aeed49393c
Switching StringBuffer to StringBuilder throughout the codebase (APIs permitting).
2009-12-18 18:44:42 +00:00
fac07ba8ff
Schema updates to Spring 3.0
2009-12-18 18:44:17 +00:00
85a58fd473
SEC-1331: Modify namespace to allow omission of user passwords in user-service element and generate random ones internally, preventing authentication against the data..
2009-12-18 15:39:13 +00:00
520e733cb2
[maven-release-plugin] prepare for next development iteration
2009-12-08 21:19:41 +00:00
f2cf17bd49
[maven-release-plugin] prepare release spring-security-3.0.0.RC2
2009-12-08 21:19:20 +00:00
94d185a6be
Updated slf4j version in ldap sample
2009-12-08 20:24:12 +00:00
5546698fef
SEC-1253: Decouple spring-security-config module from spring-security-web. Added ClassUtils.isPresent() check for FilterChainProxy before attempting to register web-related parsers and decorators. Added use of namespace to dms sample for testing.
2009-11-17 23:39:42 +00:00
4d8956a227
SEC-1288: Changed claimedIdentityFieldName in OpenIDAuthenticationFilter to "openid_identifier", as recommended by the 2.0 spec.
2009-11-17 22:05:38 +00:00
8f5c414b00
Improve cleanup in sample script
2009-10-17 13:00:24 +00:00
3f963ef8ca
Restore versions and svn URLs in trunk (release plugin fail)
2009-10-11 21:59:38 +00:00
af563e826c
[maven-release-plugin] prepare release spring-security-3.0.0.RC1
2009-10-11 21:43:42 +00:00
5f3ff97ce0
Disable aspectj sample
2009-10-11 21:39:14 +00:00
cf5e713812
Fixes to samples and improved test workout script
2009-10-10 23:50:33 +00:00
cb643f73de
Tidying up.
2009-10-07 21:08:57 +00:00
1286741c7c
SEC-1259: Improve consistency of authentication filter names.
2009-10-07 14:43:55 +00:00
1042305cfe
Renamed web.wrapper to web.servletapi. Added some package.html files.
2009-10-05 16:59:37 +00:00
7247902911
SEC-1229: Updated sample and itest namespace concurrency configs.
2009-09-29 16:18:01 +00:00
aa153681bf
SEC-1229: Added session-management element to namespace and refactored existing session-related attributes and concurrency control. Refactored <http> parsing code to split it up into more manageable units.
2009-09-29 00:29:09 +00:00
3f70d79df5
SEC-1022: Remove use of static methods/initializers in Acl Permissions. Converted PermissionFactory to a strategy which is used to convert integers and names to Permission instances.
2009-09-16 12:45:53 +00:00
731402e9f5
SEC-525: [PATCH] Add AccessCheckerTag based on URL resource access permissions. Added functionality to "authorize" tag to allow evaluation of whether a particual url is accessible to the user. Uses a WebInvocationPrivilegeEvaluator registered in the application context.
2009-09-16 00:23:13 +00:00
b531a81176
SEC-1246: Introduce EL-based authorization tag. Added optional access expression to authorize tag.
2009-09-15 16:34:05 +00:00
1d00b92d25
Removed portlet sample
2009-09-09 20:53:19 +00:00
aec730ae7e
SEC-1238: Disable portlet module
2009-09-09 20:03:00 +00:00
5bdfd8cd77
Tidying imports etc to remove compiler warnings.
2009-09-05 14:14:58 +00:00
ed0686cacf
Upgraded to AspectJ 1.6.5 and fixes some maven plugin config bugs
2009-09-04 15:25:23 +00:00
a1751aec2c
SEC-1232: Added the aspect library needed for <global-method-security mode="aspectj"/> and a small sample
2009-09-04 13:53:55 +00:00
0d7b990e0a
SEC-1184: Moved ACL cache classes and interface out of jdbc package.
2009-08-31 22:15:37 +00:00
092d7b5c2b
Fix CAS filter configuration.
2009-08-25 20:26:12 +00:00
5a8772df5b
Reset pom versions post release
2009-08-21 12:02:49 +00:00
0e5aa7008d
[maven-release-plugin] prepare release spring-security-3.0.0.M2
2009-08-20 15:51:26 +00:00
984b2835d6
Update CAS sample to use new namespace syntax for authentication providers.
2009-08-20 14:58:59 +00:00
48988bde84
SEC-935: Support for OpenID attribute exchange and changes to namespace syntax to allow simple configuration of attributes to request.
2009-08-13 23:55:25 +00:00
faa6be2011
SEC-935: Updated to OpenID4Java 0.9.5 release
2009-08-10 16:06:19 +00:00
5953af0f6b
SEC-1196: Change use of <authentication-manager> to actually register the global ProviderManager instance. This element now registers the global ProviderManager instance and must contain any authentication-provider elements (or ldap-authentication-provider elements).
