Mike Wiesner
|
5623c13038
|
SEC-1047: Added an option to DigestProcessingFilter that the created Authentication object is now marked as "authenticated"
|
2009-09-02 16:12:19 +00:00 |
Luke Taylor
|
936326f4ab
|
SEC-1180: Unreachable code inside UrlUtils.buildRequestUrl(...). Removed code block.
|
2009-09-01 18:13:28 +00:00 |
Luke Taylor
|
32dbb7e8bd
|
import cleaning
|
2009-09-01 16:41:53 +00:00 |
Luke Taylor
|
2039200617
|
SEC-1217: AbstractRememberMeServices should set 'secure' attribute on remember-me cookie if in secure context. Added "useSecureCookie" configuration property and corresponding use-secure-cookie attribute in namespace.
|
2009-09-01 16:08:20 +00:00 |
Luke Taylor
|
b2c2b93545
|
SEC-1190: Added "invalidateSessionOnPrincipalChange" property to AbstactPreAuthenticatedProcessingFilter. If set to true (the default) and a new principal is detected, the existing session will be invalidated before proceeding to authenticate the user.
|
2009-09-01 00:18:48 +00:00 |
Luke Taylor
|
3cc47c9c4d
|
SEC-1190: Added "checkForPrincipalChanges" property to AbstactPreAuthenticatedProcessingFilter.
|
2009-08-31 23:28:40 +00:00 |
Luke Taylor
|
dbcb13ad14
|
SEC-1229: Redesign Concurrent Session Control implementation. Renamed session strategy interface and introduced SessionAuthenticationException for rejection of session/Authentication combination.
|
2009-08-31 22:48:49 +00:00 |
Luke Taylor
|
a4ccc4ac21
|
Make WebSecurityExpressionRoot public to allow reuse.
|
2009-08-28 14:02:02 +00:00 |
Luke Taylor
|
471206a29d
|
SEC-1229: Redesign Concurrent Session Control implementation. Added ConcurrentSessionControlAuthenticatedSessionStrategy
|
2009-08-27 10:43:01 +00:00 |
Luke Taylor
|
ab0d66071a
|
SEC-1226: Introduce RedirectStrategy to replace RedirectUtils. Implemented strategy and applied throughout relevant classes.
|
2009-08-27 10:42:11 +00:00 |
Luke Taylor
|
fe33f08b73
|
SEC-1201: Allow requires-channel attribute to take placeholders.
|
2009-08-23 16:42:06 +00:00 |
Luke Taylor
|
0b5160d155
|
Javadoc correction.
|
2009-08-22 18:02:39 +00:00 |
Luke Taylor
|
5a8772df5b
|
Reset pom versions post release
|
2009-08-21 12:02:49 +00:00 |
Luke Taylor
|
0e5aa7008d
|
[maven-release-plugin] prepare release spring-security-3.0.0.M2
|
2009-08-20 15:51:26 +00:00 |
Luke Taylor
|
e6631be778
|
Import cleaning
|
2009-08-10 16:07:05 +00:00 |
Luke Taylor
|
6f76fe6fbb
|
Import cleaning
|
2009-08-10 16:04:54 +00:00 |
Luke Taylor
|
eb059cfd12
|
SEC-1211: removed SessionUtils (no longer used)
|
2009-08-10 14:30:17 +00:00 |
Luke Taylor
|
f536c80020
|
SEC-1202: Removed SpringSecurityFilter and replaced with use of GenericFilterBean from spring-web
|
2009-08-10 14:18:18 +00:00 |
Luke Taylor
|
c12e5b4d0b
|
SEC-1142: Renamed setter argument to match property.
|
2009-08-07 22:55:14 +00:00 |
Luke Taylor
|
ea73fd0130
|
SEC-1142: Simplified implementation by removing template method.
|
2009-08-07 22:54:07 +00:00 |
Luke Taylor
|
90d76373cc
|
SEC-1142: Support for session timeout detection. Added redirect to invalidSessionUrl in SessionManagementFilter when an invalid session Id is supplied in the request.
|
2009-08-07 17:12:12 +00:00 |
Luke Taylor
|
3e6054b69f
|
SEC-1211: Rename SessionFixationProtectionFilter to SessionManagementFilter, since it no longer performs session-fixation protection directly, but just executes the AuthenticatedSessionStrategy.
|
2009-07-29 00:52:30 +00:00 |
Luke Taylor
|
5e285b3692
|
SEC-1211: Set the default AuthenticatedSessionStrategy to a null implementation to preserve existing behaviour.
|
2009-07-28 23:57:46 +00:00 |
Luke Taylor
|
609a68b12a
|
SEC-1077: Added DefaultAuthenticatedSessionStrategy test to check that saved request attribute is retained when migrateAttributes is false.
|
2009-07-28 23:47:26 +00:00 |
Luke Taylor
|
db90122179
|
SEC-1211: Create strategy for session handling on successful authentication. Added AuthenticatedSessionStrategy interface and default implementation which encapsulates the functionality that was previously in SessionFixationProtectionFilter and AbstractAuthentictationProcessingFilter. Updated the namespace to make use of these.
