues() consistent with getParameterMap() etc.
2008-05-29 15:49:43 +00:00
Luke Taylor
244579faf4
OPEN - issue SEC-856: GroupManager JdbcUserDetailsManager implementation: addGroupAuthority() method doesn't work.
...
http://jira.springframework.org/browse/SEC-856 . Refactored class to remove the JDBC-related inner classes.
2008-05-28 16:25:28 +00:00
Luke Taylor
d63536cc0d
SEC-821: Added support for eternal session registry and concurrent session controller to the 2.0.2 namespace.
2008-05-27 13:14:21 +00:00
Luke Taylor
8b5bbe3800
SEC-830: Changed SavedRequestAwareWrapper to make wrapped request parameters take precedence over saved request ones.
2008-05-25 22:57:03 +00:00
Luke Taylor
45c3084502
SEC-836: Made LDAP namespace elements use subtree group searching by default.
2008-05-23 23:57:01 +00:00
Luke Taylor
871e529840
SEC-850: custom-authentication-provider Registering Separate Bean Definitions in App Context and Providers List
...
http://jira.springframework.org/browse/SEC-850 . Added extra test.
2008-05-23 23:32:57 +00:00
Luke Taylor
d1005e4cfb
SEC-850: custom-authentication-provider Registering Separate Bean Definitions in App Context and Providers List
...
http://jira.springframework.org/browse/SEC-850 . Changed bean decorator to add a bean reference to the ProviderManager rather than a bean definition.
2008-05-23 23:25:09 +00:00
Luke Taylor
9ce0270226
Fixed typo in test name
2008-05-23 22:57:30 +00:00
Luke Taylor
7603ce2f97
SEC-848: Remove all Spring LDAP dependecy loading from namespace parsers
...
http://jira.springframework.org/browse/SEC-848 . Replaced class references with class names.
2008-05-23 21:30:57 +00:00
Luke Taylor
25ba269db0
SEC-835: use setContentType on response for J2EE 1.3 compatibility.
2008-05-23 20:55:10 +00:00
Luke Taylor
11b448c0e0
SEC-847: Updated the xsl file to inline openid-login and other elements
2008-05-23 16:29:44 +00:00
Luke Taylor
08c5fe8925
Fixed autoboxing issue
2008-05-22 12:19:00 +00:00
Luke Taylor
fbe3ca48f4
SEC-823, SEC-843: Allow setting of custom RememberMeServices and token validity periodon remember-me namespace element
2008-05-21 16:03:05 +00:00
Luke Taylor
3e33b8a880
Update InMemoryXmlApplicationContext to use 2.0.2 schema
2008-05-20 22:46:37 +00:00
Luke Taylor
b60c578b25
SEC-844: Support for SHA-256 hashing.
2008-05-20 22:45:02 +00:00
Luke Taylor
03981ab6a0
SEC-844: Added sec-256 to namespace schema
2008-05-20 22:32:03 +00:00
Luke Taylor
e9adbd4d62
SEC-844, SEC-843, SEC-823: Added support for sha-256, custom remember-me services and setting of remember me token validity period to namespace schema. Also added 2.0.2 XSD file
2008-05-20 19:48:32 +00:00
Luke Taylor
29d31b72d0
SEC-837: Add special character filtering to LDAP search filters
2008-05-20 19:25:37 +00:00
Luke Taylor
3fb1f59fde
SEC-837: Add special character filtering to LDAP search filterscore/src/test/java/org/springframework/security/ldap
2008-05-20 19:22:49 +00:00
Luke Taylor
5af53da106
Improved doc for'filters' attribute
2008-05-18 11:09:50 +00:00
Luke Taylor
2329dadf48
Removed jalopy parameter comments
2008-05-15 17:58:15 +00:00
Luke Taylor
f269373442
IDE-791: Remove explicit Spring LDAP class dependencies from LdapServerBDP.
2008-05-15 14:33:42 +00:00
Luke Taylor
8b2c0468ff
OPEN - issue SEC-834: Session fixation attack protection will cause problems with URL rewriting
...
http://jira.springframework.org/browse/SEC-834 . Modified HttpSecurityBDP to add session-fixation parameters to openId and form-login filters. Also added sessionRegistry property to AbstractProcessingFilter so that it doesn't conflict with concurrent session control.
2008-05-15 01:34:14 +00:00
Luke Taylor
d17a2da9e0
SEC-834: Session fixation attack protection will cause problems with URL rewriting
...
http://jira.springframework.org/browse/SEC-834 . Changed position of SessionFixationProtectionFilter and modified it to make a decision about whether authentication has taken place prior to calling doFilter(). Previously it did this on the return through the filter chain, which caused the problem described in this issue.
2008-05-15 00:26:27 +00:00
Luke Taylor
7f38c656ca
SEC-820: Expand regular expression used in hierarchical roles.