2009-08-03 00:21:11 +00:00
0a37aed4b9
SEC-1207. Fixed class name in jsp
2009-07-22 16:37:22 +00:00
1afa67c954
SEC-1195: Added internal AuthenticationManager for use by beans which are generated by the <http> block.
2009-07-15 23:09:47 +00:00
853b4c8753
SEC-1186: Make sure an Element is always supplied when registering the AuthenticationManager. Fixes broken tests.
2009-06-28 13:36:54 +00:00
408e982b96
Minor JSP classname fixes etc in samples
2009-06-18 13:28:44 +00:00
5808da12ff
SEC-1094: Simplified WebXml attribute mapping. Removed generic jaxen-based implementation on which it was based in favour of simple DOM model traversal. Updated sample.
2009-06-08 15:23:41 +00:00
0134a5646d
Changed to use expressions in commented-out XML instead of outdated syntax.
2009-05-31 21:26:52 +00:00
131ba5c62e
Reset poms to 3.0.0.CI-SNAPSHOT after tagging M1 release
2009-05-27 00:12:30 +00:00
e2c218e8c9
[maven-release-plugin] prepare release spring-security-3.0.0.M1
2009-05-26 23:44:11 +00:00
f976080d1d
Fixes to sample app context files
2009-05-26 22:15:05 +00:00
1788dfdba0
Removed duplicate logging from cas sample
2009-05-26 22:14:34 +00:00
45c54c558c
Updated build to use maven.springframework.org deps
2009-05-13 06:16:05 +00:00
a8215fa2cb
SEC-1160: Renaming of authentication filters and entry points and associated doc changes
2009-05-12 05:37:11 +00:00
4bad213b19
SEC-1132: Moved remaining preauth code from core to web
2009-05-12 00:11:06 +00:00
1a69a4d45a
SEC-1132: Restructuring of ACL packages
2009-05-11 05:37:36 +00:00
14c4739605
SEC-1158: Decoupling of Pre/Post annotations implementation from Spring EL.
2009-05-11 05:18:20 +00:00
29fafbbf18
Misc tidying up of old files and refactoring of tests
2009-05-05 13:29:59 +00:00
331a04c07c
Some changes to make it easier to run the sample with the database driver as part of the jetty plugin configuration, preventing classloader leaks.
2009-05-05 03:21:07 +00:00
6d655aa514
SEC-1132: More refactoring to remove cycles ad reduce complexity metrics
2009-05-04 14:24:54 +00:00
e1bc1819da
SEC-1150: Update Contacts sample to use modernized Spring MVC controllers
2009-05-04 09:22:31 +00:00
e94baf38b3
Tidying up to remove warnings (generics, use of deprecated test classes etc).
2009-04-28 06:49:43 +00:00
21e36e0a57
Updated version number from 2.5.0-SNPSHOT to 3.0.0.CI-SNAPSHOT
2009-04-22 12:55:52 +00:00
13af4b95a2
Sample package name updates
2009-04-18 06:04:56 +00:00
ace6d225b4
SEC-1131: Correct portlet API version (again).
2009-04-17 05:26:14 +00:00
446bcb9b1d
SEC-1131: Correct portlet API version.
2009-04-17 04:56:59 +00:00
101203b44d
SEC-1132: Updates to samples to reflect ACL refactoring.
2009-04-15 10:07:23 +00:00
93bdcccaee
SEC-1132: Moved userdetails into core and added core/authority sub-package
2009-04-15 07:39:21 +00:00
c770998d92
SEC-1132: Move authoritymapping to core as it is actually used in loading authorities for a use, not in making access decisions.
2009-04-14 04:22:57 +00:00
ca7d055c2b
SEC-1132: Created core and authentication packages within core module.
2009-04-13 13:43:23 +00:00
9efb5a7007
SEC-1132: Moved access-control/authorization specific code to org.sf.security.access package. Created provisioning package for user management classes to remove cyclical deps. Some other moving of classes to remove code tangles. Restructuring of portlet module under org.sf.security.portlet
2009-04-12 12:23:23 +00:00
7c4d54f356
SEC-1131: Applied patch for portlet upgrade
2009-04-12 05:52:20 +00:00
f746a20ab4
SEC-1132: package refactoring of non-core modules
2009-03-27 05:01:03 +00:00
bec84f874a
SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples.
