Rob Winch
b64cdb5765
Fix RoleHiearchyUtilsTests on Windows
...
Fixes gh-4228
2017-03-01 23:27:11 -06:00
Rob Winch
9c03571bbb
Use message in all Assert
...
This ensures compatibility with Spring 5.
Fixes gh-4193
2017-01-30 19:58:24 -06:00
Spring Buildmaster
7a7ce11ebb
Release version 4.2.1.RELEASE
2016-12-21 17:23:28 +00:00
Rob Winch
6bec625e68
Update to Spring 4.3.5.RELEASE
...
Fixes gh-4167
2016-12-21 09:04:16 -06:00
Spring Buildmaster
24fcb6c45a
Release version 4.2.0.RELEASE
2016-11-09 23:42:11 +00:00
Rob Winch
a9024de734
Polish Spring Version Update
...
Fix related tests.
Issue gh-4123
2016-11-09 17:05:25 -06:00
Rob Winch
f97f38fd57
jacksonDatavindVersion->jacksonDatabindVersion
...
Issue gh-4122
2016-11-09 16:46:38 -06:00
Rob Winch
f0a9421aa4
SecurityJacksonModules->SecurityJackson2Modules
...
Fixes gh-4121
2016-11-09 16:42:41 -06:00
Spring Buildmaster
97b4cb0b73
Release version 4.2.0.RC1
2016-10-26 02:49:23 +00:00
Rob Winch
e62596f36d
Polish PasswordEncoderUtils do not leak length
...
Fix possible / 0 if expected is empty String.
Issue gh-255
2016-10-24 12:50:46 -05:00
Rob Winch
d3685d89c5
Polish PasswordEncoderUtils do not leak length
...
Issue gh-255
2016-10-24 11:26:43 -05:00
avri-schneider
a98389fa98
PasswordEncoderUtils do not leak length
...
Enforce constant time even when expectedLength != actualLength.
Fixes gh-255
2016-10-24 11:26:34 -05:00
Rob Winch
dc9f9b140f
Polish PasswordEncoderUtilsTests
...
* Add more tests
* Smaller tests
* Follow new naming convention
2016-10-24 11:24:24 -05:00
Rob Winch
f432c04111
Create UserBuilder
...
This commit creates a UserBuilder and updates samples to use it. We do not
leverate it for JdbcUserDetailsManager because it requires the schema to
be created which is difficult with a single bean definition and
unpredicatble ordering. For this, it is still advised to use
AuthenticationManagerBuilder
Fixes gh-4095
2016-10-21 16:42:03 -05:00
Rob Winch
08c1f500a7
Version bumps for Spring 5
...
Issue gh-4080
2016-10-17 17:00:17 -05:00
Jitendra Singh
48ff518a41
Fix Jackson 2.7+
...
UnmodifiableSetDeserializer added which will ensure
Collection$UnmodifiableSet deserialize properly with jackson-databind 2.7+
Fixes gh-4073
2016-10-13 07:42:07 -05:00
Spring Buildmaster
c1b8150439
Release version 4.2.0.M1
2016-09-23 19:39:33 +00:00
Rob Winch
b443baef04
Polish GrantedAuthorityDefaults
...
* Move GrantedAuthorityDefaults to config module
* Move setting of default role into config module vs
ApplicationContextAware
Issue gh-3701
2016-09-22 15:13:05 -05:00
Eddú Meléndez
eabeaf35d6
Make single definition of `defaultRolePrefix` and `rolePrefix`
...
Previous to this commit, role prefix had to be set in every class
causing repetition. Now, bean `GrantedAuthorityDefaults` can be used to
define the role prefix in a single point.
Fixes gh-3701
2016-09-21 14:55:41 -05:00
Joe Grandja
c75a5b7279
Polish RoleHierarchyUtils and add tests
2016-09-19 14:07:34 -04:00
Thomas Darimont
06c67070a6
Add convenience method for constructing RoleHierarchy from Map.
...
Introduced `RoleHierarchyUtils` which enables convenient
construction of `RoleHierarchy` from map based representation.
Where the map key is the role name and the map value is a list
of implied role names.
Here is a small example for that in action:
https://gist.github.com/thomasdarimont/ee9fffdef1adb9243b12ad247478aad4
Fixes #3990 .
Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-09-19 14:07:34 -04:00
Rob Winch
92a59e0df7
Fix checkstyle
...
Issue gh-3736
2016-09-02 12:02:39 -05:00
Rob Winch
8ad0003456
Polish Whitespace
...
Issue gh-3736
2016-09-02 11:37:21 -05:00
Rob Winch
3531cc93c2
JSON tests ObjectMapper Cleanup
...
* Move to @Setup
* Consistently extend from AbstractMixinTests and reuse ObjectMapper
Issue gh-3736
2016-09-02 11:37:20 -05:00
Rob Winch
bd925313af
Improve Readablility of JSON test strings
...
This improves the readability of the JSON strings used for
testing JSON serialize / deserialize of Spring Security
Issue gh-3736
2016-09-02 11:37:20 -05:00
Rob Winch
d4c48dd3e1
Remove MockitoJUnitRunner from JSON tests
...
Previously the JSON tests unnecessarily had MockitoJUnitRunner.
This commit removes MockitoJUnitRunner from the JSON tests.
Issue gh-3736
2016-09-02 11:37:20 -05:00
Rob Winch
df613ed4cc
JSON UserDetails deserializes null
...
JSON UserDetails null use to be treated as "".
This changes null to be treated as a null
Issue gh-3736
2016-09-02 11:37:16 -05:00
Rob Winch
3fb77f3b59
Polish SecurityJacksonModules
...
