Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-29 13:49:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,882 Commits 48 Branches 362 Tags
Commit Graph

2904 Commits

Author SHA1 Message Date
Luke Taylor
57150a6717 SEC-1440: Add entry-point-ref to http-basic element to allow setting a separate AuthenticationEntryPoint for the BasicAuthenticationFilter. 2010-03-26 12:47:24 +00:00
Luke Taylor
472c1fac84 SEC-1450: Replace use of ClassUtils.getMostSpecificMethod() in AbstractFallbackMethodDefinitionSource with AopUtils.getMostSpecificMethod() equivalent. 
Ensures protect-pointcut expressions match methods with generic parameters.
 2010-03-24 20:57:03 +00:00
Luke Taylor
b38b8e55ac SEC-1432: Convert map keys to lower-case in UserMap.setUsers(). 
Otherwise the lookup on mixed-case fails, since the lookup is performed with a lower-case key.
 2010-03-05 17:55:29 +00:00
Luke Taylor
530ab3ae30 SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect. 2010-03-04 21:21:07 +00:00
Luke Taylor
e5a875d752 SEC-1407: Correct logger category in MatcherType. 2010-03-01 02:03:32 +00:00
Luke Taylor
90a7f1f00e SEC-1383: Namespace support for MethodSecurityMetadataSource. Initial commit. 2010-03-01 01:45:43 +00:00
Luke Taylor
93438defff SEC-1407: Use RequestMatcher instances as the FilterInvocationSecurityMetadataSource keys and in the FilterChainMap use by FilterChainProxy. 
This greatly simplifies the code and opens up possibilities for other matching strategies (e.g. EL). This also means that matching is now completely strict - the order of the matchers is all that matters (not whether an HTTP method is included or not). The first matcher that returns true will be used.
 2010-03-01 01:21:06 +00:00
Luke Taylor
f0466b6488 SEC-1424: Added support for "stateless" option for create-session attribute, designed for applications which do not use sessions at all. 2010-02-27 00:22:21 +00:00
Luke Taylor
6a34807a07 SEC-1423: Cache PointcutExpression instances in ProtectPointcutPostProcessor for more efficient startup. 2010-02-26 17:21:25 +00:00
Luke Taylor
2f1479785e Refactoring to remove remaining circular dependencies indicated by structure101. 2010-02-22 01:48:22 +00:00
Luke Taylor
26cf6f5528 SEC-1399: Remove MockAuthenticationManager in app context file for FilterChainProxy tests. 2010-02-20 21:59:44 +00:00
Luke Taylor
68f6afd905 SEC-1383: Added namespace support for method-security-metadata-source 2010-02-20 19:05:25 +00:00
Luke Taylor
b7fc5bc455 Update schema version to 3.1 2010-02-20 18:58:00 +00:00
Luke Taylor
10dc72b017 SEC-1387: Support serialization of security advised beans. 
MethodSecurityMetadataSourceAdvisor now takes the SecurityMetadataSource bean name as an extra constructor argument and re-obtains the bean from the BeanFactory in its readObject method. Beans that are advised using <global-method-security> should therefore now be serializable.
 2010-02-19 00:53:14 +00:00
Luke Taylor
5b5934144a Avoid infinite loop in InterceptMethodsBeanDefinitionDecoratorTests when upgrading to Spring 3.0.1. 
Converted test target to implement ApplicationListener<SessionCreatedEvent> so that it doesn't receive events from its own interceptor (which are in turn intercepted).
 2010-02-16 00:03:15 +00:00
Luke Taylor
36612377e2 Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents. 2010-02-14 23:23:23 +00:00
Luke Taylor
dcbdfc2026 SEC-1396: Implement eager saving of SecurityContext in SessionManagementFilter on authentication. 
The user is then seen as being authenticated to further (re-entrant) requests which occur before the existing request has completed. The saving logic is contained with the SecurityContextRepository implementation.
 2010-02-11 17:47:22 +00:00
Luke Taylor
70ef0d8b3e Added extra test to itest/context as POC of using extra interceptor with http ns. 2010-02-11 01:48:00 +00:00
Luke Taylor
2173029216 SEC-1404: Use a factory method to convert the path to lower case for use in the filter-chain map. 
Delays the conversion till after palceholders have been substituted, preventing the placeholder from being converted (or the value not being converted).
 2010-02-10 23:49:26 +00:00
Luke Taylor
5753d69465 SEC-1404: Updated test for placeholders in intercept-url elements to check they work for filter='none' elements 2010-02-10 16:49:53 +00:00
Luke Taylor
bd2fd3448b SEC-1392: Mark PermissionEvaluator and MethodSecurityExpressionHandler as AopInfrastructure beans to prevent them being advised and causing premature use of MethodSecurityMetadataSource before it is initialized properly. 2010-02-06 15:42:01 +00:00
Luke Taylor
d931495c8a SEC-1380: Trim whitespace from config attributes when building a list in SecurityConfig. 2010-01-23 02:12:30 +00:00
Luke Taylor
670297c55d SEC-1369: Make sure beans aren't registered twice in case allowBeanDefinitionOverriding=false in the app context. 
The use of registerBeanComponent() also registers the bean definition, which causes an error if overriding is disallowed and the bean has already been registered using registerBeanDefinition(). I've also set the allowBeanDefinitionOverriding to 'false' on InMemoryXmlApplicationContext to detect future mistakes of this kind in testing.
 2010-01-14 15:48:14 +00:00
Luke Taylor
e211f9b35f SEC-1349: Allow configuration of OpenID with parameters which should be transferred to the return_to URL. 
The OpenIDAuthenticationFilter now has a returnToUrlParameters property (a Set). If this is set, the named parameters will be copied from the incoming submitted request to the return_to URL. If not set, it defaults to the "parameter" property of the AbstractRememberMeServices of the parent class. If remember-me is not in use, it defaults to the empty set.