2008-05-14 22:59:33 +00:00
Luke Taylor
6493df13f8
SEC-803: Removed use of websphere SubjectHelper class.
2008-05-14 22:51:39 +00:00
Luke Taylor
59543af4fb
SEC-826: Support for JPA PersistenceContext annotation broken
...
http://jira.springframework.org/browse/SEC-826 Moved all injection post-processing to BeanPostProcessors (and deleted bean factory post-processor) to prevent early instantiation problems. Beas should now all be instantiated before the injection takes place.
2008-05-14 16:41:52 +00:00
Luke Taylor
1fee538c7e
Fixed typo in setter method (uses of).
2008-05-13 15:32:30 +00:00
Luke Taylor
ae2470127c
Fixed typo in setter method "seAttributePrefix"
2008-05-13 13:51:49 +00:00
Luke Taylor
e1b226ee57
Added 2.0.2 namespace file
2008-05-10 17:16:46 +00:00
Luke Taylor
add2649397
Javadoc typo.
2008-05-09 18:09:56 +00:00
Luke Taylor
781d88bd30
OPEN - issue SEC-825: Query string isn't beig stripped from URLs when ant matcher is in use (regression issue)
...
http://jira.springframework.org/browse/SEC-825 . Make sure the property is set on DefaultFilterInvocationDefinitionSource when ant paths are in use.
2008-05-09 18:08:32 +00:00
Luke Taylor
883b92e7bd
SEC-822: Converted to long arithmetic to prevent integer overflowing with long token validity periods
2008-05-08 15:07:40 +00:00
Luke Taylor
301d021bf5
SEC-817: NPE in org.springframework.security.config.FilterChainProxyPostProcessor
...
Reversed order of beanName.equals() call as suggested.
2008-05-07 13:58:53 +00:00
Luke Taylor
8ad2d681ab
SEC-818: Changed redirect URL validation to ignore potential property placeholders at parsing time and report a warning through the parser context rather than an error. Also validated the URLs in the beans themselves using Asserts, so an exception will occur later when the beans have been created rather than while assembling the bean definitions.
2008-05-07 13:49:20 +00:00
Luke Taylor
afc757e618
Removed reference to LdapDataAccessException since it isn't actually mentioned except in javadoc
2008-05-06 14:43:52 +00:00
Luke Taylor
c333070fe3
Javadoc tidying
2008-05-06 13:59:46 +00:00
Luke Taylor
fca3a2a709
SEC-812: Added missing TextUtils file
2008-05-05 19:09:09 +00:00
Luke Taylor
fa44c74993
SEC-812: Added entity-escaping of username stored under last username key, to prevent problems if it is rendered in a page without escaping the text.
2008-05-05 18:37:02 +00:00
Luke Taylor
06719053f1
Removed commons lang dependency.
2008-05-05 17:18:47 +00:00
Ben Alex
9961c7f867
Moved to correct build location.
2008-05-02 10:52:57 +00:00
Ben Alex
7a2e1e13d3
SEC-811: Provide a mechanism to allocate and rebuild cryptographically strong, randomised tokens.
2008-05-02 10:38:56 +00:00
Luke Taylor
a599ef5398
[maven-release-plugin] prepare for next development iteration
2008-05-01 20:09:03 +00:00
Luke Taylor
3e808335a4
[maven-release-plugin] prepare release spring-security-parent-2.0.1
2008-05-01 20:07:46 +00:00
Luke Taylor
6ecfa0541f
SEC-806: Osgi-ified more modules
2008-05-01 17:11:31 +00:00
Luke Taylor
4984d4be65
OPEN - issue SEC-757: Add validation of redirect URLs on namespace
...
http://jira.springframework.org/browse/SEC-757 . Added validation method to ConfigUtils and calls to it for url attributes.
2008-05-01 16:39:31 +00:00
Luke Taylor
0df9dee9dd
SEC-806: Improved OSGi bundle version information support
2008-04-30 18:02:47 +00:00
Luke Taylor
81ebd094ff
OPEN - issue SEC-808: Switch namespace schema version to 2.0.1 and update spring.schemas
...
http://jira.springframework.org/browse/SEC-808 . Replaced 2.0 text with that from the 2.0 release, rather than the website schema.
2008-04-29 18:59:25 +00:00
Luke Taylor
473f6a32c6
OPEN - issue SEC-808: Switch namespace schema version to 2.0.1 and update spring.schemas
...
http://jira.springframework.org/browse/SEC-808 . Created new 2.0.1 schema files and updated tests to use them.
2008-04-29 18:53:33 +00:00
Luke Taylor
8281aeb0da
SEC-807: Allow mapping to a standard Ldap UserDetails through the namespace
...
http://jira.springframework.org/browse/SEC-807 . Added extra test for Ldap provider parser.
