a73016b898
SEC-998: Initial bundlor template.mf for core
2009-04-22 12:47:44 +00:00
305ce125fb
SEC-863: Hierarchical roles should use the interface GrantedAuthority. Applied submitted patch.
2009-04-22 05:53:59 +00:00
d7f202a111
Addition of final to constructor set fields to improve immutability of authentication and user objects
2009-04-22 04:11:38 +00:00
ba6664f77f
SEC-1012: Refactor SessionRegistry interface to use Java 5 generics.
2009-04-21 06:57:21 +00:00
cac2bce382
Refactored SessionRegistryImpl to remove servlet API deps and moved back into core, along with other concurrent authentication package classes.
2009-04-21 06:05:14 +00:00
06040853da
Javadoc tidying
2009-04-21 03:16:57 +00:00
56ec1b4b05
Tidying beforeInvocation method.
2009-04-20 01:01:34 +00:00
292926518b
SEC-1136: Converted base exceptions to extend RuntimeException rather than NestedRuntimeException.
2009-04-15 10:19:37 +00:00
93bdcccaee
SEC-1132: Moved userdetails into core and added core/authority sub-package
2009-04-15 07:39:21 +00:00
5d0d1bd404
Fixed Javadoc typo.
2009-04-14 12:56:16 +00:00
db9afc36ab
Refactored internal context holder strategy implementations to be package private and final and refactored getContext() methods to use a single call to ThreadLocal.get().
2009-04-14 11:04:49 +00:00
c770998d92
SEC-1132: Move authoritymapping to core as it is actually used in loading authorities for a use, not in making access decisions.
2009-04-14 04:22:57 +00:00
550715e73f
SEC-1136: Removed SpringSecurityException and last import.
2009-04-14 01:51:22 +00:00
10673780db
OPEN - issue SEC-1136: Removed SpringSecurityException. Introduced new AclException as base class for Acl module. Refactored JAAS authentication to map to AuthenticationExcpetions rather than SpringSecurityException. Modified ExceptionTranslationFilter to look explicitly for AuthenticationException or AccessDeniedException (which it should do since these are the only two it handles).
2009-04-13 14:56:49 +00:00
ca7d055c2b
SEC-1132: Created core and authentication packages within core module.
2009-04-13 13:43:23 +00:00
9efb5a7007
SEC-1132: Moved access-control/authorization specific code to org.sf.security.access package. Created provisioning package for user management classes to remove cyclical deps. Some other moving of classes to remove code tangles. Restructuring of portlet module under org.sf.security.portlet
2009-04-12 12:23:23 +00:00
7c4d54f356
SEC-1131: Applied patch for portlet upgrade
2009-04-12 05:52:20 +00:00
365ae3936e
Moved MockAuthenticationManager to test package.
2009-04-12 05:13:18 +00:00
1b43e3661a
SEC-1132: Moved switch user event class to web module as it is only used by SwitchUserProcessingFilter.
2009-04-12 04:16:46 +00:00
bec84f874a
SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples.
2009-03-26 07:18:36 +00:00
2a9a8a41db
SEC-1125: Created separate web module spring-security-web
2009-03-25 06:28:18 +00:00
2c985a1c36
SEC-1126: separated out spring-security-config module containing namespace configuration classes and resources
2009-03-23 04:23:48 +00:00
a45ba138f7
SEC-1121: InMemoryResource.equals() is wrong. Corrected as suggested.
2009-03-20 04:44:39 +00:00
4aff4b2350
SEC-1123: Renamed ObjectDefinitionSource to SecurityMetadataSourceand performed related refactoring
2009-03-20 04:32:06 +00:00
4aae5ec42e
SEC-1124: Refactored LDAP code into separate module
2009-03-19 06:30:32 +00:00
a0f3015ac6
SEC-1086: AccessDecisionManager implementations now log debug messages giving the results returned by each voter polled.
2009-03-19 02:01:24 +00:00
d163cd7d18
SEC-1099: Translation of message.properties in Brazilian Portuguese. Added file.
2009-03-19 01:47:34 +00:00
c0638e9c8d
SEC-1110: Localization (messages_ko_KR.properties). Added.
2009-03-19 01:46:05 +00:00
591681c180
Upgrade to Spring M2 and correct expression classes and pom files to match changes
2009-03-19 01:17:16 +00:00
98593b7c78
SEC-1120: Added Portuguese messages file
2009-03-19 01:02:32 +00:00
ccf422af5a
SEC-1070: AbstractRetryEntryPoint always uses RetryWithHttpEntryPoint logger. Converted to protected (non-static) and used getClass().
2009-03-16 08:32:16 +00:00
9de9f638fe
SEC-1083: Removed unnecessary import
2009-03-16 08:07:18 +00:00
30748e8615
SEC-1083: PersistentTokenBasedRememberMeServices does not clear tokens on logout. Override logout method to remove tokens for user.
2009-03-16 08:05:02 +00:00
b7557d017e
Corrected Javadoc typo.
