Luke Taylor
SEC-1501: Fix bean classname in Javadoc for SwitchUserFilter.
2010-06-25 19:45:34 +01:00
Luke Taylor
SEC-1496: Added support for use of any non-standard URL schemes in DefaultRedirectStrategy.
2010-06-18 03:33:49 +01:00
Luke Taylor
SEC-1500: Convert AbstractRetryEntryPoint to use requestURI to correctly encode URLs.
2010-06-18 01:34:07 +01:00
Luke Taylor
Removed unnecessary casts.
2010-06-08 22:56:59 +01:00
Luke Taylor
SEC-1171: Allow multiple http elements and add pattern attribute to specify filter chain mapping.
2010-05-27 15:54:15 +01:00
Luke Taylor
Fix build when upload properties are missing. Added missing hsql test dependency
2010-05-24 17:01:19 +01:00
Luke Taylor
SEC-1481: Updated constructors of Authentication types to use a generic wildcard for authorities collection.
2010-05-21 15:59:50 +01:00
Luke Taylor
Remove commented-out code in ETF.
2010-05-16 15:16:40 +01:00
Luke Taylor
SEC-1479: Clarify that matching is against servletPath + pathInfo for ant pattern matching. Added some extra pointers to request-matching info in namespace doc.
2010-05-16 14:14:13 +01:00
Luke Taylor
Javadoc improvements
2010-05-16 14:14:13 +01:00
Luke Taylor
Javadoc fixes.
2010-05-06 20:02:08 +01:00
Luke Taylor
SEC-1476: Modify AbstractPreAuthenticatedProcessingFilter to store authentication exception in request instead of creating a new session.
2010-05-05 14:13:48 +01:00
Luke Taylor
2010-05-03 14:53:05 +01:00
Luke Taylor
SEC-1468: Doc and Javadoc updates.
2010-04-26 23:26:07 +01:00
Luke Taylor
SEC-1464: Deprecate UserMap, InMemoryDaoImpl and other related classes in favour of the simpler (non-property editor based) InMemoryUserDetailsManager.
2010-04-25 04:27:09 +01:00
Luke Taylor
SEC-1431: Modify OpenID sample to use a custom UserDetailsService which allows any user to authenticate, allocating them a standard role and "registers" their ID in a map, allowing it to be retrieved in subsequent logins.
2010-04-20 23:47:48 +01:00
Luke Taylor
SEC-1459: Generifying AuthenticationUserDetailsService. Now parameterized with <? extends Authentication>.
2010-04-20 23:47:47 +01:00
Luke Taylor
SEC-1462: Only apply session fixation protection strategy if request.isRequestedSessionIdValid() returns true. We don't need to create a new session if the current one already has a different Id from the client.
2010-04-20 18:04:22 +01:00
Luke Taylor
SEC-1458: Remove logger field in HttpSessionEventPublisher in favour of direct lookup. Prevents early initialization of logging system when listener is initialized.
2010-04-16 16:12:38 +01:00
Luke Taylor
SEC-1294: Enable access to beans from ApplicationContext in EL expressions.
ExpressionHandlers are now ApplicationContextAware and set the app context on the SecurityExpressionRoot. A custom PropertyAccessor resolves the properties against the root by looking them up in the app context.
2010-04-01 01:24:23 +01:00
Luke Taylor
SEC-1446: Modified BasicAuthenticationFilter to treat invalid base64 and invalid Basic authentication tokens as a failed authentication (raising a BadCredentialsException, without calling the AuthenticationManager).
This solves the problem in this issue (invalid Base64 not resulting in a 401) and also prevents unnecessary calls to the AuthenticationManager.
2010-03-23 00:45:06 +00:00
Luke Taylor
SEC-1439: Make getters and setters public on HttpRequestResponseHolder.
Necessary to allow use of custom SecurityContextRepository.
2010-03-12 15:53:05 +00:00
Luke Taylor
Addition of commons-logging exclusions and adjustments to pom generation.
2010-03-07 21:58:25 +00:00
Luke Taylor
SEC-1429: Removed cached authentication from session after successful authentication.
2010-03-05 00:07:35 +00:00
Luke Taylor
Additional test classes for authentication and logout success/failure handling.
2010-03-04 23:18:46 +00:00
Luke Taylor
Fix to Javadoc for AbstractAuthenticationProcessingFilter.
2010-03-04 22:06:04 +00:00
Luke Taylor
SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect.
