cc5966bc7e
Tidying up, removing compiler warnings etc.
2008-12-20 00:16:49 +00:00
8154161ef5
SEC-1035: Updated build to use Spring 3.0.0.M1 Release
2008-12-18 02:37:00 +00:00
8f598e9b11
SEC-1052: Add support for the namespace option 'disable-url-rewriting'.
2008-12-17 01:28:29 +00:00
171456a26c
SEC-1018: Changes to allow external reference to SaltSource bean from the namespace.
2008-12-17 01:11:43 +00:00
00125cddee
SEC-1016: Moved the MapBasedDefinitionSource to the top of the list of delegates (before expressions), but changed the code to only add it if there are pointcuts defined, so there should be no unnecessary overhead.
2008-12-17 00:48:32 +00:00
585e5f393a
Added warning suppression for deprecation.
2008-12-17 00:32:21 +00:00
d8b5f770e9
Added warning suppression for deprecation.
2008-12-17 00:31:17 +00:00
db5f1e69f1
SEC-949: Added the option of specifying -1 as the token-validity-seconds value in order to set the cookie maxAge to expire when the browser closes.
2008-12-17 00:14:48 +00:00
c2e688610c
SEC-1011: Introduced methods for extracting the remember-me cookie and for creating the returned token.
2008-12-16 23:25:44 +00:00
998f0b3ea1
SEC-993: Updated retrievePassword method to return null if an Authentication object with null credentials is presented (e.g. with OpenID). Prevents NPE when toString() is called.
2008-12-16 20:35:18 +00:00
d0fcbd9baf
Tidying up Javadoc.
2008-12-16 20:29:53 +00:00
a1bd48733a
Minor Javadoc correction.
2008-12-16 20:16:56 +00:00
74fd5fe8a4
Finish refactoring JdbcDaoIml to remove MappingSqlQuery objects. Updated Javadoc to avoid user confusion.
2008-12-16 18:55:38 +00:00
b24cc17dea
SEC-1052: Added "disableUrlRewriting" parameter to HttpSessionSecurityContextRepository.
2008-12-16 17:35:34 +00:00
bf409b5b25
Improvements to Javadoc.
2008-12-16 02:06:26 +00:00
f54d7ee6bc
SEC-535: Added "postOnly" flag to AuthenticationProcessingFilter, defaulting to "true" so that only POST requests are allowed by default.
2008-12-15 23:58:40 +00:00
898ef36d02
SEC-959: Converted SwitchUserFilter to use new Authentication success and failure strategies from SEC-745 for managing redirects.
2008-12-15 19:50:53 +00:00
c3181d9db0
SEC-1063: Moved the justUseSavedRequestOnGet property to ExceptionTranslationFilter. If set, it will not store the SavedRequest for unless the request is a GET.
2008-12-15 02:48:32 +00:00
40ccd3be11
SEC-1058: Further refactoring to remove use of getDefaultTargetUrl(). Subclasses now pass the default value as a constructor argument.
2008-12-15 01:25:12 +00:00
fcc68e636e
SEC-1062: Added authentication-success-handler-ref and authentication-failure-handler-ref to the namespace definition.
2008-12-15 00:56:17 +00:00
a0bcf7184c
SEC-1061: Renamed serverSideRedirect property.
2008-12-14 23:56:30 +00:00
cf3cac90ad
SEC-1058, SEC-745: Updating comments
2008-12-14 23:53:44 +00:00
3f38035057
SEC-1058: Renamed "forwardToDestination" to "useForward" for simplicity and consistency with the namespace.
2008-12-14 22:53:31 +00:00
2927b8464f
SEC-1058: Substantial refactoring of AbstractProcessingFilter to use AuthenticationFailureHandler strategy. Also changed attemptAuthentication method to take a response object and have the option of returning null, to allow OpenIDAuthenticationProcessingFilter to work without having to throw exceptions between the template methods (which made the logic very hard to follow). The OpenID filter now redirects to the OpenID provider service from this method, rather than treating it as a temporary failure and throwing OpenIDAuthenticationRequiredException.
2008-12-14 22:20:21 +00:00
839279161d
SEC-745: Added concrete failure handling strategies.
2008-12-13 23:34:15 +00:00
6664f57ff6
SEC-992: Removed the line setting returningObj to false.
2008-12-12 23:22:26 +00:00
10e4d1fe1a
SEC-1058: Partial refactoring of AbstractProcessingFilter. It now uses the injected SuccssfulAuthenticationHandler strategy instead of managing everything itself. The default implementation is SavedRequestAwareSuccessfulAuthenticationHandler which encapsulates most of the filter's success logic along with the code which was previously in TargetUrlResolver. Removed TargetUrlResolver.
2008-12-12 22:30:57 +00:00
615194710e
SEC-745: Created AuthenticationFailureHandler and AuthenticationSuccessHandler strategy interfaces.
