7731a3df57
Typo.
2008-11-11 03:41:50 +00:00
e11114ce77
SEC-1023: Add hasPermission() support to SecurityExpressionRoot
...
http://jira.springframework.org/browse/SEC-1023 .
hasPermission() now delegates to a PermissionEvaluator interface, with a default implementation provided by the Acl module. The contacts sample now uses expressions on the ContactManager interface. The permission-evaluator element on global-method-security can be used to set the instance to an AclPermissionEvaluator. If not set, all hasPermission() expressions will evaluate to 'false'.
2008-11-10 04:27:25 +00:00
d6cd392a9e
Tidying up some stuff in tutorial app
2008-11-07 06:55:00 +00:00
d6bb6ccbf5
Removed .cvsignore files
2008-11-06 01:11:08 +00:00
a7d046357b
SEC-1013: Refactored out use of ConfigAttributeDefinition from remaining interfaces
2008-10-30 04:10:54 +00:00
4aa32f7d06
SEC-999: First commit of expression-based authorization implementation
2008-10-24 00:38:36 +00:00
6c8a82fa13
Updated poms to Spring 2.5 and fixed up sandbox to work with latest build
2008-10-15 05:52:40 +00:00
a62eae4587
Script for running all the sample apps
2008-10-15 05:49:31 +00:00
7cc0965383
SEC-1001: Move core tiger code into core and adjust pom files
2008-10-03 15:23:31 +00:00
5b9bb8ba54
[maven-release-plugin] prepare for next development iteration
2008-09-05 19:04:22 +00:00
73eed2656d
[maven-release-plugin] prepare release spring-security-parent-2.0.4
2008-09-05 18:57:43 +00:00
6e06789a28
SEC-937: Added CAS logout filter to sample application
2008-07-28 10:53:55 +00:00
d9634bcb39
SEC-920: Update preauth sample to make use of internal authentication manager
...
http://jira.springframework.org/browse/SEC-920 . Updated context file to use <custom-authentication-provider>.
2008-07-11 10:56:57 +00:00
6ff0b969d5
Corrected ldap sample config (traditional bean version was wrong)
2008-06-23 23:43:48 +00:00
775a6c3939
[maven-release-plugin] prepare for next development iteration
2008-06-23 14:10:35 +00:00
87d50aecce
[maven-release-plugin] prepare release spring-security-parent-2.0.3
2008-06-23 14:05:36 +00:00
57558de3ec
Added error page URL to openid login sample
2008-06-23 13:18:35 +00:00
5ec06778f5
removed optional scope from jaxen dependecy in preauth sample as it breaks war file
2008-06-23 13:00:03 +00:00
5b089aea16
SEC-852
...
provided mechanism to do get a proxy ticket
2008-06-18 17:34:14 +00:00
de897ad1ac
SEC-867: Remove superfluous <property /> entry.
2008-06-05 22:51:47 +00:00
ff785a829f
[maven-release-plugin] prepare for next development iteration
2008-06-03 16:07:20 +00:00
db1d8604a6
[maven-release-plugin] prepare release spring-security-parent-2.0.2
2008-06-03 16:05:40 +00:00
d784d854cd
Corrected log file name.
2008-06-03 14:57:40 +00:00
cf4072c517
Context file improvements (based on sts suggestions)
2008-05-25 20:57:07 +00:00
859e99edf4
SEC-851: Fix port number in LDAP sample.
2008-05-23 21:24:48 +00:00
4f6b4e4bfd
Make sample login pages use c:out for data output
2008-05-15 12:48:13 +00:00
d4defb10fe
SEC-833: Fixed login-failure-url in contacts sample app.
2008-05-14 22:41:13 +00:00
5cf0c84e2f
SEC-814: Added standard bean config to ldap example and updated doc to provide some pointers to DefaultLdapAuthoritiesPopulator
2008-05-06 14:50:14 +00:00
a599ef5398
[maven-release-plugin] prepare for next development iteration
2008-05-01 20:09:03 +00:00
3e808335a4
[maven-release-plugin] prepare release spring-security-parent-2.0.1
2008-05-01 20:07:46 +00:00
18a9965b80
Moved dummy file out of default package for easy exclusion from javadoc
2008-05-01 19:45:36 +00:00
fc498954c6
Updated sample context files to point at 2.0.1 schema
2008-05-01 17:51:48 +00:00
014f21ee85
Deleted attributes sample
2008-05-01 17:50:47 +00:00
882509fb2a
Renamed context file
2008-04-24 00:27:37 +00:00
eba18675fc
Removed old acegi file from tutorial sample as it's causing confusion with users.