2010-03-04 21:21:07 +00:00
Luke Taylor
SEC-1407: Removed original URL matching classes and updated Javadoc of new RequestMatcher versions.
2010-03-03 23:11:49 +00:00
Luke Taylor
SEC-1425: Replace use of Java 1.6 String.isEmpty().
2010-03-01 13:49:42 +00:00
Luke Taylor
SEC-1407: Use RequestMatcher instances as the FilterInvocationSecurityMetadataSource keys and in the FilterChainMap use by FilterChainProxy.
This greatly simplifies the code and opens up possibilities for other matching strategies (e.g. EL). This also means that matching is now completely strict - the order of the matchers is all that matters (not whether an HTTP method is included or not). The first matcher that returns true will be used.
2010-03-01 01:21:06 +00:00
Luke Taylor
SEC-1425: Add check for empty cookie in AbstractRememberMeServices.
Prevents ArrayOutOfBoundsException later when processing the tokeniszed cookie.
2010-02-28 14:08:27 +00:00
Luke Taylor
SEC-1424: Added support for "stateless" option for create-session attribute, designed for applications which do not use sessions at all.
2010-02-27 00:22:21 +00:00
Luke Taylor
SEC-1307: Modify context saving logic in HttpSessionSecurityContextRepository to check the SecurityContext and its contents (the Authentication) against the respective values when the request first arrived at the SecurityContextPersistenceFilter. As explained in the issue, this allows a definite decision to be made about whether the current thread has modified the context information during the request, indicating that it should be saved.
Also removed deprecated HttpSessionContextIntegrationFilter and tests.
2010-02-26 16:01:40 +00:00
Luke Taylor
Refactor overly large doFilter() method in DigestAuthenticationFilter.
2010-02-22 01:48:53 +00:00
Luke Taylor
Increase upper bounds of Spring and Spring Security versions in bundlor templates to 3.2.0.
2010-02-21 23:25:36 +00:00
Luke Taylor
Update version number to 3.1.0.CI-SNAPSHOT.
2010-02-19 17:35:19 +00:00
Luke Taylor
3.0.2 release. Update version in build files.
2010-02-19 01:22:21 +00:00
Luke Taylor
SEC-1412: Modify DefaultSavedRequest to ignore If-Not-Matched header.
The browser (or at least Firefox) does not send it after a redirect, and it causes problems with Spring's ShallowEtagHeaderFilter if it is stored and returned by the saved request.
2010-02-18 00:32:49 +00:00
Luke Taylor
SEC-1410: Makes sure usernames which are OpenID https identities are detected as well as http ones.
Using ":" as the token delimiter means we accidentally mistake the URL for two tokens. This had previously been fixed for http URLs but not https ones.
2010-02-15 22:46:18 +00:00
Luke Taylor
Removed unused import in DelegatingAuthenticationEntryPoint and corrected test class name.
2010-02-14 23:31:31 +00:00
Luke Taylor
Remove unnecessary @SuppressWarnings and inline dependency from ELRequestMatcher (util package) to core ExpressionUtils.
2010-02-14 23:29:27 +00:00
Luke Taylor
Javadoc fixes.
2010-02-14 23:27:09 +00:00
Luke Taylor
Replace package.html with files, creating new ones where missing and updating outdated contents.
2010-02-14 23:23:23 +00:00
Luke Taylor
Moved DelegatingAuthenticationEntryPointTest-context.xml to test/resources
2010-02-11 18:08:06 +00:00
Luke Taylor
SEC-1396: Implement eager saving of SecurityContext in SessionManagementFilter on authentication.
The user is then seen as being authenticated to further (re-entrant) requests which occur before the existing request has completed. The saving logic is contained with the SecurityContextRepository implementation.
2010-02-11 17:47:22 +00:00
Mike Wiesner
SEC-1406: Create a DelegatingAuthenticationEntryPoint
2010-02-11 13:19:16 +01:00
Mike Wiesner
SEC-1406: Create a DelegatingAuthenticationEntryPoint
2010-02-11 09:05:28 +01:00
Mike Wiesner
SEC-1406: Create a DelegatingAuthenticationEntryPoint
2010-02-10 21:25:23 +01:00
Luke Taylor
SEC-1404: Refactored IP subnet matching into IpAddressMatcher class to allow it to be used outside expressions.
2010-02-10 15:06:01 +00:00
Luke Taylor
SEC-1405: added RequestMatcher interface.
2010-02-10 14:34:14 +00:00