41d90e9bdb
SEC-399: Added tests for new session creation/attribute migration options.
2008-01-08 15:44:21 +00:00
c5e6a4cdfd
SEC-546: Added AccountStatusException as base class for dibled, locked etc. Modified ProviderManager to prevent it querying further providers if either this exception or a ConcurrentLoginException is thrown.
2008-01-08 13:33:20 +00:00
99b7510482
Tidied up getters/setters in AbstractProcessingFilter. Removed unused getters and reduced the scope of others where possible.
2008-01-07 16:10:50 +00:00
c5bc0fc683
SEC-623: Added login success and failure hooks to RememberMeProcessingFilter. Also moved MockApplicationEventPublisher implementations to a single class.
2008-01-07 15:06:29 +00:00
10ec13e4e2
[maven-release-plugin] prepare for next development iteration
2008-01-02 22:42:21 +00:00
2c5090da90
[maven-release-plugin] prepare release release_2_0_M1
2008-01-02 22:41:31 +00:00
09242ec66d
[maven-release-plugin] rollback the release of release_2_0_M1
2008-01-02 22:31:09 +00:00
42dcccd1b7
[maven-release-plugin] prepare release release_2_0_M1
2008-01-02 22:18:28 +00:00
aafbb5bb67
[maven-release-plugin] rollback the release of release_2_0_M1
2008-01-02 22:10:46 +00:00
425508d70d
[maven-release-plugin] prepare release release_2_0_M1
2008-01-02 22:01:34 +00:00
0b1e17f69a
[maven-release-plugin] rollback the release of release_2_0_M1
2008-01-02 21:54:37 +00:00
07aa0c6880
[maven-release-plugin] prepare release release_2_0_M1
2008-01-02 21:52:42 +00:00
5b9042ae07
Removed outdated scm elements from sub poms.
2008-01-02 20:33:09 +00:00
b115f4aa83
Removed unecessary rethrow of AuthenticationException from AbstractSecurityInterceptor and tidied up javadoc etc.
2008-01-01 16:43:34 +00:00
7ee049c824
Refactored SwitchUserProcessingFilter to extend SpringSecurityFilter.
2007-12-23 16:41:30 +00:00
5f1eea42fc
Moved configuration of security interceptors with access and authentication manangers from post processing stage to bean creation stage.
2007-12-23 16:40:29 +00:00
27de29f469
Corrected cut and paste error when parsing jdbc-user-service within AuthenticationProvider BDP.
2007-12-23 01:26:46 +00:00
ea8914f9ba
Moved Http post processor bean name to BeanIds class.
2007-12-23 01:06:22 +00:00
9d671fbdbf
Deleted original Ldap BD parser.
2007-12-23 01:05:35 +00:00
14e68618a5
Make constants class abstract.
2007-12-23 01:02:48 +00:00
46285a0ec0
SwitchUserProcessingFilter should come after FilterSecurityInterceptor (See SEC-376).
2007-12-23 01:02:12 +00:00
a38ed3cfde
Added check for multiple RememberMeServices beans.
2007-12-23 00:18:14 +00:00
debfbe47cf
Improvements to LDAP namespace configuration - splitting "ldap" element into ldap-server and ldap-authentication-provider. Also some minor changes to authentication-provider.
2007-12-23 00:17:37 +00:00
cf80292de3
Changes to namespace reinstating authentication-provider element in preference to "repository" to wrap convey that a user-service will be used as to authenticate against. Also introduced separate password-encoder element for use within authentication-provider.
2007-12-21 15:50:56 +00:00
70286f1197
Fixed problem caused by maven-2.0.8 change in test classpath. ldif file wasn't being loaded for tests. Default path should be "classpath*:" not "classpath:". (See discussing in Spring's PathMatchingResourcePatternResolver).
2007-12-20 20:53:26 +00:00
6e74d925fb
Boosted logging to try to resolve issues on bamboo server.
2007-12-20 19:45:43 +00:00
78e376312a
Added logging of working directory location.
2007-12-20 18:29:05 +00:00
85b10f79c2
Made servlet-api integration into an attribute of http, rather than a child element since it has no configuration.
2007-12-20 17:51:27 +00:00
31c09896ea
Fixed problem with relative name being used in (member={0}) search in DefaultAuthoritiesPopulator.
2007-12-14 20:41:00 +00:00
1a171ea316
SEC-595: Introduced loadUserAuthorities method. This can be overridden to allow loading of authorities with the authenticated user's credentials (by setting the security context). The Ldap ContextSource used in the authorities populator would also be configured with a SpringSecurityAuthentcationSource, to make use of the information in the security context.
2007-12-14 14:13:39 +00:00
fa510b3187
Modify attribute names to use "ref" instead of "id", plus use a hyphen
...
as an attribute value separator rather than a colon. This was changed
for compatibility with other components in the Spring Portfolio. tests
pass.
