c0579230b2
Correct package names in ref manual docbook. Minor change to namespace appendix.
2010-02-18 00:32:48 +00:00
5b5934144a
Avoid infinite loop in InterceptMethodsBeanDefinitionDecoratorTests when upgrading to Spring 3.0.1.
...
Converted test target to implement ApplicationListener<SessionCreatedEvent> so that it doesn't receive events from its own interceptor (which are in turn intercepted).
2010-02-16 00:03:15 +00:00
bd635edc31
SEC-1410: Makes sure usernames which are OpenID https identities are detected as well as http ones.
...
Using ":" as the token delimiter means we accidentally mistake the URL for two tokens. This had previously been fixed for http URLs but not https ones.
2010-02-15 22:46:18 +00:00
1719bdebeb
Changed classes output dir names in core modules for better display in structure diagram
2010-02-15 02:23:40 +00:00
c1133d1ef3
Removed unused import in DelegatingAuthenticationEntryPoint and corrected test class name.
2010-02-14 23:31:31 +00:00
d30e31d816
Remove unnecessary @SuppressWarnings and inline dependency from ELRequestMatcher (util package) to core ExpressionUtils.
2010-02-14 23:29:27 +00:00
dbee91002e
Deprecate EncryptionUtils.
2010-02-14 23:27:29 +00:00
c12c43da9e
Javadoc fixes.
2010-02-14 23:27:09 +00:00
36612377e2
Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents.
2010-02-14 23:23:23 +00:00
e729819ce0
Updated incorrect package names in docbook
2010-02-12 15:18:01 +00:00
1e4f451352
Moved DelegatingAuthenticationEntryPointTest-context.xml to test/resources
2010-02-11 18:08:06 +00:00
dcbdfc2026
SEC-1396: Implement eager saving of SecurityContext in SessionManagementFilter on authentication.
...
The user is then seen as being authenticated to further (re-entrant) requests which occur before the existing request has completed. The saving logic is contained with the SecurityContextRepository implementation.
2010-02-11 17:47:22 +00:00
403f8da79a
Added missing jettyVersion variable to build.gradle.
2010-02-11 17:36:45 +00:00
90d6ff1fde
SEC-1406: Create a DelegatingAuthenticationEntryPoint
2010-02-11 13:19:16 +01:00
d32b078a8c
SEC-1406: Create a DelegatingAuthenticationEntryPoint
2010-02-11 09:05:28 +01:00
e678ba7283
Improvements to itest-web subproject.
...
Added to gradle build. Updated deps (testng and jwebunit). New test added for persistent remember-me.
2010-02-11 01:48:21 +00:00
70ef0d8b3e
Added extra test to itest/context as POC of using extra interceptor with http ns.
2010-02-11 01:48:00 +00:00
23511c930f
Standardising slf4j versions.
2010-02-11 01:33:31 +00:00
017dad8f5d
Added support for fop extensions in PDF generation.
2010-02-11 00:19:18 +00:00
2173029216
SEC-1404: Use a factory method to convert the path to lower case for use in the filter-chain map.
...
Delays the conversion till after palceholders have been substituted, preventing the placeholder from being converted (or the value not being converted).
2010-02-10 23:49:26 +00:00
d2413cf237
SEC-1406: Create a DelegatingAuthenticationEntryPoint
2010-02-10 21:25:23 +01:00
5753d69465
SEC-1404: Updated test for placeholders in intercept-url elements to check they work for filter='none' elements
2010-02-10 16:49:53 +00:00
81657d0efc
SEC-1403: Corrected interface name.
2010-02-10 15:24:46 +00:00
08c7155ab5
SEC-1404: Refactored IP subnet matching into IpAddressMatcher class to allow it to be used outside expressions.
2010-02-10 15:06:01 +00:00
1ecd3e228b
SEC-1405: added RequestMatcher interface.
2010-02-10 14:34:14 +00:00
2f40088fe7
Change spring-aop dep to compile scope in contacts sample
2010-02-08 12:34:19 +00:00
15c309a2ed
Add spring-aop to acl and contacts compile dependencies following changes for SEC-1390.
...
AopInfrastructureBean interface is now required.