Issue gh-3736
* ClassLoader argument - this is required because we do not want to assume
the ClassLoader that should be used
* Clean up logging - logging is now at debug level because we don't expect
all of the modules are loaded (they are quite possibly off the ClassPath)
* Remove ObjectUtils as it was being used on methods that expect a
Collection or Array with non collection based objects
* Polish Javadoc warnings
2016-09-02 11:37:13 -05:00
Rob Winch
c2d8ea92d0
SimpleGrantedAuthorityMixin role->authority
...
Issue gh-3736
2016-09-02 11:36:33 -05:00
Rob Winch
6f2b24a62b
Polish JSON warnings / javadoc
...
Issue gh-3736
2016-09-02 11:36:23 -05:00
Rob Winch
6d2003722e
Polish JSON class scope
...
Use package scope when possible
Issue gh-3736
2016-09-02 11:36:06 -05:00
Rob Winch
03d8904a03
Polish constructor assertions
...
Previously the JSON modules didn't use Spring's Assert.
This commit changes the assertions to use Spring's Assert and does
some minor restructuring.
Issue gh-3736
2016-09-02 11:34:57 -05:00
Jitendra Singh Bisht
d77ca17e95
Add JSON Serialization
...
Fixes gh-3812
2016-09-02 11:29:53 -05:00
Rob Winch
4d02a5c0a0
Update pom.xml dependencies
2016-08-30 11:27:29 -05:00
Rob Winch
53352e336d
Polish gh-4048
2016-08-30 09:42:28 -05:00
vitalii-dmytruk
422bc37115
Suppurt custom messages
...
According to the SpringSecurityMessageSource documentation class which uses
SpringSecurityMessageSource should also implement MessageSourceAware interface
in order to support alternative message source.
Issue gh-4048
2016-08-30 09:41:37 -05:00
Rob Winch
c266930483
Update Dependency Versions ( #4035 ) ( #4036 )
2016-08-19 16:10:46 -05:00
Kevin Conaway
d2a37cb1d6
Improve field visibility in DefaultMethodSecurityExpressionHandler
...
Fixes gh-210
2016-07-26 09:56:00 -04:00
Eddú Meléndez
13b0ddb7e6
Fix test assertions
2016-07-07 13:29:00 -05:00
Rob Winch
b4ab0483b1
Update version to 4.2.0.BUILD-SNAPSHOT
2016-07-07 12:56:20 -05:00
Spring Buildmaster
919f000c80
Release version 4.1.1.RELEASE
2016-07-07 00:57:35 +00:00
Johnny Lim
310bb39a0d
Fix typo
2016-07-06 16:22:33 -05:00
Rob Winch
5f6312c5be
Update to Spring 4.3.1
...
Fixes gh-3963
2016-07-06 15:47:44 -05:00
Rob Winch
843ed3e437
Update to Spring 4.3.1.BUILD-SNAPSHOT
2016-07-01 22:04:55 -05:00
Eddú Meléndez
a2ead4cf7a
Polish
...
Fixes gh-3892
2016-06-20 12:35:43 -05:00
Rob Winch
d2b909e7c5
Doc InteractiveAuthenticationEvent doesn't extend AuthentcationEvent
...
Document why InteractiveAuthenticationEvent doesn't extend
AuthentcationEvent. This is to avoid multiple AuthenticationSuccessEvent
from being sent to any listeners.
Fixes gh-3857
2016-06-17 17:16:54 -05:00
Rob Winch
2d6051625f
Update pom.xml
2016-06-17 14:30:11 -05:00
Spring Buildmaster
001b05569a
Release version 4.1.0.RELEASE
2016-05-05 04:25:46 +00:00
Rob Winch
9745de9510
Add @AuthenticationPrincipal expression
...
It is now possible to provide a SpEL expression for
@AuthenticationPrincipal. This allows invoking custom logic including
methods on the principal object.
Fixes gh-3859
2016-05-03 18:08:52 -04:00
Spring Buildmaster
24d0069668
Release version 4.1.0.RC2
2016-04-21 01:47:25 +00:00
Johnny Lim
933a7e8363
Remove duplicate words
...
Fixes gh-3826
2016-04-18 23:21:20 -05:00
Joe Grandja
2ef3da1b47
Documents the new @AuthenticationPrincipal in more detail.
...
Fixes gh-3771
2016-04-13 12:27:23 -04:00
Joe Grandja
b90242f2fa
Updates all POM versions to 4.1.0 snapshot build.
...
Fixes gh-3804
2016-04-12 10:35:43 -04:00
Spring Buildmaster
044acf7e27
Release version 4.1.0.RC1
2016-03-23 07:15:15 -07:00
Rob Winch
36c381a06a
Update to Java 1.6
...
Fixes gh-3756
2016-03-15 08:37:00 -05:00
Rob Winch
ec4e6c7453
Update pom.xml to 4.1.0.BUILD-SNAPSHOT
2016-03-14 00:51:35 -05:00
Rob Winch
f221920a19
Clean up code to conform to basic checkstyle
...
Issue gh-3746
2016-03-14 00:15:12 -05:00
Billy Korando
71d4ce96ad
Convert to assertj
...
Fixes gh-3175
2016-03-09 14:30:17 -06:00
Rob Winch
bb600a473e
Start AssertJ Migration
...
Issue gh-3175
2016-03-09 14:26:30 -06:00
Karol Lewandowski
a1df8e5379
Fix keys in messages bundle
...
Fixes gh-2971
2016-03-09 10:43:37 -06:00
hmolsen
b248eae416
Javadoc on ProviderManager.authenticate clarification
...
Fixes gh-3722
2016-03-03 15:32:03 -06:00
Rob Winch
65a00751a7
Update to Spring 4.2.5
...
Fixes gh-3715
2016-02-25 11:35:17 -06:00
petaure
cf76e3c65e
SEC-3150: Escape ' character in messages_fr.properties
...