2008-04-29 18:01:59 +00:00
Luke Taylor
e4b32b8d29
OPEN - issue SEC-807: Allow mapping to a standard Ldap UserDetails through the namespace
...
http://jira.springframework.org/browse/SEC-807 . Added support for user-details-class attribute to ldap-authentication-provider and ldap-user-service.
2008-04-29 16:53:24 +00:00
Luke Taylor
104716fedb
SEC-805: Add extra fields to InetOrgPerson
...
http://jira.springframework.org/browse/SEC-805 . Added a substantial number of new fields to the class.
2008-04-29 14:39:58 +00:00
Luke Taylor
ef112f7967
Fixed autoboxing problem.
2008-04-28 15:26:20 +00:00
Luke Taylor
341455cde4
SEC-799: Import cleaning following other changes.
2008-04-28 15:19:25 +00:00
Luke Taylor
2d692718e0
SEC-799: Add better detection of missing server-ref element for <ldap-user-service> and <ldap-authentication-provider />
...
http://jira.springframework.org/browse/SEC-799 . Updated ContextSourceSettingPostProcessor to set the standard ContextSource as an alias if it is needed by a bean but has not been set (because the user specified their own server id on <ldap-server />).
2008-04-28 15:01:20 +00:00
Luke Taylor
270fa92780
Improved Javadoc comment
2008-04-28 09:20:37 +00:00
Luke Taylor
d3a0f05de9
SEC-783: GlobalMethodSecurityBeanDefinitionParser should support AfterInvocationProviders
...
http://jira.springframework.org/browse/SEC-783 . Added support for custom-after-invocation-provider
2008-04-25 12:28:30 +00:00
Luke Taylor
348d211b8c
SEC-797: Minor javadoc correction.
2008-04-24 23:12:55 +00:00
Luke Taylor
d1e23b3d2c
SEC-783: Added custom-after-invocation-provider element to namespace.
2008-04-24 02:02:23 +00:00
Luke Taylor
1090072fff
SEC-795: Add check for protected login page when using namespace
...
http://jira.springframework.org/browse/SEC-795 . I've added checks for the various scenarios which will result in a protected login page and suitable warning messages.
2008-04-24 01:59:19 +00:00
Luke Taylor
5d51b35cfa
SEC-792: Filters should only be added to the default stack if they are labelled using custom-filter.
...
http://jira.springframework.org/browse/SEC-792 . Updated FilterChainProxyPostProcessor to raise an exception if two filters have the same order, and also to unwrap wrapped filters once the sorting by order has been performed.
2008-04-23 23:19:44 +00:00
Luke Taylor
38774ec94f
SEC-792: Filters should only be added to the default stack if they are labelled using custom-filter.
...
http://jira.springframework.org/browse/SEC-792 . The filters are now maintained as a list in the context and have to be stored there explicitly on registration.
2008-04-23 16:06:54 +00:00
Luke Taylor
01185475a1
OPEN - issue SEC-793: ldap-authentication-provider element parser ignores hash attribute.
...
http://jira.springframework.org/browse/SEC-793 . Added support for hash attribute. password-encoder still takes precendence with a warning if both are present.
2008-04-23 12:50:09 +00:00
Luke Taylor
7e63fe7357
SEC-790: DefaultLoginPageGeneratingFilter should be a better HTTP citizen
...
http://jira.springframework.org/browse/SEC-790 . Applied submitted patch.
2008-04-23 00:41:52 +00:00
Luke Taylor
8ea7487ec3
Removed unused method.
2008-04-22 23:20:49 +00:00
Luke Taylor
ec81e780b2
Import cleaning.
2008-04-22 22:27:51 +00:00
Luke Taylor
599d9fea04
Minor improvements to toString() methods for logging.
2008-04-22 22:21:20 +00:00
Luke Taylor
b2e9e82727
Fixed typo in message.
2008-04-22 21:54:54 +00:00
Luke Taylor
63decfeb93
SEC-761: HttpSessionContextIntegrationFilter.contextObject should be created in afterPropertiesSet(), not the constructor
...
http://jira.springframework.org/browse/SEC-761 . Added call to generateNewContext() in the afterPropertiesSet() method to take account of custom security context classes.
2008-04-22 21:51:12 +00:00
Luke Taylor
1ae167434a
SEC-756: Add checks for duplicate use of namespace elements such as global-method-security
...
http://jira.springframework.org/browse/SEC-756 . Refactored HttpSecurityBDP and added check for duplicate usage of the element.
2008-04-22 21:25:35 +00:00
Luke Taylor
083644f2fe
SEC-756: Refactored GlobalMethodSecurityDefinitionParser and added check for duplicate registration.
2008-04-22 18:25:35 +00:00
Luke Taylor
1258fa854e
SEC-788: x509 authentication does not work properly
...
http://jira.springframework.org/browse/SEC-788 . Added check for X509 element when choosing entry point, if nothing else is available.
