Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,619 Commits 32 Branches 334 Tags 112 MiB
Commit Graph

95 Commits

Author SHA1 Message Date
Luke Taylor 71ab83255d SEC-1242: Check that RememberMeServices is an instance of AbstractRememberMeServices before attempting to inject a UserDetailsService. 2009-09-11 21:10:16 +00:00
Luke Taylor fa7404741b SEC-1167: Introduce more flexible SavedRequest handling. Add namespace support for a custom RequestCache through the request-cache element. 2009-09-09 21:40:12 +00:00
Luke Taylor aec730ae7e SEC-1238: Disable portlet module 2009-09-09 20:03:00 +00:00
Luke Taylor 6640eab9dc SEC-1240: Added {ssha} support to PasswordEncoderParser. 2009-09-09 12:12:29 +00:00
Luke Taylor d099d14e9b SEC-1235: Added test to attempt to verify (failed to reproduce). 2009-09-05 14:14:12 +00:00
Luke Taylor 8632946f30 SEC-1213: Added "order" atrribute to global-method-security 2009-09-04 15:54:42 +00:00
Luke Taylor 245fc96137 SEC-1075: Update the embedded LDAP server to use Apache DS 1.5. Updated to use the new 1.5.5 release for the embedded server. 2009-09-01 23:21:44 +00:00
Luke Taylor 2039200617 SEC-1217: AbstractRememberMeServices should set 'secure' attribute on remember-me cookie if in secure context. Added "useSecureCookie" configuration property and corresponding use-secure-cookie attribute in namespace. 2009-09-01 16:08:20 +00:00
Luke Taylor dbcb13ad14 SEC-1229: Redesign Concurrent Session Control implementation. Renamed session strategy interface and introduced SessionAuthenticationException for rejection of session/Authentication combination. 2009-08-31 22:48:49 +00:00
Luke Taylor 0d7b990e0a SEC-1184: Moved ACL cache classes and interface out of jdbc package. 2009-08-31 22:15:37 +00:00
Luke Taylor 471206a29d SEC-1229: Redesign Concurrent Session Control implementation. Added ConcurrentSessionControlAuthenticatedSessionStrategy 2009-08-27 10:43:01 +00:00
Luke Taylor fe33f08b73 SEC-1201: Allow requires-channel attribute to take placeholders. 2009-08-23 16:42:06 +00:00
Luke Taylor 00352227ac Tidying. 2009-08-23 16:03:40 +00:00
Luke Taylor ea01e9cdf7 SEC-1201: PropertyPlaceholderConfigurer does not work for intercept-url attributes. Ensure that channel processing handles paths which are placeholders. 2009-08-23 15:57:59 +00:00
Luke Taylor 9bf8656d66 SEC-1201: PropertyPlaceholderConfigurer does not work for intercept-url attributes. Added use of ManagedMaps and BeanDefinitions to support placeholders in the pattern and access attributes. 2009-08-22 21:09:34 +00:00
Luke Taylor 579644fa95 SEC-1225: Use bean references for authentication providers. Updated AuthenticationManagerBDP to regsiter the providers as top level beans. 2009-08-22 12:37:14 +00:00
Luke Taylor 24911eb606 Corrected links in manual, comment in schema file. 2009-08-22 01:54:31 +00:00
Luke Taylor 5a8772df5b Reset pom versions post release 2009-08-21 12:02:49 +00:00
Luke Taylor 0e5aa7008d [maven-release-plugin] prepare release spring-security-3.0.0.M2 2009-08-20 15:51:26 +00:00
Luke Taylor 48988bde84 SEC-935: Support for OpenID attribute exchange and changes to namespace syntax to allow simple configuration of attributes to request. 2009-08-13 23:55:25 +00:00
Luke Taylor f536c80020 SEC-1202: Removed SpringSecurityFilter and replaced with use of GenericFilterBean from spring-web 2009-08-10 14:18:18 +00:00
Luke Taylor 966f3e4101 SEC-1182: Added tst to confirm that this is no longer an issue due to other changes 2009-08-10 11:32:02 +00:00
Luke Taylor b4bb489638 SEC-1164: Further registering on bean components for tooling and removal of global ids. 2009-08-08 21:08:12 +00:00
Luke Taylor b387d63aba Removing unnecessary global bean names. 2009-08-08 18:57:51 +00:00
Luke Taylor a67448c867 SEC-1216: Remove unused code. 2009-08-08 18:51:15 +00:00
Luke Taylor 229866e293 SEC-1142: Support for session timeout detection. Added namespace support for invalid-session-url 2009-08-07 23:57:10 +00:00
Luke Taylor 0f6642d3ab SEC-1216: Replacement of custom-after-invocation-provider with after-invocation-provider element. Some changes to help prevent proxying of aop infrastructure classes (use of AopInfrastructureBean marker interface) 2009-08-04 00:18:07 +00:00
Luke Taylor eaa0dc4fce typo 2009-08-03 16:30:26 +00:00
Luke Taylor e40b9fbc75 SEC-1196: Introduce AuthenticationManagerDelegator is MethodSecurityInterceptor which is configured by global-method-security. Prevents regression of SEC-933 caused by eager init of AuthenitcationManager and dependent beans 2009-08-03 01:44:49 +00:00
