Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,109 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

1115 Commits

Author SHA1 Message Date
Luke Taylor 9dbeda1c85 Corrected out of date comments referring to SecurityEnforcementFilter etc. 2007-10-03 11:13:40 +00:00
Luke Taylor 87ddc63f73 Format to correct spacing. 2007-10-02 16:13:55 +00:00
Luke Taylor 6fbf73e74f Added explicit dependency override on mina 1.0.5 to get round this problem: 
http://issues.apache.org/jira/browse/DIRMINA-366 

when using apache DS embedded. It causes failures on linux, but not on OS X.
 2007-10-02 16:13:06 +00:00
Luke Taylor 438dc44004 Minor changes to improve robustess of LDAP tests. 2007-10-02 14:50:08 +00:00
Luke Taylor 5a3f5fcd78 Minor changes to improve robustess of LDAP tests. 2007-10-02 14:49:08 +00:00
Luke Taylor a4266f3fb8 Minor imrovements to configuration of embedded apache server. 2007-10-02 14:20:27 +00:00
Luke Taylor acb02246e0 Refactored embedded LDAP server tests to make use of new namespace configuration. Use Junit 4 annotations in preference to AbstractDependencyInjectionSpringContextTests so that it is possible to clear up the context after each class is run rather than at JVM shutdown (causes problems with running embedded apache DS). 2007-10-02 10:52:06 +00:00
Luke Taylor 77b6503e2e SEC-271: Added namespace handler class and experimental LDAP parser. The latter creates an embedded Apache DS server if no server URL is supplied, so changed dependencies on the latter to compile-time/optional. 2007-10-02 10:46:38 +00:00
Luke Taylor 5066fc5e39 SEC-562: Changed urls for login, logout, switch user etc. 2007-09-24 15:39:51 +00:00
Luke Taylor eacbc71ba1 Switch ldap server port to 3999 (intermittent test failures occurring). 2007-09-23 20:57:01 +00:00
Luke Taylor 18c8ba4ac2 SEC-562: Changing constants and key names. 2007-09-23 11:16:01 +00:00
Luke Taylor 757b153430 SEC-562: Repackaging adapters module. 2007-09-22 11:54:13 +00:00
Luke Taylor 5a586c04a9 SEC-562: Repackaging core. 2007-09-21 18:18:21 +00:00
Luke Taylor 274658f9b0 SEC-272: Added group tables to test DB. 2007-09-21 15:51:36 +00:00
Luke Taylor d19fe54c01 Renamed test class to match target (JdbcDaoImpl). 2007-09-21 15:50:23 +00:00
Luke Taylor 400a3b90f0 SEC-232: Additional updates to hierachical roles code from contributor. 2007-09-19 22:10:31 +00:00
Luke Taylor eb0307bcd9 SEC-557: Reinstate use of default AccessDeniedHandlerImpl for the time being (2.0 branch). 2007-09-19 16:49:18 +00:00
Luke Taylor 477dc308f8 SEC-413: Consistent redirect behaviour between LogoutFilter and AbstractProcessingFilter. (previous commit of AbstractProcessingFilter has an erroneous message). 2007-09-19 16:27:23 +00:00
Luke Taylor 7139cbafbb Removed assertions on response buffer size. 2007-09-19 16:25:31 +00:00
Luke Taylor dde3803532 Removed assertions on response buffer size. 2007-09-19 16:24:20 +00:00
Luke Taylor 03beaf0777 SEC-448: MD4 password encode implementation. 2007-09-19 15:28:57 +00:00
Luke Taylor 2ef2bfc514 SEC-561: Removed setting of respose buffer size prior to redirect. 2007-09-19 15:17:29 +00:00
Luke Taylor 809c962d3b Corrected method name in comment. 2007-09-19 15:04:30 +00:00
Luke Taylor 0288204432 SEC-369: Made spring-jdbc and spring-remoting optional dependencies in core. Removed explicit commons-lang dependency and updated commons logging to 1.1. 2007-09-19 00:23:33 +00:00
Luke Taylor fdd3dfc51f Remove explicit commons-lang dependency. 2007-09-19 00:17:04 +00:00
Luke Taylor 2f03000b68 SEC-232: Add role hierarchy contribution. 2007-09-17 22:37:39 +00:00
Luke Taylor 1a4b32e50e Remove unused import. 2007-09-17 22:17:42 +00:00
