Commit Graph

261 Commits

Author SHA1 Message Date
Luke Taylor a4a0aab66f SEC-1164: Add additional component definitions so that Spring IDE picks them up and doesn;t report missing bean definitions 2009-07-31 00:18:16 +00:00
Luke Taylor 5d5df0c63d Added extra 'manual' security interceptor config 2009-07-29 16:08:04 +00:00
Luke Taylor 3e6054b69f SEC-1211: Rename SessionFixationProtectionFilter to SessionManagementFilter, since it no longer performs session-fixation protection directly, but just executes the AuthenticatedSessionStrategy. 2009-07-29 00:52:30 +00:00
Luke Taylor 609a68b12a SEC-1077: Added DefaultAuthenticatedSessionStrategy test to check that saved request attribute is retained when migrateAttributes is false. 2009-07-28 23:47:26 +00:00
Luke Taylor db90122179 SEC-1211: Create strategy for session handling on successful authentication. Added AuthenticatedSessionStrategy interface and default implementation which encapsulates the functionality that was previously in SessionFixationProtectionFilter and AbstractAuthentictationProcessingFilter. Updated the namespace to make use of these. 2009-07-28 18:00:24 +00:00
Luke Taylor 931cf90dbb SEC-1203: Allow configuration of X509 subject-dn-regex attribute using PropertyPlaceholderConfigurer. Modified parser to use a BeanDefinition for the SubjectPrincipalDnExtractor to allow property subsititution. 2009-07-21 00:14:57 +00:00
Luke Taylor 8b115e2a21 SEC-1167: Added setRequestCache to SavedRequestAwareAuthenticationSuccessHandler and updated namespace parsing to set PortResolver on created HttpRequestCache. 2009-07-20 22:52:48 +00:00
Luke Taylor f404bb3d74 SEC-1167: Introduce more flexible SavedRequest handling. Separated the concept of SavedRequest from SecurityContextHolderAwareFilter since the two are orthogonal requirements. This no longer takes a wrapper class property or uses reflection. SavedRequest functionality is accessed through the RequestCache interface, with the default implementation being HttpSessionRequestCache. A separate filter RequestCacheAwareFilter is now responsible for reconstituting the SavedRequest if it matches the current request. The functionality for matching and returning the wrapper is contained in the RequestCache method though. 2009-07-20 22:34:40 +00:00
Luke Taylor 491837ae34 SEC-1197: Moved support from session-controller-ref from authentication-manager to concurrent-session-control element. Plus refactoring of config classes into separate packages. 2009-07-17 23:36:35 +00:00
Luke Taylor 1afa67c954 SEC-1195: Added internal AuthenticationManager for use by beans which are generated by the <http> block. 2009-07-15 23:09:47 +00:00
Luke Taylor 6346e31517 SEC-1195: Change <http> parsing behaviour to use an internal AuthenticationManager instance. Implemented "parent" AuthenticationManager in ProviderManager which is delegated to when no authentication is returned by the instances list of authentication providers. Extracted the Authentication success/failure publishing into a separate strategy. 2009-07-15 01:28:28 +00:00
Luke Taylor d59bdc0cbc Reducing use of global bean Ids as part of SEC-1186 2009-07-08 23:54:26 +00:00
Luke Taylor 7622dfe092 SEC-1194: Added support for services-alias to remember-me 2009-07-08 23:53:47 +00:00
Luke Taylor d02bbbf560 import cleaning. 2009-07-08 17:17:45 +00:00
Luke Taylor 43dab4c3b3 SEC-1186: Additional changes to remove custom-filter decorator functionality. 2009-07-08 16:50:47 +00:00
Luke Taylor abddcb044a SEC-1186: Remove functionality from CustomFilterBeanDefinitionDecorator and report a warning instead. 2009-07-08 16:49:30 +00:00
Luke Taylor b3366a1646 SEC-1186: Tidying up changes to http parsing 2009-07-08 16:19:26 +00:00
Luke Taylor eae670269d Tidying 2009-07-06 10:33:57 +00:00
Luke Taylor 853b4c8753 SEC-1186: Make sure an Element is always supplied when registering the AuthenticationManager. Fixes broken tests. 2009-06-28 13:36:54 +00:00
Luke Taylor d5bf5d7adc SEC-1186: validator for filter chain beans 2009-06-26 12:47:03 +00:00
Luke Taylor 8ddd96af2b SEC-1186: intermediate commit of namespace changes for improved tooling support 2009-06-26 12:44:46 +00:00
Luke Taylor f6e2e36346 Remove use of property editor internally. 2009-06-18 23:37:36 +00:00
Luke Taylor 074fa7d629 SEC-1186: Refactoring to bring all filter registrations into the HttpBDP parse method in preparation for building the filter chain and map at that point, rather than in a post-processor 2009-06-18 22:33:16 +00:00
Luke Taylor 37d3401d0c SEC-1016: Rollback changes. 2009-06-14 21:10:02 +00:00
Luke Taylor a963be4719 SEC-1095: Register AuthenticationManager from GlobalMethodSecurityBDP. 2009-06-09 01:38:53 +00:00
Luke Taylor 0473cfbfc0 SEC-1137: Added support for an external UserDetailsContextMapper using the attribute user-context-mapper-ref. 2009-06-08 23:35:05 +00:00
Luke Taylor bfa2806034 Add component definition registration for tooling. 2009-06-08 22:27:55 +00:00
