Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,611 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

1942 Commits

Author SHA1 Message Date
Luke Taylor 03d39f1e88 Minor package info updates. 2009-05-11 05:48:09 +00:00
Luke Taylor 76438b3347 SEC-1132: Refactoring of access/intercept package to extract packages and classes which are externally depended on or potentially may be used outside of the standard interceptor model (e.g. SecurityMetadataSource) 2009-05-11 05:44:31 +00:00
Luke Taylor 14c4739605 SEC-1158: Decoupling of Pre/Post annotations implementation from Spring EL. 2009-05-11 05:18:20 +00:00
Luke Taylor 39f1536d5a Upgrade to Spring 3.0 M3 2009-05-07 08:24:41 +00:00
Luke Taylor 6d655aa514 SEC-1132: More refactoring to remove cycles ad reduce complexity metrics 2009-05-04 14:24:54 +00:00
Luke Taylor 73cfeecd0c Make sure argumentsAdded flag is set correctly. 2009-05-04 12:36:16 +00:00
Luke Taylor 5b543f83ec Removed web dependency on core-tests 2009-05-04 02:25:49 +00:00
Luke Taylor 4bc788828c SEC-1147: Remove use of SessionRegistryUtils. Inlined the methods. 2009-05-01 06:45:34 +00:00
Luke Taylor 39cc865a36 SEC-1143: Fixed by using BeanDefinitionRegistry.isBeanNameInUse() instead of containsBeanDefinition() to check for the SessionRegistry availability. The former picks up the alias registration of the standard bean Id for user's bean Id. 2009-04-28 12:08:48 +00:00
Luke Taylor e94baf38b3 Tidying up to remove warnings (generics, use of deprecated test classes etc). 2009-04-28 06:49:43 +00:00
Luke Taylor 50ac9d3b05 More generification to remove last warnings in core package. 2009-04-26 10:17:09 +00:00
Luke Taylor 1454cbb78e SEC-1132: Moved TextUtils to web module and StringSplit utils into Digest authentication package (as they aren't used elsewhere). 2009-04-25 08:04:26 +00:00
Luke Taylor a76cbee4bc SEC-1132: Moved ThrowableAnalyzer code to web module as it is only used in ExceptionTranslationFilter 2009-04-25 07:03:15 +00:00
Luke Taylor 22e7142f45 SEC-998: Bundlor enabled in web, ldap, config and core modules 2009-04-24 09:12:53 +00:00
Luke Taylor 2e3189cf83 SEC-998: Enabled bundlor in core 2009-04-22 13:00:14 +00:00
Luke Taylor 21e36e0a57 Updated version number from 2.5.0-SNPSHOT to 3.0.0.CI-SNAPSHOT 2009-04-22 12:55:52 +00:00
Luke Taylor a73016b898 SEC-998: Initial bundlor template.mf for core 2009-04-22 12:47:44 +00:00
Luke Taylor 305ce125fb SEC-863: Hierarchical roles should use the interface GrantedAuthority. Applied submitted patch. 2009-04-22 05:53:59 +00:00
Luke Taylor d7f202a111 Addition of final to constructor set fields to improve immutability of authentication and user objects 2009-04-22 04:11:38 +00:00
Luke Taylor ba6664f77f SEC-1012: Refactor SessionRegistry interface to use Java 5 generics. 2009-04-21 06:57:21 +00:00
Luke Taylor cac2bce382 Refactored SessionRegistryImpl to remove servlet API deps and moved back into core, along with other concurrent authentication package classes. 2009-04-21 06:05:14 +00:00
Luke Taylor 06040853da Javadoc tidying 2009-04-21 03:16:57 +00:00
Luke Taylor 56ec1b4b05 Tidying beforeInvocation method. 2009-04-20 01:01:34 +00:00
Luke Taylor 292926518b SEC-1136: Converted base exceptions to extend RuntimeException rather than NestedRuntimeException. 2009-04-15 10:19:37 +00:00
Luke Taylor 93bdcccaee SEC-1132: Moved userdetails into core and added core/authority sub-package 2009-04-15 07:39:21 +00:00
Luke Taylor 5d0d1bd404 Fixed Javadoc typo. 2009-04-14 12:56:16 +00:00
Luke Taylor db9afc36ab Refactored internal context holder strategy implementations to be package private and final and refactored getContext() methods to use a single call to ThreadLocal.get(). 2009-04-14 11:04:49 +00:00