Luke Taylor e872823490 SEC-559: Throw an initialization exception if configured truststore file doesn't exist. 2007-09-17 21:29:40 +00:00
Luke Taylor 96eb11aadc SEC-399: Add support for invalidating the existing session on successful authentication. 2007-09-17 15:54:07 +00:00
Luke Taylor 0efa5c3090 SEC-458: implementy hashCode() in PrincipalSid and GrantedAuthoritySid. 2007-09-17 13:10:17 +00:00
Luke Taylor d79d55c8b6 SEC-8: Changes to LDAP authenticator API to take an authentication object rather than username/password. 2007-09-17 12:28:07 +00:00
Luke Taylor c7354c125a SEC-417: Fix. Remove hard-coded messages from JdbcDaoImpl to allow internationalized versions for "user not found" etc. 2007-09-16 22:20:08 +00:00
Luke Taylor 8a35f7da75 SEC-558: Combine user mapping implementations into a single interface and make more use of DirContextOperations in SS LDAP APIs. 2007-09-16 18:56:00 +00:00
Luke Taylor 56deb3dd83 SEC-549: Trim whitespace from username submitted with login form. 2007-09-14 14:25:21 +00:00
Luke Taylor 8398e940cf SEC-449: Corrected comment. 2007-09-14 14:18:54 +00:00
Luke Taylor fdbcbec9d8 SEC-449: Reamed template test class to match tested class. Added test method for case when no attribute value is found. 2007-09-14 14:17:30 +00:00
Luke Taylor 223a597208 SEC-449: Changed role searching to use parent spring ldap template search method. 2007-09-14 14:16:28 +00:00
Luke Taylor b7d9466f99 SEC-449: Remoned unnecessary declaration of ContextMapper interface. 2007-09-14 14:12:32 +00:00
Luke Taylor 97ef5f389f SEC-449: Remoned unnecessary declaration of ContextMapper interface. 2007-09-14 14:11:57 +00:00
Luke Taylor d208cf3824 SEC-449: Make LdapUserDetailsMapper a pure ContextMapper so it can be used with LdapTemplate. 2007-09-13 20:42:50 +00:00
Luke Taylor 6d8f92e1b8 Allow an ldif file to be set in the configuration and loaded on initialization. 2007-09-13 20:40:49 +00:00
Luke Taylor ae40919d13 Tidying up class. 2007-09-12 19:55:52 +00:00
Luke Taylor c0f5230667 SEC-302: Add rolePrefix property to SecurityContextHolderAwareRequestFilter. 2007-09-11 17:29:47 +00:00
Luke Taylor 6a6bafa219 Make sure test classes which are setting the context clear it in their tearDown methods. 2007-09-11 14:13:50 +00:00
Luke Taylor c56b8c4117 SEC-471: Allow names of username and password parameters to be customized in AuthenticationProcessingFilter. 2007-09-11 12:12:14 +00:00
Luke Taylor 3326525b65 SEC-368: Tidied up captcha spelling. 2007-09-11 11:16:07 +00:00
Luke Taylor dd2a46c7ca SEC-368: Tidied up captcha spelling. 2007-09-11 11:11:05 +00:00
Luke Taylor c91400b03b Corrected scm sections of core and parent poms. 2007-09-10 23:18:43 +00:00
Luke Taylor 448e8cfb42 SEC-551: Convert RegExpBasedFilterInvocationDefinitionMap and DaoX509AuthoritiesPopulator to use JDK regexps. Removed ORO dependency from the project. 2007-09-10 23:09:36 +00:00
Luke Taylor 6eb17c8546 SEC-513: Ldap user manager implementation classes changed to use new spring ldap apis. 2007-09-10 21:13:45 +00:00
Luke Taylor afaa169e97 SEC-449: Test data ldif file for ApacheDS. 2007-09-10 21:09:59 +00:00
Luke Taylor 0503c3e1ab SEC-449: Refactoring towards more use of Spring LDAP. Also borrowed the Spring LDAP integration testing setup which is much better and makes use of the full LDAP stack. There were still problems with using Apache DS's CoreContextFactory (e.g. compare operations) so it is an improvement on that front too. Moved spring ldap to 1.2-RC1 version. 2007-09-10 21:09:02 +00:00
Scott Battaglia f7815e8da2 SEC-520 
added parameter to determine whether to encode the session id or not and an explanation on when it should/should not be used.
