Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,590 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

1457 Commits

Author SHA1 Message Date
Luke Taylor 0f63084afe SEC-685: Improvement to Javadoc for FilterChainProxy and changed to use of LinkedHashSet in obtainAllDefinedFilters to guarantee order is preserved. 2008-02-26 12:59:33 +00:00
Luke Taylor 8c00bb1537 SEC-674: Updated samples to work with new module layout. Changed taglib build to copy tld file to META-INF directory. 
Also standardized JSTL version to 1.1.0 (impl 1.1.2), moving deps to root sample pom.
 2008-02-22 16:21:37 +00:00
Luke Taylor 5187f89fe8 SEC-679: Removed use of MockApplicationContext and improved use of ehcache (shutting down cache managers after tests are run). Upgraded ehcache version to 1.3 as used in Spring pom. 2008-02-22 13:34:20 +00:00
Luke Taylor ca9e64f857 SEC-674: Moved cas "ui" package to new module 2008-02-22 11:11:56 +00:00
Luke Taylor 2dd9faabc0 SEC-674: Created new project modules for cas, captcha, acls and taglibs 2008-02-19 20:30:53 +00:00
Luke Taylor 59651f5214 SEC-678: Moved extraInformation property to AuthenticationException so ti isn't only available in BadCredentialsException. Added clearExtraInformation flag to AbstractAuthenticationManager to allow the information to be removed if required before rethrowing. 2008-02-18 20:18:40 +00:00
Luke Taylor 1aec2a6d0a Tidying javadoc 2008-02-18 18:27:50 +00:00
Luke Taylor d7b3a1f734 SEC-603: Removed requirement for an entry point on BasicProcessingFilter if ignoreFailures is true. 2008-02-18 15:41:23 +00:00
Luke Taylor 5af9653a8e Import cleaning. 2008-02-18 12:35:55 +00:00
Luke Taylor 6575f5af1c SEC-536: Added account status checking to Siteminder provider 2008-02-18 12:35:18 +00:00
Luke Taylor 3c011685cd SEC-536: Added account status checking to pre-auth provider. 2008-02-18 12:15:30 +00:00
Andrei Stefan 84282ffabb SEC-532: added test method for SEC-655 2008-02-15 22:27:14 +00:00
Luke Taylor 48e2c38736 SEC-536: Added account status checking to Cas provider 2008-02-15 18:14:57 +00:00
Luke Taylor 04e187d1a7 Tiding up code in acl package (formatting, reduction onf nesting etc). 2008-02-15 18:09:26 +00:00
Luke Taylor 5e204e23f3 SEC-536: Introduced UserDetailsChecker strategy to extract code for checking status of accounts and allowing variation in pre/post authentication checks made by AbstractUserDetailsAuthenticationProvider 2008-02-15 18:05:12 +00:00
Luke Taylor da90b81e16 Corrected toString output (using "username" instead of "principal") 2008-02-15 17:15:20 +00:00
Luke Taylor 48e2d5ad62 Refactored AbstractSecurityInterceptor, extracting method authenticateIfRequired(); 2008-02-15 17:05:58 +00:00
Luke Taylor a930ce2bf6 SEC-577: Correct javadocs for switch user 2008-02-15 14:34:46 +00:00
Luke Taylor 985818ae2c SEC-581: Copy authentication details to CAS result token 2008-02-15 14:11:56 +00:00
Ben Alex bdc791649d SEC-656: Provide ability to dependency inject additional exception to event mappings, rather than require subclassing. 2008-02-15 11:56:53 +00:00
Andrei Stefan afca3d8adc tidying up changes 2008-02-15 10:56:05 +00:00
Andrei Stefan 24ff891fea tidying up changes 2008-02-15 10:55:27 +00:00
Andrei Stefan 69c2f31aa7 SEC-532: AclImpl tests class 2008-02-15 10:53:23 +00:00
Andrei Stefan 0eff5afc8f SEC-532: small bug-fix 2008-02-15 10:39:25 +00:00
Ben Alex c65ec2aa38 Make authentication-failure-url attribute optional. 2008-02-12 17:40:49 +00:00
