db4ed4bc44
Added debug statement to AbstractTicketValidator to help with Acegi+CAS+SSL setup (thanks Seth Ladd for the patch) (see http://opensource.atlassian.com/projects/spring/browse/SEC-34 )
2005-07-25 03:46:23 +00:00
c66c5dfab5
AuthorizeTag no longer depends on JDK 1.4. Tested on Websphere 5.0 w/JDK 1.3 (see http://opensource.atlassian.com/projects/spring/browse/SEC-11 )
2005-07-25 00:52:15 +00:00
f20bc6d9d0
Catch up with recent changes.
2005-07-25 00:45:43 +00:00
f650289142
Avoid expense of HttpSession when working with anonymous users.
2005-07-23 10:05:32 +00:00
f625d06cd9
Avoid expense of HttpSession when working with anonymous users.
2005-07-23 09:52:42 +00:00
c8275c591f
Reflect additional releases made for backporting SEC-20 security fix.
2005-07-14 01:12:38 +00:00
32136c38d4
Fix broken link (thanks to Marc Palmer).
2005-07-13 23:40:54 +00:00
3e4a29eae9
FilterSecurityInterceptor now has an observeOncePerRequest boolean property, allowing multiple fragments of the HTTP request to be individually authorized (see http://opensource.atlassian.com/projects/spring/browse/SEC-14 ).
2005-06-27 03:57:31 +00:00
d09d250656
Form, CAS, X509 and Remember-Me authentication mechanisms now publish an InteractiveAuthenticationSuccessEvent (see http://opensource.atlassian.com/projects/spring/browse/SEC-5 ).
2005-06-27 03:36:30 +00:00
60f8095cf2
Make Authenticated.isAuthenticated() behaviour switchable. See http://opensource.atlassian.com/projects/spring/browse/SEC-13 .
2005-06-27 03:05:26 +00:00
ef8281f534
HttpSessionContextIntegrationFilter elegantly handles IOExceptions and ServletExceptions within filter chain (see http://opensource.atlassian.com/projects/spring/browse/SEC-20 ).
2005-06-27 02:55:01 +00:00
a3d26edea3
JBoss container adapter to use getName() instead to toString() (see http://opensource.atlassian.com/projects/spring/browse/SEC-22 ).
2005-06-27 02:06:33 +00:00
a312fede74
Refactor DAO authentication failure events under a consistent abstract superclass (thanks to Mark St Godard for suggestion).
2005-06-22 08:07:52 +00:00
c0f1d4e19d
Remove getters and setters from JdbcDaoImpl so IoC container cannot modify MappingSqlQuerys (thanks to David Durham for bug report).
2005-06-22 08:06:28 +00:00
a15691d9d7
Silently catch NotSerializableException in AbstractProcessingFilter if rootCause is not Serializable (thanks to Joseph Dane for reporting this bug).
2005-06-22 07:03:53 +00:00
5f75e9bf9a
Refactor Authentication.isAuthenticated() handling to be more performance (as per developer list discussion).
2005-06-22 06:30:46 +00:00
a7b5299e77
Correct synchronization issue with FilterToBeanProxy initialization (thanks to George Franciscus and Volker Malzahn as per acegisecurity-developer discussion 4 June 2005).
2005-06-22 05:22:05 +00:00
1cfdc86ff4
Add Matt's latest presentation.
2005-06-20 05:31:57 +00:00
645c2bb5d5
Add new book.
2005-05-29 12:40:21 +00:00
c699f7d40e
Support non-username as primary key.
2005-05-29 09:46:51 +00:00
4e55780e7c
Performance optimisations thanks to Paulo Neves.
2005-05-20 00:00:22 +00:00
cfb8271826
Reorder DaoAuthenticationProvider exception logic as per developer list discussion.
2005-05-18 01:40:45 +00:00
ecbfac2ff8
Made AclEntry Serializable (correct issue with BasicAclEntryCache).
2005-05-17 11:07:00 +00:00
dcfa0008db
Updated URL to point to Reid Carlberg's latest blog entry.
2005-05-16 22:37:04 +00:00
e08e66dec6
Refactor SecurityContextHolder to return a SecurityContext instead of Authentication.
2005-05-08 23:42:14 +00:00
6a9abe5d90
Remove ContextHolder and introduce SecurityContext.
2005-05-07 09:11:37 +00:00
52064d5db4
Correction.
2005-05-06 03:53:12 +00:00
854112076e
Add Victor's entry.
2005-05-06 03:50:53 +00:00
e2b7b785e1
AppFuse link.
