3738 Commits

All Branches

Search

Author	SHA1	Message	Date
Luke Taylor	229866e293	SEC-1142: Support for session timeout detection. Added namespace support for invalid-session-url	2009-08-07 23:57:10 +00:00
Luke Taylor	c12e5b4d0b	SEC-1142: Renamed setter argument to match property.	2009-08-07 22:55:14 +00:00
Luke Taylor	ea73fd0130	SEC-1142: Simplified implementation by removing template method.	2009-08-07 22:54:07 +00:00
Luke Taylor	90d76373cc	SEC-1142: Support for session timeout detection. Added redirect to invalidSessionUrl in SessionManagementFilter when an invalid session Id is supplied in the request.	2009-08-07 17:12:12 +00:00
Luke Taylor	0f6642d3ab	SEC-1216: Replacement of custom-after-invocation-provider with after-invocation-provider element. Some changes to help prevent proxying of aop infrastructure classes (use of AopInfrastructureBean marker interface)	2009-08-04 00:18:07 +00:00
Luke Taylor	eaa0dc4fce	typo	2009-08-03 16:30:26 +00:00
Luke Taylor	e40b9fbc75	SEC-1196: Introduce AuthenticationManagerDelegator is MethodSecurityInterceptor which is configured by global-method-security. Prevents regression of SEC-933 caused by eager init of AuthenitcationManager and dependent beans	2009-08-03 01:44:49 +00:00
Luke Taylor	997faabe1e	SEC-1196: Removed ConfigUtils (no longer used).	2009-08-03 00:22:47 +00:00
Luke Taylor	5953af0f6b	SEC-1196: Change use of <authentication-manager> to actually register the global ProviderManager instance. This element now registers the global ProviderManager instance and must contain any authentication-provider elements (or ldap-authentication-provider elements).	2009-08-03 00:21:11 +00:00
Luke Taylor	c5d6484b54	SEC-1210: RememberMe filter misses UserDetailsService in default <http /> tag config when it is declared in parent app context. Fixed by getting the UserDetailsServiceInjectionPostProcessor to check ancestor bean factories for a UserDetailsService if one isn't found in the current bean factory.	2009-07-31 19:40:20 +00:00
Luke Taylor	160aa512a1	Remove "infrastructure" type from authentication provider bean.	2009-07-31 19:38:16 +00:00
Luke Taylor	6ae61f95db	Minor updates to test XML context implementation.	2009-07-31 19:37:05 +00:00
Luke Taylor	a4a0aab66f	SEC-1164: Add additional component definitions so that Spring IDE picks them up and doesn;t report missing bean definitions	2009-07-31 00:18:16 +00:00
Luke Taylor	06e393a171	Update bundlor to M5	2009-07-31 00:15:25 +00:00
Luke Taylor	ecbacddc7c	SEC-1146: Add some information on using authority groups	2009-07-29 16:30:15 +00:00
Luke Taylor	5d5df0c63d	Added extra 'manual' security interceptor config	2009-07-29 16:08:04 +00:00
Luke Taylor	68364f06a2	Minor itest updates	2009-07-29 16:05:47 +00:00
Luke Taylor	3e6054b69f	SEC-1211: Rename SessionFixationProtectionFilter to SessionManagementFilter, since it no longer performs session-fixation protection directly, but just executes the AuthenticatedSessionStrategy.	2009-07-29 00:52:30 +00:00
Luke Taylor	5e285b3692	SEC-1211: Set the default AuthenticatedSessionStrategy to a null implementation to preserve existing behaviour.	2009-07-28 23:57:46 +00:00
Luke Taylor	609a68b12a	SEC-1077: Added DefaultAuthenticatedSessionStrategy test to check that saved request attribute is retained when migrateAttributes is false.	2009-07-28 23:47:26 +00:00
Luke Taylor	db90122179	SEC-1211: Create strategy for session handling on successful authentication. Added AuthenticatedSessionStrategy interface and default implementation which encapsulates the functionality that was previously in SessionFixationProtectionFilter and AbstractAuthentictationProcessingFilter. Updated the namespace to make use of these.	2009-07-28 18:00:24 +00:00
Luke Taylor	4a12b80470	Minor updates to x509 doc and update of remember-me doc (no longer part of auto-config)	2009-07-27 22:27:48 +00:00
Luke Taylor	fdb7325cbc	Javadoc update	2009-07-24 15:21:59 +00:00
Luke Taylor	9c27bced5b	Corrected typo	2009-07-23 20:42:04 +00:00
Luke Taylor	40efe6db57	Minor doc updates	2009-07-22 17:24:05 +00:00