Luke Taylor 997faabe1e SEC-1196: Removed ConfigUtils (no longer used). 2009-08-03 00:22:47 +00:00
Luke Taylor 5953af0f6b SEC-1196: Change use of <authentication-manager> to actually register the global ProviderManager instance. This element now registers the global ProviderManager instance and must contain any authentication-provider elements (or ldap-authentication-provider elements). 2009-08-03 00:21:11 +00:00
Luke Taylor c5d6484b54 SEC-1210: RememberMe filter misses UserDetailsService in default <http /> tag config when it is declared in parent app context. Fixed by getting the UserDetailsServiceInjectionPostProcessor to check ancestor bean factories for a UserDetailsService if one isn't found in the current bean factory. 2009-07-31 19:40:20 +00:00
Luke Taylor 160aa512a1 Remove "infrastructure" type from authentication provider bean. 2009-07-31 19:38:16 +00:00
Luke Taylor 6ae61f95db Minor updates to test XML context implementation. 2009-07-31 19:37:05 +00:00
Luke Taylor a4a0aab66f SEC-1164: Add additional component definitions so that Spring IDE picks them up and doesn;t report missing bean definitions 2009-07-31 00:18:16 +00:00
Luke Taylor 5d5df0c63d Added extra 'manual' security interceptor config 2009-07-29 16:08:04 +00:00
Luke Taylor 3e6054b69f SEC-1211: Rename SessionFixationProtectionFilter to SessionManagementFilter, since it no longer performs session-fixation protection directly, but just executes the AuthenticatedSessionStrategy. 2009-07-29 00:52:30 +00:00
Luke Taylor 609a68b12a SEC-1077: Added DefaultAuthenticatedSessionStrategy test to check that saved request attribute is retained when migrateAttributes is false. 2009-07-28 23:47:26 +00:00
Luke Taylor db90122179 SEC-1211: Create strategy for session handling on successful authentication. Added AuthenticatedSessionStrategy interface and default implementation which encapsulates the functionality that was previously in SessionFixationProtectionFilter and AbstractAuthentictationProcessingFilter. Updated the namespace to make use of these. 2009-07-28 18:00:24 +00:00
Luke Taylor 931cf90dbb SEC-1203: Allow configuration of X509 subject-dn-regex attribute using PropertyPlaceholderConfigurer. Modified parser to use a BeanDefinition for the SubjectPrincipalDnExtractor to allow property subsititution. 2009-07-21 00:14:57 +00:00
Luke Taylor 8b115e2a21 SEC-1167: Added setRequestCache to SavedRequestAwareAuthenticationSuccessHandler and updated namespace parsing to set PortResolver on created HttpRequestCache. 2009-07-20 22:52:48 +00:00
Luke Taylor f404bb3d74 SEC-1167: Introduce more flexible SavedRequest handling. Separated the concept of SavedRequest from SecurityContextHolderAwareFilter since the two are orthogonal requirements. This no longer takes a wrapper class property or uses reflection. SavedRequest functionality is accessed through the RequestCache interface, with the default implementation being HttpSessionRequestCache. A separate filter RequestCacheAwareFilter is now responsible for reconstituting the SavedRequest if it matches the current request. The functionality for matching and returning the wrapper is contained in the RequestCache method though. 2009-07-20 22:34:40 +00:00
Luke Taylor 491837ae34 SEC-1197: Moved support from session-controller-ref from authentication-manager to concurrent-session-control element. Plus refactoring of config classes into separate packages. 2009-07-17 23:36:35 +00:00
Luke Taylor 1afa67c954 SEC-1195: Added internal AuthenticationManager for use by beans which are generated by the <http> block. 2009-07-15 23:09:47 +00:00
Luke Taylor 6346e31517 SEC-1195: Change <http> parsing behaviour to use an internal AuthenticationManager instance. Implemented "parent" AuthenticationManager in ProviderManager which is delegated to when no authentication is returned by the instances list of authentication providers. Extracted the Authentication success/failure publishing into a separate strategy. 2009-07-15 01:28:28 +00:00
Luke Taylor d59bdc0cbc Reducing use of global bean Ids as part of SEC-1186 2009-07-08 23:54:26 +00:00
Luke Taylor 7622dfe092 SEC-1194: Added support for services-alias to remember-me 2009-07-08 23:53:47 +00:00
Luke Taylor d02bbbf560 import cleaning. 2009-07-08 17:17:45 +00:00
Luke Taylor 43dab4c3b3 SEC-1186: Additional changes to remove custom-filter decorator functionality. 2009-07-08 16:50:47 +00:00
Luke Taylor abddcb044a SEC-1186: Remove functionality from CustomFilterBeanDefinitionDecorator and report a warning instead. 2009-07-08 16:49:30 +00:00