Luke Taylor c770998d92 SEC-1132: Move authoritymapping to core as it is actually used in loading authorities for a use, not in making access decisions. 2009-04-14 04:22:57 +00:00
Luke Taylor 550715e73f SEC-1136: Removed SpringSecurityException and last import. 2009-04-14 01:51:22 +00:00
Luke Taylor 10673780db OPEN - issue SEC-1136: Removed SpringSecurityException. Introduced new AclException as base class for Acl module. Refactored JAAS authentication to map to AuthenticationExcpetions rather than SpringSecurityException. Modified ExceptionTranslationFilter to look explicitly for AuthenticationException or AccessDeniedException (which it should do since these are the only two it handles). 2009-04-13 14:56:49 +00:00
Luke Taylor ca7d055c2b SEC-1132: Created core and authentication packages within core module. 2009-04-13 13:43:23 +00:00
Luke Taylor 9efb5a7007 SEC-1132: Moved access-control/authorization specific code to org.sf.security.access package. Created provisioning package for user management classes to remove cyclical deps. Some other moving of classes to remove code tangles. Restructuring of portlet module under org.sf.security.portlet 2009-04-12 12:23:23 +00:00
Luke Taylor 7c4d54f356 SEC-1131: Applied patch for portlet upgrade 2009-04-12 05:52:20 +00:00
Luke Taylor 365ae3936e Moved MockAuthenticationManager to test package. 2009-04-12 05:13:18 +00:00
Luke Taylor 1b43e3661a SEC-1132: Moved switch user event class to web module as it is only used by SwitchUserProcessingFilter. 2009-04-12 04:16:46 +00:00
Luke Taylor bec84f874a SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples. 2009-03-26 07:18:36 +00:00
Luke Taylor 2a9a8a41db SEC-1125: Created separate web module spring-security-web 2009-03-25 06:28:18 +00:00
Luke Taylor 2c985a1c36 SEC-1126: separated out spring-security-config module containing namespace configuration classes and resources 2009-03-23 04:23:48 +00:00
Luke Taylor a45ba138f7 SEC-1121: InMemoryResource.equals() is wrong. Corrected as suggested. 2009-03-20 04:44:39 +00:00
Luke Taylor 4aff4b2350 SEC-1123: Renamed ObjectDefinitionSource to SecurityMetadataSourceand performed related refactoring 2009-03-20 04:32:06 +00:00
Luke Taylor 4aae5ec42e SEC-1124: Refactored LDAP code into separate module 2009-03-19 06:30:32 +00:00
Luke Taylor a0f3015ac6 SEC-1086: AccessDecisionManager implementations now log debug messages giving the results returned by each voter polled. 2009-03-19 02:01:24 +00:00
Luke Taylor d163cd7d18 SEC-1099: Translation of message.properties in Brazilian Portuguese. Added file. 2009-03-19 01:47:34 +00:00
Luke Taylor c0638e9c8d SEC-1110: Localization (messages_ko_KR.properties). Added. 2009-03-19 01:46:05 +00:00
Luke Taylor 591681c180 Upgrade to Spring M2 and correct expression classes and pom files to match changes 2009-03-19 01:17:16 +00:00
Luke Taylor 98593b7c78 SEC-1120: Added Portuguese messages file 2009-03-19 01:02:32 +00:00
Luke Taylor ccf422af5a SEC-1070: AbstractRetryEntryPoint always uses RetryWithHttpEntryPoint logger. Converted to protected (non-static) and used getClass(). 2009-03-16 08:32:16 +00:00
Luke Taylor 9de9f638fe SEC-1083: Removed unnecessary import 2009-03-16 08:07:18 +00:00
Luke Taylor 30748e8615 SEC-1083: PersistentTokenBasedRememberMeServices does not clear tokens on logout. Override logout method to remove tokens for user. 2009-03-16 08:05:02 +00:00
Luke Taylor b7557d017e Corrected Javadoc typo. 2009-03-16 07:10:12 +00:00
Luke Taylor ef3ea65fdb Switching back to 2.5.0-SNAPSHOT after tagging M1 release 2009-01-03 07:42:19 +00:00
Luke Taylor fc5f50501e [maven-release-plugin] prepare release 2.5.0.M1 2009-01-03 07:08:25 +00:00
