Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-11-03 16:18:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,766 Commits 48 Branches 362 Tags
Commit Graph

2914 Commits

Author SHA1 Message Date
Luke Taylor
a0bcf7184c SEC-1061: Renamed serverSideRedirect property. 2008-12-14 23:56:30 +00:00
Luke Taylor
cf3cac90ad SEC-1058, SEC-745: Updating comments 2008-12-14 23:53:44 +00:00
Luke Taylor
3f38035057 SEC-1058: Renamed "forwardToDestination" to "useForward" for simplicity and consistency with the namespace. 2008-12-14 22:53:31 +00:00
Luke Taylor
2927b8464f SEC-1058: Substantial refactoring of AbstractProcessingFilter to use AuthenticationFailureHandler strategy. Also changed attemptAuthentication method to take a response object and have the option of returning null, to allow OpenIDAuthenticationProcessingFilter to work without having to throw exceptions between the template methods (which made the logic very hard to follow). The OpenID filter now redirects to the OpenID provider service from this method, rather than treating it as a temporary failure and throwing OpenIDAuthenticationRequiredException. 2008-12-14 22:20:21 +00:00
Luke Taylor
839279161d SEC-745: Added concrete failure handling strategies. 2008-12-13 23:34:15 +00:00
Luke Taylor
6664f57ff6 SEC-992: Removed the line setting returningObj to false. 2008-12-12 23:22:26 +00:00
Luke Taylor
10e4d1fe1a SEC-1058: Partial refactoring of AbstractProcessingFilter. It now uses the injected SuccssfulAuthenticationHandler strategy instead of managing everything itself. The default implementation is SavedRequestAwareSuccessfulAuthenticationHandler which encapsulates most of the filter's success logic along with the code which was previously in TargetUrlResolver. Removed TargetUrlResolver. 2008-12-12 22:30:57 +00:00
Luke Taylor
615194710e SEC-745: Created AuthenticationFailureHandler and AuthenticationSuccessHandler strategy interfaces. 2008-12-12 17:25:09 +00:00
Luke Taylor
48dce501ce SEC-942: Added createEmptyContext() method to SecurityContextHolderStrategy and SecurityContextHolder to encapsulate the context implemetentation in one place. HttpSessionSecurityContextRepository calls this method when it needs a new context to store in the session. 2008-12-12 14:27:23 +00:00
Luke Taylor
aec23749d7 SEC-1056: Remove deprecated FilterToBeanProxy: It's gone 2008-12-12 13:04:37 +00:00
Luke Taylor
3fcc7b5403 SEC-1051: Moved voter and afterinvocation packages into acl package. Also moved filterer classes fom core, as they are used in the acl after-invocation classes 2008-12-12 12:47:42 +00:00
Luke Taylor
a443e55832 SEC-1057: Refactored TargetUrlResolver to remove SavedRequest from determineTargetUrl method. 2008-12-11 17:00:13 +00:00
Luke Taylor
093365b2f4 Removed unnecessary cast. 2008-12-11 16:42:25 +00:00
Luke Taylor
30f9b3e72c SEC-995: AbstractSecurityInterceptor exception message improvement. Added the secured object to the exception message to make it easier to track down the originating method which causes a problem with public invocations. 2008-12-10 16:57:40 +00:00
Luke Taylor
3f40604b82 SEC-1055: Converted interfaces and methods using ServletRequest/Response to HttpServletRequest/Response where appropriate. 2008-12-10 13:48:25 +00:00
Luke Taylor
acfcac4594 SEC-996: AccessDeniedhandlerimpl doesn't write response code if used with errorPage 
Applied supplied patch which checks the committed flag before forwarding to the error page.
 2008-12-10 12:36:59 +00:00
Luke Taylor
7fe6a0fc0d SEC-1033: Added support for web IP ranges based on an address and netmask. 2008-12-09 23:14:44 +00:00
Luke Taylor
7767a9ed60 SEC-1033: Add basic equality support for hasIpAddress() expression. 2008-12-09 18:04:08 +00:00
Luke Taylor
3da68a7a82 Java5 stuff 2008-12-09 18:02:58 +00:00
Luke Taylor
046456c142 Removed unused constants. 2008-12-09 14:33:31 +00:00
Luke Taylor
3e8de229be Java5 updates. 2008-12-09 14:30:37 +00:00
Luke Taylor
98422b69a8 Java5 updates. 2008-12-09 14:27:31 +00:00
Luke Taylor
c2ac125719 Tidying up. 2008-12-08 21:55:33 +00:00
Luke Taylor
a2ef10e65f SEC-1033: Fixed missing AuthenticationTrustResolver in web SecurityExpressionRoot. Converted some logging to trace level. 2008-12-08 21:54:47 +00:00
Luke Taylor
6b4045667a SEC-1033: Completed working version of web expression support. 