 2007-09-10 15:11:56 +00:00
Luke Taylor e7ede68352 Update ldap test base class to use LdapContext by default. 2007-09-07 20:52:03 +00:00
Luke Taylor ff1f1d8ef5 SEC-449: Rename internal LdapTemplate class to SpringSecurityLdapTemplate to avoid confusion. 2007-09-07 20:49:38 +00:00
Luke Taylor f178ca2a39 Updated trunk poms to 2.0-SNAPSHOT version 2007-09-07 20:14:55 +00:00
Luke Taylor 70239a9769 SEC-513: First check in of user management stuff. 2007-09-07 20:01:46 +00:00
Luke Taylor 9b71b5aa00 SEC-449: Mostly changes to aid moving towards compatibility with spring-ldap. 2007-09-07 19:55:45 +00:00
Luke Taylor 8d4b97f685 Updated poms post-release 1.0.5 2007-09-06 02:52:09 +00:00
Luke Taylor c8b6111418 Release 1.0.5. 2007-09-06 01:52:53 +00:00
Luke Taylor 3de8745494 Commented out (another) failing captcha test whose behaviour varies with speed of the build server (makes assumptions about the interval within which certain lines of code are executed). 2007-09-04 01:06:58 +00:00
Luke Taylor 6289503643 Commented out failing captcha test whose behaviour varies with speed of the build server (makes assumptions about the interval within which certain lines of code are executed). 2007-09-03 23:33:13 +00:00
Luke Taylor 34527c3305 Changed spring version to 1.2.9 and modified dependencies to get build to work with this version. Corrected some javadoc links. 2007-09-03 15:47:39 +00:00
Luke Taylor 15ee5b2364 SEC-540,SEC-541: Changes for maven 2 site generation and use of docbkx. 2007-09-02 13:22:24 +00:00
Luke Taylor 4e452046ec Comment out System.out.println 2007-09-01 14:59:41 +00:00
Ray Krueger edd7bbeceb Removed repeated downcasting of ServletRequest and ServletResponse 2007-09-01 14:43:09 +00:00
Luke Taylor b2799985f2 SEC-398: Added patch which uses response wrapper to set context in session on redirect or error. 2007-08-31 20:39:33 +00:00
Luke Taylor 219b865c01 SEC-544: Added German localization messages from Andreas Senft. 2007-08-31 12:15:13 +00:00
Luke Taylor c021bf4682 SEC-542: Made SessionInformation serializable. Also remove unused default constructor. 2007-08-30 21:38:07 +00:00
Luke Taylor 0adf0d6f1c SEC-529: Added French translation of messages from Laurent Pireyn 2007-08-30 21:27:49 +00:00
Luke Taylor bc411c7c3b SEC-457: Added Czech translation of messages from Jan Novotný 2007-08-30 21:20:19 +00:00
Luke Taylor ea61964f56 SEC-483: Fix. Make getGroupSearchBase protected. 2007-08-30 21:15:14 +00:00
Luke Taylor 0c4916ee98 SEC-427: Fix. Added NullAuthoritiesPopulator and extra constructor. 2007-08-30 21:12:16 +00:00
Luke Taylor 301626fd6e SEC-346: Fix. Added suggested change. Also some minor tidying up of comments etc. 2007-08-30 20:55:49 +00:00
Luke Taylor 2e8d16c538 SEC-484: Multithreaded tests for SessionRegistryImpl. 2007-08-30 19:26:24 +00:00
Luke Taylor ad43d433b4 SEC-484: Fix for NPE concurreny issue. Also reinstated synchronized on registerNewSession (had removed it for testing). 2007-08-30 19:04:18 +00:00
Luke Taylor aa4ee54f86 Added logging to SessionRegistryImpl. 2007-08-30 18:22:40 +00:00
Luke Taylor 7fcdd4a6ff More tidying... 2007-08-30 11:31:36 +00:00
Luke Taylor 510cd5050f Tidied up SessionRegistryImpl and rolled back reformatting of its test class to incorrect width. 2007-08-30 11:21:28 +00:00
Luke Taylor 5f993e5627 SEC-534: Refactored JaasAuthenticationProvider to use ApplicationPublisherAware rather than ApplicationContextAware. 2007-08-29 11:51:02 +00:00
Luke Taylor 1467527c0a SEC-538: Deleted maven 1 files. 2007-08-29 11:00:28 +00:00
Luke Taylor 5b7ed79b6a SEC-539: Reformatted "divider" comments (//~ Methods=== etc). Simplified boolean expression in afterPropertiesSet. 2007-08-28 23:19:06 +00:00