2008-12-12 17:25:09 +00:00
48dce501ce
SEC-942: Added createEmptyContext() method to SecurityContextHolderStrategy and SecurityContextHolder to encapsulate the context implemetentation in one place. HttpSessionSecurityContextRepository calls this method when it needs a new context to store in the session.
2008-12-12 14:27:23 +00:00
aec23749d7
SEC-1056: Remove deprecated FilterToBeanProxy: It's gone
2008-12-12 13:04:37 +00:00
3fcc7b5403
SEC-1051: Moved voter and afterinvocation packages into acl package. Also moved filterer classes fom core, as they are used in the acl after-invocation classes
2008-12-12 12:47:42 +00:00
a443e55832
SEC-1057: Refactored TargetUrlResolver to remove SavedRequest from determineTargetUrl method.
2008-12-11 17:00:13 +00:00
093365b2f4
Removed unnecessary cast.
2008-12-11 16:42:25 +00:00
30f9b3e72c
SEC-995: AbstractSecurityInterceptor exception message improvement. Added the secured object to the exception message to make it easier to track down the originating method which causes a problem with public invocations.
2008-12-10 16:57:40 +00:00
3f40604b82
SEC-1055: Converted interfaces and methods using ServletRequest/Response to HttpServletRequest/Response where appropriate.
2008-12-10 13:48:25 +00:00
acfcac4594
SEC-996: AccessDeniedhandlerimpl doesn't write response code if used with errorPage
...
Applied supplied patch which checks the committed flag before forwarding to the error page.
2008-12-10 12:36:59 +00:00
7fe6a0fc0d
SEC-1033: Added support for web IP ranges based on an address and netmask.
2008-12-09 23:14:44 +00:00
7767a9ed60
SEC-1033: Add basic equality support for hasIpAddress() expression.
2008-12-09 18:04:08 +00:00
3da68a7a82
Java5 stuff
2008-12-09 18:02:58 +00:00
046456c142
Removed unused constants.
2008-12-09 14:33:31 +00:00
3e8de229be
Java5 updates.
2008-12-09 14:30:37 +00:00
98422b69a8
Java5 updates.
2008-12-09 14:27:31 +00:00
c2ac125719
Tidying up.
2008-12-08 21:55:33 +00:00
a2ef10e65f
SEC-1033: Fixed missing AuthenticationTrustResolver in web SecurityExpressionRoot. Converted some logging to trace level.
2008-12-08 21:54:47 +00:00
6b4045667a
SEC-1033: Completed working version of web expression support.
...
SEC-999: Added getExpressionParser() method to the security handler interface to allow both web and method expression security to obtain a suitable parser from the configuration for parsing their expression attributes.
2008-12-08 01:01:14 +00:00
fd3990c1f8
SEC-1033: Refactored DefaultFilterInvocationDefinitionSource to remove legacy methods and make it immutable.
2008-12-07 22:46:36 +00:00
bed00e10f5
Reduced visibility of attribute names in HttpSecurityBDP.
2008-12-07 13:46:09 +00:00
9bb64d1974
Removed out of date javadoc reference to SecurityEnforcementFilter.
2008-12-06 17:56:24 +00:00
7265a70f0a
SEC-1012: Java5 - use of vararg methods.
2008-12-06 17:33:19 +00:00
c3d216e7bb
SEC-1012: Minor improvements to SecurityContextHolderAwareRequestFilter and conversion to use jmock for test.
2008-12-06 17:31:53 +00:00
953a4ab9ea
SEC-1036: Removed deprecated class and unnecessary mock.
2008-12-05 22:30:26 +00:00
6293541b73
SEC-1036: Updated DefaultSpringSecurityContextSource to enable pooling for "manager" users by default but not when binding directly as a user.
2008-12-05 22:04:51 +00:00
bc6878c1c5
SEC-1044: Removed remember-me functionality from http auto-config namespace configuration. Added explicit <remember-me> elements to contacts and tutorial sample configurations.
2008-12-05 16:36:43 +00:00
58c237fa74
SEC-1015: Removed final packages/directories for old acl code.
2008-12-05 16:07:40 +00:00
38f466dcfc
SEC-1039: Refactored post-request session-creation logic into separate method. Some comment improvements.
2008-12-05 15:51:29 +00:00
48874d69a7
SEC-1039: Made sure "old" security context session key points to new one so they always match.
2008-12-05 14:54:01 +00:00
fd7fc0c8a5
SEC-1039: Corrected reference to security context key to match new value.
2008-12-05 14:52:52 +00:00
c5e1fd77ec
SEC-1045: Added testsfor use of external context storage strategy through the namespace
2008-12-04 14:25:55 +00:00
7dfbcf2ddf
SEC-990: Clarify the semantics of the ConsensusBased ADM. Added the suggested patch to the Javadoc for this class.
2008-12-04 13:32:35 +00:00
ffc8637def
Tidying up.
2008-12-03 11:02:56 +00:00
8587d4c635
Switch to non-deprecated methods.
2008-12-03 10:21:27 +00:00
3e2930d785
SEC-1045: Added security-context-repository-ref attribute to <http>
2008-12-02 16:14:03 +00:00
f2969392a6
SEC-1043: Improved Javadoc for LdapAuthenticationProvider user details mapping methods.
