Luke Taylor
SEC-1432: Convert map keys to lower-case in UserMap.setUsers().
Otherwise the lookup on mixed-case fails, since the lookup is performed with a lower-case key.
2010-03-05 17:55:29 +00:00
Luke Taylor
SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect.
2010-03-04 21:21:07 +00:00
Luke Taylor
SEC-1407: Correct logger category in MatcherType.
2010-03-01 02:03:32 +00:00
Luke Taylor
SEC-1383: Namespace support for MethodSecurityMetadataSource. Initial commit.
2010-03-01 01:45:43 +00:00
Luke Taylor
SEC-1407: Use RequestMatcher instances as the FilterInvocationSecurityMetadataSource keys and in the FilterChainMap use by FilterChainProxy.
This greatly simplifies the code and opens up possibilities for other matching strategies (e.g. EL). This also means that matching is now completely strict - the order of the matchers is all that matters (not whether an HTTP method is included or not). The first matcher that returns true will be used.
2010-03-01 01:21:06 +00:00
Luke Taylor
Make hsqldb a testRuntime/runtime dependency.
2010-03-01 01:10:58 +00:00
Luke Taylor
SEC-1424: Added support for "stateless" option for create-session attribute, designed for applications which do not use sessions at all.
2010-02-27 00:22:21 +00:00
Luke Taylor
SEC-1423: Cache PointcutExpression instances in ProtectPointcutPostProcessor for more efficient startup.
2010-02-26 17:21:25 +00:00
Luke Taylor
Refactoring to remove remaining circular dependencies indicated by structure101.
2010-02-22 01:48:22 +00:00
Luke Taylor
Increase upper bounds of Spring and Spring Security versions in bundlor templates to 3.2.0.
2010-02-21 23:25:36 +00:00
Luke Taylor
SEC-1399: Remove MockAuthenticationManager in app context file for FilterChainProxy tests.
2010-02-20 21:59:44 +00:00
Luke Taylor
SEC-1383: Added namespace support for method-security-metadata-source
2010-02-20 19:05:25 +00:00
Luke Taylor
Update schema version to 3.1
2010-02-20 18:58:00 +00:00
Luke Taylor
Update version number to 3.1.0.CI-SNAPSHOT.
2010-02-19 17:35:19 +00:00
Luke Taylor
3.0.2 release. Update version in build files.
2010-02-19 01:22:21 +00:00
Luke Taylor
SEC-1387: Support serialization of security advised beans.
MethodSecurityMetadataSourceAdvisor now takes the SecurityMetadataSource bean name as an extra constructor argument and re-obtains the bean from the BeanFactory in its readObject method. Beans that are advised using <global-method-security> should therefore now be serializable.
2010-02-19 00:53:14 +00:00
Luke Taylor
Avoid infinite loop in InterceptMethodsBeanDefinitionDecoratorTests when upgrading to Spring 3.0.1.
Converted test target to implement ApplicationListener<SessionCreatedEvent> so that it doesn't receive events from its own interceptor (which are in turn intercepted).
2010-02-16 00:03:15 +00:00
Luke Taylor
Replace package.html with files, creating new ones where missing and updating outdated contents.
2010-02-14 23:23:23 +00:00
Luke Taylor
SEC-1396: Implement eager saving of SecurityContext in SessionManagementFilter on authentication.
The user is then seen as being authenticated to further (re-entrant) requests which occur before the existing request has completed. The saving logic is contained with the SecurityContextRepository implementation.
2010-02-11 17:47:22 +00:00
Luke Taylor
Added extra test to itest/context as POC of using extra interceptor with http ns.
2010-02-11 01:48:00 +00:00
Luke Taylor
Standardising slf4j versions.
2010-02-11 01:33:31 +00:00
Luke Taylor
SEC-1404: Use a factory method to convert the path to lower case for use in the filter-chain map.
Delays the conversion till after palceholders have been substituted, preventing the placeholder from being converted (or the value not being converted).
2010-02-10 23:49:26 +00:00
Luke Taylor
SEC-1404: Updated test for placeholders in intercept-url elements to check they work for filter='none' elements
2010-02-10 16:49:53 +00:00
Luke Taylor
SEC-1392: Mark PermissionEvaluator and MethodSecurityExpressionHandler as AopInfrastructure beans to prevent them being advised and causing premature use of MethodSecurityMetadataSource before it is initialized properly.