Luke Taylor	0a37aed4b9	SEC-1207. Fixed class name in jsp	2009-07-22 16:37:22 +00:00
Luke Taylor	719a5e09d8	SEC-1205: Added comment to Javadoc for PasswordComparisonAuthenticator to indicate that it won't work with SSHA passwords	2009-07-22 16:11:24 +00:00
Luke Taylor	931cf90dbb	SEC-1203: Allow configuration of X509 subject-dn-regex attribute using PropertyPlaceholderConfigurer. Modified parser to use a BeanDefinition for the SubjectPrincipalDnExtractor to allow property subsititution.	2009-07-21 00:14:57 +00:00
Luke Taylor	8b115e2a21	SEC-1167: Added setRequestCache to SavedRequestAwareAuthenticationSuccessHandler and updated namespace parsing to set PortResolver on created HttpRequestCache.	2009-07-20 22:52:48 +00:00
Luke Taylor	f404bb3d74	SEC-1167: Introduce more flexible SavedRequest handling. Separated the concept of SavedRequest from SecurityContextHolderAwareFilter since the two are orthogonal requirements. This no longer takes a wrapper class property or uses reflection. SavedRequest functionality is accessed through the RequestCache interface, with the default implementation being HttpSessionRequestCache. A separate filter RequestCacheAwareFilter is now responsible for reconstituting the SavedRequest if it matches the current request. The functionality for matching and returning the wrapper is contained in the RequestCache method though.	2009-07-20 22:34:40 +00:00
Luke Taylor	efd1dbf54a	Removed public modifier from getSessionController() method on ProviderManager.	2009-07-17 23:37:45 +00:00
Luke Taylor	491837ae34	SEC-1197: Moved support from session-controller-ref from authentication-manager to concurrent-session-control element. Plus refactoring of config classes into separate packages.	2009-07-17 23:36:35 +00:00
Luke Taylor	83da7be2ea	Remove (ticket) cache package from CAS module. Unnecesary and has a circular reference.	2009-07-17 23:33:55 +00:00
Luke Taylor	1afa67c954	SEC-1195: Added internal AuthenticationManager for use by beans which are generated by the <http> block.	2009-07-15 23:09:47 +00:00
Luke Taylor	6346e31517	SEC-1195: Change <http> parsing behaviour to use an internal AuthenticationManager instance. Implemented "parent" AuthenticationManager in ProviderManager which is delegated to when no authentication is returned by the instances list of authentication providers. Extracted the Authentication success/failure publishing into a separate strategy.	2009-07-15 01:28:28 +00:00
Luke Taylor	1ca2e6e6fc	Tidying.	2009-07-13 23:12:32 +00:00
Luke Taylor	5d389d953d	RoleVoter test class.	2009-07-13 23:11:15 +00:00
Luke Taylor	946f3d1067	Converted to use mockito.	2009-07-13 23:10:52 +00:00
Luke Taylor	e63fba3a36	Tidying	2009-07-08 23:55:42 +00:00
Luke Taylor	d59bdc0cbc	Reducing use of global bean Ids as part of SEC-1186	2009-07-08 23:54:26 +00:00
Luke Taylor	7622dfe092	SEC-1194: Added support for services-alias to remember-me	2009-07-08 23:53:47 +00:00
Luke Taylor	b795d22e51	Upgraded junit and bundlor deps	2009-07-08 23:46:15 +00:00
Luke Taylor	3b1cdc3ab4	Tidying.	2009-07-08 23:27:53 +00:00
Luke Taylor	8a3930e673	Refactoring of ProviderManager to ensure that any AuthenticationException from the ConcurrentSessionController will prevent further polling of providers.	2009-07-08 23:20:46 +00:00
Luke Taylor	d02bbbf560	import cleaning.	2009-07-08 17:17:45 +00:00
Luke Taylor	43dab4c3b3	SEC-1186: Additional changes to remove custom-filter decorator functionality.	2009-07-08 16:50:47 +00:00
Luke Taylor	abddcb044a	SEC-1186: Remove functionality from CustomFilterBeanDefinitionDecorator and report a warning instead.	2009-07-08 16:49:30 +00:00
Luke Taylor	b3366a1646	SEC-1186: Tidying up changes to http parsing	2009-07-08 16:19:26 +00:00
Luke Taylor	df7c734450	SEC-1192: Fix incorrect classname in preauth chapter	2009-07-08 14:53:40 +00:00
Luke Taylor	6b53703e37	SEC-1187: Moved pre-authentication status check inside try/catch block and repeated the call after reloading the user during the "cacheWasUsed" logic.	2009-07-07 17:09:44 +00:00