f1d993f47b
Made BasicAclProvider to only respond to specified ACL object requests.
2004-11-09 21:09:14 +00:00
cd56f2ed4a
Moved from test to main
2004-11-03 22:35:12 +00:00
8cf6867cba
Moved name to subprojects
2004-11-01 20:05:42 +00:00
fde59c2f29
Ad mock method implementation now we're using HttpSession.removeAttribute().
2004-10-30 23:32:53 +00:00
565c2e580b
Remove debug messages.
2004-10-30 23:32:28 +00:00
d27fb49803
*** empty log message ***
2004-10-30 22:49:58 +00:00
55624cf5dd
Moved resources from java dir to resources dir
2004-10-30 22:49:12 +00:00
928498b53d
Removed AutoIntegrationFilter
2004-10-30 22:45:35 +00:00
b25a6e002b
*** empty log message ***
2004-10-30 17:15:54 +00:00
89f6fcf5c9
Refactor to use an application context, thus enabling event publishing and use of DefaultAdvisorAutoProxyCreator.
2004-10-30 06:09:09 +00:00
537a58d754
Added net.sf.acegisecurity.intercept.event package.
2004-10-30 06:07:17 +00:00
26f5f1a9b3
Add the AccessDeniedException to the HttpSession as per http://forum.springframework.org/viewtopic.php?t=1515 .
2004-10-30 03:06:05 +00:00
21f29bbbb3
Fix JRun rejection of null in httpSession.setAttribute() as per http://livedocs.macromedia.com/jrun/4/javadocs/jrun/servlet/session/JRunSession.html .
...
Discussed at http://forum.springframework.org/viewtopic.php?t=1417 .
2004-10-30 02:56:01 +00:00
73349bf8f8
Add convenience method so subclasses can specify Authentication.setDetails().
2004-10-30 01:19:22 +00:00
7b0145fba7
Initial AspectJ support.
2004-10-18 06:41:20 +00:00
992cf44b36
Refactor MethodDefinitionMap to use Method, not MethodInvocation. Refactor AbstractSecurityInterceptor to not force use of Throwable. Move AOP Alliance based MethodSecurityInterceptor to separate package.
2004-10-18 06:38:44 +00:00
ba163d51ae
Documentation correction.
2004-10-17 07:56:19 +00:00
f123e9c333
Make MethodDefinitionMap query interfaces defined by secure objects, to properly support MethodDefinitionSourceAdvisor.
2004-10-15 03:47:53 +00:00
8ec0d89fe4
Improve documentation for abstract contract.
2004-10-15 03:17:57 +00:00
8d973af603
Added MethodDefinitionSourceAdvisor for performance and autoproxying.
2004-10-15 00:29:24 +00:00
333fe84ee8
Clarify interface contract for ObjectDefinitionSource when no ConfigAttributes exist for a given secure object invocation, plus unit tests and fixes for concrete implementations. Thanks to Sean Radford for spotting the inconsistency.
2004-09-11 06:14:58 +00:00
8a32fde12a
Additional convenience methods as suggested by Sean Radford.
2004-09-11 06:13:54 +00:00
defc79c283
Minor Javadoc correction.
2004-09-06 20:06:42 +00:00
ec166e086b
Refactored UsernamePasswordAuthenticationToken.getDetails() to Object.
2004-09-01 21:19:05 +00:00
fa2920baa7
Ensure delegate is not null before calling destroy method.
2004-09-01 21:03:34 +00:00
d7c98f95ca
Made FilterToBeanProxy compatible with ContextLoaderServlet (lazy initialisation on first HTTP request).
2004-09-01 02:37:55 +00:00
1a92434914
Add support for password-validating DAOs, such as LDAP. Contributed by Karel Miarka.
2004-08-30 01:24:12 +00:00
aaebd3ef5a
Added DaoAuthenticationProvider.hideUserNotFoundExceptions property. Defaults to true, so BadCredentialsException is thrown instead of UsernameNotFoundException if a user cannot be found.
2004-08-26 23:19:00 +00:00
5cd65887d5
Improved ConfigAttributeEditor so it trims preceding and trailing spaces.
2004-08-25 21:43:00 +00:00
3f87849f31
Fixed GrantedAuthorityEffectiveAclsResolver if null ACLs provided to method.
2004-08-23 02:03:46 +00:00
eb9c7d0852
Extracted removeUserFromCache(String) to UserCache interface.
2004-08-20 05:52:05 +00:00
bf53abf46e
Improve JavaDocs.