SEC-999: Added getExpressionParser() method to the security handler interface to allow both web and method expression security to obtain a suitable parser from the configuration for parsing their expression attributes.
 2008-12-08 01:01:14 +00:00
Luke Taylor
fd3990c1f8 SEC-1033: Refactored DefaultFilterInvocationDefinitionSource to remove legacy methods and make it immutable. 2008-12-07 22:46:36 +00:00
Luke Taylor
bed00e10f5 Reduced visibility of attribute names in HttpSecurityBDP. 2008-12-07 13:46:09 +00:00
Luke Taylor
9bb64d1974 Removed out of date javadoc reference to SecurityEnforcementFilter. 2008-12-06 17:56:24 +00:00
Luke Taylor
7265a70f0a SEC-1012: Java5 - use of vararg methods. 2008-12-06 17:33:19 +00:00
Luke Taylor
c3d216e7bb SEC-1012: Minor improvements to SecurityContextHolderAwareRequestFilter and conversion to use jmock for test. 2008-12-06 17:31:53 +00:00
Luke Taylor
953a4ab9ea SEC-1036: Removed deprecated class and unnecessary mock. 2008-12-05 22:30:26 +00:00
Luke Taylor
6293541b73 SEC-1036: Updated DefaultSpringSecurityContextSource to enable pooling for "manager" users by default but not when binding directly as a user. 2008-12-05 22:04:51 +00:00
Luke Taylor
bc6878c1c5 SEC-1044: Removed remember-me functionality from http auto-config namespace configuration. Added explicit <remember-me> elements to contacts and tutorial sample configurations. 2008-12-05 16:36:43 +00:00
Luke Taylor
58c237fa74 SEC-1015: Removed final packages/directories for old acl code. 2008-12-05 16:07:40 +00:00
Luke Taylor
38f466dcfc SEC-1039: Refactored post-request session-creation logic into separate method. Some comment improvements. 2008-12-05 15:51:29 +00:00
Luke Taylor
48874d69a7 SEC-1039: Made sure "old" security context session key points to new one so they always match. 2008-12-05 14:54:01 +00:00
Luke Taylor
fd7fc0c8a5 SEC-1039: Corrected reference to security context key to match new value. 2008-12-05 14:52:52 +00:00
Luke Taylor
c5e1fd77ec SEC-1045: Added testsfor use of external context storage strategy through the namespace 2008-12-04 14:25:55 +00:00
Luke Taylor
7dfbcf2ddf SEC-990: Clarify the semantics of the ConsensusBased ADM. Added the suggested patch to the Javadoc for this class. 2008-12-04 13:32:35 +00:00
Luke Taylor
ffc8637def Tidying up. 2008-12-03 11:02:56 +00:00
Luke Taylor
8587d4c635 Switch to non-deprecated methods. 2008-12-03 10:21:27 +00:00
Luke Taylor
3e2930d785 SEC-1045: Added security-context-repository-ref attribute to <http> 2008-12-02 16:14:03 +00:00
Luke Taylor
f2969392a6 SEC-1043: Improved Javadoc for LdapAuthenticationProvider user details mapping methods. 2008-12-02 14:32:44 +00:00
Luke Taylor
9ab69ddcaf Converted to use jmock. 2008-12-02 13:58:20 +00:00
Luke Taylor
72eee6f1ca Removing unused mock classes. 2008-12-02 13:07:06 +00:00
Luke Taylor
fba57bdf5b Removed unused MockAccessDecisionManager class 2008-12-02 12:56:04 +00:00
Luke Taylor
283b932fe0 Minor tidying up. 2008-12-02 12:53:48 +00:00
Luke Taylor
f3387cd879 2008-12-02 12:49:13 +00:00
Luke Taylor
a09b15ce5f Added tests for AuthenticationDetailsSourceImpl (and AuthenticationDetails). 2008-12-01 15:50:31 +00:00
Luke Taylor
8283074097 Tidying. 2008-12-01 15:49:35 +00:00