2008-12-02 14:32:44 +00:00
9ab69ddcaf
Converted to use jmock.
2008-12-02 13:58:20 +00:00
72eee6f1ca
Removing unused mock classes.
2008-12-02 13:07:06 +00:00
fba57bdf5b
Removed unused MockAccessDecisionManager class
2008-12-02 12:56:04 +00:00
283b932fe0
Minor tidying up.
2008-12-02 12:53:48 +00:00
f3387cd879
2008-12-02 12:49:13 +00:00
a09b15ce5f
Added tests for AuthenticationDetailsSourceImpl (and AuthenticationDetails).
2008-12-01 15:50:31 +00:00
8283074097
Tidying.
2008-12-01 15:49:35 +00:00
e3dd12021b
Added extra calls to exercise CachingUserDetailsService
2008-12-01 15:49:13 +00:00
a2f7b7e4f1
Added optional args argument to constructor.
2008-12-01 14:29:58 +00:00
3fe112f769
Added tests for AbstractAclVoter.
2008-12-01 14:28:24 +00:00
e864dfa796
SEC-1039: Converted HttpBeanDefinitionParser to use new context persistence filter instead of HttpSessionContextIntegrationFilter
2008-12-01 12:37:31 +00:00
08ea70909d
Fixed broken test due to missing context file.
2008-12-01 00:36:13 +00:00
a318aacc4f
Converted MethodSecurityInterceptorTests to use mocks and deleted app context file.
2008-11-30 23:20:16 +00:00
bfd4bcfdb7
SEC-1012: Java5ing of RunAsUserToken constructor.
2008-11-30 23:16:39 +00:00
b25d6958d7
SEC-1036: Removed references to SpringSecurityContextSource
2008-11-29 12:15:51 +00:00
66897e1849
SEC-1036: Upgraded Spring LDAP to 1.3 and made corresponding code changes. Also some general tidying up of LDAP code. Removed deprecated context factory classes.
2008-11-28 22:22:51 +00:00
1918c50fd7
SEC-1039: Deprecated HttpSessionContextIntegrationFilter and made it extend SecurityContextPersistenceFilter.
2008-11-28 18:01:34 +00:00
8cfd515b27
SEC-988: Added Javadoc for UserDetailsChecker interface.
2008-11-27 21:21:25 +00:00
d508adbf8b
SEC-1037: Made LdapAuthenticationProvider implement MessageSourceAware.
2008-11-27 21:12:43 +00:00
843d0e6910
SEC-985: Added hideUsernameNotFoundException property to LdapAuthenticationProvider and set default to true.
2008-11-27 21:08:01 +00:00
4d81d750cd
SEC-1039: Created new filter SecurityContextPersistenceFilter and SecurityContextRepository strategy to replace HttpSessionContextIntegrationFilter functionality.
2008-11-27 20:18:54 +00:00
789be71d8c
SEC-398: Rolled back addition of erroneous test method for this issue (the fix was incorrect and the test method does nothing useful).
2008-11-27 10:41:08 +00:00
2dfd006665
SEC-1012: Converted Groupsmanager to use List<String>
2008-11-26 11:17:15 +00:00
1f78974073
Improved javadoc and debug message relating to clearing of security context.
2008-11-26 10:35:06 +00:00
dca0505d23
SEC-1012: generification
2008-11-21 12:39:30 +00:00
05e753de61
Converted to use jmock for mocks.
2008-11-21 12:26:56 +00:00
6b24637fbc
Further SavedRequestWrapper related tests and tidying up.
2008-11-21 12:17:43 +00:00
1cf59b249a
Added test class for DefaultLoginPageGeneratingFilter.
2008-11-16 05:07:33 +00:00
13caa48a24
Added clearContext() in @After. Test was leaving a TestingAuthenticationToken in the context.
2008-11-16 00:09:35 +00:00
18e74e7d3f
Import cleaning.
2008-11-16 00:03:42 +00:00
22cca49d4a
Added clearContext() call in @Before method. Test class appears to be failing on the build server because of a left over security context from a previous test
2008-11-16 00:03:01 +00:00
67c06d3d52
SEC-1012: Adding generics and general tidying up of tests etc
2008-11-15 13:00:38 +00:00
a535c5bd05
Removed unused imports.
2008-11-15 11:09:40 +00:00
9dc50bce82
SEC-1013: Removed ConfigAttributeDefinition
2008-11-15 10:55:23 +00:00
e259fe43a9
SEC-1034: Removed classes for converting a FilterInvocationDefinitionSource to a map for use in FilterChainProxy
2008-11-15 10:26:35 +00:00
31375b7212
SEC-1012: Futher generification. Also changed method signature of ObjectDefinitionSource.getAllConfigAtributes to return a single collection
2008-11-15 09:35:11 +00:00
5c1f4e60e3
Tidying stuff
2008-11-14 07:16:49 +00:00
Luke Taylor