2008-04-23 21:08:41 +00:00
80cd7f4acc
Removed accidental commit of tutorial context file
2008-04-23 13:13:56 +00:00
0cf745b85f
Updated clean plugin to 2.2
2008-04-22 21:59:40 +00:00
1663142cf1
SEC-784: removed 'optional' tag on dependencies
2008-04-19 12:40:17 +00:00
b5dc523041
[maven-release-plugin] prepare for next development iteration
2008-04-14 07:06:44 +00:00
0c42670431
[maven-release-plugin] prepare release spring-security-parent-2.0.0
2008-04-14 07:05:46 +00:00
8f52c6a79c
Corrected name in cas samples pom
2008-04-13 21:26:43 +00:00
da72a7dc00
Forgot to add cas samples parent pom
2008-04-13 00:25:11 +00:00
0422cb1f8f
Fixed artifact groups for aspectjrt and added cas sample to project build
2008-04-13 00:08:18 +00:00
83c152e379
SEC-768: Changed exception to error reported through parser context. Added entry-point-ref to cas config
2008-04-13 00:02:46 +00:00
42cd91e259
Some updates to contacts sample to match description in docs, remove unnecessary cas code etc.
2008-04-12 18:08:35 +00:00
c7f182309f
Removed excess config from tutorial sample file
2008-04-12 17:17:46 +00:00
677607bcad
SEC-530: Refactor ACL module so ACE manipulation is index-based as
...
opposed to AccessControlEntry.getId() based.
2008-04-05 20:43:10 +00:00
d5a751e784
Added log4j dependency
2008-04-01 19:14:41 +00:00
f7ae69880c
Minor tweaking so the tutorial is a little more illustrative of the present namespace capabilities.
2008-04-01 17:15:31 +00:00
21e83e8364
[maven-release-plugin] prepare for next development iteration
2008-04-01 15:03:29 +00:00
91ed7dceb6
[maven-release-plugin] prepare release release_2_0_0_RC1
2008-04-01 15:01:30 +00:00
4d306c2c1e
Fix spring-portlet dep at 2.0.8
2008-04-01 12:43:08 +00:00
e05d1da102
Refactored AuthenticationUserDetailsService to userdetails package as it isn't preauth specific
2008-03-31 23:08:30 +00:00
ea489baf6f
SEC-730
...
updated configuration to new CAS client
2008-03-28 18:25:02 +00:00
1490fe0b0a
Various fine-tuning so people can see AspectJ expressions and a simple, minimal configuration.
2008-03-28 00:47:08 +00:00
595a14dbd5
Sample should permit people to anonymously call all methods except post(Account).
2008-03-28 00:44:42 +00:00
ef5b3e2f9c
SEC-733: Changed names of <global-method-security> attributes as discussed with Ben and updated sample to reflect the changes. Also changed explicit instantiation of Jsr250 and Secured annotation MethodDefinitionSource beans in GlobalMethodSecurityBDP into bean definitions to make more tooling friendly.
2008-03-26 21:48:24 +00:00
071c91540c
SEC-722: Added explicit login page to open-id element in openid sample.
2008-03-26 17:01:54 +00:00
743d72ca7b
Added log4j support to tutorial app
2008-03-26 15:27:09 +00:00
1cd7865ed5
SEC-729: Removed version numbers and jstl declarations from sample parent pom
2008-03-26 15:21:41 +00:00
0860333a3f
SEC-733: AspectJ Pointcut Expression Parsing support.
2008-03-25 08:28:53 +00:00
f67c7bcb38
Update dependency versions and POM structure
2008-03-24 09:06:46 +00:00
6ab301981c
Update dependency versions and POM structure.
2008-03-24 09:05:44 +00:00
9a02b9862e
Fixed preauth sample configuration to match recent changes in naming in core code.