Escape ' character, if not format doesn't work fine.
2015-11-12 15:42:52 -06:00
Rob Winch
be303b15d1
SEC-3128: RoleVoter supports null Authentication
2015-10-29 14:03:18 -05:00
Rob Winch
bd221739c7
SEC-3109: DelegatingSecurityContextExecutor fails with same Thread
...
Previously DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable
would not setup the SecurityContext if it was on the same thread as it was created.
This was intended to fix SEC-3031 but simply caused more problems.
This commit changes the strategy to keep track of the previous SecurityContext
and restore it (or clear it out if it was originally empty).
2015-10-26 17:16:54 -05:00
zhanhb
29f2cc0ab1
snasphot -> snapshot
2015-09-25 15:28:39 -05:00
/usr/local/ΕΨΗΕΛΩΝ
e6ed4441c4
Update messages_it.properties
2015-09-17 17:31:32 +02:00
David Avenante
a9a5377e4a
Unused import
...
An import unsued
2015-09-02 00:21:39 -05:00
David Avenante
5edfeb4091
Unused import
...
And import is unused
2015-09-02 00:21:39 -05:00
Rob Winch
adfeb96e2f
Update to Spring 4.2.1
2015-09-01 09:53:26 -05:00
Rob Winch
c79bceab03
SEC-2956: Improve AnnotationParameterNameDiscoverer Performance
2015-08-19 16:07:03 -05:00
Rob Winch
55dd247660
SEC-3078: Update Spring 4.2
2015-08-19 16:05:40 -05:00
Rob Winch
26ab012b57
Start 4.1.0
2015-08-18 13:58:01 -05:00
Rob Winch
969f3a7d1b
Update pom.xml to latest snapshots
2015-08-03 09:46:01 -05:00
Thomas Darimont
ad1d858e2b
SEC-3056 - Fix JavaDoc errors.
...
Fixed JavaDoc errors accross multiple modules in order to make javadoc happy with Java 8.
2015-08-03 08:02:24 -05:00
Rob Winch
117f892c91
SEC-3031: DelegatingSecurityContext(Runnable|Callable) only modify SecurityContext on new Thread
...
Modifying the SecurityContext on the same Thread can cause issues. For example, with a
RejectedExecutionHandler the SecurityContext may be cleared out on the original Thread.
This change modifies both the DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable to,
by default, only modify the SecurityContext if they are invoked on a new Thread. The behavior can be changed
by setting the property enableOnOrigionalThread to true.
2015-07-22 16:07:21 -05:00
Rob Winch
e8c9f75f9c
Update pom.xml to latest versions
2015-07-22 12:51:04 -05:00
Rob Winch
821333434d
SEC-3013: Add messages_en.properties
2015-07-13 23:18:45 -05:00
Rob Winch
197ddb3cd1
SEC-3029: Fix Compatibility with Spring 4.2.x
2015-07-07 22:46:31 -05:00
Alex Panchenko
0a118336d4
SEC-2955: Convert to "static" for inner classes
2015-04-30 12:54:52 -05:00
Rob Winch
b433cdda7e
SEC-2930: Update SecurityExpressionOperations javadoc
2015-04-21 09:21:29 -05:00
Rob Winch
d5dfeeca49
SEC-2927: Update chat-jc pom so Maven Builds
...
Previously there were some incorrect dependency versions. This commit fixes
that.
We added dependencyManagement for Spring Framework and corrected
Thymeleaf and embedded redis versions.
2015-04-20 15:53:26 -05:00
Rob Winch
4fdfb8caba
SEC-2915: More Tabs -> Spaces
2015-04-17 11:34:34 -05:00
Rob Winch
db531d9100
SEC-2917: Update to Spring 4.1.6
2015-03-25 15:18:59 -05:00
Rob Winch
ae6af5d73c
SEC-2915: Updated Java Code Formatting
2015-03-25 13:09:18 -05:00
Rob Winch
0a2e496a84
SEC-2915: groovy/gradle spaces->tabs
2015-03-25 13:08:59 -05:00
Rob Winch
cf9f58a4ac
SEC-2915: XML spaces->tabs
2015-03-25 13:08:52 -05:00
Rob Winch
706e7fd7a2
SEC-2863: Update to Spring 4.1.5
2015-02-20 11:43:04 -06:00
Rob Winch
9b5f76f3d6
SEC-2833: Rossen's feedback on WebSocket
2015-02-04 10:43:12 -06:00
Rob Winch
6627f76df7
SEC-2758: Make ROLE_ consistent
2015-01-29 17:08:43 -06:00
james
e8ac402dfc
SEC-2812: Fix german translations
2015-01-12 13:59:48 +01:00
Rob Winch
8f0001f59a
Next Development Version
2014-12-11 20:39:26 -06:00
Spring Buildmaster
49b69196de
Release version 4.0.0.RC1
2014-12-11 20:36:55 -06:00
Rob Winch
11116c2b80
SEC-2787: Update Versions
2014-12-10 16:37:19 -06:00
Rob Winch
b56e5edbbd
SEC-2784: Fix build plugins
2014-12-08 14:24:34 -06:00
Rob Winch
6e204fff72
SEC-2781: Remove deprecations
2014-12-04 15:28:40 -06:00
Rob Winch
dfa17bdb98
SEC-2747: Remove spring-core dependency from spring-security-crypto
2014-11-20 16:16:22 -06:00
Rob Winch
30c5788b8b
SEC-1897: Remove raw types from AbstractAccessDecisionManager
2014-11-20 15:36:53 -06:00
Rob Winch
4d738d8576
SEC-2491: KeyBasedPersistenceTokenService defaults to 32 bytes
2014-11-20 14:40:07 -06:00
Rob Winch
0704f88e99
SEC-2344: Remove check for DefaultParamterNameDiscoverer
...