|
2009-07-28 18:00:24 +00:00 |
Luke Taylor
|
8b115e2a21
|
SEC-1167: Added setRequestCache to SavedRequestAwareAuthenticationSuccessHandler and updated namespace parsing to set PortResolver on created HttpRequestCache.
|
2009-07-20 22:52:48 +00:00 |
Luke Taylor
|
f404bb3d74
|
SEC-1167: Introduce more flexible SavedRequest handling. Separated the concept of SavedRequest from SecurityContextHolderAwareFilter since the two are orthogonal requirements. This no longer takes a wrapper class property or uses reflection. SavedRequest functionality is accessed through the RequestCache interface, with the default implementation being HttpSessionRequestCache. A separate filter RequestCacheAwareFilter is now responsible for reconstituting the SavedRequest if it matches the current request. The functionality for matching and returning the wrapper is contained in the RequestCache method though.
|
2009-07-20 22:34:40 +00:00 |
Luke Taylor
|
e63fba3a36
|
Tidying
|
2009-07-08 23:55:42 +00:00 |
Luke Taylor
|
8ddd96af2b
|
SEC-1186: intermediate commit of namespace changes for improved tooling support
|
2009-06-26 12:44:46 +00:00 |
Luke Taylor
|
c6b9371029
|
Updated to latest Spring build snapshot. Required minor EL changes to parser class name
|
2009-06-15 23:41:20 +00:00 |
Luke Taylor
|
e92aac225f
|
Minor javadoc.
|
2009-06-15 13:53:56 +00:00 |
Luke Taylor
|
5808da12ff
|
SEC-1094: Simplified WebXml attribute mapping. Removed generic jaxen-based implementation on which it was based in favour of simple DOM model traversal. Updated sample.
|
2009-06-08 15:23:41 +00:00 |
Luke Taylor
|
33eef5ec7a
|
Javadoc updates
|
2009-06-08 13:04:31 +00:00 |
Luke Taylor
|
66f7e8bcc8
|
SEC-1168: Added filter-security-metadat-source to namespace.
|
2009-06-08 12:59:13 +00:00 |
Luke Taylor
|
bb7ef1fa8b
|
Added HTML tags
|
2009-05-31 21:27:23 +00:00 |
Luke Taylor
|
131ba5c62e
|
Reset poms to 3.0.0.CI-SNAPSHOT after tagging M1 release
|
2009-05-27 00:12:30 +00:00 |
Luke Taylor
|
e2c218e8c9
|
[maven-release-plugin] prepare release spring-security-3.0.0.M1
|
2009-05-26 23:44:11 +00:00 |
Luke Taylor
|
0cb40d6ae4
|
Javadoc update
|
2009-05-26 22:16:11 +00:00 |
Luke Taylor
|
45c54c558c
|
Updated build to use maven.springframework.org deps
|
2009-05-13 06:16:05 +00:00 |
Luke Taylor
|
a8215fa2cb
|
SEC-1160: Renaming of authentication filters and entry points and associated doc changes
|
2009-05-12 05:37:11 +00:00 |
Luke Taylor
|
5a03e842bd
|
Correcting Javadoc.
|
2009-05-12 01:40:15 +00:00 |
Luke Taylor
|
4bad213b19
|
SEC-1132: Moved remaining preauth code from core to web
|
2009-05-12 00:11:06 +00:00 |
Luke Taylor
|
d5b7ce69cc
|
SEC-1158: Decoupling of Pre/Post annotations implementation from Spring EL.
|
2009-05-11 05:35:20 +00:00 |
Luke Taylor
|
29fafbbf18
|
Misc tidying up of old files and refactoring of tests
|
2009-05-05 13:29:59 +00:00 |
Luke Taylor
|
6d655aa514
|
SEC-1132: More refactoring to remove cycles ad reduce complexity metrics
|
2009-05-04 14:24:54 +00:00 |
Luke Taylor
|
5b543f83ec
|
Removed web dependency on core-tests
|
2009-05-04 02:25:49 +00:00 |
Luke Taylor
|
dca566ff1f
|
SEC-1149: WebInvocationPrivilegeEvaluator now contains methods to evaluate the permissions on URIs directly. Deleted FilterInvocationUtils.
|
2009-05-02 06:02:17 +00:00 |
Luke Taylor
|
d1cb85e4f3
|
Refactoring of methods names in UrlUtils for consistency.
|
2009-05-01 10:43:41 +00:00 |
Luke Taylor
|
f6800fbe04
|
Refactored to remove dependency on FilterInvocationUtils.
|
2009-05-01 08:57:28 +00:00 |
Luke Taylor
|
4bc788828c
|
SEC-1147: Remove use of SessionRegistryUtils. Inlined the methods.
|
2009-05-01 06:45:34 +00:00 |
Luke Taylor
|
6db9a3facc
|
Minor debugging optimizations.
|
2009-04-30 05:21:54 +00:00 |
Luke Taylor
|
e94baf38b3
|
Tidying up to remove warnings (generics, use of deprecated test classes etc).