2008-03-23 23:03:28 +00:00
b54e3978dc
SEC-729: Organization of pom dependencies, particularly for servlet-api and jstl. Some other adjustments, removal of unrequired deps etc
2008-03-23 00:31:32 +00:00
1d47945893
Added portlet and ldap samples to build
2008-03-22 11:43:24 +00:00
69f2075872
SEC-722: Fix jstl versions in openID sample login page.
2008-03-22 00:05:53 +00:00
563dabda2f
SEC-722: Add Open ID Namespace Support
...
http://jira.springframework.org/browse/SEC-722 . Added OpenIDProvider to bean registry and fixed login page generator to use correct URL for OpenID. Added user-service-ref to namespace element. Changed OpenID sample to use <openid-login />.
2008-03-21 23:47:09 +00:00
d333655b0b
Updated to commons logging 1.1.1 to get rid of servlet api dependency in their pom
2008-03-20 19:43:55 +00:00
f3a6f768ba
SEC-724: Create portlet sample
...
http://jira.springframework.org/browse/SEC-724
2008-03-19 17:58:07 +00:00
8f7b216de3
Import cleaning, removal of unnecessary constructors etc based on eclipse warnings
2008-03-17 14:10:22 +00:00
114969f7f7
SEC-706: Removed LDAP dependencies from tutorial app, since we now have a separate sample
2008-03-17 14:06:13 +00:00
1e28a67410
SEC-706: Added sample app with LDAP configuration
2008-03-14 12:14:27 +00:00
e5a7303015
Remove unnecessary deps
2008-03-06 22:23:40 +00:00
ff16c413dd
[maven-release-plugin] prepare for next development iteration
2008-02-29 14:55:31 +00:00
b8916ffaba
[maven-release-plugin] prepare release release_2_0_M2
2008-02-29 14:54:15 +00:00
45e43073a0
SEC-690: Use consistent naming in OpenID classes
...
http://jira.springframework.org/browse/SEC-690
2008-02-29 12:51:52 +00:00
9eb86194a2
SEC-640: Converted preauth sample to use filter-invocation-definition-source element. (also fixed some recently changed property names).
2008-02-28 19:31:16 +00:00
25c3b84149
Remove security taglib dependency in OpenID sample.
2008-02-25 16:56:15 +00:00
18f6cb1565
Setting svn:ignore for new (and existing) modules
2008-02-25 16:51:06 +00:00
8c00bb1537
SEC-674: Updated samples to work with new module layout. Changed taglib build to copy tld file to META-INF directory.
...
Also standardized JSTL version to 1.1.0 (impl 1.1.2), moving deps to root sample pom.
2008-02-22 16:21:37 +00:00
659fe5308a
Corrected wrong bean reference in cas sample and removed dependence on taglibs. Upgraded ehcache version to match core.
2008-02-22 16:15:30 +00:00
2dd9faabc0
SEC-674: Created new project modules for cas, captcha, acls and taglibs
2008-02-19 20:30:53 +00:00
38237341b4
Removed unused getContactManager method
2008-02-15 18:06:59 +00:00
503e426707
Inlined destroyContext method.
2008-02-15 17:07:53 +00:00
be62979a01
Switch JSTL back to 1.1.2.
2008-02-15 12:15:20 +00:00
e2bf583fe9
Removed unused MessageSource from contacts app-context file.
2008-02-09 15:57:06 +00:00
dd47689687
Updated contact app to make more use of namespace configuration (now uses intercept-methods in target bean to set up method interceptor).
2008-02-09 15:41:29 +00:00
10ab4136d1
SEC-309: Patch for Authentication tag to use property of authentication object, rather than invoking an operation on the principal. Allows use of nested properties.
2008-02-09 13:41:05 +00:00
bd5a64825d
SEC-552: Replaced authorites populators in CAS and OpenID with a plain UserDetailsService
2008-02-08 13:23:43 +00:00
842c49c890
SEC-665: Renaming of rolemapping package to authoritymapping, and corresponding refactoring of classes.
2008-02-08 12:01:10 +00:00
eb998b6554
Updated jetty plugin version.
2008-02-08 11:57:10 +00:00
ca16a9608c
Corrected typo
2008-02-08 11:26:38 +00:00
adba67326f
Removed accidentally committed version of tutorial app context file.