Spring Security not requires Spring 4, so there is no need to perform a
check if Spring 4 is present.
2014-11-20 12:09:38 -06:00
Rob Winch
3089f1603e
SEC-2682: DelegatingSecurityContextRunnable/Callable delegate toString()
2014-11-20 11:51:05 -06:00
Rob Winch
5810681b06
SEC-2574: JavaConfig default SessionRegistry processes SessionDestroyedEvents
2014-11-19 16:48:19 -06:00
Rob Winch
3b8f7fdd67
SEC-2732: ehcache-core -> ehcache
2014-11-18 17:14:30 -06:00
Rob Winch
4e7398eec0
SEC-2150: Support class level annotations on Spring Data Repositories
2014-09-26 13:47:37 -05:00
Rob Winch
d429c96253
SEC-2150: Add tests to verify JSR-250 Spec behavior
2014-09-26 13:46:10 -05:00
Rob Winch
5ba8f000a7
SEC-2714: Add AuthenticationPrincipal resolver for messaging support
2014-09-23 16:28:48 -05:00
Rob Winch
02c3565e22
Fix compiling in Eclipse
2014-09-16 10:18:46 -05:00
Rob Winch
3f30529039
SEC-2179: Add Spring Security Messaging Support
2014-08-15 20:46:58 -05:00
Rob Winch
f50e058d07
SEC-2697: Fix logging of Spring Version Check
2014-08-15 16:41:33 -05:00
Rob Winch
3187ee8bf3
SEC-2700: Register WithSecurityContextTestExecutionListener by default
2014-08-15 16:41:33 -05:00
Rob Winch
08d703545c
SEC-2686: Fix SpringSecurityCoreVersion
2014-07-22 22:06:45 -05:00
Rob Winch
b72c1ad314
SEC-2686: Create SecurityMockMvcConfigurer
2014-07-22 15:11:37 -05:00
Rob Winch
626b521c0e
SEC-2591: Added more user friendly Korean messages_ko_KR.properties
2014-06-13 13:56:40 -05:00
Rob Winch
475f25c787
SEC-2571: Failure in UserDetailsService->InternalAuthenticationServiceException
2014-04-24 16:36:36 -05:00
Rob Winch
00e1094178
Add springio-platform plugin
2014-04-23 14:35:22 -05:00
Rob Winch
3118e39de8
SEC-2542: Use exclusions to remove duplicate dependencies
...
A number of projects had duplicate dependencies on their classpaths
as a result of the same classes being available in more than one
artifact, each with different Maven coordinates. Typically this only
affected the tests, but meant that the actual classes that were
loaded was somewhat unpredictable and had the potential to vary
between an IDE and the command line depending on the order in which
the aritfacts appeared on the classpath. This commit adds a number of
exclusions to remove such duplicates.
In addition to the new exclusions, notable other changes are:
- Spring Data JPA has been updated to 1.4.1. This brings its
transitive dependency upon spring-data-commons into line with
Spring LDAP's and prevents both spring-data-commons-core and
spring-data-commons from being on the classpath
- All Servlet API dependencies have been updated to use the official
artifact with all transitive dependencies on unofficial servlet API
artifacts being excluded.
- In places, groovy has been replaced with groovy-all. This removes
some duplicates caused by groovy's transitive dependencies.
- JUnit has been updated to 4.11 which brings its transitive Hamcrest
dependency into line with other components.
There appears to be a bug in Gradle which means that some exclusions
applied to an artifact do not work reliably. To work around this
problem it has been necessary to apply some exclusions at the
configuration level
Conflicts:
samples/messages-jc/pom.xml
2014-04-02 09:47:26 -05:00
Rob Winch
5be4bfd55e
SEC-2173: Polish javadoc
2014-03-14 08:59:24 -05:00
Rob Winch
2628be60d1
SEC-2173: Added SystemWideSaltSource.toString() test
2014-03-14 08:59:24 -05:00
Gamal Shaban
1c50a86661
SEC-2173: Override toString method in SystemWideSaltSource
...
Now prints the saltSource string instead of the object memory signature.
2014-03-14 08:59:24 -05:00
Alexander Kjäll
50637d4451
SEC-2518: UserDetailsService javadoc repeats "insensitive"
...
Typo in javadoc, "case insensitive" was repeated twice.
2014-03-11 15:36:47 -05:00
Rob Winch
a7005bd742
SEC-2500: Prevent anonymous bind for ActiveDirectoryLdapAuthenticator
2014-03-10 14:33:39 -05:00
Rob Winch
9988fa141c
Update Spring Security version in pom.xml
2014-03-06 08:13:52 -06:00
Rob Winch
6dfdb10e31
Fix move to 4.0
2014-03-05 16:52:19 -06:00
Rob Winch
6be4e3a9fc
SEC-2506: Remove Bundlor Support
2014-03-05 13:32:16 -06:00
Rob Winch
de4ed136ea
Fix spring4 test
2014-02-19 16:13:30 -06:00
Rob Winch
7f99a2dfbb
SEC-2487: Update to Spring 3.2.8.RELEASE
2014-02-19 09:30:40 -06:00
Rob Winch
fc8e4868ce
SEC-2468: Fix tests
2014-02-15 14:25:46 -06:00
Rob Winch
65367e6547
SEC-2468: JdbcUserDetailsManager#createNewAuthentication uses null credentials
2014-02-14 16:53:26 -06:00
Rob Winch
152f41f61e
SEC-2392: KeyBasedPersistenceTokenService uses bytes instead of bits
...
The method setPseudoRandomNumberBits actually sets the number of bytes. This
commit deprecates setPseudoRandomNumberBits and adds
setPseudoRandomNumberBytes. The default value is still 256 to remain passive
but will be updated in 4.x.
