db6da77a5f
SEC-1413: Add RedirectStrategy to AbstractRetryEntryPoint.
2010-08-10 17:39:12 +01:00
183333d189
SEC-1430: Forgot to commit changes to new ExceptionMappingAuthenticationFailureHandlerTests.
2010-08-09 17:09:02 +01:00
2e98b84494
SEC-1430: internalize session key for SavedRequest. This should be accessed using the RequestCache interface if required. Additional refactoring of related tests which were still in AbstractAuthenticationProcessingFilterTests for historical reasons, but should be in their respective success/failure handler test classes.
2010-08-08 17:49:06 +01:00
85c4c91e0e
IDEA inspection refactorings.
2010-08-05 23:28:07 +01:00
a3d27a9863
SEC-1314: cloneFromHttpSession accidentally go left behind, even though it is always false.
2010-08-05 21:21:09 +01:00
a2bd1bc9af
SEC-1498: Allow use of absolute URL fopr login form in LoginUrlAuthenticationEntryPoint.
2010-08-05 21:09:34 +01:00
64375484a1
More build and logging tuning.
2010-08-04 22:55:17 +01:00
63734cfcf9
SEC-1528: Remove logic which checks if context in the session is the same as the current context to make sure that session.setAttribute() is called when the value in the session has been modified directly.
2010-08-02 22:41:57 +01:00
9dd6a5eb8f
SEC-1499: Added some Javadoc and doc on the problems of using session-fixation protection with attributes that implement HttpSessionBindingListener.
2010-07-23 16:27:57 +01:00
d7d8448120
SEC-1521: Add check for null SecurityContextRepository and clarify related docs on use of null implementation (NullSecurityContextRepository).
2010-07-23 15:59:53 +01:00
5d35919ca3
SEC-1490: Code for GAE Sample webapp
2010-07-20 23:41:31 +01:00
69a10c48ae
Switch to using slf4j/logback for logging.
...
We still compile modules against commons-logging but all runtime logging and samples will use logback
2010-07-12 12:39:52 +01:00
8df356de29
SEC-1471: Allow use of a RequestMatcher with HttpSessionRequestCache to configure which requests should be cached by calls to saveRequest.
...
Also removed the justUseSavedRequestOnGet property, as this behaviour can be controlled by the RequestMatcher.
2010-06-28 19:51:30 +01:00
026517f674
Removal of deprecated methods and classes.
2010-06-26 16:23:42 +01:00
09176b0af4
SEC-1501: Fix bean classname in Javadoc for SwitchUserFilter.
2010-06-25 19:45:34 +01:00
ea8d37892c
SEC-1496: Added support for use of any non-standard URL schemes in DefaultRedirectStrategy.
2010-06-18 03:33:49 +01:00
4d10d4b67f
SEC-1500: Convert AbstractRetryEntryPoint to use requestURI to correctly encode URLs.
2010-06-18 01:34:07 +01:00
76ebb759f3
Removed unnecessary casts.
2010-06-08 22:56:59 +01:00
7d74b7c87e
SEC-1171: Allow multiple http elements and add pattern attribute to specify filter chain mapping.
2010-05-27 15:54:15 +01:00
e156d5339a
Fix build when upload properties are missing. Added missing hsql test dependency
2010-05-24 17:01:19 +01:00
0e57ce2dc3
SEC-1481: Updated constructors of Authentication types to use a generic wildcard for authorities collection.
2010-05-21 15:59:50 +01:00
978bb9f601
Remove commented-out code in ETF.
2010-05-16 15:16:40 +01:00
f0c4cccb0d
SEC-1479: Clarify that matching is against servletPath + pathInfo for ant pattern matching. Added some extra pointers to request-matching info in namespace doc.
2010-05-16 14:14:13 +01:00
bf288101a0
Javadoc improvements
2010-05-16 14:14:13 +01:00
b3aad4cf19
Javadoc fixes.
2010-05-06 20:02:08 +01:00
0c09780644
SEC-1476: Modify AbstractPreAuthenticatedProcessingFilter to store authentication exception in request instead of creating a new session.
2010-05-05 14:13:48 +01:00
fcf33afce0
Formatting.
2010-05-03 14:53:05 +01:00
bca6c1aeac
SEC-1468: Doc and Javadoc updates.
2010-04-26 23:26:07 +01:00
024e6904ff
SEC-1464: Deprecate UserMap, InMemoryDaoImpl and other related classes in favour of the simpler (non-property editor based) InMemoryUserDetailsManager.
