3730 Commits

Author SHA1 Message Date
Luke Taylor
dbcb13ad14 SEC-1229: Redesign Concurrent Session Control implementation. Renamed session strategy interface and introduced SessionAuthenticationException for rejection of session/Authentication combination. 2009-08-31 22:48:49 +00:00
Luke Taylor
0d7b990e0a SEC-1184: Moved ACL cache classes and interface out of jdbc package. 2009-08-31 22:15:37 +00:00
Luke Taylor
6236858356 SEC-951: Acl Serialization Errors that cohere with parent-child-structure of Acls. Modified tests to reproduce the issue and applied suggested fix (recursive call to set transient fields on parent). 2009-08-31 19:15:13 +00:00
Luke Taylor
98ffda85e0 minor doc update 2009-08-30 14:35:33 +00:00
Luke Taylor
a4ccc4ac21 Make WebSecurityExpressionRoot public to allow reuse. 2009-08-28 14:02:02 +00:00
Luke Taylor
471206a29d SEC-1229: Redesign Concurrent Session Control implementation. Added ConcurrentSessionControlAuthenticatedSessionStrategy 2009-08-27 10:43:01 +00:00
Luke Taylor
ab0d66071a SEC-1226: Introduce RedirectStrategy to replace RedirectUtils. Implemented strategy and applied throughout relevant classes. 2009-08-27 10:42:11 +00:00
Luke Taylor
092d7b5c2b Fix CAS filter configuration. 2009-08-25 20:26:12 +00:00
Luke Taylor
d55c86bea9 SEC-1169: Added relevant attribute docs to namespace appendix 2009-08-24 12:18:02 +00:00
Luke Taylor
c6fa690d2e Fixed some docbook links 2009-08-24 11:40:28 +00:00
Luke Taylor
fe33f08b73 SEC-1201: Allow requires-channel attribute to take placeholders. 2009-08-23 16:42:06 +00:00
Luke Taylor
00352227ac Tidying. 2009-08-23 16:03:40 +00:00
Luke Taylor
ea01e9cdf7 SEC-1201: PropertyPlaceholderConfigurer does not work for intercept-url attributes. Ensure that channel processing handles paths which are placeholders. 2009-08-23 15:57:59 +00:00
Luke Taylor
9bf8656d66 SEC-1201: PropertyPlaceholderConfigurer does not work for intercept-url attributes. Added use of ManagedMaps and BeanDefinitions to support placeholders in the pattern and access attributes. 2009-08-22 21:09:34 +00:00
Luke Taylor
0b5160d155 Javadoc correction. 2009-08-22 18:02:39 +00:00
Luke Taylor
bb4d818862 SEC-1188: Added "getContexHolderStrategy" method to SecurityContextHolder. 2009-08-22 13:31:13 +00:00
Luke Taylor
c59f786919 SEC-1212: Added info on password encoding to the namespace appendix 2009-08-22 13:09:23 +00:00
Luke Taylor
579644fa95 SEC-1225: Use bean references for authentication providers. Updated AuthenticationManagerBDP to regsiter the providers as top level beans. 2009-08-22 12:37:14 +00:00
Luke Taylor
24911eb606 Corrected links in manual, comment in schema file. 2009-08-22 01:54:31 +00:00
Luke Taylor
5a8772df5b Reset pom versions post release 2009-08-21 12:02:49 +00:00
Luke Taylor
0e5aa7008d [maven-release-plugin] prepare release spring-security-3.0.0.M2 3.0.0.M2 2009-08-20 15:51:26 +00:00
Luke Taylor
d6e51b8428 Doc updates describing namespace changes 2009-08-20 15:47:36 +00:00
Luke Taylor
984b2835d6 Update CAS sample to use new namespace syntax for authentication providers. 2009-08-20 14:58:59 +00:00
Luke Taylor
2443cf6615 Disable itest module prior to release 2009-08-20 14:47:15 +00:00
Luke Taylor
d47abbc35f SEC-1223: Added break to bindWithDnLoop when non-null use is returned. 2009-08-19 21:34:05 +00:00
Luke Taylor
2f9a98c7ce SEC-214: Update keywords. 2009-08-18 23:39:33 +00:00
Luke Taylor