2004-08-18 22:59:00 +00:00
04f4c9881d
Added original Authentication.getDetails() to DaoAuthenticationProvider response.
2004-08-13 01:07:32 +00:00
08ee5deaa9
Fix unit test compatibility if no username provided.
2004-08-12 01:25:53 +00:00
da5469fed0
Additional event when user not found. Contributed by Karel Miarka.
2004-08-12 00:07:08 +00:00
6867efd6ac
Fix NPE problems with patch provided by Karel Miarka.
2004-08-10 00:22:53 +00:00
e006f521f4
Fix formatting.
2004-08-04 06:40:06 +00:00
0c43fe1f4a
Make SecurityEnforcementFilter more subclass friendly.
2004-08-02 23:08:52 +00:00
c1e109da74
Initial commit of remote client authentication interface.
2004-08-01 07:49:16 +00:00
29f8097c64
Increase test coverage.
2004-08-01 07:48:14 +00:00
b4a0e45e76
Increase test coverage.
2004-08-01 02:19:25 +00:00
f7b491b699
Refactor ACL database tables.
2004-07-31 06:38:40 +00:00
13d5a2dbca
Refactor ACL database tables.
2004-07-31 03:42:18 +00:00
e366c65d17
Almost forgot this piece of the jaas tests
2004-07-29 16:56:26 +00:00
3b284231da
Increased test coverage of the .jaas package to 93.7%
2004-07-29 16:54:02 +00:00
56829872b6
Initial commit of ACL capabilities.
2004-07-29 07:51:22 +00:00
1cc46544ed
Javadoc removal of warning.
2004-07-29 05:04:49 +00:00
2426bb9e8e
Make JdbcDaoTests use in-memory database.
2004-07-29 03:32:23 +00:00
8c74d459c5
Delete files with old, non-Camel Case name.
2004-07-28 23:06:04 +00:00
f29e6763d4
Renamed all JAAS* classes to Jaas*
2004-07-28 15:03:03 +00:00
3648073461
Fix EH-CACHE after web context refresh (patch thanks to Travis Gregg).
2004-07-26 22:56:00 +00:00
d1fa12a312
Fix Javadocs warning.
2004-07-26 06:52:55 +00:00
3f7f8e26fa
Reduce setAuthentication scope now that it should only be called by AbstractAuthenticationManager.
2004-07-24 07:21:18 +00:00
951c1a02df
Store failed Authentication request in AuthenticationException, using template pattern (patch thanks to Wesley Hall).
2004-07-24 07:18:04 +00:00
7ac3706eb9
Allow subclasses to add their own custom GrantedAuthority[]s.
2004-07-24 07:15:06 +00:00
3d23119b56
Following a suggestion from Scott Evans, added support for EL in the authz tag
...
library:
http://www.mail-archive.com/acegisecurity-developer%40lists.sourceforge.net/msg00189.html
* lib/spring/spring-mock.jar:
Added Spring's 1.0.2 mock JAR.
* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagExpressionLanguageTests.java:
New tests to assert that the taglib recognizes and parses EL expressions.
* src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java:
Implemented AuthorizeTagExpressionLanguageTests by using Spring's
ExpressionEvaluationUtils.
2004-07-23 01:24:55 +00:00
f798e56d75
Contribution by Wesley Hall to improve exception handling.
2004-07-22 04:56:17 +00:00
2996d67b06
Fix bug related to detecting incorrect use of SecureContext property.
2004-07-21 02:04:42 +00:00
3e37b74e3f
Added Javadoc to all classes
2004-07-19 19:42:14 +00:00
da7895087b
Added correct @author and @version tags, more Javadocs to follow
2004-07-19 17:27:28 +00:00
3360e2d51a
Added in javadoc
2004-07-19 17:24:38 +00:00
0c7a07e4db
Adding in JAASAuthenticationProvider tests
2004-07-19 00:44:01 +00:00
1947819d73
Adding in JAASAuthenticationProvider support
2004-07-19 00:43:28 +00:00
2f2b054b7a
Resolve a Weblogic compatibility issue (patch thanks to Patrick Burleson).
2004-07-15 23:27:59 +00:00
e3be8f20bb
Refactor CasAuthoritiesPopulator to use UserDetails rather than GrantedAuthority[].
2004-07-14 09:54:09 +00:00
48b1cb7c85
Move UserDetails interface to net.sf.acegisecurity package.
2004-07-13 22:38:20 +00:00
064cd3c7bf
Add a getter for the context.
2004-07-13 22:10:52 +00:00
8b9f02e2e7
Expand test coverage.