2008-02-04 21:27:35 +00:00
84c7ac5e57
SEC-664: Removed validateUserDetails method from AbstractRememberMeServices, wrapped the UserDetailsService in a status-checking one and added a catch block for AccountStatusExceptions. Also some minor tidying up of other remember-me classes.
2008-02-04 21:26:07 +00:00
26fa0c143b
Added myself to the users list because I can :P
2008-02-04 14:25:12 +00:00
b93583164d
SEC-659: Change CAS sample to use authentication-manager element.
2008-02-04 00:12:56 +00:00
3da2471b7f
Some tidying up of OpenID login form.
2008-02-01 16:01:34 +00:00
287726335a
OpenID sample application.
2008-02-01 14:32:54 +00:00
df1def412e
Changed to using new alias for security filter chain in samples.
2008-02-01 14:28:04 +00:00
86f7b47fac
Updated jetty plugin to 6.1.7
2008-02-01 14:18:23 +00:00
5394350cc8
SEC-576: Renamed PreAuthenticateduserDetailsService to AuthenticationUserdetailsService and changed signature accordingly.
2008-01-31 14:24:12 +00:00
46a69b6d93
SEC-652: CAS sample application and server using maven jetty plugin.
2008-01-28 16:03:28 +00:00
511ebb5af4
Reformat pom.xml.
2008-01-28 14:30:15 +00:00
eb620f09eb
Switched preauth default namespace to "beans" for readability.
2008-01-28 13:22:50 +00:00
5738a51040
SEC-651: Support for ldap-user-service bean.
2008-01-28 00:47:34 +00:00
acf5601714
SEC-645: Reimplementation of X509 provider and namespace implementation.
2008-01-27 22:45:44 +00:00
aeba732ba5
SEC-647: Created separate "certificates" directory so SSL certificates and keys can be shared between different sample applications. Added key for user "scott" and separate certificate authority pem file (can be installed in a browser).
2008-01-27 20:42:10 +00:00
82940db6c8
SEC-648: Added custom-authentication-provider support.
2008-01-27 13:31:34 +00:00
e44e641106
SEC-647: Updated server keystore (new certificate using our own Test CA) and added client certificates for users rod and dianne.
2008-01-26 17:21:23 +00:00
483068d486
SEC-647: Delete unused certificated directory and outdated certificates.
2008-01-26 11:28:36 +00:00
b85f76e6c1
Added SSL support to the tutorial app Jetty plugin configuration and added a requirement for SSL on the "extremely secure" page.
2008-01-24 16:30:06 +00:00
342677fabc
Removed auto-config from tutorial sample and added commented out ldap support. Updated ldif file to match sample users.
2008-01-23 22:21:39 +00:00
837ecd85ec
SEC-576: Tidied up code, added preauth sample demo app.
2008-01-23 20:02:11 +00:00
06f3bcbf6a
Converted all namespace attributes which refer to bean IDs to use "-ref" suffix (or "ref").
2008-01-22 20:58:12 +00:00
7d88ee8c48
Formatted ACL SQL for readability.
2008-01-21 18:35:22 +00:00
462b4b450f
Added use of authz tag to tutorial. Upgraded to use webapp 2.4 xsd. Changed JSTL dependency to 1.2
2008-01-18 18:17:09 +00:00
10ec13e4e2
[maven-release-plugin] prepare for next development iteration
2008-01-02 22:42:21 +00:00
2c5090da90
[maven-release-plugin] prepare release release_2_0_M1
2008-01-02 22:41:31 +00:00
09242ec66d
[maven-release-plugin] rollback the release of release_2_0_M1
2008-01-02 22:31:09 +00:00
42dcccd1b7
[maven-release-plugin] prepare release release_2_0_M1
2008-01-02 22:18:28 +00:00
aafbb5bb67
[maven-release-plugin] rollback the release of release_2_0_M1
2008-01-02 22:10:46 +00:00
425508d70d
[maven-release-plugin] prepare release release_2_0_M1
2008-01-02 22:01:34 +00:00
0b1e17f69a
[maven-release-plugin] rollback the release of release_2_0_M1
2008-01-02 21:54:37 +00:00
07aa0c6880
[maven-release-plugin] prepare release release_2_0_M1
2008-01-02 21:52:42 +00:00
7583aca3eb
Configured contacts app to use namespaces. Removed ldap, cas, x509 files to avoid confusion. Ldap and CAS will be better served by new samples.
