Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-30 22:28:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,500 Commits 48 Branches 362 Tags
Commit Graph

2273 Commits

Author SHA1 Message Date
Luke Taylor
ca679e1479 Reformatting. 2010-12-01 20:52:37 +00:00
Luke Taylor
d64efe9747 SEC-1492: Added GrantedAuthoritiesMapper to provide mapping of loaded authorities to those which are eventually stored in the user Authentication object. 2010-11-25 15:19:37 +00:00
Luke Taylor
7754882ba9 SEC-1550: Additional signature change (in AnonymousAuthenticationToken) 2010-11-09 13:48:57 +00:00
Luke Taylor
1c8d28501c SEC-1550: Convert signatures to use Collection<? extends GrantedAuthority> where appropriate. 2010-11-03 13:48:59 +00:00
Luke Taylor
337477de6a SEC-1604: Change log level to debug for "Validated configuration attributes" message. 2010-11-02 20:06:42 +00:00
Luke Taylor
43ec2beec0 SEC-1183: Modified Attributes2GrantedAuthoritiesMapper to return Collection<? extends GrantedAuthority>. 2010-11-02 14:02:55 +00:00
Luke Taylor
2671e52d5a Expand message on incorrect Spring version to suggest checking the classpath for unwanted jars. 2010-11-02 12:31:44 +00:00
Luke Taylor
deef2706ef SEC-1607: Report correct version for Spring Security (not Spring version). 2010-11-02 11:13:32 +00:00
Luke Taylor
21ed5feb8d SEC-1600: Added Implementation-Version and Implementation-Title to manifest templates and checking of version numbers in namespace config module and core. Config checks the version of core it is running against and core checks the Spring version, reporting any mismatches or situations where the app is running with less than the recommended Spring version. 2010-10-27 13:25:40 +01:00
Luke Taylor
091a6d26f1 SEC-1548: Added extra logging to Dao-authentication classes to clarify reasons for authentication failure (missing user vs wrong password etc.). 2010-10-27 13:25:40 +01:00
Luke Taylor
54694d5ab7 SEC-1583: Added hasAuthority and hasAnyAuthority imlementations to SecurityExpressionRoot. 2010-10-27 13:25:39 +01:00
Luke Taylor
695c8f4ad6 Import cleaning and suppression of deprecation warnings. 2010-10-27 13:25:39 +01:00
Rob Winch
8249492ce9 SEC-1578: Use ThreadLocal.remove() instead of ThreadLocal.set(null) 2010-10-04 17:07:04 -05:00
Luke Taylor
62cbd51d54 SEC-1562: Made SecurityExpressionRootPropertyAccessor a package private class as it is no longer referenced from multiple packages. 2010-09-13 13:52:24 +01:00
Luke Taylor
829444d59b SEC-1564: testCompile configurations should include jcl-over-slf4j rather than logback. 2010-09-11 11:01:12 +01:00
rwinch
58d9903ebc SEC-1564: JAAS Configuration can now be injected into DefaultJaasAuthenticationProvider 2010-09-10 20:17:22 -05:00
Luke Taylor
8bf1b8420a SEC-1563: Move PermissionEvaluator and related methods to SecurityExpressionRoot 2010-09-08 15:06:00 +01:00
Luke Taylor
ca44ebd3cc SEC-1338: Applied submitted patch, making use of java.util.concurrent classes in place of traditional synchronization. 2010-09-08 12:59:49 +01:00
Luke Taylor
af56f4844d SEC-1562: Created SecurityExpressionHandler interface and AbstractSecurityExpressionHandler. 2010-09-07 19:46:45 +01:00
Luke Taylor
577ec27507 Polishing. 2010-08-30 19:03:47 +01:00
Luke Taylor
f4d57ab5e8 SEC-1456: Remove maven poms as we are now using gradle for the build. 2010-08-30 19:02:19 +01:00
Luke Taylor
696150f3c3 Remove unused import. 2010-08-30 11:52:52 +01:00
Luke Taylor
1a1372ab84 Removed deprecated AspectJInterceptor classes since these cannot be used with the existing MethodSecurityMetadataSource implementations (which no longer support JoinPoin as a secured object). Added some more tests. 2010-08-28 21:41:19 +01:00
Luke Taylor
f71d9df7fe Deprecate unnecessary method in SecurityConfig 2010-08-24 18:26:38 +01:00
Luke Taylor
bdb906e588 Enable parameterization for log levels in logback files to allow the use of command-line options for controlling log output. 2010-08-24 18:25:39 +01:00
Luke Taylor
1680807470 Added eclipse plugin to build. Some minor fixes to remove eclipse warnings. 2010-08-18 14:11:16 +01:00
Luke Taylor
3c02989d67 Removal of jmock test dependency and upgrading of mockito version to 1.8.5. Minor adjustments to other build deps and configurations (e.g. prevent groovy from being used as a transitive dep, since we only use it for tests). 2010-08-18 02:32:43 +01:00