Luke Taylor aa511bb1f4 SEC-1175: Changed default anonymous username to match that in the schema docs. 2009-06-08 13:09:07 +00:00
Luke Taylor 66f7e8bcc8 SEC-1168: Added filter-security-metadat-source to namespace. 2009-06-08 12:59:13 +00:00
Luke Taylor 9993a7f6e4 Added newlines to filter list to test use of xsd:token. 2009-05-31 21:28:16 +00:00
Luke Taylor 545550bb0c Made ApacheDS deps optional 2009-05-27 02:15:45 +00:00
Luke Taylor 131ba5c62e Reset poms to 3.0.0.CI-SNAPSHOT after tagging M1 release 2009-05-27 00:12:30 +00:00
Luke Taylor e2c218e8c9 [maven-release-plugin] prepare release spring-security-3.0.0.M1 2009-05-26 23:44:11 +00:00
Luke Taylor 45c54c558c Updated build to use maven.springframework.org deps 2009-05-13 06:16:05 +00:00
Luke Taylor a8215fa2cb SEC-1160: Renaming of authentication filters and entry points and associated doc changes 2009-05-12 05:37:11 +00:00
Luke Taylor 4bad213b19 SEC-1132: Moved remaining preauth code from core to web 2009-05-12 00:11:06 +00:00
Luke Taylor 76561813e9 Fixed config bundlor template 2009-05-11 07:57:52 +00:00
Luke Taylor 76438b3347 SEC-1132: Refactoring of access/intercept package to extract packages and classes which are externally depended on or potentially may be used outside of the standard interceptor model (e.g. SecurityMetadataSource) 2009-05-11 05:44:31 +00:00
Luke Taylor 14c4739605 SEC-1158: Decoupling of Pre/Post annotations implementation from Spring EL. 2009-05-11 05:18:20 +00:00
Luke Taylor b3ccee4dbc Some additional tests on session creation. 2009-05-07 07:10:10 +00:00
Luke Taylor 29fafbbf18 Misc tidying up of old files and refactoring of tests 2009-05-05 13:29:59 +00:00
Luke Taylor cef089376c SEC-1152: Changes to add anonymous filter to default namespace configuration and added enabled flag to allow overriding of the behaviour. 2009-05-05 07:23:31 +00:00
Luke Taylor 6d655aa514 SEC-1132: More refactoring to remove cycles ad reduce complexity metrics 2009-05-04 14:24:54 +00:00
Luke Taylor 8c94e39150 SEC-1118: Added run-as-manager-ref attribute to global-method-security element. Also updated schema to use xsd:token in place of xsd:string where appropriate. 2009-05-01 05:16:19 +00:00
Luke Taylor 5aeca2d7dd Added test XML file for use messing about in an XML editor while generating schema. 2009-04-30 06:58:38 +00:00
Luke Taylor 90b849c271 SEC-1100: Added support for <access-denied-handler> element which can take a ref or an error-page attribute. 2009-04-30 05:46:55 +00:00
Luke Taylor 39cc865a36 SEC-1143: Fixed by using BeanDefinitionRegistry.isBeanNameInUse() instead of containsBeanDefinition() to check for the SessionRegistry availability. The former picks up the alias registration of the standard bean Id for user's bean Id. 2009-04-28 12:08:48 +00:00
Luke Taylor 4f33f4677b Import cleaning. 2009-04-26 10:06:58 +00:00
Luke Taylor 1ac0ea9d3f Moved InMemoryXmlApplicationContext to test src as it is only used in tests. 2009-04-25 06:52:57 +00:00
Luke Taylor 22e7142f45 SEC-998: Bundlor enabled in web, ldap, config and core modules 2009-04-24 09:12:53 +00:00
Luke Taylor 21e36e0a57 Updated version number from 2.5.0-SNPSHOT to 3.0.0.CI-SNAPSHOT 2009-04-22 12:55:52 +00:00
Luke Taylor cac2bce382 Refactored SessionRegistryImpl to remove servlet API deps and moved back into core, along with other concurrent authentication package classes. 2009-04-21 06:05:14 +00:00
Luke Taylor 93bdcccaee SEC-1132: Moved userdetails into core and added core/authority sub-package 2009-04-15 07:39:21 +00:00
Luke Taylor 10673780db OPEN - issue SEC-1136: Removed SpringSecurityException. Introduced new AclException as base class for Acl module. Refactored JAAS authentication to map to AuthenticationExcpetions rather than SpringSecurityException. Modified ExceptionTranslationFilter to look explicitly for AuthenticationException or AccessDeniedException (which it should do since these are the only two it handles). 2009-04-13 14:56:49 +00:00
Luke Taylor ca7d055c2b SEC-1132: Created core and authentication packages within core module. 2009-04-13 13:43:23 +00:00
Luke Taylor 9efb5a7007 SEC-1132: Moved access-control/authorization specific code to org.sf.security.access package. Created provisioning package for user management classes to remove cyclical deps. Some other moving of classes to remove code tangles. Restructuring of portlet module under org.sf.security.portlet 2009-04-12 12:23:23 +00:00
Luke Taylor 32ebd277d4 SEC-1132: Deleted empty packages 2009-03-27 07:01:42 +00:00
Luke Taylor f746a20ab4 SEC-1132: package refactoring of non-core modules 2009-03-27 05:01:03 +00:00
Luke Taylor bec84f874a SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples. 2009-03-26 07:18:36 +00:00
Luke Taylor 2a9a8a41db SEC-1125: Created separate web module spring-security-web 2009-03-25 06:28:18 +00:00
Luke Taylor 2c985a1c36 SEC-1126: separated out spring-security-config module containing namespace configuration classes and resources 2009-03-23 04:23:48 +00:00