2008-04-22 14:53:11 +00:00
Luke Taylor
e12b6afefa
SEC-776: Http Session created for Anonymous request
...
http://jira.springframework.org/browse/SEC-776 . Added AuthenticationtrustResolver to HttpSCIF to check for anonymous authentication.
2008-04-22 13:22:38 +00:00
Luke Taylor
88ea87642a
SEC-791: RequestKey.equals throws NPE if method is null
...
http://jira.springframework.org/browse/SEC-791 . Fixed handling of equals when one http method is null.
2008-04-22 12:32:33 +00:00
Luke Taylor
9eaa1cbbdd
OPEN - issue SEC-789: Add support for optional role-prefix attribute to namespace
...
http://jira.springframework.org/browse/SEC-789 . Added role-prefix attribute to ldap provider and jdbc/ldap user-service elements.
2008-04-21 18:29:54 +00:00
Luke Taylor
aba5a22b6c
SEC-789: Add support for optional role-prefix attribute to namespace
...
http://jira.springframework.org/browse/SEC-789 . Added support for role-prefix to jdbc-user-service element.
2008-04-21 17:44:32 +00:00
Luke Taylor
1a4130528a
SEC-782: Incorrect UrlMatcher initialization in FilterChainProxy results in wrong lowercase/uppercase matching
...
http://jira.springframework.org/browse/SEC-782 . I've updated FilterChainProxy to make sure the same UrlMatcher is used throughout when converting a legacy configuration.
2008-04-21 16:51:06 +00:00
Luke Taylor
5bb558bd6a
SEC-777: The disabled status cannot be set in <user-service>
...
http://jira.springframework.org/browse/SEC-777 . Added the disabled flag to the relax grammar file.
2008-04-21 15:59:08 +00:00
Luke Taylor
993fdd7a32
Added better toString() method to OrderedFilterDecorator to make it report the delegate filter information.
2008-04-21 12:53:54 +00:00
Luke Taylor
469f55ce05
SEC-773: global-method-security fails with JPA
...
http://jira.springframework.org/browse/SEC-773 . Added extra constructor to MethodDefinitionSourceAdvisor to allow for lazy initialization of the advice (MethodSecurityInterceptor), and in turn the AuthenticationManager and ay referenced UserDetailsService implementations.
2008-04-18 13:15:56 +00:00
Luke Taylor
7238097310
OPEN - issue SEC-775: CLONE -impossible to specify "observeOncePerRequest" property in the namespace based configuration.
...
http://jira.springframework.org/browse/SEC-775 . Corrected check for value of observe-once-per-request attribute. Should be a check for "false" as it is true by default.
2008-04-15 16:57:47 +00:00
Ben Alex
b5dc523041
[maven-release-plugin] prepare for next development iteration
2008-04-14 07:06:44 +00:00
Ben Alex
0c42670431
[maven-release-plugin] prepare release spring-security-parent-2.0.0
2008-04-14 07:05:46 +00:00
Ben Alex
4d714b33e0
SEC-770: Mark old org.springframework.security.acl module as @deprecated.
2008-04-14 06:50:01 +00:00
Luke Taylor
57b5f38df1
OPEN - issue SEC-769: Remember-Me functionality not available in namespace configuration
...
http://jira.springframework.org/browse/SEC-769 . I've added a check in FormLoginBeanDefintionParser to see if RememberMeServices is registered. If so, it will inject the bean into the filter. Also added a check in HttpSecurityBeanDefinitionParserTests that the field has been set.
2008-04-13 22:11:09 +00:00
Luke Taylor
4ae40150c9
SEC-752: ClassLoading in GlobalMethodSecurityBeanDefinitionParser doesn't work in tooling
...
http://jira.springframework.org/browse/SEC-752 . Removed check for JSR-250 class.
2008-04-13 20:59:39 +00:00
Luke Taylor
552dc6486a
SEC-703: Expose customization of SQL used by <jdbc-user-service>
...
http://jira.springframework.org/browse/SEC-703 . Added suggested attributes for sql queries.
2008-04-13 20:51:40 +00:00
Luke Taylor
d6e5dbbcfd
SEC-767: Added override for flushBuffer in response wrapper.
2008-04-13 20:22:31 +00:00
Luke Taylor
9d54c2d22b
OPEN - issue SEC-637: Dependency on RequestUtils
...
http://jira.springframework.org/browse/SEC-637 . Removed use of ServletRequestUtils in AbstractRememberMeServices
2008-04-13 12:53:01 +00:00
Luke Taylor
0422cb1f8f
Fixed artifact groups for aspectjrt and added cas sample to project build
2008-04-13 00:08:18 +00:00
Luke Taylor
83c152e379
SEC-768: Changed exception to error reported through parser context. Added entry-point-ref to cas config
2008-04-13 00:02:46 +00:00
Luke Taylor
a2f4ee1c58
SEC-767: Added check for committed response before attempting to create a new session
2008-04-12 23:18:03 +00:00
Luke Taylor
2d3bc27d06
SEC-755: Updated bundle names in line with Christian's recommendations.
