Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,757 Commits 29 Branches 320 Tags 104 MiB
Commit Graph

3757 Commits

Author SHA1 Message Date
Luke Taylor 2443cf6615 Disable itest module prior to release 2009-08-20 14:47:15 +00:00
Luke Taylor d47abbc35f SEC-1223: Added break to bindWithDnLoop when non-null use is returned. 2009-08-19 21:34:05 +00:00
Luke Taylor 2f9a98c7ce SEC-214: Update keywords. 2009-08-18 23:39:33 +00:00
Luke Taylor 8ed9f8a057 Remove wrongly named file 2009-08-18 23:32:40 +00:00
Luke Taylor 4df370b100 SEC-214: Add functionality to be able to use LDAP password policy request/response controls. Added PasswordPolicyAwareContextSource, ppolicy control implementations (from Sandbox) and modified BindAuthenticator to check for the presence of the response control, adding the control to the retured DirContextAdapter if appropriate. LdapUserDetailsImpl also contains the data for grace logins remaining and time till password expiry. Added OpenLDAP startup script with test data and integration test which operates against the data (must be run manually). 2009-08-18 23:09:16 +00:00
Luke Taylor 48988bde84 SEC-935: Support for OpenID attribute exchange and changes to namespace syntax to allow simple configuration of attributes to request. 2009-08-13 23:55:25 +00:00
Luke Taylor 5e4743d8f2 Updated to Spring 3 M4 prior to M2 release 2009-08-11 17:48:46 +00:00
Luke Taylor e6631be778 Import cleaning 2009-08-10 16:07:05 +00:00
Luke Taylor faa6be2011 SEC-935: Updated to OpenID4Java 0.9.5 release 2009-08-10 16:06:19 +00:00
Luke Taylor 6f76fe6fbb Import cleaning 2009-08-10 16:04:54 +00:00
Luke Taylor eb059cfd12 SEC-1211: removed SessionUtils (no longer used) 2009-08-10 14:30:17 +00:00
Luke Taylor f536c80020 SEC-1202: Removed SpringSecurityFilter and replaced with use of GenericFilterBean from spring-web 2009-08-10 14:18:18 +00:00
Luke Taylor b807f7cbdd Added comment to pom to explain spring-web requirement 2009-08-10 14:05:16 +00:00
Luke Taylor 972cd0a53c javadoc 2009-08-10 12:10:04 +00:00
Luke Taylor d65b1b3581 SEC-1200: Ukranian messages file 2009-08-10 11:41:24 +00:00
Luke Taylor 966f3e4101 SEC-1182: Added tst to confirm that this is no longer an issue due to other changes 2009-08-10 11:32:02 +00:00
Luke Taylor b4bb489638 SEC-1164: Further registering on bean components for tooling and removal of global ids. 2009-08-08 21:08:12 +00:00
Luke Taylor b387d63aba Removing unnecessary global bean names. 2009-08-08 18:57:51 +00:00
Luke Taylor a67448c867 SEC-1216: Remove unused code. 2009-08-08 18:51:15 +00:00
Luke Taylor 229866e293 SEC-1142: Support for session timeout detection. Added namespace support for invalid-session-url 2009-08-07 23:57:10 +00:00
Luke Taylor c12e5b4d0b SEC-1142: Renamed setter argument to match property. 2009-08-07 22:55:14 +00:00
Luke Taylor ea73fd0130 SEC-1142: Simplified implementation by removing template method. 2009-08-07 22:54:07 +00:00
Luke Taylor 90d76373cc SEC-1142: Support for session timeout detection. Added redirect to invalidSessionUrl in SessionManagementFilter when an invalid session Id is supplied in the request. 2009-08-07 17:12:12 +00:00
Luke Taylor 0f6642d3ab SEC-1216: Replacement of custom-after-invocation-provider with after-invocation-provider element. Some changes to help prevent proxying of aop infrastructure classes (use of AopInfrastructureBean marker interface) 2009-08-04 00:18:07 +00:00
Luke Taylor eaa0dc4fce typo 2009-08-03 16:30:26 +00:00
Luke Taylor e40b9fbc75 SEC-1196: Introduce AuthenticationManagerDelegator is MethodSecurityInterceptor which is configured by global-method-security. Prevents regression of SEC-933 caused by eager init of AuthenitcationManager and dependent beans 2009-08-03 01:44:49 +00:00
Luke Taylor 997faabe1e SEC-1196: Removed ConfigUtils (no longer used). 2009-08-03 00:22:47 +00:00
Luke Taylor 5953af0f6b SEC-1196: Change use of <authentication-manager> to actually register the global ProviderManager instance. This element now registers the global ProviderManager instance and must contain any authentication-provider elements (or ldap-authentication-provider elements). 2009-08-03 00:21:11 +00:00
