Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-04-25 10:20:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,650 Commits 50 Branches 379 Tags
Commit Graph

61 Commits

Author SHA1 Message Date
Luke Taylor
acf13c74ca SEC-1229: Refactored authentication.concurrent in core, moving classes into core.session 2009-10-05 15:51:00 +00:00
Luke Taylor
2b89ebdfbb SEC-1229: Further doc and mods to namespace config/naming to make it more consistent 2009-10-03 16:08:51 +00:00
Luke Taylor
073198886d SEC-1255: Modified UrlUtils. Full request URL for redirects uses the requestURI (which is encoded). The URL for path comparsions is built using the servletpath, as before. 2009-10-02 17:29:43 +00:00
Luke Taylor
2a1430f1ce SEC-1229: Removed legacy concurrency classes 2009-09-29 16:18:25 +00:00
Luke Taylor
ebada9fd12 SEC-1229: Added support for parsing error URL in session-management 2009-09-29 16:17:05 +00:00
Luke Taylor
7109b7e183 Import cleaning. 2009-09-29 00:30:29 +00:00
Luke Taylor
aa153681bf SEC-1229: Added session-management element to namespace and refactored existing session-related attributes and concurrency control. Refactored <http> parsing code to split it up into more manageable units. 2009-09-29 00:29:09 +00:00
Luke Taylor
fa7404741b SEC-1167: Introduce more flexible SavedRequest handling. Add namespace support for a custom RequestCache through the request-cache element. 2009-09-09 21:40:12 +00:00
Luke Taylor
d099d14e9b SEC-1235: Added test to attempt to verify (failed to reproduce). 2009-09-05 14:14:12 +00:00
Luke Taylor
8632946f30 SEC-1213: Added "order" atrribute to global-method-security 2009-09-04 15:54:42 +00:00
Luke Taylor
2039200617 SEC-1217: AbstractRememberMeServices should set 'secure' attribute on remember-me cookie if in secure context. Added "useSecureCookie" configuration property and corresponding use-secure-cookie attribute in namespace. 2009-09-01 16:08:20 +00:00
Luke Taylor
dbcb13ad14 SEC-1229: Redesign Concurrent Session Control implementation. Renamed session strategy interface and introduced SessionAuthenticationException for rejection of session/Authentication combination. 2009-08-31 22:48:49 +00:00
Luke Taylor
471206a29d SEC-1229: Redesign Concurrent Session Control implementation. Added ConcurrentSessionControlAuthenticatedSessionStrategy 2009-08-27 10:43:01 +00:00
Luke Taylor
fe33f08b73 SEC-1201: Allow requires-channel attribute to take placeholders. 2009-08-23 16:42:06 +00:00
Luke Taylor
ea01e9cdf7 SEC-1201: PropertyPlaceholderConfigurer does not work for intercept-url attributes. Ensure that channel processing handles paths which are placeholders. 2009-08-23 15:57:59 +00:00
Luke Taylor
9bf8656d66 SEC-1201: PropertyPlaceholderConfigurer does not work for intercept-url attributes. Added use of ManagedMaps and BeanDefinitions to support placeholders in the pattern and access attributes. 2009-08-22 21:09:34 +00:00
Luke Taylor
579644fa95 SEC-1225: Use bean references for authentication providers. Updated AuthenticationManagerBDP to regsiter the providers as top level beans. 2009-08-22 12:37:14 +00:00
Luke Taylor
48988bde84 SEC-935: Support for OpenID attribute exchange and changes to namespace syntax to allow simple configuration of attributes to request. 2009-08-13 23:55:25 +00:00
Luke Taylor
f536c80020 SEC-1202: Removed SpringSecurityFilter and replaced with use of GenericFilterBean from spring-web 2009-08-10 14:18:18 +00:00
Luke Taylor
966f3e4101 SEC-1182: Added tst to confirm that this is no longer an issue due to other changes 2009-08-10 11:32:02 +00:00
Luke Taylor
b4bb489638 SEC-1164: Further registering on bean components for tooling and removal of global ids. 2009-08-08 21:08:12 +00:00
Luke Taylor
229866e293 SEC-1142: Support for session timeout detection. Added namespace support for invalid-session-url 2009-08-07 23:57:10 +00:00
Luke Taylor
0f6642d3ab SEC-1216: Replacement of custom-after-invocation-provider with after-invocation-provider element. Some changes to help prevent proxying of aop infrastructure classes (use of AopInfrastructureBean marker interface) 2009-08-04 00:18:07 +00:00
Luke Taylor
5953af0f6b SEC-1196: Change use of <authentication-manager> to actually register the global ProviderManager instance. This element now registers the global ProviderManager instance and must contain any authentication-provider elements (or ldap-authentication-provider elements). 2009-08-03 00:21:11 +00:00
Luke Taylor
c5d6484b54 SEC-1210: RememberMe filter misses UserDetailsService in default <http /> tag config when it is declared in parent app context. Fixed by getting the UserDetailsServiceInjectionPostProcessor to check ancestor bean factories for a UserDetailsService if one isn't found in the current bean factory. 2009-07-31 19:40:20 +00:00