2007-12-13 20:19:56 +00:00
0f12d31d90
Corrected code for choosing entry point in namespace configuration.
2007-12-12 19:44:54 +00:00
9728f48adf
Convert to using AopNamespaceUtils, to avoid potentially creating
...
duplicate DefaultAdvisorAutoProxyCreator bean instances.
2007-12-11 18:46:20 +00:00
82cfa722be
Upgrade Spring-LDAP to 1.2.1 version.
2007-12-11 18:08:44 +00:00
ca996de2dc
Added tests for SpringSecurityAuthenticationSource.
2007-12-10 23:37:08 +00:00
894c90dadd
Moved AbstractAuthenticationManagerTests into ProviderManager as tested methods have already been moved there (maven wasn't running Abstract* tests but they were actually failing).
2007-12-10 23:36:27 +00:00
32038d8b92
Tidying.
2007-12-10 19:14:17 +00:00
47dec4e597
Make getters in AbstractRememberMeServices protected rather than public
2007-12-10 16:00:49 +00:00
ee31305fd5
Deprecated InitialDirContextFactory
2007-12-10 15:29:26 +00:00
5382627d4a
Added property to LdapAuthenticationProvider to allow the credentials to be set either using the submitted password (the default) or the credentials from the loaded UserDetails object (which may be null if the attribute isn't readable).
2007-12-09 23:46:28 +00:00
78529f6d28
SEC-620: AuthenticationSource implementation.
2007-12-09 23:44:15 +00:00
5e0cb21c8d
SEC-619: Added test class for LdapUserDetailsService. The LdapAuthoritiesPopulator interface and also implementations have been moved to the org.springframework.security.ldap package since they are now used by both the ldap provider and the user service.
2007-12-09 18:40:28 +00:00
4770c29094
Use hyphens in attribute names, and not Camel Case. This is to maintain
...
consistency with the rest of Spring Portfolio. Camel Case was preserved
for attribute values, consistent with Spring Portfolio usage such as
autowiring modes (byName, byType etc).
2007-12-09 03:42:20 +00:00
6ad176ce1a
Tidying.
2007-12-07 17:00:40 +00:00
4984024314
SEC-618: Moved copyDetails method down to ProviderManager so that it can be called prior to checking if authentication is allowed by ConcurrentSessionController.
2007-12-07 16:26:50 +00:00
b12a4939df
SEC-619: LdapUserDetailsService implementation.
2007-12-07 13:16:44 +00:00
a569ff01e2
Tidying.
2007-12-07 12:32:54 +00:00
382dc50f3c
SEC-299: Change ConcurrentSessionFilter to delegate to an array of LogoutHandlers rather than invalidating an expired session directly.
2007-12-06 17:39:04 +00:00
cb980f12d5
Tidying.
2007-12-06 17:26:04 +00:00
628227f5e7
Corrected out of date comment (constructor doesn't create a session). Removed unnecessary default constructor.
2007-12-06 16:53:35 +00:00
4b8455c831
Tidying comments.
2007-12-06 16:40:16 +00:00
4c6e41af7d
Tidying comments.
2007-12-06 16:33:59 +00:00
c66a3ba323
@deprecate FilterToBeanProxy in favour of the simpler and Spring Core provided DelegatingFilterProxy.
2007-12-06 09:43:43 +00:00
ab23fe56ad
Added log msg for loading of ldif files.
2007-12-06 00:14:25 +00:00
a1abcc39d2
SEC-513: Minor work on LDAP UserDetailsManager implementation.
2007-12-06 00:13:42 +00:00
e3432c2407
Some changes suggested by Spring LDAP guys to improve template usage.
2007-12-06 00:13:00 +00:00
4d133be0d0
Tidying.
2007-12-06 00:12:24 +00:00
3ddcc203bf
LdapUserDetailsMapper now throws UnsupportedOperationException for mapUserToContext method as only subclasses of this which implement actual LDAP object classes should be used for writing to a directory.
2007-12-06 00:12:06 +00:00
22052115b6
SEC-617: Make LDAPAuthenticationProvider a standalone class.
2007-12-05 14:39:46 +00:00
88ab9671c6
Correct attribute name.
2007-12-04 14:24:53 +00:00
9b6c798a52
SEC-496: <annotation-driven> element.
2007-12-04 14:14:17 +00:00
949205b369
Correction of equals(Object) and hashCode() methods.
2007-12-04 12:44:40 +00:00
85085abf9e
Add namespace support for Servlet API integration.
2007-12-04 12:23:41 +00:00
8c3cc5c67b
Add hash code support.
2007-12-04 11:21:39 +00:00
8e7c540b16
General refactorings and improvements to namespace support, including
...
autoDetect="true" attribute for <http> element.
2007-12-04 10:35:08 +00:00
2441ab6d9a
Move "realm" attribute to be on <http> element rather than <http-basic>.
...