2005-05-01 08:55:40 +00:00
d4da559ccc
added entry for credential expiry modifications
2005-04-30 00:32:41 +00:00
d169829f27
AbstractAuthenticationToken.getName() now returns username alone if UserDetails present.
2005-04-29 22:29:00 +00:00
6f286e2054
AuthorityGranter.grant now returns a java.util.Set of role names, instead of a single role name
2005-04-27 03:39:06 +00:00
423dbc9f14
Add JavaDocs link to navigation documentation.
2005-04-21 23:12:50 +00:00
cff9ba4988
AnonymousProcessingFilter offers protected method to control when it should execute as per http://forum.springframework.org/viewtopic.php?p=19766 .
2005-04-21 23:02:58 +00:00
a68d720e88
Prepare for 0.9.0.
2005-04-20 22:43:46 +00:00
56f201c651
More memory needed...
2005-04-20 14:48:45 +00:00
4cf500763f
Release 0.8.2.
2005-04-20 14:15:03 +00:00
efd8955a3d
General update.
2005-04-20 12:29:36 +00:00
b92bb993af
Add blog entry.
2005-04-20 11:32:37 +00:00
fdf5c63033
Add obtainUsername method as per http://forum.springframework.org/viewtopic.php?t=4757 .
2005-04-13 22:17:05 +00:00
59b3bc582d
Disable one page per chapter option.
2005-04-08 23:17:03 +00:00
2ee7cc1c18
General update.
2005-04-06 06:39:03 +00:00
204da55a0b
PasswordDaoAuthenticationProvider no longer stores String against Authentication.setDetails().
2005-04-03 21:48:45 +00:00
7c9bd78e16
Initial commit.
2005-03-28 21:40:44 +00:00
9649003d57
AbstractProcessingFilter no longer uses a set*FailureUrl approach for every exception, it now uses a properties object that maps authenticationExceptions to failure urls
2005-03-28 17:42:21 +00:00
684d5bc10e
Handle null Authentication.getAuthorities() in AuthorizeTag.
2005-03-27 06:36:41 +00:00
8e6305ae81
Update commons-codec dependency to 1.3.
2005-03-25 22:33:18 +00:00
8ae2276843
TokenBasedRememberMeServices changed to use long instead of int for tokenValiditySeconds.
2005-03-25 22:07:00 +00:00
8884ca51af
Add credentialsExpiredFailureUrl getter/setter to AbstractProcessingFilter.
2005-03-23 23:22:51 +00:00
747825cda1
Correct location of AuthenticationSimpleHttpInvokerRequestExecutor in clientContext.xml.
2005-03-22 22:56:36 +00:00
01aaadbe0d
Prepare for 0.8.2 (assuming 0.8.2 is the next version, but subject to change).
2005-03-22 11:57:32 +00:00
48dd6c5c73
Release 0.8.1.
2005-03-22 11:25:41 +00:00
9f66c0eae9
Update to current Spring JAR dependencies.
2005-03-22 11:17:22 +00:00
2b6b81f39a
Use Spring 1.1.5 JARs.
2005-03-22 08:52:22 +00:00
c936801842
DigestProcessingFilter now provides userCache getter and setter.
2005-03-21 08:03:11 +00:00
0530351f0d
Provide toString() method on User.
2005-03-21 05:33:51 +00:00
a2b9da7e22
StringSplitUtils.split() ignored delimiter argument.
2005-03-21 05:14:48 +00:00
6f31ecb04b
UserDetails now indicates locked accounts.
2005-03-21 03:22:59 +00:00
f1f5e687ee
Note change to Authentication.getDetails().
2005-03-20 22:34:15 +00:00
d59db9ecdc
Note about X509 Contacts Sample.
2005-03-20 22:27:49 +00:00
a056946c49
HttpSessionContextIntegrationFilter now handles HttpSession invalidation without redirection.
2005-03-18 00:50:12 +00:00
52c42a7a40
Corrected Authz parsing of whitespace in GrantedAuthoritys. Contributed by Francois Beausoleil.
2005-03-14 06:09:33 +00:00
63aee2e0a9
Add Matthew's latest blog entry.
2005-03-13 21:58:45 +00:00
df91d352cb
AbstractBasicAclEntry improved compatibility with Hibernate, as per http://forum.springframework.org/viewtopic.php?t=3949 .
2005-03-13 21:01:16 +00:00
4763f953d3
FilterChainProxy now supports replacement of ServletRequest and ServetResponse by Filter beans.
2005-03-11 01:41:43 +00:00
c5fe428400
Patch by Matt Raible which returns null if Authentication is anonymous.