Luke Taylor
281d77271e SEC-1486, SEC-1538, SEC-1537: Generification of AuthenticationDetailsSource. Deprecation of non-web pre-authentication classes and other unnecessary classes. Removal of reflection in WebAuthenticationDetailsSource. 2010-08-13 15:51:05 +01:00
Luke Taylor
2222a7be07 Use Integer.valueOf() in preference to new Integer() 2010-08-11 18:17:23 +01:00
Luke Taylor
dca0fd871c SEC-1532: Add cache of previously matched beans to ProtectPointcutPostProcessor to ensure that it doesn't perform pointcut matching every time a new prototype bean is created. 2010-08-09 17:16:43 +01:00
Luke Taylor
85c4c91e0e IDEA inspection refactorings. 2010-08-05 23:28:07 +01:00
Luke Taylor
64375484a1 More build and logging tuning. 2010-08-04 22:55:17 +01:00
Luke Taylor
c4ee46824c Removing log4j.properties files and adding logback config ones. 2010-08-04 21:16:05 +01:00
Luke Taylor
ab248b2583 SEC-1454: Added use of Spring's new AopProxyUtils.ultimateTargetClass() method when resolving the target class in MethodSecurityEvaluationContext. 2010-07-30 14:36:41 +01:00
Luke Taylor
b854e67952 SEC-1522: Treat empty attribute collection the same as null when returned by SecurityMetadataSource. Both are now treated as public invocations. 2010-07-27 02:20:09 +01:00
Luke Taylor
2afccfc633 Remove commons-logging dependency properly and switch tutorial sample to logback/slf4j. 2010-07-23 01:57:31 +01:00
Luke Taylor
443ac0487a SEC-1093: Namespace support for jee element. 
Adds a J2eePreAuthenticatedProcessingFilter to the stack, using a SimpleAttributes2GrantedAuthoritiesMapper to process the role attributes defined in the "mappable-roles" attribute. Provider uses a PreAuthenticatedGrantedAuthoritiesUserDetailsService by default.
 2010-07-07 22:42:26 +01:00
Luke Taylor
03fa8fce4d SEC-1507: Applied patch to return empty authority list rather than null from RoleHierarchyImpl. 2010-07-02 19:51:00 +01:00
Luke Taylor
026517f674 Removal of deprecated methods and classes. 2010-06-26 16:23:42 +01:00
Luke Taylor
db913f6857 SEC-1493: Added CredentialsContainer interface and implemented it in User, AbstractAuthenticationToken and UsernamePasswordAuthenticationToken. ProviderManager makes use of this to erase the credentials of the returned Authentication object (and its contents) if configured to do so by setting the 'eraseCredentialsAfterAuthentication' property. 2010-06-20 21:09:33 +01:00
Luke Taylor
d56adb8ffb SEC-1495: Convert User class equals and hashcode methods to only use the "username" property. 
This prevents situations where other data may have changed when a User object is reloaded (during a subsequent authentication attempt, in which case and Set.contains()/Map.containsKey() will return false even though the collection in question contains a principal representing the same user.
 2010-06-10 22:27:50 +01:00
Luke Taylor
efb600166a SEC-1488: Remove commons-logging dependencies from maven poms. 2010-05-28 13:10:59 +01:00
Luke Taylor
0e57ce2dc3 SEC-1481: Updated constructors of Authentication types to use a generic wildcard for authorities collection. 2010-05-21 15:59:50 +01:00
Luke Taylor
c95cf6ec7d SEC-1483: Change User constructor to use a generic wildcard for authorities collection. 2010-05-21 15:58:35 +01:00
Luke Taylor
b3aad4cf19 Javadoc fixes. 2010-05-06 20:02:08 +01:00
Luke Taylor
e7646a65f4 SEC-1421: Add setters to JdbcUserDetailsManager for group sql operations. 2010-05-03 14:53:06 +01:00
Luke Taylor
3c3aabf5be SEC-1465: Change empty check to a null check for list of delegates for DelegatingMethodSecurityMetadataSource. 2010-04-25 22:11:35 +01:00
Luke Taylor
a421370a3d SEC-1465: Change DelegatingMethodSecurityMetadataSource to use constructor injection to get round the problem of it being invoked before it has been initialized properly. Also changed the contacts tests to use the same app context and loading order as the actual webapp, to give better reassurance that the app will run successfully. 2010-04-25 22:00:25 +01:00
Luke Taylor
3bbbf07235 SEC-1464: Fix broken test (flags in returned user object were not being copied from stored user). 2010-04-25 20:12:00 +01:00
Luke Taylor
024e6904ff SEC-1464: Deprecate UserMap, InMemoryDaoImpl and other related classes in favour of the simpler (non-property editor based) InMemoryUserDetailsManager. 2010-04-25 04:27:09 +01:00