2008-04-12 18:38:06 +00:00
Luke Taylor
d0ae8e072d
Refactored out safeGetHttpSession method to remove multiple try/catch IllegalArgumentException blocks round request.getSession() calls.
2008-04-12 15:01:52 +00:00
Luke Taylor
6b86b05a0a
Removed autoboxing
2008-04-11 23:22:36 +00:00
Luke Taylor
d288f722a8
OPEN - issue SEC-759: GrantedAuthoritiesContainer should extend Serializable
...
http://jira.springframework.org/browse/SEC-759 . Added Serializable to interface.
2008-04-11 17:25:41 +00:00
Luke Taylor
3b3d339393
SEC-764: Added support for "position" attribute. Also added "LAST" as an option for filter position.
2008-04-11 17:01:08 +00:00
Luke Taylor
7145198e5a
OPEN - issue SEC-763: Allow setting of alwaysUseDirectTargetUrl via form-login namespace URL
...
http://jira.springframework.org/browse/SEC-763 . Added always-use-default target attribute to namespace.
2008-04-11 12:03:55 +00:00
Luke Taylor
a3de51ea51
Fixed typo in constant name.
2008-04-09 23:41:27 +00:00
Luke Taylor
029f8a2409
Made test method getFilters on FilterChainProxy default access.
2008-04-07 22:41:50 +00:00
Luke Taylor
a2d2c6b67a
Corrected element name.
2008-04-07 22:28:47 +00:00
Luke Taylor
243b5f4a2a
SEC-746: impossible to specify errorPage for the AccessDeniedHandlerImp when using namespace based configuration
...
http://jira.springframework.org/browse/SEC-746 . Added access-denied-page to http element.
2008-04-07 22:17:09 +00:00
Luke Taylor
f57ba43780
SEC-673: Reinstated a bean registration that had accidentally bean removed by the last patch, breaking core-tiger tests.
2008-04-07 21:05:13 +00:00
Luke Taylor
80dbc4fd75
SEC-673: Applied patch from Christian.
2008-04-07 20:20:58 +00:00
Luke Taylor
594b69b7ef
SEC-754: Changed tests to use unicode escapes rather than explicit UTF-8.
2008-04-07 18:05:45 +00:00
Luke Taylor
236e310ea7
SEC-747: impossible to specify "observeOncePerRequest" property in the namespace based configuration.
...
http://jira.springframework.org/browse/SEC-747 . Added once-per-request attribute to http element.
2008-04-07 15:30:27 +00:00
Luke Taylor
6612d0f729
SEC-754: Fixed wrong array length and added tests for encoding non-ascii password.
2008-04-07 14:13:40 +00:00
Luke Taylor
6d1932da33
SEC-753: Changed Spring version range in felix plugin to [2.0,2.6) to allow use with minor 2.5 versions.
2008-04-07 12:39:00 +00:00
Luke Taylor
92ad1ecf81
Typo in Javadoc.
2008-04-06 00:08:41 +00:00
Luke Taylor
67d5a5b814
SEC-750: Support for JPA PersistenceContext annotation broken
...
http://jira.springframework.org/browse/SEC-750 . Updates to prevent the HttpSecurityPostProcessor from causing beans to be instantiated. Added a simplified test case to HttpSecurityBeanDefinitionParserTests.
2008-04-06 00:04:50 +00:00
Luke Taylor
a43d054bd7
Removed comment about status checking as it is not entirely correct and misleads people.
2008-04-04 19:40:28 +00:00
Luke Taylor
21e83e8364
[maven-release-plugin] prepare for next development iteration
2008-04-01 15:03:29 +00:00
Luke Taylor
91ed7dceb6
[maven-release-plugin] prepare release release_2_0_0_RC1
2008-04-01 15:01:30 +00:00
Luke Taylor
3cb504fa95
Fixed jdk 1.4 compatibility issues
2008-04-01 14:32:31 +00:00
Luke Taylor
e05d1da102
Refactored AuthenticationUserDetailsService to userdetails package as it isn't preauth specific
2008-03-31 23:08:30 +00:00
Luke Taylor
f898bec370
OPEN - issue SEC-742: IllegalArgumentException if namespace configuration defines RememberMeServices without BasicProcessingFilter
...
http://jira.springframework.org/browse/SEC-742 . Fix. Post processor was assuming there was a BasicProcessinFilter in the app context when a remember-me services was present.
2008-03-31 22:44:11 +00:00
Luke Taylor
c347834401
OPEN - issue SEC-605: JdbcDaoImpl of UserDetailsService should provide a method for customizing creation of the final UserDetails object
...
http://jira.springframework.org/browse/SEC-605 . Added a createUserDetails method and also some other methods which are responsible for executing the individual queries for loading the userinformation and authorities.
