Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,347 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

104 Commits

Author SHA1 Message Date
Luke Taylor d58dd79a52 SEC-1494: Updated the tutorial webapp to use CSS and make use of the securityHiddenUI element when UI security is disabled. 2011-01-25 13:16:46 +00:00
Luke Taylor 19e56f4397 Stripping out unnecessary dependencies from sample jars. 2011-01-10 17:27:58 +00:00
Luke Taylor 685e0417a7 SEC-1544: Update the tutorial sample to attempt to delete the JSESSIONID cookie on logout. 2010-09-19 18:30:52 +01:00
Luke Taylor 102bc2d6a0 Reduce unnecessary use of aspectj as a build dependency 2010-08-19 23:23:03 +01:00
Luke Taylor c37ca1c2a9 Sample app build adjustments to remove unwanted deps such as jsp-api, tidy up use of JSTL, make sure all are using servlet 2.5 etc. 2010-08-19 22:41:51 +01:00
Luke Taylor 6abfa2e887 Update minimum required schema to 3.1. 2010-08-17 02:19:55 +01:00
Luke Taylor 85c4c91e0e IDEA inspection refactorings. 2010-08-05 23:28:07 +01:00
Luke Taylor 2afccfc633 Remove commons-logging dependency properly and switch tutorial sample to logback/slf4j. 2010-07-23 01:57:31 +01:00
Luke Taylor ee1fd1bc50 SEC-1431: Modify OpenID sample to use a custom UserDetailsService which allows any user to authenticate, allocating them a standard role and "registers" their ID in a map, allowing it to be retrieved in subsequent logins. 2010-04-20 23:47:48 +01:00
Luke Taylor 0974e21fb6 SEC-1379: Added creation of a session if session timeout is detected (requested session ID is invalid). 
This prevents problems with repeated detection of the same invalid session when the redirected request comes in.
 2010-01-23 02:12:30 +00:00
Luke Taylor a5dde8b28f Updated doc on invalid session detection. 
Invalid session URL must typically be omitted from the filter chain to prevent an infinite loop.
 2010-01-17 14:41:24 +00:00
Luke Taylor 052537c8b0 Removing $Id$ markers and stripping trailing whitespace from the codebase. 2010-01-08 21:05:13 +00:00
Luke Taylor 893f212fa5 Tidying 2010-01-02 19:53:19 +00:00
Luke Taylor fac07ba8ff Schema updates to Spring 3.0 2009-12-18 18:44:17 +00:00
Luke Taylor 7247902911 SEC-1229: Updated sample and itest namespace concurrency configs. 2009-09-29 16:18:01 +00:00
Luke Taylor aa153681bf SEC-1229: Added session-management element to namespace and refactored existing session-related attributes and concurrency control. Refactored <http> parsing code to split it up into more manageable units. 2009-09-29 00:29:09 +00:00
Luke Taylor 731402e9f5 SEC-525: [PATCH] Add AccessCheckerTag based on URL resource access permissions. Added functionality to "authorize" tag to allow evaluation of whether a particual url is accessible to the user. Uses a WebInvocationPrivilegeEvaluator registered in the application context. 2009-09-16 00:23:13 +00:00
Luke Taylor b531a81176 SEC-1246: Introduce EL-based authorization tag. Added optional access expression to authorize tag. 2009-09-15 16:34:05 +00:00
Luke Taylor 5953af0f6b SEC-1196: Change use of <authentication-manager> to actually register the global ProviderManager instance. This element now registers the global ProviderManager instance and must contain any authentication-provider elements (or ldap-authentication-provider elements). 2009-08-03 00:21:11 +00:00
Luke Taylor 1afa67c954 SEC-1195: Added internal AuthenticationManager for use by beans which are generated by the <http> block. 2009-07-15 23:09:47 +00:00
Luke Taylor 853b4c8753 SEC-1186: Make sure an Element is always supplied when registering the AuthenticationManager. Fixes broken tests. 2009-06-28 13:36:54 +00:00
Luke Taylor 0134a5646d Changed to use expressions in commented-out XML instead of outdated syntax. 2009-05-31 21:26:52 +00:00
Luke Taylor f976080d1d Fixes to sample app context files 2009-05-26 22:15:05 +00:00
Luke Taylor 14c4739605 SEC-1158: Decoupling of Pre/Post annotations implementation from Spring EL. 2009-05-11 05:18:20 +00:00