2008-01-01 16:51:15 +00:00
b91e82d91c
Changed _authenticationManager -> authenticationManager to get contact app tests passing again.
2007-12-25 00:34:28 +00:00
5f1eea42fc
Moved configuration of security interceptors with access and authentication manangers from post processing stage to bean creation stage.
2007-12-23 16:40:29 +00:00
46c99d1991
Converted tutorial context file to match namespace changes.
2007-12-23 16:36:44 +00:00
e65cb9b472
Made group names singular and added "teller" role.
2007-12-14 20:41:33 +00:00
09f68400ec
Add <intercept-methods> to example, but it is disabled in favour of @Secured annotation. Still, we include it so people can have a play around and switch between the two syntaxes easily in demos etc.
2007-12-14 19:56:31 +00:00
55e4568003
Throw an exception instead of sending back a HTTP error code. This is necessary so any demonstration of upgrading from Servlet Spec authorization to Spring Security authorization, as the latter's ExceptionTranslationFilter expects specific exceptions to be thrown if you wish to commence the authentication process.
2007-12-14 19:44:50 +00:00
2e4773525b
Updated tutorial to allow authentication against ldap provider using <ldap /> namespace element.
2007-12-14 19:18:18 +00:00
d90ff50686
Use Java 5 to illustrate annotation support.
2007-12-14 16:54:10 +00:00
b1bc39a0df
Provide some shell scripts that help with demos. These assume the application is deployed to http://localhost:8080/spring-security-samples-tutorial .
2007-12-14 02:45:01 +00:00
f4c3e701d5
Enhance sample to show method authorization.
2007-12-14 02:27:48 +00:00
77d286c36f
Enhance tutorial to also demonstrate Spring Security method
...
authorization, and add a services layer accordingly.
2007-12-14 02:26:27 +00:00
fa510b3187
Modify attribute names to use "ref" instead of "id", plus use a hyphen
...
as an attribute value separator rather than a colon. This was changed
for compatibility with other components in the Spring Portfolio. tests
pass.
2007-12-13 20:19:56 +00:00
1cae1719bc
Fix bean referencing error.
2007-12-11 19:18:44 +00:00
2655955a40
Add MethodSecurityInterceptor, to more accurately reflect the capabilities offered by auto-config="true".
2007-12-11 19:14:34 +00:00
1bbe6ca456
Proper comparison with auto-configure="true".
2007-12-11 16:44:24 +00:00
5e0cb21c8d
SEC-619: Added test class for LdapUserDetailsService. The LdapAuthoritiesPopulator interface and also implementations have been moved to the org.springframework.security.ldap package since they are now used by both the ldap provider and the user service.
2007-12-09 18:40:28 +00:00
4770c29094
Use hyphens in attribute names, and not Camel Case. This is to maintain
...
consistency with the rest of Spring Portfolio. Camel Case was preserved
for attribute values, consistent with Spring Portfolio usage such as
autowiring modes (byName, byType etc).
2007-12-09 03:42:20 +00:00
85085abf9e
Add namespace support for Servlet API integration.
2007-12-04 12:23:41 +00:00
a205f95c19
No need for an access denied page.
2007-12-04 11:24:54 +00:00
8c3cc5c67b
Add hash code support.
2007-12-04 11:21:39 +00:00
8e7c540b16
General refactorings and improvements to namespace support, including
...
autoDetect="true" attribute for <http> element.
2007-12-04 10:35:08 +00:00
2441ab6d9a
Move "realm" attribute to be on <http> element rather than <http-basic>.
...
This faciltiates reuse with other mechanisms (like Digest) whilst also
moving towards the <http-auto-configure> element (which benefits from
having shared configuration in <http> as opposed to mechanism-specific
elements).
2007-12-04 08:02:40 +00:00
0b0b174eda
Support <repository> and JbcUserDetailsManager.
2007-12-04 05:27:17 +00:00
53fca59301
Add namespace support for anonymous requests. Remove unnecessary files from tutorial sample.
2007-12-03 08:07:10 +00:00
Luke Taylor
Scott Battaglia
Ben Alex
Ray Krueger