Andrei Stefan b84c812305 SEC-532: added method that reproduces bug in SEC-590 2008-02-12 16:28:33 +00:00
Andrei Stefan 0dae2a2dfc SEC-532: added test methods; one method reproduces bug in SEC-590 2008-02-12 16:20:48 +00:00
Luke Taylor ae28169383 SEC-482: Load AclService implementations from parent app contexts. 2008-02-10 12:42:06 +00:00
Luke Taylor f0ec1eeabd Tidying. 2008-02-09 15:39:16 +00:00
Luke Taylor 3c775b5d0d Added access-decision-manager-ref attribute to intercept-methods element. Made interceptor bean autowired by default to pick up AfterInvocationManager. 2008-02-09 15:38:31 +00:00
Luke Taylor 10ab4136d1 SEC-309: Patch for Authentication tag to use property of authentication object, rather than invoking an operation on the principal. Allows use of nested properties. 2008-02-09 13:41:05 +00:00
Luke Taylor e0d0cc20c7 SEC-665: Missed a method name... 2008-02-08 18:19:27 +00:00
Luke Taylor bd5a64825d SEC-552: Replaced authorites populators in CAS and OpenID with a plain UserDetailsService 2008-02-08 13:23:43 +00:00
Luke Taylor 842c49c890 SEC-665: Renaming of rolemapping package to authoritymapping, and corresponding refactoring of classes. 2008-02-08 12:01:10 +00:00
Luke Taylor 549de2927e SEC-641: Avoid direct use of external classes in namespace parsing. 2008-02-07 15:03:27 +00:00
Luke Taylor 6e93ec92eb Added db creation message. 2008-02-07 13:35:27 +00:00
Luke Taylor 28153f2c7f Added TestDataSource class to cut down verbosity of in-memory test databases and to implement DisposableBean, so the database is destroyed when the application context containing it is closed. 2008-02-07 13:33:15 +00:00
Luke Taylor 208d1ee8e2 SEC-456: Added test class for UserDetailsServiceLdapAuthoritiesPopulator 2008-02-07 13:31:25 +00:00
Luke Taylor 9292317e1c Deleted unused context file. 2008-02-07 13:30:03 +00:00
Luke Taylor b6d3ed135d SEC-456: Added class Javadoc 2008-02-06 17:24:45 +00:00
Luke Taylor b2cc817835 SEC-456: Basic LDAP authorities populator that delegates to a UserDetailsService. 2008-02-06 17:22:27 +00:00
Luke Taylor 99621a225d SEC-481: Refactoring commence method of AuthenticationProcessingFilterEtryPoint to allow alternative redirect options. Extracted two methods, "buildRedirectUrlToLoginPage" and "buildHttpsRedirectUrlForRequest" and introduced a RedirectUrlBuilder class for assembling the URLs from schemes, ports etc. 2008-02-06 16:38:47 +00:00
Luke Taylor adbf18a091 SEC-507: Updated JSR-250 impl to include better support for PermitAll and DenyAll as suggested by Ryan Heaton. Includes JSR-250 voter which is now used by AnnotationDriverbeanDefinitionParser. 2008-02-06 13:14:46 +00:00
Luke Taylor c1895acb6b Changed package doc which mentioned adding filter to web.xml rather than filter chain. 2008-02-06 10:36:25 +00:00
Andrei Stefan 98ccaa61e7 SEC-532: test class for ObjectIdentityRetrievalStrategyImpl 2008-02-06 09:26:39 +00:00
Andrei Stefan 5d09f1264b SEC-532: Added test method for different hashCode calculation when different Serializable classes are used (the method is commmented as, now, it doesn't pass the test) 2008-02-06 09:26:05 +00:00
Andrei Stefan 419a7a6426 SEC-532: added more test methods for JdbcAclService implementation 2008-02-06 09:24:13 +00:00
Luke Taylor 2c0c731aaa SEC-552: Removed accidentally commited incomplete caching-related classes. 2008-02-05 16:59:41 +00:00
Luke Taylor b82fbb698d SEC-641: Updated to set "source" values on BeanDefinitions where possible. 2008-02-05 14:48:39 +00:00