2010-04-25 04:27:09 +01:00
ee1fd1bc50
SEC-1431: Modify OpenID sample to use a custom UserDetailsService which allows any user to authenticate, allocating them a standard role and "registers" their ID in a map, allowing it to be retrieved in subsequent logins.
2010-04-20 23:47:48 +01:00
74896f217b
SEC-1459: Generifying AuthenticationUserDetailsService. Now parameterized with <? extends Authentication>.
2010-04-20 23:47:47 +01:00
a45d2a4fb2
SEC-1462: Only apply session fixation protection strategy if request.isRequestedSessionIdValid() returns true. We don't need to create a new session if the current one already has a different Id from the client.
2010-04-20 18:04:22 +01:00
93deec8d40
SEC-1458: Remove logger field in HttpSessionEventPublisher in favour of direct lookup. Prevents early initialization of logging system when listener is initialized.
2010-04-16 16:12:38 +01:00
0521d10069
SEC-1294: Enable access to beans from ApplicationContext in EL expressions.
...
ExpressionHandlers are now ApplicationContextAware and set the app context on the SecurityExpressionRoot. A custom PropertyAccessor resolves the properties against the root by looking them up in the app context.
2010-04-01 01:24:23 +01:00
2e2625873c
SEC-1446: Modified BasicAuthenticationFilter to treat invalid base64 and invalid Basic authentication tokens as a failed authentication (raising a BadCredentialsException, without calling the AuthenticationManager).
...
This solves the problem in this issue (invalid Base64 not resulting in a 401) and also prevents unnecessary calls to the AuthenticationManager.
2010-03-23 00:45:06 +00:00
d5df53f1db
SEC-1439: Make getters and setters public on HttpRequestResponseHolder.
...
Necessary to allow use of custom SecurityContextRepository.
2010-03-12 15:53:05 +00:00
f3264ba9ab
Addition of commons-logging exclusions and adjustments to pom generation.
2010-03-07 21:58:25 +00:00
43f0e11106
SEC-1429: Removed cached authentication from session after successful authentication.
2010-03-05 00:07:35 +00:00
89d8c8cc83
Additional test classes for authentication and logout success/failure handling.
2010-03-04 23:18:46 +00:00
a3263753d9
Fix to Javadoc for AbstractAuthenticationProcessingFilter.
2010-03-04 22:06:04 +00:00
530ab3ae30
SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect.
2010-03-04 21:21:07 +00:00
43f3568b16
SEC-1407: Removed original URL matching classes and updated Javadoc of new RequestMatcher versions.
2010-03-03 23:11:49 +00:00
ae8027fa47
SEC-1425: Replace use of Java 1.6 String.isEmpty().
2010-03-01 13:49:42 +00:00
93438defff
SEC-1407: Use RequestMatcher instances as the FilterInvocationSecurityMetadataSource keys and in the FilterChainMap use by FilterChainProxy.
...
This greatly simplifies the code and opens up possibilities for other matching strategies (e.g. EL). This also means that matching is now completely strict - the order of the matchers is all that matters (not whether an HTTP method is included or not). The first matcher that returns true will be used.
2010-03-01 01:21:06 +00:00
cb0f3f677f
SEC-1425: Add check for empty cookie in AbstractRememberMeServices.
...
Prevents ArrayOutOfBoundsException later when processing the tokeniszed cookie.
2010-02-28 14:08:27 +00:00
f0466b6488
SEC-1424: Added support for "stateless" option for create-session attribute, designed for applications which do not use sessions at all.
2010-02-27 00:22:21 +00:00
e2f9be9015
SEC-1307: Modify context saving logic in HttpSessionSecurityContextRepository to check the SecurityContext and its contents (the Authentication) against the respective values when the request first arrived at the SecurityContextPersistenceFilter. As explained in the issue, this allows a definite decision to be made about whether the current thread has modified the context information during the request, indicating that it should be saved.
...
Also removed deprecated HttpSessionContextIntegrationFilter and tests.
2010-02-26 16:01:40 +00:00
4dd10cd266
Refactor overly large doFilter() method in DigestAuthenticationFilter.
2010-02-22 01:48:53 +00:00
f3f84da625
Increase upper bounds of Spring and Spring Security versions in bundlor templates to 3.2.0.
2010-02-21 23:25:36 +00:00
2ee7696bf4
Update version number to 3.1.0.CI-SNAPSHOT.
2010-02-19 17:35:19 +00:00
Luke Taylor
Luke Taylor