Luke Taylor
b24cc17dea
SEC-1052: Added "disableUrlRewriting" parameter to HttpSessionSecurityContextRepository.
2008-12-16 17:35:34 +00:00
Scott Battaglia
717fdcfec3
SEC-1046
...
upgrade to CAS Client for Java 3.1.4
2008-12-16 13:22:21 +00:00
Luke Taylor
bf409b5b25
Improvements to Javadoc.
2008-12-16 02:06:26 +00:00
Luke Taylor
55cc98ab54
SEC-1006: Fixed Javadoc.
2008-12-16 00:06:56 +00:00
Luke Taylor
f54d7ee6bc
SEC-535: Added "postOnly" flag to AuthenticationProcessingFilter, defaulting to "true" so that only POST requests are allowed by default.
2008-12-15 23:58:40 +00:00
Luke Taylor
224c86a0b3
Tidying.
2008-12-15 23:51:46 +00:00
Luke Taylor
898ef36d02
SEC-959: Converted SwitchUserFilter to use new Authentication success and failure strategies from SEC-745 for managing redirects.
2008-12-15 19:50:53 +00:00
Luke Taylor
c3181d9db0
SEC-1063: Moved the justUseSavedRequestOnGet property to ExceptionTranslationFilter. If set, it will not store the SavedRequest for unless the request is a GET.
2008-12-15 02:48:32 +00:00
Luke Taylor
c564a879d4
Some tests used for obtaining performance data.
2008-12-15 01:34:37 +00:00
Luke Taylor
40ccd3be11
SEC-1058: Further refactoring to remove use of getDefaultTargetUrl(). Subclasses now pass the default value as a constructor argument.
2008-12-15 01:25:12 +00:00
Luke Taylor
fcc68e636e
SEC-1062: Added authentication-success-handler-ref and authentication-failure-handler-ref to the namespace definition.
2008-12-15 00:56:17 +00:00
Luke Taylor
a0bcf7184c
SEC-1061: Renamed serverSideRedirect property.
2008-12-14 23:56:30 +00:00
Luke Taylor
cf3cac90ad
SEC-1058, SEC-745: Updating comments
2008-12-14 23:53:44 +00:00
Luke Taylor
3f38035057
SEC-1058: Renamed "forwardToDestination" to "useForward" for simplicity and consistency with the namespace.
2008-12-14 22:53:31 +00:00
Luke Taylor
2927b8464f
SEC-1058: Substantial refactoring of AbstractProcessingFilter to use AuthenticationFailureHandler strategy. Also changed attemptAuthentication method to take a response object and have the option of returning null, to allow OpenIDAuthenticationProcessingFilter to work without having to throw exceptions between the template methods (which made the logic very hard to follow). The OpenID filter now redirects to the OpenID provider service from this method, rather than treating it as a temporary failure and throwing OpenIDAuthenticationRequiredException.
2008-12-14 22:20:21 +00:00
Luke Taylor
839279161d
SEC-745: Added concrete failure handling strategies.
2008-12-13 23:34:15 +00:00
Luke Taylor
6664f57ff6
SEC-992: Removed the line setting returningObj to false.
2008-12-12 23:22:26 +00:00
Luke Taylor
10e4d1fe1a
SEC-1058: Partial refactoring of AbstractProcessingFilter. It now uses the injected SuccssfulAuthenticationHandler strategy instead of managing everything itself. The default implementation is SavedRequestAwareSuccessfulAuthenticationHandler which encapsulates most of the filter's success logic along with the code which was previously in TargetUrlResolver. Removed TargetUrlResolver.
2008-12-12 22:30:57 +00:00
Luke Taylor
6c7d15ee44
Removed unused logger and imports.
2008-12-12 17:45:54 +00:00
Luke Taylor
df771038b4
SEC-1051: Fixed class names in dms sample app context.
2008-12-12 17:43:09 +00:00
Luke Taylor
615194710e
SEC-745: Created AuthenticationFailureHandler and AuthenticationSuccessHandler strategy interfaces.
2008-12-12 17:25:09 +00:00
Luke Taylor
48dce501ce
SEC-942: Added createEmptyContext() method to SecurityContextHolderStrategy and SecurityContextHolder to encapsulate the context implemetentation in one place. HttpSessionSecurityContextRepository calls this method when it needs a new context to store in the session.