|
2009-04-28 06:49:43 +00:00 |
Luke Taylor
|
530a7b5d21
|
Use context returned by SecurityContextHolder.createEmptyContext() as contextObject default value.
|
2009-04-27 07:31:35 +00:00 |
Luke Taylor
|
95ab95b6e3
|
SEC-1078: Missed commit of default strategy class.
|
2009-04-27 07:12:12 +00:00 |
Luke Taylor
|
6bd7421a1b
|
SEC-1078: Converted WASSecurityHelper to an internal interface and added test for scenario from this issue.
|
2009-04-27 06:01:40 +00:00 |
Luke Taylor
|
e45f6914ee
|
Import cleaning.
|
2009-04-27 02:21:12 +00:00 |
Luke Taylor
|
1454cbb78e
|
SEC-1132: Moved TextUtils to web module and StringSplit utils into Digest authentication package (as they aren't used elsewhere).
|
2009-04-25 08:04:26 +00:00 |
Luke Taylor
|
a76cbee4bc
|
SEC-1132: Moved ThrowableAnalyzer code to web module as it is only used in ExceptionTranslationFilter
|
2009-04-25 07:03:15 +00:00 |
Luke Taylor
|
22e7142f45
|
SEC-998: Bundlor enabled in web, ldap, config and core modules
|
2009-04-24 09:12:53 +00:00 |
Luke Taylor
|
21e36e0a57
|
Updated version number from 2.5.0-SNPSHOT to 3.0.0.CI-SNAPSHOT
|
2009-04-22 12:55:52 +00:00 |
Luke Taylor
|
23d7778484
|
Typo.
|
2009-04-22 12:53:50 +00:00 |
Luke Taylor
|
cac2bce382
|
Refactored SessionRegistryImpl to remove servlet API deps and moved back into core, along with other concurrent authentication package classes.
|
2009-04-21 06:05:14 +00:00 |
Luke Taylor
|
271fbb7ddf
|
SEC-1081: Fix for PersistentTokenBasedRememberMeServices int overflow problem.
|
2009-04-20 09:08:35 +00:00 |
Luke Taylor
|
2ff089af62
|
Restructure to standard layout.
|
2009-04-20 04:17:59 +00:00 |
Luke Taylor
|
c21300d3ad
|
Tidying imports.
|
2009-04-19 02:29:16 +00:00 |
Luke Taylor
|
6b3d0eac40
|
SEC-1111: Fix for "java.io.CharConversionException: Not an ISO 8859-1 character". Use response.getWriter() instead of printing to ServletOutputStream.
|
2009-04-18 07:35:34 +00:00 |
Luke Taylor
|
23c23c6f3f
|
Remove unused import.
|
2009-04-16 04:03:18 +00:00 |
Luke Taylor
|
292926518b
|
SEC-1136: Converted base exceptions to extend RuntimeException rather than NestedRuntimeException.
|
2009-04-15 10:19:37 +00:00 |
Luke Taylor
|
93bdcccaee
|
SEC-1132: Moved userdetails into core and added core/authority sub-package
|
2009-04-15 07:39:21 +00:00 |
Luke Taylor
|
c770998d92
|
SEC-1132: Move authoritymapping to core as it is actually used in loading authorities for a use, not in making access decisions.
|
2009-04-14 04:22:57 +00:00 |
Luke Taylor
|
769041474e
|
SEC-1136: Missed an import.
|
2009-04-14 02:35:13 +00:00 |
Luke Taylor
|
10673780db
|
OPEN - issue SEC-1136: Removed SpringSecurityException. Introduced new AclException as base class for Acl module. Refactored JAAS authentication to map to AuthenticationExcpetions rather than SpringSecurityException. Modified ExceptionTranslationFilter to look explicitly for AuthenticationException or AccessDeniedException (which it should do since these are the only two it handles).
|
2009-04-13 14:56:49 +00:00 |
Luke Taylor
|
ca7d055c2b
|
SEC-1132: Created core and authentication packages within core module.
|
2009-04-13 13:43:23 +00:00 |
Luke Taylor
|
9efb5a7007
|
SEC-1132: Moved access-control/authorization specific code to org.sf.security.access package. Created provisioning package for user management classes to remove cyclical deps. Some other moving of classes to remove code tangles. Restructuring of portlet module under org.sf.security.portlet
|
2009-04-12 12:23:23 +00:00 |
Luke Taylor
|
7c4d54f356
|
SEC-1131: Applied patch for portlet upgrade
|
2009-04-12 05:52:20 +00:00 |
Luke Taylor
|
1b43e3661a
|
SEC-1132: Moved switch user event class to web module as it is only used by SwitchUserProcessingFilter.
|
2009-04-12 04:16:46 +00:00 |
Luke Taylor
|
f746a20ab4
|
SEC-1132: package refactoring of non-core modules
|
2009-03-27 05:01:03 +00:00 |
Luke Taylor
|
bec84f874a
|
SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples.
|
2009-03-26 07:18:36 +00:00 |
Luke Taylor
|
2a9a8a41db
|
SEC-1125: Created separate web module spring-security-web
|
2009-03-25 06:28:18 +00:00 |