2005-03-10 12:00:30 +00:00
15535fff41
SecurityEnforcementFilter caused NullPointerException when anonymous authentication used with BasicProcessingFilterEntryPoint.
2005-03-10 11:11:25 +00:00
53bb4aebdf
Setup future development for 0.8.1.
2005-03-03 13:29:46 +00:00
4c5d0476b0
Prepare to release 0.8.0.
2005-03-03 00:06:46 +00:00
ee899dcedf
Remove duplicate.
2005-03-02 01:37:54 +00:00
60ef10e331
Fix typos.
2005-03-02 01:36:55 +00:00
888e48f236
More references.
2005-03-01 08:15:09 +00:00
2149059c74
Use without Spring article.
2005-03-01 08:15:03 +00:00
9a35091a86
Add nightly build notes.
2005-03-01 06:10:26 +00:00
f1e071b0f1
Added remember-me services.
2005-03-01 02:30:38 +00:00
0d33b06990
Fix NullPointerException if a pattern is given without any config attributes (eg /**/*.css=). Contributed by Konstantin Shaposhnikov.
2005-02-28 22:06:53 +00:00
873c3f6c3d
Improve Linux and non-Sun JDK (specifically IBM JDK) compatibility.
2005-02-28 03:02:32 +00:00
44397bb05d
Committing ConcurrentSessionController feature and tests. Documentation is needed.
2005-02-26 21:48:07 +00:00
edd3fcc72c
Added the reference guide using one page per chapter
2005-02-25 19:32:26 +00:00
a3818184f4
Added Digest Authentication support (RFC 2617 and RFC 2069).
2005-02-22 06:14:44 +00:00
cbf413afcd
Prepare for 0.8.0 as the next release.
2005-02-21 06:56:00 +00:00
dda66a0454
Significantly refactor "well-known location model" to authentication processing mechanism and HttpSessionContextIntegrationFilter model.
2005-02-21 06:48:31 +00:00
e52f3eacb1
Use WebAuthenticationDetails for Authentication.getDetails() by default.
2005-02-21 00:09:49 +00:00
f57b1b9a8f
General update.
2005-02-20 05:40:57 +00:00
52479ec8a7
Typo.
2005-02-18 10:26:33 +00:00
0b296e7cf0
Correct issue with JdbcDaoImpl default SQL query not using consistent case sensitivity as per http://forum.springframework.org/viewtopic.php?t=3526 .
2005-02-15 07:14:59 +00:00
7d183b8eea
More info on where to find samples' source files.
2005-02-15 07:06:13 +00:00
1949c3b27e
Added AuthenticationException to the commence method signature of the AutenticationEntryPoint. The best example of this
...
is the BasicProcessingFilterEntryPoint where the authException.getMessage() is used to send back an informative 401,
instead of just the error code.
Added AccessDeniedException to the sendAccessDeniedError method signature. The accessDeniedException.getMessage() result
is used to send an invormative 403 error back to the servletResponse by default.
2005-02-15 03:28:18 +00:00
f43c31c8d4
Add basic configuration blog entry.
2005-02-13 07:07:46 +00:00
beadf24610
Use static HttpServletResponse.SC_UNAUTHORIZED instead of 401 HTTP response code.
2005-02-13 00:59:48 +00:00
6370fadfdc
FilterSecurityInterceptor now only executes once per request (improves performance with SiteMesh). Suggested by Sanjiv Jivan.
2005-02-11 05:49:41 +00:00
cbe53e21b9
HttpSessionIntegrationFilter no longer creates a HttpSession unnecessarily.
2005-02-10 07:15:20 +00:00
aa575f7103
Updated clover link to cenqua.com
2005-02-08 15:18:13 +00:00
834f69168d
Support getUserPrincipal().
2005-02-04 22:38:07 +00:00
0be77abe75
Allow empty passwords as per http://forum.springframework.org/viewtopic.php?p=13343 .
2005-02-04 09:43:33 +00:00
ff9c7b6a72
Add Seth's blog update.
2005-02-04 07:02:52 +00:00
540a12df84
Listing Jaas changes
2005-01-31 05:18:17 +00:00
358056bf4d
Initial commit.
2005-01-30 21:39:26 +00:00
c8706c33ac
Log4J no longer expected in servlet container classpath.
2005-01-28 06:34:01 +00:00
3721a04979
Fixes.
2005-01-25 06:33:38 +00:00
Scott McCrory
Ben Alex
Luke Taylor
Ray Krueger
Carlos Sanchez