Luke Taylor e94baf38b3 Tidying up to remove warnings (generics, use of deprecated test classes etc). 2009-04-28 06:49:43 +00:00
Luke Taylor 13af4b95a2 Sample package name updates 2009-04-18 06:04:56 +00:00
Luke Taylor ca7d055c2b SEC-1132: Created core and authentication packages within core module. 2009-04-13 13:43:23 +00:00
Luke Taylor 9efb5a7007 SEC-1132: Moved access-control/authorization specific code to org.sf.security.access package. Created provisioning package for user management classes to remove cyclical deps. Some other moving of classes to remove code tangles. Restructuring of portlet module under org.sf.security.portlet 2009-04-12 12:23:23 +00:00
Luke Taylor bec84f874a SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples. 2009-03-26 07:18:36 +00:00
Luke Taylor 4a41416c9b Tidying up and removing compiler warnings. 2008-12-21 16:36:16 +00:00
Luke Taylor cc5966bc7e Tidying up, removing compiler warnings etc. 2008-12-20 00:16:49 +00:00
Luke Taylor 2927b8464f SEC-1058: Substantial refactoring of AbstractProcessingFilter to use AuthenticationFailureHandler strategy. Also changed attemptAuthentication method to take a response object and have the option of returning null, to allow OpenIDAuthenticationProcessingFilter to work without having to throw exceptions between the template methods (which made the logic very hard to follow). The OpenID filter now redirects to the OpenID provider service from this method, rather than treating it as a temporary failure and throwing OpenIDAuthenticationRequiredException. 2008-12-14 22:20:21 +00:00
Luke Taylor 6ccdcec629 SEC-1033: Added web expressions to tutorial sample configuration. 2008-12-08 21:56:44 +00:00
Luke Taylor bc6878c1c5 SEC-1044: Removed remember-me functionality from http auto-config namespace configuration. Added explicit <remember-me> elements to contacts and tutorial sample configurations. 2008-12-05 16:36:43 +00:00
Ben Alex 7e562031cc Better demonstrate the new EL-based "overdraft" authorization rules. 2008-11-19 09:32:04 +00:00
Luke Taylor d6cd392a9e Tidying up some stuff in tutorial app 2008-11-07 06:55:00 +00:00
Luke Taylor a7d046357b SEC-1013: Refactored out use of ConfigAttributeDefinition from remaining interfaces 2008-10-30 04:10:54 +00:00
Luke Taylor 4f6b4e4bfd Make sample login pages use c:out for data output 2008-05-15 12:48:13 +00:00
Luke Taylor fc498954c6 Updated sample context files to point at 2.0.1 schema 2008-05-01 17:51:48 +00:00
Luke Taylor 882509fb2a Renamed context file 2008-04-24 00:27:37 +00:00
Luke Taylor eba18675fc Removed old acegi file from tutorial sample as it's causing confusion with users. 2008-04-23 21:08:41 +00:00
Luke Taylor 80cd7f4acc Removed accidental commit of tutorial context file 2008-04-23 13:13:56 +00:00
Luke Taylor 0cf745b85f Updated clean plugin to 2.2 2008-04-22 21:59:40 +00:00
Luke Taylor c7f182309f Removed excess config from tutorial sample file 2008-04-12 17:17:46 +00:00
Ben Alex f7ae69880c Minor tweaking so the tutorial is a little more illustrative of the present namespace capabilities. 2008-04-01 17:15:31 +00:00
Ben Alex 1490fe0b0a Various fine-tuning so people can see AspectJ expressions and a simple, minimal configuration. 2008-03-28 00:47:08 +00:00
Ben Alex 595a14dbd5 Sample should permit people to anonymously call all methods except post(Account). 2008-03-28 00:44:42 +00:00
Luke Taylor ef5b3e2f9c SEC-733: Changed names of <global-method-security> attributes as discussed with Ben and updated sample to reflect the changes. Also changed explicit instantiation of Jsr250 and Secured annotation MethodDefinitionSource beans in GlobalMethodSecurityBDP into bean definitions to make more tooling friendly. 2008-03-26 21:48:24 +00:00
Luke Taylor 743d72ca7b Added log4j support to tutorial app 2008-03-26 15:27:09 +00:00
Ben Alex 0860333a3f SEC-733: AspectJ Pointcut Expression Parsing support. 2008-03-25 08:28:53 +00:00