Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 07:37:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,462 Commits 34 Branches 337 Tags
Commit Graph

280 Commits

Author SHA1 Message Date
Luke Taylor
bdb906e588 Enable parameterization for log levels in logback files to allow the use of command-line options for controlling log output. 2010-08-24 18:25:39 +01:00
Luke Taylor
1db83fc81e Minor BD parser tidying. 2010-08-20 21:14:00 +01:00
Luke Taylor
c37ca1c2a9 Sample app build adjustments to remove unwanted deps such as jsp-api, tidy up use of JSTL, make sure all are using servlet 2.5 etc. 2010-08-19 22:41:51 +01:00
Luke Taylor
5f6bcc0e1e SEC-1540: Fix to add HTTP-method specific support for namespace requires-channel attribute. 2010-08-18 13:01:16 +01:00
Luke Taylor
3c02989d67 Removal of jmock test dependency and upgrading of mockito version to 1.8.5. Minor adjustments to other build deps and configurations (e.g. prevent groovy from being used as a transitive dep, since we only use it for tests). 2010-08-18 02:32:43 +01:00
Luke Taylor
aafc5f9038 File rename to correct case. 2010-08-17 02:27:36 +01:00
Luke Taylor
1f520b691f SEC-1469: Initial support for debugging filter. 2010-08-17 02:23:34 +01:00
Luke Taylor
591bd532bd Polishing FilterChainProxy and its tests. 2010-08-17 02:20:34 +01:00
Luke Taylor
6abfa2e887 Update minimum required schema to 3.1. 2010-08-17 02:19:55 +01:00
Luke Taylor
4bd41cbf72 SEC-1133: Support for setting of authenticationDetailsSource property for form-login, openid-login, http-basic and x509 namespace elements. These elements now support an additional 'authentication-details-source-ref' attribute. 2010-08-14 15:10:03 +01:00
Luke Taylor
4935aa07c7 SEC-1535: Added suggested doc fixes. 2010-08-12 20:41:29 +01:00
Luke Taylor
2222a7be07 Use Integer.valueOf() in preference to new Integer() 2010-08-11 18:17:23 +01:00
Luke Taylor
dca0fd871c SEC-1532: Add cache of previously matched beans to ProtectPointcutPostProcessor to ensure that it doesn't perform pointcut matching every time a new prototype bean is created. 2010-08-09 17:16:43 +01:00
Luke Taylor
85c4c91e0e IDEA inspection refactorings. 2010-08-05 23:28:07 +01:00
Luke Taylor
413b2a06e3 Improvements in up-to-date checking and use of parallel tests where possible. 2010-08-05 02:11:00 +01:00
Luke Taylor
64375484a1 More build and logging tuning. 2010-08-04 22:55:17 +01:00
Luke Taylor
2d9a848265 Added missing gradle build files for remaining samples. Some related reordering, dependency fixing etc. CAS sample no longer requires two separate subprojects as both client and server app can be run from a single gradle build. 2010-07-27 02:20:36 +01:00
Luke Taylor
c1c8fd1874 SEC-1171: Changed attribute name/value from secured="false" to security="none" to allow future extension by adding extra options (e.g. contextOnly to provide security context information during the request). 2010-07-20 19:46:47 +01:00
Luke Taylor
a4fd191499 Added check for use of "ref" with other attributes in <authentication-provider>. 2010-07-20 14:31:52 +01:00
Luke Taylor
4683273c2c Correct message in namespace handler when web classes are missing. 2010-07-12 12:40:06 +01:00
Luke Taylor
69a10c48ae Switch to using slf4j/logback for logging. 
We still compile modules against commons-logging but all runtime logging and samples will use logback
 2010-07-12 12:39:52 +01:00
Luke Taylor
443ac0487a SEC-1093: Namespace support for jee element. 
Adds a J2eePreAuthenticatedProcessingFilter to the stack, using a SimpleAttributes2GrantedAuthoritiesMapper to process the role attributes defined in the "mappable-roles" attribute. Provider uses a PreAuthenticatedGrantedAuthoritiesUserDetailsService by default.