Luke Taylor
6ae61f95db Minor updates to test XML context implementation. 2009-07-31 19:37:05 +00:00
Luke Taylor
5d5df0c63d Added extra 'manual' security interceptor config 2009-07-29 16:08:04 +00:00
Luke Taylor
3e6054b69f SEC-1211: Rename SessionFixationProtectionFilter to SessionManagementFilter, since it no longer performs session-fixation protection directly, but just executes the AuthenticatedSessionStrategy. 2009-07-29 00:52:30 +00:00
Luke Taylor
609a68b12a SEC-1077: Added DefaultAuthenticatedSessionStrategy test to check that saved request attribute is retained when migrateAttributes is false. 2009-07-28 23:47:26 +00:00
Luke Taylor
db90122179 SEC-1211: Create strategy for session handling on successful authentication. Added AuthenticatedSessionStrategy interface and default implementation which encapsulates the functionality that was previously in SessionFixationProtectionFilter and AbstractAuthentictationProcessingFilter. Updated the namespace to make use of these. 2009-07-28 18:00:24 +00:00
Luke Taylor
931cf90dbb SEC-1203: Allow configuration of X509 subject-dn-regex attribute using PropertyPlaceholderConfigurer. Modified parser to use a BeanDefinition for the SubjectPrincipalDnExtractor to allow property subsititution. 2009-07-21 00:14:57 +00:00
Luke Taylor
f404bb3d74 SEC-1167: Introduce more flexible SavedRequest handling. Separated the concept of SavedRequest from SecurityContextHolderAwareFilter since the two are orthogonal requirements. This no longer takes a wrapper class property or uses reflection. SavedRequest functionality is accessed through the RequestCache interface, with the default implementation being HttpSessionRequestCache. A separate filter RequestCacheAwareFilter is now responsible for reconstituting the SavedRequest if it matches the current request. The functionality for matching and returning the wrapper is contained in the RequestCache method though. 2009-07-20 22:34:40 +00:00
Luke Taylor
491837ae34 SEC-1197: Moved support from session-controller-ref from authentication-manager to concurrent-session-control element. Plus refactoring of config classes into separate packages. 2009-07-17 23:36:35 +00:00
Luke Taylor
1afa67c954 SEC-1195: Added internal AuthenticationManager for use by beans which are generated by the <http> block. 2009-07-15 23:09:47 +00:00
Luke Taylor
d59bdc0cbc Reducing use of global bean Ids as part of SEC-1186 2009-07-08 23:54:26 +00:00
Luke Taylor
d02bbbf560 import cleaning. 2009-07-08 17:17:45 +00:00
Luke Taylor
b3366a1646 SEC-1186: Tidying up changes to http parsing 2009-07-08 16:19:26 +00:00
Luke Taylor
8ddd96af2b SEC-1186: intermediate commit of namespace changes for improved tooling support 2009-06-26 12:44:46 +00:00
Luke Taylor
0473cfbfc0 SEC-1137: Added support for an external UserDetailsContextMapper using the attribute user-context-mapper-ref. 2009-06-08 23:35:05 +00:00
Luke Taylor
66f7e8bcc8 SEC-1168: Added filter-security-metadat-source to namespace. 2009-06-08 12:59:13 +00:00
Luke Taylor
a8215fa2cb SEC-1160: Renaming of authentication filters and entry points and associated doc changes 2009-05-12 05:37:11 +00:00
Luke Taylor
76438b3347 SEC-1132: Refactoring of access/intercept package to extract packages and classes which are externally depended on or potentially may be used outside of the standard interceptor model (e.g. SecurityMetadataSource) 2009-05-11 05:44:31 +00:00
Luke Taylor
14c4739605 SEC-1158: Decoupling of Pre/Post annotations implementation from Spring EL. 2009-05-11 05:18:20 +00:00
Luke Taylor
b3ccee4dbc Some additional tests on session creation. 2009-05-07 07:10:10 +00:00
Luke Taylor
29fafbbf18 Misc tidying up of old files and refactoring of tests 2009-05-05 13:29:59 +00:00
Luke Taylor
cef089376c SEC-1152: Changes to add anonymous filter to default namespace configuration and added enabled flag to allow overriding of the behaviour. 2009-05-05 07:23:31 +00:00
Luke Taylor
6d655aa514 SEC-1132: More refactoring to remove cycles ad reduce complexity metrics 2009-05-04 14:24:54 +00:00
Luke Taylor
8c94e39150 SEC-1118: Added run-as-manager-ref attribute to global-method-security element. Also updated schema to use xsd:token in place of xsd:string where appropriate. 2009-05-01 05:16:19 +00:00
Luke Taylor
90b849c271 SEC-1100: Added support for <access-denied-handler> element which can take a ref or an error-page attribute. 2009-04-30 05:46:55 +00:00
Luke Taylor
39cc865a36 SEC-1143: Fixed by using BeanDefinitionRegistry.isBeanNameInUse() instead of containsBeanDefinition() to check for the SessionRegistry availability. The former picks up the alias registration of the standard bean Id for user's bean Id. 2009-04-28 12:08:48 +00:00