2010-02-06 15:42:01 +00:00
Luke Taylor
SEC-1380: Trim whitespace from config attributes when building a list in SecurityConfig.
2010-01-23 02:12:30 +00:00
Luke Taylor
Set versions to 3.0.2-CI-SNAPSHOT, post release.
2010-01-15 18:15:19 +00:00
Luke Taylor
Updated version numbers for 3.0.1 release.
2010-01-15 18:04:28 +00:00
Luke Taylor
SEC-1369: Make sure beans aren't registered twice in case allowBeanDefinitionOverriding=false in the app context.
The use of registerBeanComponent() also registers the bean definition, which causes an error if overriding is disallowed and the bean has already been registered using registerBeanDefinition(). I've also set the allowBeanDefinitionOverriding to 'false' on InMemoryXmlApplicationContext to detect future mistakes of this kind in testing.
2010-01-14 15:48:14 +00:00
Luke Taylor
Added gradle build files for taglibs, tutorial, contacts and openid.
Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).
2010-01-10 23:31:23 +00:00
Luke Taylor
SEC-1349: Allow configuration of OpenID with parameters which should be transferred to the return_to URL.
The OpenIDAuthenticationFilter now has a returnToUrlParameters property (a Set). If this is set, the named parameters will be copied from the incoming submitted request to the return_to URL. If not set, it defaults to the "parameter" property of the AbstractRememberMeServices of the parent class. If remember-me is not in use, it defaults to the empty set.
Enabled remember-me in the OpenID sample.
2010-01-09 01:04:13 +00:00
Luke Taylor
Parameterize getFilter() method in HttpSecurityBeanDefinitionParserTests.
Removes the need for casting to specific filter type.
2010-01-08 23:20:16 +00:00
Luke Taylor
SEC-1357: Use getClass().getClassLoader() in SecurityNamespaceHandler to check for web classes.
This is used in preference to ClassUtils.getDefaultClassLoader() which fails to find the web classes in some situations.
2010-01-08 21:12:36 +00:00
Luke Taylor
Removing $Id$ markers and stripping trailing whitespace from the codebase.
2010-01-08 21:05:13 +00:00
Luke Taylor
SEC-1352: Added support for placeholders in <user-service>
The username, password and authorities attributes can now be placeholders.
2010-01-05 22:34:10 +00:00
Luke Taylor
2010-01-02 19:53:19 +00:00
Luke Taylor
SEC-1342: Introduced extra factory method in SecurityConfig to get round problem with Spring converting a string with commas to an array
2009-12-23 14:12:59 +00:00
Luke Taylor
[maven-release-plugin] prepare for next development iteration
2009-12-22 22:20:01 +00:00
Luke Taylor
[maven-release-plugin] prepare release spring-security-3.0.0.RELEASE
2009-12-22 22:19:38 +00:00
Luke Taylor
Updated bundlor templates and introduced spring.version variable
2009-12-22 01:10:04 +00:00
Luke Taylor
SEC-1326: Updating dependencies to match Spring versions. Removing unused deps.
2009-12-21 17:32:38 +00:00
Luke Taylor
Schema updates to Spring 3.0
2009-12-18 18:44:17 +00:00
Luke Taylor
SEC-1331: Modify namespace to allow omission of user passwords in user-service element and generate random ones internally, preventing authentication against the data..
2009-12-18 15:39:13 +00:00
Luke Taylor
[maven-release-plugin] prepare for next development iteration
2009-12-08 21:19:41 +00:00
Luke Taylor
[maven-release-plugin] prepare release spring-security-3.0.0.RC2
2009-12-08 21:19:20 +00:00
Luke Taylor
SEC-1318: Correct logic for checking combination of session-management attributes.
2009-12-07 22:40:47 +00:00
Luke Taylor
2009-12-07 21:40:06 +00:00
Luke Taylor
SEC-1317: Forgot to commit test from config module.
2009-12-07 21:39:49 +00:00
Luke Taylor
SEC-1312: Add detection of 2.0 schemas. Added check to SecurityNamespaceHandler and reinstated old schemas.
2009-12-06 21:15:11 +00:00
Luke Taylor
Added gradle build files (experimental)
2009-12-04 21:33:17 +00:00
Luke Taylor
SEC-1309: Namespace configurations should support Spring EL. Removed premature conversion of URL paths to lower case, which messes up if they are case-sensitive expressions or placeholders. Some other minor changes to suppport EL configuration.
2009-12-01 14:23:58 +00:00