2014-02-13 15:36:47 -06:00
Rob Winch
ec8b48150d
SEC-2474: Update poms
2014-02-07 17:01:11 -06:00
Rob Winch
087b56da96
SEC-2473: Update to Spring 3.2.7
2014-01-30 09:44:26 -06:00
Rob Winch
2df5541905
SEC-2448: Update to HSQL 2.3.1
2013-12-14 10:19:06 -06:00
Rob Winch
a34178bc40
SEC-2434: Update to Spring 3.2.6 and Spring 4.0 GA
2013-12-12 08:16:59 -06:00
Rob Winch
4460e84b29
Updates to pom.xml author and repo
2013-12-09 08:57:30 -06:00
Rob Winch
fa39ecd719
SEC-2367: ProviderManager rethrows InternalAuthenticationServiceExceptions
2013-12-04 16:19:33 -06:00
Rob Winch
7e274ea5b6
Fix typo in InternalAuthenticationServiceException javadoc
2013-12-04 16:18:59 -06:00
Rob Winch
5a59c74d02
SEC-2327: Document SecurityExpressionRoot
2013-11-20 16:59:05 -06:00
Rob Winch
2d2f91484d
SEC-2350: Fix broken test
2013-11-15 14:01:35 -06:00
Rob Winch
1745715865
SEC-2350: Remove warning whe using Spring 4
2013-11-15 13:43:43 -06:00
Rob Winch
2c8946c406
Next development version
2013-11-01 14:20:55 -05:00
Spring Buildmaster
9c703a3051
Release version 3.2.0.RC2
2013-11-01 14:20:49 -05:00
Rob Winch
e696890e8e
SEC-2151: Fix spring4Test
2013-09-27 12:36:43 -05:00
Rob Winch
61e6acb3f4
SEC-2151: AnnotationParameterNameDiscoverer support single annotated param
...
This makes sense since often times only a single argument is necessary in
the expression.
2013-09-27 11:53:39 -05:00
Rob Winch
e5f034bdef
SEC-2151: Fix tests
2013-09-27 11:52:32 -05:00
Rob Winch
a09756745f
SEC-2151: Support binding method arguments with Annotations
...
This allow utilizing method arguments for method access control on
interfaces prior to JDK 8.
2013-09-27 11:18:37 -05:00
Rob Winch
fb0a8d19e8
SEC-2322: Support StandardReflectionParameterNameDiscoverer
2013-09-26 15:55:11 -05:00
Rob Winch
88f41cdf62
SEC-2341: Update to Gradle 1.8
...
Some dependencies were necessary to update due to issues with JUnit
integration.
2013-09-24 15:35:51 -05:00
Rob Winch
788ba9a1fa
SEC-2329: Allow injecting of AuthenticationTrustResolver
2013-09-20 15:26:52 -05:00
Rob Winch
3d2f23602f
SEC-2294: Update Spring Version to 3.2.4.RELEASE
2013-08-31 11:26:43 -05:00
Rob Winch
664220f304
SEC-2295: Remove error logging when Spring version equals Spring Security
2013-08-29 16:48:49 -05:00
Rob Winch
aca2e4ff3a
SEC-2289: Add spring4Test
2013-08-27 16:43:10 -05:00
Rob Winch
086056f191
SEC-2289: Make compatible with Spring 4 as well
...
There are a few subtle changes in Spring 4 that this commit addresses
2013-08-27 16:43:10 -05:00
Rob Winch
976d9a9016
SEC-2194: Polish java config sample apps
2013-08-08 14:33:54 -05:00
Guillaume Smet
d20a8e0373
SEC-2245: Cast to interface instead of implementation
...
Makes our life easier when we want to override the
MethodSecurityExpressionRoot.
2013-08-05 17:07:12 -05:00
Rob Winch
9d58317731
Use included configuration instead of sourceSets.main.output
...
Previously the crypto module was not exported in Eclipse because it was
listed as a test dependency to have it added as a dependency. Note that
this was all to work around GRADLE-1116
Now we add an included configuration that is exported for Eclipse, but not
added to the Maven pom (since all the crypto module is included in core).
2013-08-05 16:49:34 -05:00
Rob Winch
5e6ca12b01
SEC-2097: Update integrationTestCompile to use optional and provided
...
Also update slf4j version and remove explicit commons-logging from pom generation
2013-07-16 15:59:06 -05:00
Rob Winch
955a60cf49
SEC-2208: Use std docbook plugin and workspace cleanup
2013-07-16 15:15:47 -05:00
Rob Winch
00ed77af20
SEC-2207: Trick Gradle Eclipse to import project and not the build folders
2013-07-16 15:15:47 -05:00
Rob Winch
02551e1b7a
SEC-2214: Update Spring Version
2013-07-16 15:15:47 -05:00
Rob Winch
faa8b354b7
SEC-2209: add pom.xml
2013-07-16 15:15:47 -05:00
Rob Winch
e5fc063680
SEC-2206: Gradle Propdeps
2013-07-16 15:15:42 -05:00
Rob Winch
d0c4e6ca72
SEC-1953: Spring Security Java Config support
...
This is the initial migration of Spring Security Java Config from the
external project at
https://github.com/SpringSource/spring-security-javaconfig
2013-06-30 17:28:33 -05:00
Rob Winch
e469c93f9d
SEC-2147: Deprecate .encoding.PasswordEncoding
2013-04-25 08:56:47 -05:00
Oliver Becker
9eb34fe51c
SEC-2119: Add a 'form-parameter' attribute to <remember-me>
...
This change extends the namespace configuration of <remember-me>
with a 'form-parameter' attribute. The introduced attribute sets
the 'parameter' property of AbstractRememberMeServices.
This enables overriding the default value of
'_spring_security_remember_me' using the namespace configuration.