2008-12-12 14:27:23 +00:00
Luke Taylor
aec23749d7
SEC-1056: Remove deprecated FilterToBeanProxy: It's gone
2008-12-12 13:04:37 +00:00
Luke Taylor
3fcc7b5403
SEC-1051: Moved voter and afterinvocation packages into acl package. Also moved filterer classes fom core, as they are used in the acl after-invocation classes
2008-12-12 12:47:42 +00:00
Luke Taylor
a443e55832
SEC-1057: Refactored TargetUrlResolver to remove SavedRequest from determineTargetUrl method.
2008-12-11 17:00:13 +00:00
Luke Taylor
093365b2f4
Removed unnecessary cast.
2008-12-11 16:42:25 +00:00
Luke Taylor
30f9b3e72c
SEC-995: AbstractSecurityInterceptor exception message improvement. Added the secured object to the exception message to make it easier to track down the originating method which causes a problem with public invocations.
2008-12-10 16:57:40 +00:00
Luke Taylor
3f40604b82
SEC-1055: Converted interfaces and methods using ServletRequest/Response to HttpServletRequest/Response where appropriate.
2008-12-10 13:48:25 +00:00
Luke Taylor
acfcac4594
SEC-996: AccessDeniedhandlerimpl doesn't write response code if used with errorPage
...
Applied supplied patch which checks the committed flag before forwarding to the error page.
2008-12-10 12:36:59 +00:00
Luke Taylor
7fe6a0fc0d
SEC-1033: Added support for web IP ranges based on an address and netmask.
2008-12-09 23:14:44 +00:00
Luke Taylor
7767a9ed60
SEC-1033: Add basic equality support for hasIpAddress() expression.
2008-12-09 18:04:08 +00:00
Luke Taylor
3da68a7a82
Java5 stuff
2008-12-09 18:02:58 +00:00
Luke Taylor
046456c142
Removed unused constants.
2008-12-09 14:33:31 +00:00
Luke Taylor
3e8de229be
Java5 updates.
2008-12-09 14:30:37 +00:00
Luke Taylor
98422b69a8
Java5 updates.
2008-12-09 14:27:31 +00:00
Luke Taylor
6ccdcec629
SEC-1033: Added web expressions to tutorial sample configuration.
2008-12-08 21:56:44 +00:00
Luke Taylor
c2ac125719
Tidying up.
2008-12-08 21:55:33 +00:00
Luke Taylor
a2ef10e65f
SEC-1033: Fixed missing AuthenticationTrustResolver in web SecurityExpressionRoot. Converted some logging to trace level.
2008-12-08 21:54:47 +00:00
Luke Taylor
6b4045667a
SEC-1033: Completed working version of web expression support.
...
SEC-999: Added getExpressionParser() method to the security handler interface to allow both web and method expression security to obtain a suitable parser from the configuration for parsing their expression attributes.
2008-12-08 01:01:14 +00:00
Luke Taylor
fd3990c1f8
SEC-1033: Refactored DefaultFilterInvocationDefinitionSource to remove legacy methods and make it immutable.
2008-12-07 22:46:36 +00:00
Luke Taylor
bed00e10f5
Reduced visibility of attribute names in HttpSecurityBDP.
2008-12-07 13:46:09 +00:00
Luke Taylor
305fb7b4aa
Added version information.
2008-12-06 18:26:44 +00:00
Luke Taylor
9bb64d1974
Removed out of date javadoc reference to SecurityEnforcementFilter.
2008-12-06 17:56:24 +00:00
Luke Taylor
7265a70f0a
SEC-1012: Java5 - use of vararg methods.
2008-12-06 17:33:19 +00:00
Luke Taylor
c3d216e7bb
SEC-1012: Minor improvements to SecurityContextHolderAwareRequestFilter and conversion to use jmock for test.
2008-12-06 17:31:53 +00:00
Luke Taylor
953a4ab9ea
SEC-1036: Removed deprecated class and unnecessary mock.
2008-12-05 22:30:26 +00:00
Luke Taylor
6293541b73
SEC-1036: Updated DefaultSpringSecurityContextSource to enable pooling for "manager" users by default but not when binding directly as a user.
2008-12-05 22:04:51 +00:00
Luke Taylor
bc6878c1c5
SEC-1044: Removed remember-me functionality from http auto-config namespace configuration. Added explicit <remember-me> elements to contacts and tutorial sample configurations.
2008-12-05 16:36:43 +00:00
Luke Taylor
58c237fa74
SEC-1015: Removed final packages/directories for old acl code.
2008-12-05 16:07:40 +00:00
Luke Taylor
3cbad3ebd7
Corrected comment.
2008-12-05 16:04:22 +00:00