 2010-07-07 22:42:26 +01:00
Luke Taylor
026517f674 Removal of deprecated methods and classes. 2010-06-26 16:23:42 +01:00
Luke Taylor
6a79cf7be2 SEC-1383: Make MethodSecurityMetadataSourceBeanDefinitionParser extend AbstractBeanDefinitionParser for automatic support of ID attribute. 2010-06-26 16:07:23 +01:00
Luke Taylor
cd946c4e23 SEC-1493: Added namespace support. 2010-06-20 21:09:38 +01:00
Luke Taylor
8bddc8f820 SEC-1484: Documentation for some namespace attributes. 2010-06-05 17:35:24 +01:00
Luke Taylor
2e865752ff Upgraded groovy to 1.7.2 to avoid jansi dependency issue 2010-06-03 23:13:28 +01:00
Luke Taylor
efb600166a SEC-1488: Remove commons-logging dependencies from maven poms. 2010-05-28 13:10:59 +01:00
Luke Taylor
f7405cef82 Removed original Java version of refactored http namespace tests. 2010-05-27 18:06:26 +01:00
Luke Taylor
34401416b0 SEC-1171: Implement parsing of empty filter chain patters via http 'secured' attribute and remove filters='none' support. 2010-05-27 15:54:15 +01:00
Luke Taylor
05c7abe191 SEC-1445: Tests for setting of username and password parameter names through the form-login element. 2010-05-27 15:54:15 +01:00
Luke Taylor
7d74b7c87e SEC-1171: Allow multiple http elements and add pattern attribute to specify filter chain mapping. 2010-05-27 15:54:15 +01:00
Luke Taylor
b0758dd8de Refactoring HTTP config tests to use spock and groovy MarkupBuilder 2010-05-27 15:53:52 +01:00
Luke Taylor
b0308e41cb SEC-1455: Load namespace parsers when required, rather than on init() call, to avoid classloaded issue with dmServer failing to resolve web classes when the namespace handler is first used. 2010-05-21 15:36:37 +01:00
Luke Taylor
a4ce14f604 Add "provisioning" package to config bundlor template. 2010-05-16 14:14:13 +01:00
Luke Taylor
d5ffdd9c27 Import cleaning 2010-05-03 18:46:06 +01:00
Luke Taylor
dccb30ad63 Remove use of wrong DOMUtils class (from com.sun package). 2010-05-01 15:06:48 +01:00
Luke Taylor
863ccecf55 SEC-1466: Report error if authentication-provider element has child elements when used with "ref" attribute. 2010-04-30 20:22:20 +01:00
Luke Taylor
165cbb0d19 SEC-1445: Added support for custom username and password parameters in form-login. 2010-04-30 18:14:50 +01:00
Luke Taylor
a421370a3d SEC-1465: Change DelegatingMethodSecurityMetadataSource to use constructor injection to get round the problem of it being invoked before it has been initialized properly. Also changed the contacts tests to use the same app context and loading order as the actual webapp, to give better reassurance that the app will run successfully. 2010-04-25 22:00:25 +01:00
Luke Taylor
f5859fabcf SEC-1464: Created InMemoryUserDetailsManager and converted user-service BDP to use it for its in-memory database. 2010-04-25 04:26:45 +01:00
Luke Taylor
2f025fba6c SEC-1460: Added AxFetchListFactory which matches OpenID identifiers to lists of attributes to use in a fetch-request. 
This allows different configurations to be used based on the identity-provider (google, yahoo etc). The default implementation iterates through a map of regex patterns to attribute lists. The namespace has also been extended to support this facility, with the "identifier-match" attribute being added to the attribute-exchange element. Multiple attribute-exchange elements can now be defined, each matching a different identifier.
 2010-04-20 23:47:48 +01:00
Luke Taylor
d3d9c5db59 Refactoring of UserDetailsService injection (for X509, OpenID and RememberMeServices) to use a factory bean rather than a post-processor. 2010-04-20 23:47:47 +01:00
Luke Taylor
0521d10069 SEC-1294: Enable access to beans from ApplicationContext in EL expressions. 
ExpressionHandlers are now ApplicationContextAware and set the app context on the SecurityExpressionRoot. A custom PropertyAccessor resolves the properties against the root by looking them up in the app context.
 2010-04-01 01:24:23 +01:00
Luke Taylor
a3ef8255d8 SEC-1232: GlobalMethodSecurityBeanDefinitionParser support for mode='aspectj' 
Also added this syntax to the aspectj sample.
 2010-03-31 18:31:28 +01:00
Luke Taylor
020e0aa49a SEC-1448: Fixed failure to resolve generic method argument names in MethodSecurityEvaluationContext. 
Changed to use AopUtils.getMostSpecificMethod() when obtaining the method on which the parameter resolution should be performed. Also added better error handling and log warning when parameter names cannot be resolved. The exception will then be a SpEL one, rather than a NPE.
 2010-03-30 15:52:40 +01:00
Luke Taylor
977bc2b164 SEC-1433: Reduce the number of direct dependencies on DataAccessException from spring-tx. 
It is still required as a compile-time dependency by classes which use Spring's JDBC support, but it doesn't really have to be used in many interfaces and classes which are not necessarily backed by JDBC implementations.
 2010-03-26 18:05:28 +00:00
Luke Taylor
57150a6717 SEC-1440: Add entry-point-ref to http-basic element to allow setting a separate AuthenticationEntryPoint for the BasicAuthenticationFilter. 2010-03-26 12:47:24 +00:00
Luke Taylor
472c1fac84 SEC-1450: Replace use of ClassUtils.getMostSpecificMethod() in AbstractFallbackMethodDefinitionSource with AopUtils.getMostSpecificMethod() equivalent. 
Ensures protect-pointcut expressions match methods with generic parameters.
 2010-03-24 20:57:03 +00:00
Luke Taylor
f3264ba9ab Addition of commons-logging exclusions and adjustments to pom generation. 2010-03-07 21:58:25 +00:00