2013-03-01 17:03:02 -06:00
Rob Winch
914ec45e43
SEC-2136: Lazy load MethodSecurityExpressionHandler & MethodSecurityExpressionHandler.expressionParser
...
Previously wiring dependencies created with a FactoryBean into
MethodSecurityExpressionHandler &
MethodSecurityExpressionHandler.expressionParser and would cause
NoSuchBeanDefinitionException's to occur. These changes make it easier
(but not impossible) to avoid such errors.
The following changes were made:
- ExpressionBasedAnnotationAttributeFactory delays the invocation of
MethodSecurityExpressionHandler.getExpressionParser()
- MethodSecurityExpressionHandler is automatically wrapped in a
LazyInitTargetSource and marked as lazyInit=true
2013-02-28 10:26:12 -06:00
Rob Winch
3656dff720
SEC-2118: Include missing Bundlor packages
2013-02-25 17:07:09 -06:00
Georges-Etienne Legendre
66d13642b7
SEC-2115: Improve French translation for "credentials"
...
"Créances" is not the right translation. "Identifications" is a lot better in this case.
2013-01-04 14:31:57 -06:00
Rob Winch
6b81f97081
SEC-2114: Polishing Spring Based Cache
2013-01-04 11:33:46 -06:00
Marten Deinum
01ea39ce35
SEC-2114: Provide Spring Cache Abstraction based cache implementations
...
As of Spring 3.1 spring has its own cache abstraction. This commit adds cache
imlpementations based on that abstraction.
2013-01-04 11:33:27 -06:00
Rob Winch
ebb82e1aa9
SEC-2096: Update to Spring 3.2.0.RELEASE
2012-12-18 15:15:46 -06:00
Rob Winch
1ed643ca1f
SEC-1998: Provide integration with WebAsyncManager#startCallableProcessing
...
Support integration of the Spring SecurityContext on Callable's used with
WebAsyncManager by registering SecurityContextCallableProcessingInterceptor.
2012-11-28 17:56:03 -06:00
Rob Winch
51fd83060e
SEC-2077: Concurrency support
...
Provide abstractions for transferring a SecurityContext across threads.
The main concepts are the DelegatingSecurityContextCallable and the
DelegatingSecurityContextRunnable which contain a SecurityContext to establish before
delegating to a Callable or Runnable.
There are also wrapper implementations for each of the key java.util.concurrent and
spring task interfaces to make using the DelegatingSecurityContextCallable and
DelegatingSecurityContextRunnable transparent to users. For example a
DelegatingSecurityContextTaskExecutor which can be injected with a specific
SecurityContext or use the SecurityContext from the SecurityContextHolder at the time the
task is submitted. There are similar implementations for each of the key
java.util.concurrent and spring task interfaces.
Note that in order to get DelegatingSecurityContextExecutorService to compile with
JDK 5 or JDK 6 we could not use type safe methods. See
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6267833 for details.
2012-11-08 22:49:21 -06:00
Rob Winch
ea6b444770
update to spring snapshot dependencies
2012-11-08 22:49:20 -06:00
Rob Winch
091549779c
Update SpringSecurityCoreVersion
2012-11-02 11:03:36 -05:00
Rob Winch
c076f0f2e1
SEC-2056: DaoAuthenticationProvider performs isPasswordValid when user not found
...
Previously authenticating a user could take significantly longer than
determining that a user does not exist. This was due to the fact that only
users that were found would use the password encoder and comparing a
password can take a significant amount of time. The difference in the
time required could allow a side channel attack that reveals if a user
exists.
The code has been updated to do comparison against a dummy password
even when the the user was not found.
2012-10-07 12:14:08 -05:00
Rob Winch
f3b143f677
SEC-2031: PreInvocationAuthorizationAdviceVoter supports subclasses
2012-10-07 11:55:35 -05:00
Rob Winch
2c234b92ec
SEC-2061: Fix typo in messages.properties
2012-10-02 16:27:02 -05:00
Rob Winch
a5ec116e80
SEC-1919: Log error when fail to communicate with LDAP
...
Previously communication errors with LDAP were only logged at debug level.
Communication errors (along with other non-authenticated related NamingExceptions)
are now logged as error messages. We created an InternalAuthetnicationServiceException
to represent errors that should be logged as errors to distinguish between internal
and external authentication failures. For example, we do not want an OpenID Provider
being able to report errors that cause our logs to fill up. However, an LDAP system is
internal and should be trusted so logging at an error level makes sense.
2012-07-31 16:55:48 -05:00
Rob Winch
734188206d
SEC-1940: ProviderManager publishes any AccountStatusException
...
Previously there was a bug introduced by SEC-546 that prevented any
AccountStatusException from being published.
Now AccountStatusExceptions are also published.
2012-07-30 14:09:50 -05:00
Rob Winch
10e6a6f943
Remove compile warnings in AspectJMethodSecurityInterceptorTests
2012-07-24 18:13:52 -05:00
Rob Winch
9a9aafaeec
SEC-1967: Restore original SecurityContext in finally when RunAsManager is used
...
Previously subclasses of AbstractSecurityInterceptor did not restore the original
Authentication when RunAsManager was used and an Exception was thrown in the
original method.
AbstractSecurityInterceptor has added a new method finallyInvocation which
should be invoked in a finally block immediately after the original invocation
which will restore the original Authentication. All existing sub classes have
been updated to use this new method.
2012-07-24 18:08:27 -05:00
Rob Winch
1d701a2d8f
SEC-2012: Remove additional incorrect javadoc from UserDetails#getPassword()
2012-07-21 10:35:28 -05:00
Rob Winch
b4fbabdbfd
SEC-2012: Remove incorrect javadoc from UserDetails#getPassword()
...
Previously the javadoc stated that password could not be null. However,
since the introduction of CredentialsContainer introduced in SEC-1493 the
password can be null.