2008-03-31 18:01:07 +00:00
Luke Taylor
40e51dd5fe
OPEN - issue SEC-649: Add user-service-ref attribute to remember-me namespace element
...
http://jira.springframework.org/browse/SEC-649 . Added attribute to namespace and parsing support.
2008-03-31 17:27:58 +00:00
Luke Taylor
cc752cfc28
OPEN - issue SEC-732: Encapsulate query objects in JdbcDaoImpl and JdbcUserDetailsManager
...
http://jira.springframework.org/browse/SEC-732 . Updated these classes to hide the internal query and update objects to allow future refactoring.
2008-03-31 16:52:31 +00:00
Luke Taylor
53b084e2f9
Simple tests to detect invalid configurations, particularly when the namespace has been updated without applying the spring-security.xsl transformation, which prevents certain elements from appearing at top level.
2008-03-31 16:30:28 +00:00
Luke Taylor
b1ae4922d2
SEC-726: Added entry-point-ref to <http> namespace element to allow customization of authentication process.
2008-03-31 16:22:40 +00:00
Luke Taylor
9db55f336c
SEC-739: Removed siteminder provider code.
2008-03-31 12:23:32 +00:00
Luke Taylor
512c64fb98
SEC-738: Add session-registry-alias attribute to concurrent-session-control
...
http://jira.springframework.org/browse/SEC-738 . Added this attribute. Also various bugfixes in handling of attribute names for concurrent session control.
2008-03-31 12:01:37 +00:00
Luke Taylor
07f820f1a6
Minor portlet-related changes suggested by John Lewis: Javadoc and default values of booleans.
2008-03-31 10:10:13 +00:00
Luke Taylor
c9b6fe9555
OPEN - issue SEC-657: Create pre-authenticated processing filter which obtains username from request header
...
http://jira.springframework.org/browse/SEC-657 . Added filter and test class.
2008-03-30 13:37:13 +00:00
Luke Taylor
b98c72056a
SEC-728: Change use of String.getBytes() in password encoders to use UTF-8
2008-03-29 15:21:31 +00:00
Luke Taylor
1463b9769d
SEC-629: authentication-provider doesn't support caching.
...
http://jira.springframework.org/browse/SEC-629 . Added support for cache-ref elements on jdbc-user-service and ldap-user-service
2008-03-28 17:55:12 +00:00
Luke Taylor
db6fafaf56
SEC-629: authentication-provider doesn't support caching. Refactored MockUserCache class to top level
2008-03-28 14:17:05 +00:00
Luke Taylor
1fece47b49
SEC-691: Applied patch to allow setting of returned user attributes from LDAP search.
2008-03-27 14:41:11 +00:00
Luke Taylor
350a626587
SEC-477: Added preauthenticated websphere contribution.
2008-03-27 14:25:17 +00:00
Luke Taylor
584853bbcb
Tidied imports.
2008-03-26 21:49:26 +00:00
Luke Taylor
ef5b3e2f9c
SEC-733: Changed names of <global-method-security> attributes as discussed with Ben and updated sample to reflect the changes. Also changed explicit instantiation of Jsr250 and Secured annotation MethodDefinitionSource beans in GlobalMethodSecurityBDP into bean definitions to make more tooling friendly.
2008-03-26 21:48:24 +00:00
Luke Taylor
9ea2408ac6
Fixed error in choosing main entry point (it's an alias not a bean name, so doesn't appear in the entry map - you have to get it direct from the bean factory).
2008-03-26 17:34:42 +00:00
Luke Taylor
1b8a3c5673
SEC-689: Updated session fixation protection namespace support to set session registry on SessionFixationProtectionFilter.
2008-03-26 14:51:16 +00:00
Luke Taylor
eeb14b3965
Changed filter order numbers to start at zero (makes them more readable in log compared with large negative numbers)
2008-03-26 12:22:26 +00:00
Luke Taylor
4681ff3d50
SEC-689: Fix 1.4 compatibility issue (overlooked autoboxing of boolean)
2008-03-26 12:09:57 +00:00
Luke Taylor
43b51ca64d
SEC-689: Session Fixation protection should be available to all authentication mechanisms.
...
http://jira.springframework.org/browse/SEC-689 . Added support to namespace.
2008-03-26 12:00:58 +00:00
Luke Taylor
2af2f299cb
SEC-689: Further tests, logging improvements.
2008-03-26 00:00:56 +00:00
Luke Taylor
a29842a467
SEC-689: Tests for SessionFixationProtectionFilter
2008-03-25 23:24:38 +00:00
Luke Taylor
8f5bcb64a6
SEC-689: Session Fixation protection should be available to all authentication mechanisms.
...
http://jira.springframework.org/browse/SEC-689 . Added a general SessionFixationProtectionFilter which can be added to the filter stack to detect when a user has been authenticated and then migrate them to a new session. Also added support to <http/> namespace element.