Luke Taylor 8859034d11 SEC-641: Reomove use of SecurityConfigException during parsing. 2008-02-05 11:46:27 +00:00
Luke Taylor 717ab0b3cc SEC-641: Replaced use of Assert with more tooling friendly calls to parserContext.getReaderContext().error() 2008-02-05 11:29:52 +00:00
Luke Taylor abb6402cec Import cleaning. 2008-02-05 10:51:52 +00:00
Luke Taylor 84c7ac5e57 SEC-664: Removed validateUserDetails method from AbstractRememberMeServices, wrapped the UserDetailsService in a status-checking one and added a catch block for AccountStatusExceptions. Also some minor tidying up of other remember-me classes. 2008-02-04 21:26:07 +00:00
Luke Taylor d3f26f09b6 Added support for locking user accounts in namespace <user-service> "user" elements (for use in testing). 2008-02-04 21:23:49 +00:00
Luke Taylor 2343577fec Update new X509 namespace config to use status checking of user accounts by default. 2008-02-04 19:43:09 +00:00
Luke Taylor 600ab04cc7 SEC-663: Added null check for pre-authenticated principal value (and skip authentication attempt if null). 2008-02-04 19:36:44 +00:00
Luke Taylor 3f1ab233dc SEC-662: Add check for a null authentication object returned by provider and skip passing it to session controller. 2008-02-04 19:27:12 +00:00
Andrei Stefan 9be3f20faa 2008-02-04 16:44:11 +00:00
Luke Taylor 1191701d8b SEC-372: Added switchFailureUrl to SwitchUserProcessingFilter. Also did some refactoring to use the StatusCheckingUserDetailsService decorator, rather than checking status internally. 2008-02-04 14:02:30 +00:00
Luke Taylor 424ac4f117 Commented out tests which are breaking build. 2008-02-02 22:03:35 +00:00
Luke Taylor ab5d416e00 SEC-516: Make default SavedRequest a "GET" in test to prevent NPE. 2008-02-02 21:41:41 +00:00
Andrei Stefan 842dec0180 2008-02-01 15:35:20 +00:00
Luke Taylor bd9138d78a Import cleaning. 2008-02-01 14:38:03 +00:00
Luke Taylor df1def412e Changed to using new alias for security filter chain in samples. 2008-02-01 14:28:04 +00:00
Luke Taylor 298546014a SEC-659: Added authentication-manager element to allow users to define an alias for the internal authentication manager. 2008-02-01 14:25:07 +00:00
Luke Taylor 2ad0c2cbd0 Corrected check on whether delegate implements Ordered interface. 2008-02-01 14:02:01 +00:00
Luke Taylor ca75905c3e SEC-658: Add support for ldap-user-service to AuthenticationProviderBeanDefinitionParser. 2008-01-31 20:32:31 +00:00
Luke Taylor 2c6fb3d1c9 Added extra tests for jdbc-user-details service to make sure it works within an <authentication-provider> element. 2008-01-31 20:30:37 +00:00
Luke Taylor e82dfd3f1a Added some further tests for LDAP searching with a different user search base. 2008-01-31 17:44:52 +00:00
Luke Taylor feb790ea83 SEC-486: Added determineExpiredUrl method to ConcurrentSessionFilter 2008-01-31 16:25:50 +00:00
Luke Taylor feadb3582a SEC-516: TargetUrlResolver path to avoid redirecting to POST requests. 2008-01-31 16:05:25 +00:00
Luke Taylor 9f45f95fab SEC-491: Add alternative options for determining logout URL. 2008-01-31 15:48:04 +00:00
Luke Taylor a305c9111f SEC-576: Add check for null pre-auth principal and return null if found. 2008-01-31 14:50:12 +00:00
Luke Taylor 5394350cc8 SEC-576: Renamed PreAuthenticateduserDetailsService to AuthenticationUserdetailsService and changed signature accordingly. 2008-01-31 14:24:12 +00:00