2004-07-13 02:01:58 +00:00
491fb00ffd
Make Authentication serializable (Weblogic support).
2004-07-12 22:40:33 +00:00
957e28252e
Log stack trace to assist debugging.
2004-07-08 21:50:42 +00:00
2cb3703253
Relax restriction on empty Strings for proxy callback URL, as this should be an empty String if no proxy callback was requested during service ticket validation.
2004-07-03 00:47:46 +00:00
b957b5e25b
Convert database URL to use absolute path. Fixes test with Maven.
2004-07-02 14:07:26 +00:00
ce712eaccf
Improve organisation of DaoAuthenticationProvider to facilitate subclassing.
2004-06-30 23:18:47 +00:00
fe91639b15
Allow custom SecureContext implementations to be selected by user.
2004-06-29 23:28:59 +00:00
6314aa4efa
Refactor User to an interface.
2004-06-24 23:24:14 +00:00
04dea9e403
Patch by Mark St.Godard to resolve issues with WebSphere 5.
2004-06-23 05:52:49 +00:00
46f17bed79
Make isPasswordCorrect protected to facilitate subclass use.
2004-06-21 06:17:20 +00:00
1a0bec5bf1
Make User available from Authentication via DaoAuthenticationProvider.
2004-06-21 06:10:14 +00:00
27d89f3e91
Patch by Mike Youngstrom to fix Jameleon stripping of slash.
2004-06-17 01:23:13 +00:00
b3e2d78c5d
Fix issue when encoded passwords are used. Modify Contacts sample to test encoded passwords.
2004-06-08 12:54:42 +00:00
b5cbcdc591
Refactor DaoAuthenticationProvider cache model.
2004-06-06 06:31:28 +00:00
1b24ff5ea8
Refactor DaoAuthenticationProvider cache model.
2004-05-31 04:41:22 +00:00
d9f77a7ed1
Initial commit.
2004-05-31 02:37:29 +00:00
b6cb84e937
Improve robustness so if ApplicationContext not shutdown correctly (thus destroy() not called) the cache will not fail on subsequent startups.
2004-05-31 02:08:34 +00:00
e300a90890
Improve test coverage.
2004-05-31 01:19:18 +00:00
0cbea9b452
Improve HTTP redirect URL encoding.
2004-05-26 22:17:14 +00:00
d5c14142d1
Add event capabilities.
2004-05-24 00:09:27 +00:00
42ccbfbad7
Store additional information about the authentication request.
2004-05-24 00:06:54 +00:00
b6e0c3076f
Fixed issue with hot redeploy as cache not being closed.
2004-05-24 00:04:49 +00:00
369ea24215
Extra mock functionality for new unit tests.
2004-05-24 00:02:09 +00:00
3f6961d855
Improved exception handling if response already committed.
2004-05-23 23:57:29 +00:00
d5a6ea044d
Implemented a fix for a NullPointerException as reported by Pierre-Antoine Gr�goire (pa.gregoire@free.fr)
...
"The error comes from line 115 in AuthorizeTag....It seems there's no control
for a null value here..."
* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java:
Added a new test to confirm the existence of the bug.
* src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java:
And fixed the failing test.
2004-05-19 12:34:52 +00:00
4cac2f1a62
Made serializable as per request by Mike Youngstrom.
2004-05-15 23:37:03 +00:00
614f12448e
Create a NullRunAsManager, which is used by default by the AbstractSecurityInterceptor.
2004-05-06 23:13:32 +00:00
8713d4d52c
Authentication subclasses Principal, so it's directly usable by classes that want a Principal. No implementations need to change if they subclass AbstractAuthenticationToken, as it implements the one and only method required by Principal.
2004-05-04 07:35:41 +00:00
4152df1225
Allow filter to update multiple HttpSession attributes (useful if servlets etc expect to find an Authentication object in a given HttpSession attribute, like Jakarta Slide).
2004-05-04 07:27:57 +00:00
eaa92cd80a
Fixed issue with caching by making AbstractIntegrationFilter (and its subclasses) write the new Authentication object to the well-known location.
2004-04-30 05:16:08 +00:00
ecac5a2eed
Make ChannelDecisionManagerImpl iterate through a list of channel security processors.
2004-04-29 02:17:07 +00:00
2421268baa
Improve IE 6 bug detection logic.
2004-04-29 02:14:20 +00:00
b61c05ff89
Change classes to use PortMapperImpl and PortResolverImpl by default.
2004-04-28 00:10:56 +00:00
Ben Alex
Carlos Sanchez
Luke Taylor
Ray Krueger
Francois Beausoleil