The changes remove the statement that passwords cannot be null. While this
is a non-passive change to the interface, the current state leaves no choice
for a non-passive change. Removing the javadoc was determined the better
option since erasing the credentials was an explicit feature request. Note
that replacing the password with an obscure String can be risky as it
introduces the risk that the value is used to authenticate.
2012-07-20 15:34:28 -05:00
Rob Winch
638e92a3f7
SEC-1992: Updated Spring version to 3.0.7
2012-07-06 10:32:45 -05:00
Rob Winch
f2345fcb21
SEC-1981: Remove dependency on Locale for the build
2012-07-05 13:30:41 -05:00
Rob Winch
a2452ab514
SEC-1906: Update to Gradle 1.0
2012-07-05 12:41:56 -05:00
Rob Winch
8b05d23832
SEC-1971: Allow injection of ExpressionParser in AbstractSecurityExpressionHandler
2012-06-15 08:21:52 -05:00
Luke Taylor
5d71d2a4fa
SEC-1887: Add MethodSecurityOperations interface.
...
This should cater for implementations which want to use
the full filtering capabilities while creating a custom
expression root object.
Also cleaning whitespace.
2012-02-01 15:49:56 +00:00
Andrei Stefan
0f9ee81df1
SEC-1887: Improve extensibility of expression-based security classes
...
Introduces a new SecurityExpressionOperations interface which is
implemented by SecurityExpressionRoot
2012-01-31 19:06:43 +00:00
Luke Taylor
f97463cdb5
Minor comment fixes
2012-01-16 14:49:59 +00:00
Rob Winch
1f835fec43
SEC-1867: Perform null check on Authentication.getCredentials() prior to calling toString()
2011-12-30 14:00:13 -06:00
Rob Winch
8ca2927761
Renamed **/Test.java to **/Tests.java to better follow conventions
2011-12-28 17:39:29 -06:00
Rob Winch
3dca70403d
Suppress compiler warnings and minor javadoc fix for ProviderManager
2011-11-11 11:45:02 -06:00
Luke Taylor
8fd2963e6b
Deprecate storage of Authentication object in AuthenticationException.
2011-11-01 13:05:53 +00:00
Luke Taylor
bce4d81142
Mark overriding "extraInformation" methods in account status exceptions as deprecated.
2011-10-30 21:47:04 +00:00
Luke Taylor
2953f56b2b
Remove ancient code formatter artifacts.
2011-09-25 21:17:21 +01:00
Luke Taylor
44364d0101
SEC-1826: Empty attribute list should be treated the same as null in DelegatingMethodSecurityMetadataSource.
2011-09-24 14:36:54 +01:00
Luke Taylor
be8ee61f82
PreInvocationAuthorizationAdviceVoter was checking the wrong type in its "supports" method.
...
This isn't actually used, but is still incorrect.
2011-09-24 13:13:38 +01:00
Luke Taylor
359bd7c468
SEC-1804: Updated Javadoc wrt immutability of User class.
2011-08-25 10:50:50 +01:00
Luke Taylor
8ce6c73802
Add check for empty attributes list as well as null, in DelegatingMethodSecurityMetadataSource
2011-08-19 15:24:44 -07:00
Luke Taylor
d6b7b52a79
Update to Spring 3.0.6.
2011-08-19 15:06:26 -07:00
Luke Taylor
a4c05239e5
SEC-1719: Lithuanian messages translation.
2011-08-19 11:17:05 -07:00
Luke Taylor
59a07175a6
SEC-1744: Do not trust authorities contained in the authentication request in JaasAuthenticationProvider.
2011-08-12 19:44:27 +01:00
Luke Taylor
5fce0a58bd
SEC-1750: Make sure RunAs replacement is constrained to the SecurityContext of the current thread.
2011-08-12 19:44:27 +01:00
Luke Taylor
249610c7ed
SEC-1742: Remove deprecated "includeDetailsObject" field from DaoAuthenticationProvider.
2011-08-12 19:44:26 +01:00
Luke Taylor
1976cb1bf7
SEC-1742: Deprecate use of extraInformation field in AuthenticationException, making it transient and removing any sensitive data in UserDetails objects which are stored in it.
2011-08-12 19:44:26 +01:00
Luke Taylor
74daa68691
SEC-1796: Check for annotated annotations at class/interface level. Previously only the specific security annotation was checked for. By delegating to Spring's AnnotationUtils, custom annotations carrying the security annotation are also detected.
2011-08-12 14:29:55 +01:00
Rob Winch
7399c9a7a5
SEC-1792: Fixed NullPointerException in RunAsUserToken#toString()
2011-07-29 09:55:18 -05:00
Rob Winch
dfd467f26e
cleaned imports in RunAsUserToken
2011-07-29 09:39:02 -05:00
Luke Taylor
56e86dd36f
Adding assertions on constructor arg values.
2011-07-06 20:50:25 +01:00
Luke Taylor
2d271666a4
Add constructors to facilitate constructor-based injection for required/shared bean properties.
2011-07-05 20:25:49 +01:00
Rob Winch
c3a3a5bfbf
Updated core.gradle to include crypto as referenced project in eclipse
2011-06-21 07:22:35 -05:00
Luke Taylor
d253f5e109
SEC-1768: Use AopProxyUtils.ultimateTargetClass() to cater for the situation where the security interceptor is being applied to a proxy.
2011-06-18 14:35:56 +01:00
Luke Taylor
571bfc4869
Refactoring to use Utf8 encoder instead of String.getBytes("UTF-8").
2011-06-14 18:47:50 +01:00
Luke Taylor
361b77685d
Add crypto as an exported dependency of core in IDEA configuration.
2011-06-14 18:47:49 +01:00
Luke Taylor
2b8d4684a1
SEC-1764: Ensure password encoders use UTF-8 charset when creating strings from byte arrays.