Luke Taylor 311add2270 SEC-300: Applied Andreas Senft's patch for unwrapping exceptions in ExceptionTranslationFilter to obtain the cause. 2008-01-30 16:15:02 +00:00
Luke Taylor 3b6ce862f3 SEC-342: Change ObjectDefinitionSource to return a Collection instead of an Iterator. 2008-01-30 15:43:40 +00:00
Luke Taylor d695f5002c SEC-654: Made ConfigAttributeDefinition immutable, added several constructors to simplify its use. Removed MethodDefinitionMapping and FilterInvocationDefinitionMapping. 2008-01-30 15:17:30 +00:00
Luke Taylor c7754d7bee SEC-473: Reduce the number of "cookie methods" in AbstractRememberMeServices. 2008-01-29 22:28:04 +00:00
Andrei Stefan 00b5c0e61b 2008-01-29 18:36:22 +00:00
Luke Taylor f121b6ac90 Fixed tests which were making assumptions about ordering within sets. 2008-01-29 18:35:56 +00:00
Andrei Stefan aa0744a705 test class for EhCacheBasedAclCache 2008-01-29 17:42:39 +00:00
Andrei Stefan 944c7e9665 2008-01-29 17:42:05 +00:00
Luke Taylor e37d0b0bb1 SEC-543: sessionsUsedByPrincipal only needs to be added to "principals" map when it is first created. 2008-01-29 16:28:17 +00:00
Luke Taylor 379b7ab337 SEC-543: Moved logging out of synchronized block 2008-01-29 16:04:49 +00:00
Luke Taylor 9fe181046b SEC-543: Added null guard clauses to reduce nesting and increase readability. 2008-01-29 15:55:29 +00:00
Luke Taylor c9de2f6c9f SEC-532: Remove FilterInvocationDefinitionSource-related classes which are no longer needed. 2008-01-29 15:09:20 +00:00
Luke Taylor a0ee7fb6fd SEC-532: Madded FilterinvocationDefinitionSourceMapping package scoped 2008-01-29 13:08:12 +00:00
Luke Taylor 8e5b608ee9 SEC-532: Removed FilterInvocationDecorator and tests. 2008-01-29 12:34:01 +00:00
Luke Taylor 059ac644bb SEC-645: Deprecated old X.509 provider. 2008-01-29 11:50:33 +00:00
Luke Taylor 95c6ecdb1e SEC-468: Added Mike Wiesner's patch for AspectJ annotation support. 2008-01-29 11:33:38 +00:00
Luke Taylor ef428d2c22 Moved test class to correct source tree 2008-01-29 10:57:44 +00:00
Luke Taylor e63fa0f610 SEC-418: Changed interface SwitchAuthorityChanger to return List rather than expecting modification of passed in List of authorities. 2008-01-28 19:26:30 +00:00
Luke Taylor 0be34cdcc1 SEC-536: Added messages for generic UserDetails status checks. 2008-01-28 18:19:23 +00:00
Luke Taylor c9dee10704 SEC-536: Added UserDetailsService decorator class which will throw an appropriate exception if the returned UserDetails object has a status of locked, disabled etc. 2008-01-28 18:10:43 +00:00
Luke Taylor 934e59a562 SEC-652: Fixed CasAuthenticationProvider to be compatible with Ray's recent AuthoritiesPopulator refactoring. 2008-01-28 16:05:39 +00:00
Luke Taylor 26ea65ddb1 SEC-652: Add a trustPassword to AbstractTicketValidator for use with password protected keystores (as in the sample application). 2008-01-28 16:04:38 +00:00
Luke Taylor 5738a51040 SEC-651: Support for ldap-user-service bean. 2008-01-28 00:47:34 +00:00
Luke Taylor 544df3ea09 Updated SpringSecurityLdapTemplate to include base LDAP context in returned DirContextAdapter entry to make sure the result gives a correct value for getNameInNamespace(). This is necessary when a search is used to obtain entries to pass to DefaultLdapAuthoritiesPopulator, for example. 2008-01-28 00:39:42 +00:00
Luke Taylor 80b6111641 SEC-650: Change default scope to sub-tree. 2008-01-28 00:24:54 +00:00
Luke Taylor e6d6e88117 Corrections to calculated order values from "before" and "after" attributes. 2008-01-27 22:46:24 +00:00