Commit Graph

4327 Commits

Author SHA1 Message Date
Keith Donald 38327d1b16 SEC-1659: crypto docs 2011-01-19 18:17:03 +00:00
Keith Donald b646e44646 SEC-1659: fixed bundlor step of build 2011-01-19 18:17:03 +00:00
Keith Donald ea76efdb2c SEC-1659: favor AES encryption instead of DES as standard symmetric encryption algorithm 2011-01-19 18:17:02 +00:00
Keith Donald ffa7301e7f SEC-1569: initial commit of spring-security-crypto module, consisting of encrypt, keygen, password, and util packages 2011-01-19 18:17:02 +00:00
Luke Taylor afd586c96e Re-instate the CAS integration sequence description in the CAS chapter, with corrections (and minus proxying). 2011-01-18 16:50:18 +00:00
Luke Taylor 2eefbf3a23 SEC-1657: Added support for 'name' attribute in <http> element to expose filter chain as a list bean. 2011-01-14 17:21:22 +00:00
Rob Winch f20649f035 SEC-1648: added null check for getTargetUrlParameter() in SavedRequestAwareAuthenticationSuccessHandler.onAuthenticationSuccess and updated validation for AbstractAuthenticationTargetUrlRequestHandler.setTargetUrlParameter 2011-01-13 20:29:37 -06:00
Luke Taylor 075b30ab44 SEC-1651: Added paragraph to FAQ mentioning dependencies appendix. 2011-01-12 15:27:30 +00:00
Luke Taylor 8da0de459b SEC-1651: Added remaining module information to dependencies appendix. 2011-01-12 15:09:01 +00:00
Luke Taylor 79b8edbd1e Update CAS client to 3.1.12 2011-01-12 14:56:16 +00:00
Luke Taylor eeb466b613 SEC-1648: Implemented Rob's suggestion to use a null value for the targetUrlParameter rather than a boolean property. It should thus only be used if this value is set. 2011-01-12 13:26:05 +00:00
Luke Taylor 6de2197c0f SEC-1653: Ensure UserDetailsServiceFactoryBean is registered using the tools API to prevent errors in STS. 2011-01-11 00:10:07 +00:00
Luke Taylor 19e56f4397 Stripping out unnecessary dependencies from sample jars. 2011-01-10 17:27:58 +00:00
Luke Taylor 39b48c6d95 Update gradle wrapper to 0.9.1 in order to use mavenLocal() repo syntax. 2011-01-10 17:27:22 +00:00
Luke Taylor bf59c75886 Test class to improve coverage of WAS-specific preauth code. 2011-01-07 19:49:50 +00:00
Luke Taylor b858b23927 SEC-1651: Added first draft of dependencies appendix to reference manual. 2011-01-07 19:23:06 +00:00
Luke Taylor 6779822325 Remove GRADLE-1090 workarounds from config.gradle. 2011-01-07 18:28:21 +00:00
Luke Taylor 8d7830a1ee SEC-1603: Add support in namespace for use of AuthenticationSuccessHandler with remember-me. 2011-01-06 15:16:13 +00:00
Luke Taylor 7fd3aa2b45 SEC-1603: Add support for injecting an AuthenticationSuccessHandler into RememberMeAuthenticationFilter. 2011-01-06 13:02:38 +00:00
Luke Taylor c1f2fa1983 SEC-1558: Changed signatures of PrePostInvocationAttributeFactory to take strings rather than annotation types to allow the metadata to be obtained from other sources (not just annotations). 2011-01-05 16:56:28 +00:00
Luke Taylor 423f9eae7a SEC-1648: Added a useTargetUrlparameter property to AbstractAuthenticationTargetUrlRequestHandler which defaults to false.
This ensures that users will think about the context in which they are enabling the use of a parameter to determine the redirect location.