2011-06-14 18:47:49 +01:00
Luke Taylor
e27f655e9d
SEC-1689: Re-instate crypto as separate library (for use in non-Spring Security apps), as well as packaging with core.
2011-06-10 00:01:25 +01:00
Luke Taylor
6d04670f87
SEC-1695: Allow customization of the session key under which the SecurityContext is stored.
2011-05-25 19:51:47 +01:00
Luke Taylor
42e0e158b4
Simplify Digester utility class.
2011-05-25 19:09:08 +01:00
Luke Taylor
21295a58e5
SEC-1751: Applied patch to use zero-IV for queryable text encryption.
2011-05-23 20:10:16 +01:00
Luke Taylor
5a4aed238c
SEC-1752: Fixed Utf8 codec to take account of the limit of the ByteBuffer returned by CharsetEncoder.encode().
2011-05-23 18:55:25 +01:00
Luke Taylor
63f160dc72
SEC-1749: Add support for PageContext lookup of objects and use of PermissionEvaluator when using web access expressions.
2011-05-19 15:27:35 +01:00
Luke Taylor
c758f36629
Forgot to add version information test previously
2011-05-17 23:54:43 +01:00
Luke Taylor
295ea27526
SEC-1743: Separate remoting from core into separate module.
2011-05-16 00:19:30 +01:00
Luke Taylor
396eced291
Add test to check version information.
2011-05-07 17:15:02 +01:00
Luke Taylor
6a2a636fd7
Update Javadoc for UserDetailsManager to reflect that the new password doesn't need to be stored in the security context (and probably shouldn't be).
2011-05-07 16:20:12 +01:00
Luke Taylor
a2858240f1
SEC-1728: Remove references to SUN provider and incorrect seeding of SecureRandom in SecureRandomBytesKeyGenerator.
2011-04-27 22:10:17 +01:00
Luke Taylor
73fb1764b8
SEC-1730: Fix broken KeyGenerators method.
2011-04-26 19:06:45 +01:00
Luke Taylor
614d8c0321
SEC-1723: Use standard SpEL syntax for accessing beans in the app context by name.
2011-04-22 13:47:59 +01:00
Luke Taylor
8178371927
SEC-1700: Add fixed serializationVersionUID values to security context, authentication tokens and related classes
2011-04-21 19:55:32 +01:00
Luke Taylor
5a9aa6d1aa
SEC-1700: Allow for case where JAAS config is not a simple file, but may be a jar resource, for example.
2011-04-20 14:35:09 +01:00
Luke Taylor
6db7472928
SEC-1181: Added extra I18N messages for LDAP locked, disabled etc.
2011-04-15 20:10:48 +01:00
Luke Taylor
59ac4c8b96
SEC-1181: Added option to parse AD sub-error codes.
2011-04-15 20:10:48 +01:00
Luke Taylor
01c9c4e4db
SEC-1697: Don't publish authorization success events in AbstractSecurityInterceptor by default.
2011-04-06 13:58:58 +01:00
Luke Taylor
8d99918798
SEC-1491: Add support for an external priority SecurityMetadataSource to be referenced from global-method-security.
2011-04-05 15:07:43 +01:00
Luke Taylor
3084ad878f
SEC-1491: Added AnnotationMetadataExtractor to SecuredAnnotationSecurityMetadataSource to allow a custom security annotation to be used.
2011-04-04 19:48:27 +01:00
Luke Taylor
244047ffe9
Delete unused test entities.
2011-04-04 18:39:57 +01:00
Luke Taylor
ead669f10c
Move single-use annotation test classes into SecuredAnnotationSecurityMetadataDefinitionSourceTests.
2011-04-04 18:25:25 +01:00
Luke Taylor
e470eaa41d
SEC-1689: Moved core codec code into crypto package and removed existing duplication (Hex encoding etc). Refactoring of crypto code to use CharSequence for where possible instead of String.
2011-03-17 01:43:31 +00:00
Luke Taylor
50828cdd43
SEC-1689: Move crypto module code to core for simplicity.
2011-03-10 18:58:47 +00:00
Luke Taylor
5a6afbff95
SEC-1688: Allow injection of a PasswordEncoder from the crypto module into DaoAuthenticationProvider.
2011-03-08 16:20:26 +00:00
Luke Taylor
885f0270dc
Some adjustments to the core build to make sure crypto classes are correctly exported to other tasks.
2011-03-08 16:19:51 +00:00
Luke Taylor
9d45828cb0
SEC-1689: Package crypto module classes with core.
2011-03-07 17:44:38 +00:00
Luke Taylor
fd1a70edc2
SEC-1665: Add extra check of non-public declared methods in MethodInvocationAdapter, if public method cannot be found.
2011-03-04 17:45:37 +00:00
Luke Taylor
131c80f444
SEC-1690: Refactor expression PropertyAccessor for dealing with properties as beans in the ApplicationContext.
2011-03-02 16:33:25 +00:00
Luke Taylor
7a0a2dace6
Revert deliberate test failure.
2011-02-25 23:55:22 +00:00
Luke Taylor
a9d325ea18
Deliberately fail test to test bamboo's reaction
2011-02-25 23:53:27 +00:00
Luke Taylor
4a7608b7a9
SEC-1640: Add support for "this" property to MethodSecurityExpressionRoot object, representing the object on which the method is actually being invoked.
2011-02-17 17:51:22 +00:00
Luke Taylor
0b1beee432
Update Base64 implementation to include fixes (using diff) from the original up to version 2.3.7.
2011-02-14 22:40:41 +00:00
Luke Taylor
b0df1bd1b0
SEC-1673: Use a map to store the range values use in the bundlor templates.
2011-02-07 16:06:23 +00:00