8ed9f8a057 Remove wrongly named file 2009-08-18 23:32:40 +00:00
Luke Taylor
4df370b100 SEC-214: Add functionality to be able to use LDAP password policy request/response controls. Added PasswordPolicyAwareContextSource, ppolicy control implementations (from Sandbox) and modified BindAuthenticator to check for the presence of the response control, adding the control to the retured DirContextAdapter if appropriate. LdapUserDetailsImpl also contains the data for grace logins remaining and time till password expiry. Added OpenLDAP startup script with test data and integration test which operates against the data (must be run manually). 2009-08-18 23:09:16 +00:00
Luke Taylor
48988bde84 SEC-935: Support for OpenID attribute exchange and changes to namespace syntax to allow simple configuration of attributes to request. 2009-08-13 23:55:25 +00:00
Luke Taylor
5e4743d8f2 Updated to Spring 3 M4 prior to M2 release 2009-08-11 17:48:46 +00:00
Luke Taylor
e6631be778 Import cleaning 2009-08-10 16:07:05 +00:00
Luke Taylor
faa6be2011 SEC-935: Updated to OpenID4Java 0.9.5 release 2009-08-10 16:06:19 +00:00
Luke Taylor
6f76fe6fbb Import cleaning 2009-08-10 16:04:54 +00:00
Luke Taylor
eb059cfd12 SEC-1211: removed SessionUtils (no longer used) 2009-08-10 14:30:17 +00:00
Luke Taylor
f536c80020 SEC-1202: Removed SpringSecurityFilter and replaced with use of GenericFilterBean from spring-web 2009-08-10 14:18:18 +00:00
Luke Taylor
b807f7cbdd Added comment to pom to explain spring-web requirement 2009-08-10 14:05:16 +00:00
Luke Taylor
972cd0a53c javadoc 2009-08-10 12:10:04 +00:00
Luke Taylor
d65b1b3581 SEC-1200: Ukranian messages file 2009-08-10 11:41:24 +00:00
Luke Taylor
966f3e4101 SEC-1182: Added tst to confirm that this is no longer an issue due to other changes 2009-08-10 11:32:02 +00:00
Luke Taylor
b4bb489638 SEC-1164: Further registering on bean components for tooling and removal of global ids. 2009-08-08 21:08:12 +00:00
Luke Taylor
b387d63aba Removing unnecessary global bean names. 2009-08-08 18:57:51 +00:00
Luke Taylor
a67448c867 SEC-1216: Remove unused code. 2009-08-08 18:51:15 +00:00
Luke Taylor
229866e293 SEC-1142: Support for session timeout detection. Added namespace support for invalid-session-url 2009-08-07 23:57:10 +00:00
Luke Taylor
c12e5b4d0b SEC-1142: Renamed setter argument to match property. 2009-08-07 22:55:14 +00:00
Luke Taylor
ea73fd0130 SEC-1142: Simplified implementation by removing template method. 2009-08-07 22:54:07 +00:00
Luke Taylor
90d76373cc SEC-1142: Support for session timeout detection. Added redirect to invalidSessionUrl in SessionManagementFilter when an invalid session Id is supplied in the request. 2009-08-07 17:12:12 +00:00
Luke Taylor
0f6642d3ab SEC-1216: Replacement of custom-after-invocation-provider with after-invocation-provider element. Some changes to help prevent proxying of aop infrastructure classes (use of AopInfrastructureBean marker interface) 2009-08-04 00:18:07 +00:00
Luke Taylor
eaa0dc4fce typo 2009-08-03 16:30:26 +00:00
Luke Taylor
e40b9fbc75 SEC-1196: Introduce AuthenticationManagerDelegator is MethodSecurityInterceptor which is configured by global-method-security. Prevents regression of SEC-933 caused by eager init of AuthenitcationManager and dependent beans 2009-08-03 01:44:49 +00:00
Luke Taylor
997faabe1e SEC-1196: Removed ConfigUtils (no longer used). 2009-08-03 00:22:47 +00:00