2011-01-05 13:14:02 +00:00
Luke Taylor 313fe78cc1 Corrected snapshot version 2010-12-20 23:04:49 +00:00
Luke Taylor 2487a3e27b Reset to snapshot version 2010-12-20 23:02:58 +00:00
Luke Taylor 0ca5157f47 Set project release version to 3.1.0.M2 2010-12-20 22:46:54 +00:00
Luke Taylor 7316bcff75 Updated outdated CAS sample readme with instructions for running CAS using gradle 2010-12-20 22:22:19 +00:00
Luke Taylor bbcc611af5 CAS server version upgrade and minor tweaks to CAS sample build file. 2010-12-20 22:12:35 +00:00
Luke Taylor 592782dc7f Added test for getAdditionalRoles in DefaultLdapAuthoritiesPopulator. 2010-12-20 17:31:14 +00:00
Luke Taylor eebcfd28ef Move Ldap authorities populator tests to the correct package. 2010-12-20 17:23:43 +00:00
Luke Taylor dbe270f132 SEC-1641: Correct code and test for null groupSearchBase. 2010-12-20 16:50:37 +00:00
Luke Taylor 428a0b7dce SEC-1639: Removed url argument from FilterChainProxy's VirtualFilterChain, since this can be directly computed from the request instance in the debug statements. 2010-12-20 14:13:13 +00:00
Luke Taylor 5f6dab67e1 SEC-1492: Added SimpleAuthoritiesMapper which provides a one-to-one authority mapping with case-conversion and the addition of a "role" prefix to the authority name. 2010-12-19 17:33:27 +00:00
Luke Taylor 3547cfcc92 SEC-1641: Remove the private setGroupSearchBase method and allowed a null value to be set for the group search base in the constructor. 2010-12-19 17:33:26 +00:00
Luke Taylor f1fe3ce7e6 Update wrapper to gradle 0.9 release 2010-12-19 14:41:41 +00:00
Luke Taylor 48ea0a6249 SEC-1638: Added paragraph to docs explaining that for complete security, an app should not switch out of HTTPS at all. 2010-12-17 17:34:08 +00:00
Luke Taylor 7cf9740fd4 SEC-1638: Added an example configuration to the Javadoc for ChannelProcessingFilter and a pointer from the reference manual. 2010-12-17 17:09:20 +00:00
Rob Winch 1ed5227d75 Removed @Override from HttpFirewallBeanDefinitionParser.parse since it does not override a method definition, it implements one.
Fixed The method parse(Element, ParserContext) of type HttpFirewallBeanDefinitionParser must override a superclass method	HttpFirewallBeanDefinitionParser.java	/spring-security-config/src/main/java/org/springframework/security/config/http	line 23	Java Problem
2010-12-16 22:20:20 -06:00
Rob Winch 7c04fdbc90 SEC-1639: FirewalledRequest is now called on the specific FirewalledRequest instance rather that looping through ServletRequestWrappers.
VirtualFilterChain now accepts the FirewalledRequest in the constructor. The reset method is called directly on the instance passed in instead of looping through the ServletRequestWrappers.
2010-12-16 21:57:26 -06:00
Luke Taylor 46f83c8a08 SEC-1492: Added RoleHierarchyAuthoritiesMapper as the new preferred way of using a RoleHierarchy. 2010-12-16 16:00:43 +00:00
Luke Taylor c8820166c8 SEC-1576: Parameterize the secured object type in AccessDecisionVoter. 2010-12-16 15:21:22 +00:00
Luke Taylor 85d685f7d3 SEC-1611: Make access attribute in authorize tag a runtime expression 2010-12-14 16:55:34 +00:00
Luke Taylor ce421f22bf SEC-1635: Stop security interceptors from calling AfterInvocationManager if exception occurs during invocation 2010-12-14 16:24:51 +00:00
Luke Taylor 2be2660b13 SEC-1636: Add optimizations for simple pattern cases in AntPathRequestMatcher. "/**" and "**" are treated as universal matches and a trailing "/**" is now optimized using a substring match. 2010-12-11 21:56:35 +00:00
Luke Taylor 523f6add60 Javadoc fix 2010-12-09 12:39:05 +00:00
Luke Taylor 4a40d80da1 SEC-1418: Deprecate GrantedAuthorityImpl in favour of final SimpleGrantedAuthority.
It should be noted that equality checks or lookups with Strings or other authority types will now fail where they would have succeeded before.
2010-12-03 16:41:46 +00:00
Luke Taylor 978b7d4707 SEC-1631: Reduced use of reflection in DefaultAuthenticationEventPublisher and added tests. 2010-12-02 18:19:27 +00:00
Luke Taylor bfb723feac SEC-1557: Added getter to DelegatingMethodSecurityMetadataSource. Also added some optimizations of cache lookup key equals method. A class type check is unnecessary since the key class is a private inner class. 2010-12-01 21:55:33 +00:00
Luke Taylor 441aa25383 SEC-1615: Changed key generation for anonymous provider to only use SecureRandom on demand. 2010-12-01 20:52:37 +00:00
Luke Taylor 4ad0652787 Removed array of authorities constructor from TestingAuthenticationToken and RunAsUserToken. 2010-12-01 20:52:37 +00:00
Luke Taylor ca679e1479 Reformatting. 2010-12-01 20:52:37 +00:00
Luke Taylor 9b29dcb8bf SEC-1430: Removed username attribute from WebAttributes class. 2010-11-26 14:20:19 +00:00