2008-03-25 22:32:26 +00:00
Luke Taylor
83bcc6ad7c
Removed loggers from subclasses of SpringSecurityFilter in favour of using base class logger.
2008-03-25 14:51:34 +00:00
Ben Alex
0860333a3f
SEC-733: AspectJ Pointcut Expression Parsing support.
2008-03-25 08:28:53 +00:00
Ben Alex
f4eb15b08b
SEC-428: Tests to prove proxy-target-class="true" works.
2008-03-24 23:10:01 +00:00
Luke Taylor
f8b5000d40
SEC-428: Make sure context is cleared before running test.
2008-03-24 22:56:43 +00:00
Luke Taylor
18fef571c3
Import cleaning.
2008-03-24 22:44:42 +00:00
Luke Taylor
028af06d61
SEC-428: Security interceptor does not work with schema based aop:config
...
http://jira.springframework.org/browse/SEC-428 . Fixed broken test method.
2008-03-24 22:43:08 +00:00
Luke Taylor
a375d8e59e
SEC-428: Added test
2008-03-24 20:50:58 +00:00
Luke Taylor
1dd5f42142
Adding svn keywords, correcting typos etc.
2008-03-24 20:48:45 +00:00
Ben Alex
9a4977ebd1
SEC-99/428/429/563: Various refactoring of method security metadata support.
2008-03-24 09:40:13 +00:00
Ben Alex
6ab301981c
Update dependency versions and POM structure.
2008-03-24 09:05:44 +00:00
Luke Taylor
fe0e05a6c8
SEC-725: PasswordEncoderParser: <security:password-encoder> element does not pick up 'base64' attribute value
...
http://jira.springframework.org/browse/SEC-725 . Added fix as recommended in issue.
2008-03-23 22:38:13 +00:00
Luke Taylor
b54e3978dc
SEC-729: Organization of pom dependencies, particularly for servlet-api and jstl. Some other adjustments, removal of unrequired deps etc
2008-03-23 00:31:32 +00:00
Luke Taylor
30a6abbe50
Tidied formatting of toString output for FilterBasedLdapUserSearch
2008-03-22 21:40:54 +00:00
Luke Taylor
162933155e
Added implementation of GrantedAuthoritiesContainer to allow refactoring of duplication in various preauth details classes
2008-03-22 19:29:13 +00:00
Luke Taylor
2ea94e2cc9
Tidying imports etc
2008-03-22 11:44:28 +00:00
Luke Taylor
563dabda2f
SEC-722: Add Open ID Namespace Support
...
http://jira.springframework.org/browse/SEC-722 . Added OpenIDProvider to bean registry and fixed login page generator to use correct URL for OpenID. Added user-service-ref to namespace element. Changed OpenID sample to use <openid-login />.
2008-03-21 23:47:09 +00:00
Luke Taylor
b89dbc6060
Import cleaning
2008-03-21 21:51:48 +00:00
Luke Taylor
9871685ea3
SEC-722: Fixed problem with empty loginpage string (rather than null) preventing default login page filter from being added to the stack.
2008-03-21 21:50:26 +00:00
Luke Taylor
b73736ffaf
Updated example configuration in javadoc for LdapAuthenticationProvider.
2008-03-21 17:12:22 +00:00
Ben Alex
16ea8faa0d
SEC-727: Ensure SecurityConfig cannot be constructed unsafely; also update SecurityConfigTests to JUnit 4.
2008-03-21 02:15:47 +00:00
Luke Taylor
acc22b2745
SEC-722: Add Open ID Namespace Support
...
http://jira.springframework.org/browse/SEC-722 . Added check for MAIN_ENTRY_POINT bean when resolving entry points. If this has been set during parsing it will be used.
2008-03-20 20:11:34 +00:00
Luke Taylor
815f04b6c3
SEC-722: Add Open ID Namespace Support
...
http://jira.springframework.org/browse/SEC-722 . Added element to namespace and modified form login parser to handle open id element. Also added openID support to login page generator.
2008-03-20 20:05:11 +00:00
Luke Taylor
bbc5fea598
SEC-722: Add Open ID Namespace Support
...
http://jira.springframework.org/browse/SEC-722 . Added extra constants for OpenID support.
2008-03-20 19:51:59 +00:00
Luke Taylor
d333655b0b
Updated to commons logging 1.1.1 to get rid of servlet api dependency in their pom
2008-03-20 19:43:55 +00:00
Luke Taylor
56b967f935
Removed filer name duplication in rnc file.
2008-03-20 15:10:21 +00:00
Luke Taylor
a65b5a9ed8
Corrected separators between http method strings in rnc file.
2008-03-20 14:56:02 +00:00
Luke Taylor
8f379768a8
SEC-720: Design for extension: PreAuthenticatedGrantedAuthoritiesUserDetailsService
...
http://jira.springframework.org/browse/SEC-720 . Added createUserDetails method to allow custom UserDetails object t be created.