Luke Taylor d7cef1ba31 SEC-539: Moved SecurityContextHolder.setContext() call into the try {} block to emphasize that it is only set for the duration of chain.doFilter() and immediately cleared afterwards. Changed the debug messages about setting the context, since it has not strictly taken place when they are logged. 2007-08-28 23:11:58 +00:00
Luke Taylor 47c5a6d43f SEC-539: Renamed extractSecurityContextFromSession to readSecurityContextFromSession to emphasize that it doesn't actually modify anything (the context is still stored in the session). 2007-08-28 22:43:13 +00:00
Luke Taylor f7a6129657 SEC-539: Removed unnecessary check for a null request object. Removed unnecessary catch/rethrow of IOException and ServletException from try/finally around chain.doFilter. 2007-08-28 22:40:56 +00:00
Luke Taylor d1be9f9980 SEC-539: Refactored so that SecurityContextHolder.setContext() is called in exactly one place. Moved setting of httpSession = null to point immediately after its last use. 2007-08-28 22:38:55 +00:00
Luke Taylor 3dd0716611 SEC-539: Altered storeSecurityContextInSession to take the SecurityContext as a parameter rather than calling SecurityContextHolder.getContext(). This allows SecurityContextHolder.clearContext() to be called immediately after reading the context in the finally block of doFilter(). 2007-08-28 21:58:30 +00:00
Luke Taylor fa63d8ecfb SEC-539: Refactored if (httpSession == null) block in storeSecurityContextInSession() 2007-08-28 21:25:17 +00:00
Luke Taylor ce3eb599ed SEC-539: Renamed populateSecurityContextFromSession to extractSecurityContextFromSession and removed the side-effect of setting SecurityContextHolder. It now returns the context found in the session (or null) and SecurityContextHolder.setContext() is called in a single place in doFilter(). 2007-08-28 21:11:48 +00:00
Luke Taylor ba88214d1d SEC-539: Refactored populateSecurityContextFromSession() to reduce nested blocks and clarify logic. 2007-08-28 20:16:19 +00:00
Luke Taylor 27ef2caf45 SEC-539: Removed filterApplied boolean. 2007-08-28 19:56:33 +00:00
Luke Taylor e8d11f28f2 SEC-539: Extracted storeSecurityContextInSession() method. 2007-08-28 19:54:24 +00:00
Luke Taylor bcf69cbe3d SEC-539: Extracted populateSecurityContextFromSession() method. 2007-08-28 19:16:37 +00:00
Luke Taylor 6651a240de Replaced massive if/else with guard clause to reduce nesting. Moved declaration of filterApplied boolean to where it is actually set. It is only used when removing the attribute from the request at the end of the invocation, so should probably not be needed at all. request.removeAttribute() can be called regardless of whether the attribute is set or not. 2007-08-28 18:26:04 +00:00
Luke Taylor 6fe00b3433 SEC-501: Fix. Convert secure url paths to lower case if convertUrlToLowercaseBeforeComparison is true. 
Also removed unnecessary assertions from PathBasedFilterDefinitionMapTests.
 2007-08-28 16:53:05 +00:00
Luke Taylor 4ba77fa736 SEC-450: Added group subtree to LDAP test server and extra tests for DefaultLdapAuthoritiesPopulator to make sure searchSubtree parameter works as expected. 2007-08-28 15:26:59 +00:00
Luke Taylor e189bc685f SEC-408: Fix. Provide getter for filterProcessesUrl. 2007-08-28 11:37:05 +00:00
Luke Taylor c8077c5e87 SEC-506: Fix as suggested by reporter. Split the disgest header string ignoring separating commas which occur between quotes. 2007-08-28 00:31:30 +00:00
Luke Taylor 3f123e1478 SEC-518: Fix. "Cache" in EhCache is a class, so change the APIs to use the interface it implements (Ehcache). 2007-08-27 23:41:59 +00:00
Luke Taylor 87d6b8dedd SEC-412: Fix. Added extra constructor to UsernameNotFoundException allow use of extraInformation property of parent class. 2007-08-27 23:22:48 +00:00