2010-02-06 21:22:12 +00:00
f54831f2b5
SEC-1398: Minor changes to method security annotation information in namespace chapter.
...
Added some explanation of the different annotation types and their suitability.
2010-02-06 18:03:05 +00:00
67c9a0b78d
SEC-1389: Added "iterations" property to BaseDigestpasswordEncoder to support "stretching" of passwords.
2010-02-06 17:34:07 +00:00
bd2fd3448b
SEC-1392: Mark PermissionEvaluator and MethodSecurityExpressionHandler as AopInfrastructure beans to prevent them being advised and causing premature use of MethodSecurityMetadataSource before it is initialized properly.
2010-02-06 15:42:01 +00:00
984604b026
SEC-1384: Removed check for empty authority list from DefaultWebInvocationPrivilegeEvaluator.
...
The class previously rejected access if the user had no authorities. It will now allow the AccessDecisionManager to make the decision.
2010-02-06 14:38:44 +00:00
8720966d20
SEC-1390: Added null check on claimedIdentifier returned by DiscoveryInformation to prevent NPE.
2010-02-06 14:38:44 +00:00
b1243416fc
Minor corrections to aspectj interceptor docs
2010-02-05 20:24:05 +00:00
38837775a5
Minor corrections to aspectj interceptor docs.
2010-02-05 17:10:27 +00:00
10d787ede2
Javadoc corrections to SessionRegistryImpl
2010-02-03 23:49:36 +00:00
c4d2f59eec
SEC-1381: Update source repo information in docs to point to git rather than subversion.
2010-01-27 01:37:45 +00:00
912e7976da
Added doc upload capability to build.
2010-01-23 02:12:31 +00:00
dcf9ea25a6
Updated access-decision and after-invocation diagrams in manual.
2010-01-23 02:12:30 +00:00
0974e21fb6
SEC-1379: Added creation of a session if session timeout is detected (requested session ID is invalid).
...
This prevents problems with repeated detection of the same invalid session when the redirected request comes in.
2010-01-23 02:12:30 +00:00
d931495c8a
SEC-1380: Trim whitespace from config attributes when building a list in SecurityConfig.
2010-01-23 02:12:30 +00:00
04447bdbf0
SEC-1377: Extended HTML escaping functionality to take account of control characters, whitespace and to handle Unicode supplementary characters (surrogate pairs).
2010-01-22 01:55:13 +00:00
dbf673ec37
Build updates to include uploading of distro and docs, plus addition of admon graphics path to docbook plugin.
2010-01-21 20:12:12 +00:00
9734e4c82f
Added generation of sha1 of distro archive to build.
2010-01-21 20:00:17 +00:00
56849dc41e
Added tasks for apidocs, doc and distro archive generation to the build file.
2010-01-21 19:59:48 +00:00
10cd080090
SEC-1356: Update createUser method in LdapUserDetailsManager to create the LDAP entry before adding authorities. Prevents removal of authorities for an existing user.
2010-01-20 18:51:29 +00:00
0c10efbbf8
Revert SEC-1356.
...
Checking the path of a submitted cookie will never work as the path is not sent by the browser, so will be null.
2010-01-19 22:26:21 +00:00
1a7f71fc0f
SEC-1372: Return an empty list rather than null from SessionRegistryImpl.getAllSessions()
...
If the principal has no sessions, null is returned which contradicts the interface contract. In practice it didn't matter as the null was checked for, but it is cleaner to disallow a null value.
2010-01-19 01:07:33 +00:00
8137a8bcd0
Enabled detection of release builds and s3 maven deployment capability to gradle build.
...
The s3 deployment requires an updated snapshot of the spring aws-maven dependency, as the old one was incompatible with changes in the latest version (1.0-beta6) of the Maven "wagon" api.
2010-01-18 02:02:28 +00:00
a5dde8b28f
Updated doc on invalid session detection.
...
Invalid session URL must typically be omitted from the filter chain to prevent an infinite loop.
2010-01-17 14:41:24 +00:00
51dfc0fb39
Set versions to 3.0.2-CI-SNAPSHOT, post release.
2010-01-15 18:15:19 +00:00
Luke Taylor
Mike Wiesner