Luke Taylor ddffdf1699 SEC-745: Renamed failureHandler and successHandler to have prefix 'authentication' 2008-12-28 17:32:25 +00:00
Luke Taylor 4a41416c9b Tidying up and removing compiler warnings. 2008-12-21 16:36:16 +00:00
Luke Taylor f5d2e7a7ce Make error message when multiple UserDetailsServices are found more explicit. 2008-12-21 13:29:42 +00:00
Luke Taylor 9cb361e88a SEC-745: Added LogoutSuccessHandler strategy for use in LogoutFilter. 2008-12-20 23:25:29 +00:00
Luke Taylor 66e586ec67 Added Id keyword. 2008-12-20 15:41:51 +00:00
Luke Taylor cc5966bc7e Tidying up, removing compiler warnings etc. 2008-12-20 00:16:49 +00:00
Luke Taylor 8154161ef5 SEC-1035: Updated build to use Spring 3.0.0.M1 Release 2008-12-18 02:37:00 +00:00
Luke Taylor 8f598e9b11 SEC-1052: Add support for the namespace option 'disable-url-rewriting'. 2008-12-17 01:28:29 +00:00
Luke Taylor 171456a26c SEC-1018: Changes to allow external reference to SaltSource bean from the namespace. 2008-12-17 01:11:43 +00:00
Luke Taylor 00125cddee SEC-1016: Moved the MapBasedDefinitionSource to the top of the list of delegates (before expressions), but changed the code to only add it if there are pointcuts defined, so there should be no unnecessary overhead. 2008-12-17 00:48:32 +00:00
Luke Taylor 585e5f393a Added warning suppression for deprecation. 2008-12-17 00:32:21 +00:00
Luke Taylor d8b5f770e9 Added warning suppression for deprecation. 2008-12-17 00:31:17 +00:00
Luke Taylor db5f1e69f1 SEC-949: Added the option of specifying -1 as the token-validity-seconds value in order to set the cookie maxAge to expire when the browser closes. 2008-12-17 00:14:48 +00:00
Luke Taylor c2e688610c SEC-1011: Introduced methods for extracting the remember-me cookie and for creating the returned token. 2008-12-16 23:25:44 +00:00
Luke Taylor 998f0b3ea1 SEC-993: Updated retrievePassword method to return null if an Authentication object with null credentials is presented (e.g. with OpenID). Prevents NPE when toString() is called. 2008-12-16 20:35:18 +00:00
Luke Taylor d0fcbd9baf Tidying up Javadoc. 2008-12-16 20:29:53 +00:00
Luke Taylor a1bd48733a Minor Javadoc correction. 2008-12-16 20:16:56 +00:00
Luke Taylor 74fd5fe8a4 Finish refactoring JdbcDaoIml to remove MappingSqlQuery objects. Updated Javadoc to avoid user confusion. 2008-12-16 18:55:38 +00:00
Luke Taylor b24cc17dea SEC-1052: Added "disableUrlRewriting" parameter to HttpSessionSecurityContextRepository. 2008-12-16 17:35:34 +00:00
Luke Taylor bf409b5b25 Improvements to Javadoc. 2008-12-16 02:06:26 +00:00
Luke Taylor f54d7ee6bc SEC-535: Added "postOnly" flag to AuthenticationProcessingFilter, defaulting to "true" so that only POST requests are allowed by default. 2008-12-15 23:58:40 +00:00
Luke Taylor 898ef36d02 SEC-959: Converted SwitchUserFilter to use new Authentication success and failure strategies from SEC-745 for managing redirects. 2008-12-15 19:50:53 +00:00
Luke Taylor c3181d9db0 SEC-1063: Moved the justUseSavedRequestOnGet property to ExceptionTranslationFilter. If set, it will not store the SavedRequest for unless the request is a GET. 2008-12-15 02:48:32 +00:00
Luke Taylor 40ccd3be11 SEC-1058: Further refactoring to remove use of getDefaultTargetUrl(). Subclasses now pass the default value as a constructor argument. 2008-12-15 01:25:12 +00:00
Luke Taylor fcc68e636e SEC-1062: Added authentication-success-handler-ref and authentication-failure-handler-ref to the namespace definition. 2008-12-15 00:56:17 +00:00
Luke Taylor a0bcf7184c SEC-1061: Renamed serverSideRedirect property. 2008-12-14 23:56:30 +00:00
Luke Taylor cf3cac90ad SEC-1058, SEC-745: Updating comments 2008-12-14 23:53:44 +00:00