Enabled remember-me in the OpenID sample.
 2010-01-09 01:04:13 +00:00
Luke Taylor
51abedcbef Parameterize getFilter() method in HttpSecurityBeanDefinitionParserTests. 
Removes the need for casting to specific filter type.
 2010-01-08 23:20:16 +00:00
Luke Taylor
f40a1fda34 SEC-1357: Use getClass().getClassLoader() in SecurityNamespaceHandler to check for web classes. 
This is used in preference to ClassUtils.getDefaultClassLoader() which fails to find the web classes in some situations.
 2010-01-08 21:12:36 +00:00
Luke Taylor
052537c8b0 Removing $Id$ markers and stripping trailing whitespace from the codebase. 2010-01-08 21:05:13 +00:00
Luke Taylor
dc5417f1d5 SEC-1352: Added support for placeholders in <user-service> 
The username, password and authorities attributes can now be placeholders.
 2010-01-05 22:34:10 +00:00
Luke Taylor
893f212fa5 Tidying 2010-01-02 19:53:19 +00:00
Luke Taylor
bcb1ff8921 SEC-1342: Introduced extra factory method in SecurityConfig to get round problem with Spring converting a string with commas to an array 2009-12-23 14:12:59 +00:00
Luke Taylor
fac07ba8ff Schema updates to Spring 3.0 2009-12-18 18:44:17 +00:00
Luke Taylor
85a58fd473 SEC-1331: Modify namespace to allow omission of user passwords in user-service element and generate random ones internally, preventing authentication against the data.. 2009-12-18 15:39:13 +00:00
Luke Taylor
1dc4bb112e SEC-1318: Correct logic for checking combination of session-management attributes. 2009-12-07 22:40:47 +00:00
Luke Taylor
3469a8d4a3 Javadoc. 2009-12-07 21:40:06 +00:00
Luke Taylor
ac564fc34e SEC-1317: Forgot to commit test from config module. 2009-12-07 21:39:49 +00:00
Luke Taylor
d4e4a09801 SEC-1312: Add detection of 2.0 schemas. Added check to SecurityNamespaceHandler and reinstated old schemas. 2009-12-06 21:15:11 +00:00
Luke Taylor
eddde8ea28 SEC-1309: Namespace configurations should support Spring EL. Removed premature conversion of URL paths to lower case, which messes up if they are case-sensitive expressions or placeholders. Some other minor changes to suppport EL configuration. 2009-12-01 14:23:58 +00:00
Luke Taylor
5546698fef SEC-1253: Decouple spring-security-config module from spring-security-web. Added ClassUtils.isPresent() check for FilterChainProxy before attempting to register web-related parsers and decorators. Added use of namespace to dms sample for testing. 2009-11-17 23:39:42 +00:00
Luke Taylor
66b1b1957c SEC-1298: Deleted custom-filter BeanDefinitionDecorator 2009-11-17 21:36:11 +00:00
Luke Taylor
3444b31615 SEC-1291: Add logout namespace support for custom success handler. Added attribute "success-handler-ref" to <logout> element in namespace. 2009-11-17 17:29:43 +00:00
Luke Taylor
9eae7b899c SEC-1284: Added proxy-target-class attribute to method security namespace 2009-11-17 16:19:05 +00:00
Luke Taylor
afdd80235c SEC-1272: <authentication-manager> does not register default event handler DefaultAuthenticationEventPublisher. Fixed Spring RC1 - RC2 regression problem with test (addApplicationListener() behaviour has changed). 2009-11-17 14:34:43 +00:00
Luke Taylor
d4d5012035 SEC-1272: <authentication-manager> does not register default event handler DefaultAuthenticationEventPublisher. Update AuthenticationManagerBeanDefinitionParser to register a DefaultAuthenticationeventPublisher and set it on the registered ProviderManager. 2009-11-17 12:55:53 +00:00
Luke Taylor
a2468c523a SEC-1283: AuthenticationConfigBuilder.createAnonymousFilter uses httpElt instead of anonymousElt. Corrected element name. 2009-11-04 17:39:26 +00:00
Luke Taylor
197737a2b4 SEC-1281: make sure correct 'key' value is used for RememberMeAuthenticationProvider when external RememberMeServices is used 2009-11-04 14:55:58 +00:00
Luke Taylor
799b96520b SEC-1269: Combining <form-login> and <open-id> fails to find entry point. Fixed entry point choice conditions when using openID and/or form-login 2009-10-14 00:30:28 +00:00
Luke Taylor
73df14c912 Allow any ordering of authentication-provider elements within authentication-manager 2009-10-11 19:58:04 +00:00
Luke Taylor
ed2ddf9323 SEC-1263: Add FactoryBean for namespace AuthenticationManager. <http> now uses AuthenticationManagerFactoryBean. Method security already uses a delegate object to lookup the AuthenticationManager. This now uses the same error message if the bean isn't found, rather than allowing the BeanFactory NoSuchBeanDefinitionException to be thrown directly. 2009-10-09 14:41:34 +00:00
Luke Taylor
ac5237c127 SEC:1263: Added FactoryBean for AuthenticationManager 2009-10-09 12:11:45 +00:00
Luke Taylor
e398922f85 Removing elements that are no longer supported from the namespace 2009-10-08 14:40:52 +00:00