Luke Taylor c5d6484b54 SEC-1210: RememberMe filter misses UserDetailsService in default <http /> tag config when it is declared in parent app context. Fixed by getting the UserDetailsServiceInjectionPostProcessor to check ancestor bean factories for a UserDetailsService if one isn't found in the current bean factory. 2009-07-31 19:40:20 +00:00
Luke Taylor 160aa512a1 Remove "infrastructure" type from authentication provider bean. 2009-07-31 19:38:16 +00:00
Luke Taylor 6ae61f95db Minor updates to test XML context implementation. 2009-07-31 19:37:05 +00:00
Luke Taylor a4a0aab66f SEC-1164: Add additional component definitions so that Spring IDE picks them up and doesn;t report missing bean definitions 2009-07-31 00:18:16 +00:00
Luke Taylor 06e393a171 Update bundlor to M5 2009-07-31 00:15:25 +00:00
Luke Taylor ecbacddc7c SEC-1146: Add some information on using authority groups 2009-07-29 16:30:15 +00:00
Luke Taylor 5d5df0c63d Added extra 'manual' security interceptor config 2009-07-29 16:08:04 +00:00
Luke Taylor 68364f06a2 Minor itest updates 2009-07-29 16:05:47 +00:00
Luke Taylor 3e6054b69f SEC-1211: Rename SessionFixationProtectionFilter to SessionManagementFilter, since it no longer performs session-fixation protection directly, but just executes the AuthenticatedSessionStrategy. 2009-07-29 00:52:30 +00:00
Luke Taylor 5e285b3692 SEC-1211: Set the default AuthenticatedSessionStrategy to a null implementation to preserve existing behaviour. 2009-07-28 23:57:46 +00:00
Luke Taylor 609a68b12a SEC-1077: Added DefaultAuthenticatedSessionStrategy test to check that saved request attribute is retained when migrateAttributes is false. 2009-07-28 23:47:26 +00:00
Luke Taylor db90122179 SEC-1211: Create strategy for session handling on successful authentication. Added AuthenticatedSessionStrategy interface and default implementation which encapsulates the functionality that was previously in SessionFixationProtectionFilter and AbstractAuthentictationProcessingFilter. Updated the namespace to make use of these. 2009-07-28 18:00:24 +00:00
Luke Taylor 4a12b80470 Minor updates to x509 doc and update of remember-me doc (no longer part of auto-config) 2009-07-27 22:27:48 +00:00
Luke Taylor fdb7325cbc Javadoc update 2009-07-24 15:21:59 +00:00
Luke Taylor 9c27bced5b Corrected typo 2009-07-23 20:42:04 +00:00
Luke Taylor 40efe6db57 Minor doc updates 2009-07-22 17:24:05 +00:00
Luke Taylor 0a37aed4b9 SEC-1207. Fixed class name in jsp 2009-07-22 16:37:22 +00:00
Luke Taylor 719a5e09d8 SEC-1205: Added comment to Javadoc for PasswordComparisonAuthenticator to indicate that it won't work with SSHA passwords 2009-07-22 16:11:24 +00:00
Luke Taylor 931cf90dbb SEC-1203: Allow configuration of X509 subject-dn-regex attribute using PropertyPlaceholderConfigurer. Modified parser to use a BeanDefinition for the SubjectPrincipalDnExtractor to allow property subsititution. 2009-07-21 00:14:57 +00:00
Luke Taylor 8b115e2a21 SEC-1167: Added setRequestCache to SavedRequestAwareAuthenticationSuccessHandler and updated namespace parsing to set PortResolver on created HttpRequestCache. 2009-07-20 22:52:48 +00:00
Luke Taylor f404bb3d74 SEC-1167: Introduce more flexible SavedRequest handling. Separated the concept of SavedRequest from SecurityContextHolderAwareFilter since the two are orthogonal requirements. This no longer takes a wrapper class property or uses reflection. SavedRequest functionality is accessed through the RequestCache interface, with the default implementation being HttpSessionRequestCache. A separate filter RequestCacheAwareFilter is now responsible for reconstituting the SavedRequest if it matches the current request. The functionality for matching and returning the wrapper is contained in the RequestCache method though. 2009-07-20 22:34:40 +00:00
Luke Taylor efd1dbf54a Removed public modifier from getSessionController() method on ProviderManager. 2009-07-17 23:37:45 +00:00