2009-03-26 07:18:36 +00:00
2a9a8a41db
SEC-1125: Created separate web module spring-security-web
2009-03-25 06:28:18 +00:00
2c985a1c36
SEC-1126: separated out spring-security-config module containing namespace configuration classes and resources
2009-03-23 04:23:48 +00:00
4aff4b2350
SEC-1123: Renamed ObjectDefinitionSource to SecurityMetadataSourceand performed related refactoring
2009-03-20 04:32:06 +00:00
4aae5ec42e
SEC-1124: Refactored LDAP code into separate module
2009-03-19 06:30:32 +00:00
591681c180
Upgrade to Spring M2 and correct expression classes and pom files to match changes
2009-03-19 01:17:16 +00:00
ef3ea65fdb
Switching back to 2.5.0-SNAPSHOT after tagging M1 release
2009-01-03 07:42:19 +00:00
fc5f50501e
[maven-release-plugin] prepare release 2.5.0.M1
2009-01-03 07:08:25 +00:00
4eb4d08825
Added -o to mven:jetty-run in runall.sh to speed up script
2009-01-03 06:45:41 +00:00
d6ee9a9a93
Commented out hessian and burlap remoting beans to avoid missing class exceptions on startup
2009-01-03 05:51:45 +00:00
0ead104b86
Update CAS server information to latest version
2009-01-03 05:20:22 +00:00
65a78ce4a4
SEC-745: updated cas sample filter bean configuration
2008-12-29 01:33:27 +00:00
4a41416c9b
Tidying up and removing compiler warnings.
2008-12-21 16:36:16 +00:00
0d7002e322
SEC-1012: Extra fixes to dependent modules following changes to Acl APIs.
2008-12-21 02:06:55 +00:00
cc5966bc7e
Tidying up, removing compiler warnings etc.
2008-12-20 00:16:49 +00:00
8154161ef5
SEC-1035: Updated build to use Spring 3.0.0.M1 Release
2008-12-18 02:37:00 +00:00
7fa9a959b5
Added webAppRootKey context-param to samples to prevent conflicts when run together in Tomcat.
2008-12-16 21:13:03 +00:00
681f1ee00c
Fix duplicate logging.
2008-12-16 19:07:31 +00:00
2927b8464f
SEC-1058: Substantial refactoring of AbstractProcessingFilter to use AuthenticationFailureHandler strategy. Also changed attemptAuthentication method to take a response object and have the option of returning null, to allow OpenIDAuthenticationProcessingFilter to work without having to throw exceptions between the template methods (which made the logic very hard to follow). The OpenID filter now redirects to the OpenID provider service from this method, rather than treating it as a temporary failure and throwing OpenIDAuthenticationRequiredException.
2008-12-14 22:20:21 +00:00
df771038b4
SEC-1051: Fixed class names in dms sample app context.
2008-12-12 17:43:09 +00:00
6ccdcec629
SEC-1033: Added web expressions to tutorial sample configuration.
2008-12-08 21:56:44 +00:00
bc6878c1c5
SEC-1044: Removed remember-me functionality from http auto-config namespace configuration. Added explicit <remember-me> elements to contacts and tutorial sample configurations.
2008-12-05 16:36:43 +00:00
3cbad3ebd7
Corrected comment.
2008-12-05 16:04:22 +00:00
781b09e889
SEC-1036: Updated ldap sample pom
2008-11-29 14:16:08 +00:00
7e562031cc
Better demonstrate the new EL-based "overdraft" authorization rules.
2008-11-19 09:32:04 +00:00
f3b3004085
Removed references to Acegi in contacts sample home page
2008-11-15 06:28:01 +00:00
78065ba47c
Fixed up contacts sample: removed casfailed page, corrected debug.jsp errors and fixed incorrect bean reference in context files.
2008-11-15 03:38:49 +00:00
3261fcb174
Tidying stuff
2008-11-14 07:16:30 +00:00
464da0f0df
SEC-999: Refactored namespace to take an expression handler instead of a permission evaluator, allowig fo greater cusomtomization and for a single handler to be used in both web and method security expressions.
2008-11-13 07:41:21 +00:00
e5b1073501
SEC-1012: Added more generics and warning suppression
2008-11-11 09:06:50 +00:00
7731a3df57
Typo.
2008-11-11 03:41:50 +00:00
e11114ce77
SEC-1023: Add hasPermission() support to SecurityExpressionRoot
...
http://jira.springframework.org/browse/SEC-1023 .
hasPermission() now delegates to a PermissionEvaluator interface, with a default implementation provided by the Acl module. The contacts sample now uses expressions on the ContactManager interface. The permission-evaluator element on global-method-security can be used to set the instance to an AclPermissionEvaluator. If not set, all hasPermission() expressions will evaluate to 'false'.
2008-11-10 04:27:25 +00:00
d6cd392a9e
Tidying up some stuff in tutorial app
2008-11-07 06:55:00 +00:00
d6bb6ccbf5
Removed .cvsignore files
2008-11-06 01:11:08 +00:00
a7d046357b
SEC-1013: Refactored out use of ConfigAttributeDefinition from remaining interfaces
2008-10-30 04:10:54 +00:00
Luke Taylor
Mike Wiesner
Ben Alex