This faciltiates reuse with other mechanisms (like Digest) whilst also
moving towards the <http-auto-configure> element (which benefits from
having shared configuration in <http> as opposed to mechanism-specific
elements).
2007-12-04 08:02:40 +00:00
d9ec944579
Refactor strings to static fields. To facilitate unit testing, package
...
protected visibility was adopted for all element names, attribute names,
and attribute default values. A public access modifier was used for all
bean IDs assigned to bean definitions created by the
BeanDefinitionParsers.
2007-12-04 07:12:08 +00:00
4e55bd0117
Make extend Spring Security's exception, for consistency with all other Spring Security exceptions.
2007-12-04 06:58:43 +00:00
9b4bb0ffd8
<repository> element and JdbcUserDetailsManager support.
2007-12-04 05:58:54 +00:00
5f98ee6817
<repository> element and JdbcUserDetailsManager support.
2007-12-04 05:54:58 +00:00
0b0b174eda
Support <repository> and JbcUserDetailsManager.
2007-12-04 05:27:17 +00:00
8cf46ad0f8
Remove, as not used.
2007-12-04 05:12:39 +00:00
8c9138b443
Typos.
2007-12-04 02:11:16 +00:00
021f03487e
Enhancements to correctly handle authentication failures.
2007-12-04 01:50:45 +00:00
2a83843e7d
Correct username key.
2007-12-04 01:46:26 +00:00
75391e89de
Tidied up Id tag.
2007-12-04 00:01:09 +00:00
794795712d
Parameter renamed.
2007-12-04 00:00:50 +00:00
97030e8942
Changed LDAP namespace parsing to make sure LDAP provider is registered with ProviderManager.
2007-12-03 23:58:38 +00:00
248d97c9d6
SEC-513: Added support for cache flushing after updating or deleting data in JdbcUserDetailsManager.
2007-12-03 22:12:02 +00:00
d086815d75
Add namespace support for anonymous requests. Also minor improvements to .rnc file as Trang didn't appear to be properly translating multi-line comments to the XSD (all multi-line comments were made single lines).
2007-12-03 07:46:52 +00:00
5c9009a391
Use new SpringSecurityFilter so compatible with enhanced FilterChainProxy class.
2007-12-03 07:44:32 +00:00
239fd05d37
Mark the unused Servlet Container callback methods as final to ensure subclasses do not rely upon them.
2007-12-03 07:33:18 +00:00
a53357778f
Remove superfluous method.
2007-12-03 07:32:23 +00:00
cb765bc34b
SEC-615: Automatically focus on login name HTML element on page load.
2007-12-03 06:34:43 +00:00
86fb6f2dea
Remove OrderedUtils (was used for old namespace testing).
2007-12-03 05:06:11 +00:00
f04f9097b1
Make name consistent with other MVN modules.
2007-12-03 04:10:19 +00:00
47229be5cb
Make samples and tests use username "rod".
2007-12-03 02:56:52 +00:00
3123d24337
SEC-613: Rename tag libraries.
2007-12-03 01:46:11 +00:00
c24958d7b8
Spelling correction.
2007-12-03 01:33:19 +00:00
08db4a1358
SEC-610: Reauthenticate even if AnonymousAuthenticationToken is present.
2007-12-02 02:15:43 +00:00
843a20e691
Changed default namespace in config files to "security" for clarity.
2007-11-29 13:14:15 +00:00
09c588a138
Removed unecessary check in additionalAuthenticationChecks() for null credentials in authentication object. Previous line already throws an exception if null is found.
2007-11-28 19:20:33 +00:00
88e01624eb
SEC-560: Removed local password comparison form PasswordComparisonAuthenticator.
2007-11-28 18:29:04 +00:00
0e1ae11fca
Tidying.
2007-11-28 18:00:43 +00:00
292320bd33
SEC-607: Changed NtlmUsernamePasswordAuthenticationToken to make authenticated=true the default state when an instance is created. NtlmAwareLdapAuthenticator now rejects tokens with authenticated=false (e.g. if the token has been passed remotely).
2007-11-24 20:13:29 +00:00
4f3a1739aa
Changed Ntlm filter to use SpringSecurityFilter base class.
2007-11-24 20:08:17 +00:00
9e2f372bad
SEC-607: Deprecated InitialDirContextFactory and replaced it with SpringSecurityContextSource.
...
Also some refactoring of LdapUserDetailsManager to use a strategy for creating DNs from usernames.
2007-11-20 20:54:48 +00:00
6d5773d177
Replaced creation of new list with Collections.EMPTY_LIST reference.
2007-11-17 23:06:32 +00:00
1196381220
Remove "controls" property as it doesn't really make sense and has never been used.
2007-11-17 20:55:39 +00:00
91e0a329f9
Upgrade to Spring LDAP 1.2 final.
2007-11-17 20:53:26 +00:00
Luke Taylor
Ben Alex