Luke Taylor 3f38035057 SEC-1058: Renamed "forwardToDestination" to "useForward" for simplicity and consistency with the namespace. 2008-12-14 22:53:31 +00:00
Luke Taylor 2927b8464f SEC-1058: Substantial refactoring of AbstractProcessingFilter to use AuthenticationFailureHandler strategy. Also changed attemptAuthentication method to take a response object and have the option of returning null, to allow OpenIDAuthenticationProcessingFilter to work without having to throw exceptions between the template methods (which made the logic very hard to follow). The OpenID filter now redirects to the OpenID provider service from this method, rather than treating it as a temporary failure and throwing OpenIDAuthenticationRequiredException. 2008-12-14 22:20:21 +00:00
Luke Taylor 839279161d SEC-745: Added concrete failure handling strategies. 2008-12-13 23:34:15 +00:00
Luke Taylor 6664f57ff6 SEC-992: Removed the line setting returningObj to false. 2008-12-12 23:22:26 +00:00
Luke Taylor 10e4d1fe1a SEC-1058: Partial refactoring of AbstractProcessingFilter. It now uses the injected SuccssfulAuthenticationHandler strategy instead of managing everything itself. The default implementation is SavedRequestAwareSuccessfulAuthenticationHandler which encapsulates most of the filter's success logic along with the code which was previously in TargetUrlResolver. Removed TargetUrlResolver. 2008-12-12 22:30:57 +00:00
Luke Taylor 615194710e SEC-745: Created AuthenticationFailureHandler and AuthenticationSuccessHandler strategy interfaces. 2008-12-12 17:25:09 +00:00
Luke Taylor 48dce501ce SEC-942: Added createEmptyContext() method to SecurityContextHolderStrategy and SecurityContextHolder to encapsulate the context implemetentation in one place. HttpSessionSecurityContextRepository calls this method when it needs a new context to store in the session. 2008-12-12 14:27:23 +00:00
Luke Taylor aec23749d7 SEC-1056: Remove deprecated FilterToBeanProxy: It's gone 2008-12-12 13:04:37 +00:00
Luke Taylor 3fcc7b5403 SEC-1051: Moved voter and afterinvocation packages into acl package. Also moved filterer classes fom core, as they are used in the acl after-invocation classes 2008-12-12 12:47:42 +00:00
Luke Taylor a443e55832 SEC-1057: Refactored TargetUrlResolver to remove SavedRequest from determineTargetUrl method. 2008-12-11 17:00:13 +00:00
Luke Taylor 093365b2f4 Removed unnecessary cast. 2008-12-11 16:42:25 +00:00
Luke Taylor 30f9b3e72c SEC-995: AbstractSecurityInterceptor exception message improvement. Added the secured object to the exception message to make it easier to track down the originating method which causes a problem with public invocations. 2008-12-10 16:57:40 +00:00
Luke Taylor 3f40604b82 SEC-1055: Converted interfaces and methods using ServletRequest/Response to HttpServletRequest/Response where appropriate. 2008-12-10 13:48:25 +00:00
Luke Taylor acfcac4594 SEC-996: AccessDeniedhandlerimpl doesn't write response code if used with errorPage 
Applied supplied patch which checks the committed flag before forwarding to the error page.
 2008-12-10 12:36:59 +00:00
Luke Taylor 7fe6a0fc0d SEC-1033: Added support for web IP ranges based on an address and netmask. 2008-12-09 23:14:44 +00:00
Luke Taylor 7767a9ed60 SEC-1033: Add basic equality support for hasIpAddress() expression. 2008-12-09 18:04:08 +00:00
Luke Taylor 3da68a7a82 Java5 stuff 2008-12-09 18:02:58 +00:00
Luke Taylor 046456c142 Removed unused constants. 2008-12-09 14:33:31 +00:00
Luke Taylor 3e8de229be Java5 updates. 2008-12-09 14:30:37 +00:00
Luke Taylor 98422b69a8 Java5 updates. 2008-12-09 14:27:31 +00:00
Luke Taylor c2ac125719 Tidying up. 2008-12-08 21:55:33 +00:00