2008-03-19 18:29:38 +00:00
Luke Taylor
030550a88e
Applied XSL transform to XSD file
2008-03-19 17:04:39 +00:00
Luke Taylor
f8d855f1a2
SEC-716: Default (non-web) AuthenticationDetailsSource implementation.
2008-03-18 18:45:38 +00:00
Luke Taylor
c9ff912b2f
SEC-723: Change PreAuthenticatedAuthenticationProvider to reject authentication tokens with null credentials. Also introduced a property "throwExceptionWhenTokenIsRejected" which raises a BadCredentialsException when the toke is invalid.
2008-03-18 18:29:48 +00:00
Luke Taylor
163fb1052f
SEC-721: Call Principal.getName() in AbstractAuthenticationToken.getName() if principal instaceof Principal
2008-03-18 18:06:56 +00:00
Luke Taylor
2df2eaa169
SEC-719: Introduced base class for J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource to extract non-http specific functionality (for use in portlet version).
2008-03-18 17:22:02 +00:00
Luke Taylor
52b92b209c
Removed out of date email address for Ben.
2008-03-17 22:44:13 +00:00
Luke Taylor
8f7b216de3
Import cleaning, removal of unnecessary constructors etc based on eclipse warnings
2008-03-17 14:10:22 +00:00
Luke Taylor
abd5e384fe
removed unused eh-cache config file
2008-03-17 14:07:19 +00:00
Luke Taylor
60de6314d4
Replaced casting to check validity of provider list with call to Assert.isInstanceof.
2008-03-17 13:50:37 +00:00
Ben Alex
e4c6022b36
SEC-718: Support additional HTTP methods.
2008-03-16 04:14:21 +00:00
Ben Alex
6bc0585e4a
SEC-717: Resolve UserDetails.getAuthorities() sort logic issue.
2008-03-16 04:02:55 +00:00
Luke Taylor
5743763599
SEC-625: Remove references to FilterToBeanProxy
2008-03-13 18:52:31 +00:00
Luke Taylor
5d6ec8ed71
SEC-702: Updated use of UsernameNotFoundException to set extraInformation property
2008-03-13 16:49:19 +00:00
Luke Taylor
712f1770d9
SEC-714: Refactor PreAuthenticatedGrantedAuthoritiesSetter and PreAuthenticatedGrantedAuthoritiesRetriever
...
http://jira.springframework.org/browse/SEC-714
2008-03-13 16:03:18 +00:00
Luke Taylor
42a80931c1
SEC-671: Changed AuthenticationDetailsSource to take an object as argument instead of an HttpServletRequest and renamed AuthenticationDetailsSourceImpl to WebAuthenticationDetailsSource. Also removed some preauth dependencies on commons lang
2008-03-13 14:42:38 +00:00
Luke Taylor
df0d52ada7
SEC-708: Improve generation of XSD file from Relax NG schema
...
http://jira.springframework.org/browse/SEC-708 . Committed XSL transformed XSD file and some minor changes to organisation of RNC file.
2008-03-13 10:33:28 +00:00
Luke Taylor
3a364a3343
SEC-713: Made MethodDefinitionAdvisor an infrastructure bean as required by Spring 2.0.7+ and upgraded to Spring 2.0.8
2008-03-11 17:53:04 +00:00
Luke Taylor
089bffa10f
SEC-712: HttpSessionContextIntegrationFilter "context" property should be renamed
...
http://jira.springframework.org/browse/SEC-712
2008-03-11 14:16:40 +00:00
Luke Taylor
ed08ba10ba
Added test file for CustomAuthenticationProviderBeanDefinitionDecorator
2008-03-11 13:50:53 +00:00
Luke Taylor
6fcadb2022
SEC-699: Make TargetUrlResolverImpl parameter non-optional
...
http://jira.springframework.org/browse/SEC-699
2008-03-11 11:25:55 +00:00
Luke Taylor
e8c0e74498
SEC-708: Improve generation of XSD file from Relax NG schema. XSL file to be run on generated xsd to inline selected elements which should not be global.
...
http://jira.springframework.org/browse/SEC-708
2008-03-10 19:47:20 +00:00
Luke Taylor
8231df4bc1
Catalog file for security xsd file to simplify its use in editors or ther tools supporting this format.
2008-03-10 12:23:23 +00:00
Luke Taylor
f76f1b340f
SEC-707: Make purpose of form-login attributes clearer. Renamed login-url to login-processing-url
2008-03-10 10:46:23 +00:00
Luke Taylor
f7ae070b2f
SEC-705: Extend ldap-authentication-provider namespace elt to support user searches and multiple authentication strategies
...
http://jira.springframework.org/browse/SEC-705
2008-03-09 19:26:34 +00:00