2009-03-16 07:10:12 +00:00
ef3ea65fdb
Switching back to 2.5.0-SNAPSHOT after tagging M1 release
2009-01-03 07:42:19 +00:00
fc5f50501e
[maven-release-plugin] prepare release 2.5.0.M1
2009-01-03 07:08:25 +00:00
ddffdf1699
SEC-745: Renamed failureHandler and successHandler to have prefix 'authentication'
2008-12-28 17:32:25 +00:00
4a41416c9b
Tidying up and removing compiler warnings.
2008-12-21 16:36:16 +00:00
f5d2e7a7ce
Make error message when multiple UserDetailsServices are found more explicit.
2008-12-21 13:29:42 +00:00
9cb361e88a
SEC-745: Added LogoutSuccessHandler strategy for use in LogoutFilter.
2008-12-20 23:25:29 +00:00
66e586ec67
Added Id keyword.
2008-12-20 15:41:51 +00:00
cc5966bc7e
Tidying up, removing compiler warnings etc.
2008-12-20 00:16:49 +00:00
8154161ef5
SEC-1035: Updated build to use Spring 3.0.0.M1 Release
2008-12-18 02:37:00 +00:00
8f598e9b11
SEC-1052: Add support for the namespace option 'disable-url-rewriting'.
2008-12-17 01:28:29 +00:00
171456a26c
SEC-1018: Changes to allow external reference to SaltSource bean from the namespace.
2008-12-17 01:11:43 +00:00
00125cddee
SEC-1016: Moved the MapBasedDefinitionSource to the top of the list of delegates (before expressions), but changed the code to only add it if there are pointcuts defined, so there should be no unnecessary overhead.
2008-12-17 00:48:32 +00:00
585e5f393a
Added warning suppression for deprecation.
2008-12-17 00:32:21 +00:00
d8b5f770e9
Added warning suppression for deprecation.
2008-12-17 00:31:17 +00:00
db5f1e69f1
SEC-949: Added the option of specifying -1 as the token-validity-seconds value in order to set the cookie maxAge to expire when the browser closes.
2008-12-17 00:14:48 +00:00
c2e688610c
SEC-1011: Introduced methods for extracting the remember-me cookie and for creating the returned token.
2008-12-16 23:25:44 +00:00
998f0b3ea1
SEC-993: Updated retrievePassword method to return null if an Authentication object with null credentials is presented (e.g. with OpenID). Prevents NPE when toString() is called.
2008-12-16 20:35:18 +00:00
d0fcbd9baf
Tidying up Javadoc.
2008-12-16 20:29:53 +00:00
a1bd48733a
Minor Javadoc correction.
2008-12-16 20:16:56 +00:00
74fd5fe8a4
Finish refactoring JdbcDaoIml to remove MappingSqlQuery objects. Updated Javadoc to avoid user confusion.
2008-12-16 18:55:38 +00:00
b24cc17dea
SEC-1052: Added "disableUrlRewriting" parameter to HttpSessionSecurityContextRepository.
2008-12-16 17:35:34 +00:00
bf409b5b25
Improvements to Javadoc.
2008-12-16 02:06:26 +00:00
f54d7ee6bc
SEC-535: Added "postOnly" flag to AuthenticationProcessingFilter, defaulting to "true" so that only POST requests are allowed by default.
2008-12-15 23:58:40 +00:00
898ef36d02
SEC-959: Converted SwitchUserFilter to use new Authentication success and failure strategies from SEC-745 for managing redirects.
2008-12-15 19:50:53 +00:00
c3181d9db0
SEC-1063: Moved the justUseSavedRequestOnGet property to ExceptionTranslationFilter. If set, it will not store the SavedRequest for unless the request is a GET.
2008-12-15 02:48:32 +00:00
40ccd3be11
SEC-1058: Further refactoring to remove use of getDefaultTargetUrl(). Subclasses now pass the default value as a constructor argument.
2008-12-15 01:25:12 +00:00
fcc68e636e
SEC-1062: Added authentication-success-handler-ref and authentication-failure-handler-ref to the namespace definition.
2008-12-15 00:56:17 +00:00
a0bcf7184c
SEC-1061: Renamed serverSideRedirect property.
2008-12-14 23:56:30 +00:00
cf3cac90ad
SEC-1058, SEC-745: Updating comments
2008-12-14 23:53:44 +00:00
3f38035057
SEC-1058: Renamed "forwardToDestination" to "useForward" for simplicity and consistency with the namespace.
2008-12-14 22:53:31 +00:00
2927b8464f
SEC-1058: Substantial refactoring of AbstractProcessingFilter to use AuthenticationFailureHandler strategy. Also changed attemptAuthentication method to take a response object and have the option of returning null, to allow OpenIDAuthenticationProcessingFilter to work without having to throw exceptions between the template methods (which made the logic very hard to follow). The OpenID filter now redirects to the OpenID provider service from this method, rather than treating it as a temporary failure and throwing OpenIDAuthenticationRequiredException.
2008-12-14 22:20:21 +00:00
839279161d
SEC-745: Added concrete failure handling strategies.
2008-12-13 23:34:15 +00:00
6664f57ff6
SEC-992: Removed the line setting returningObj to false.
2008-12-12 23:22:26 +00:00
10e4d1fe1a
SEC-1058: Partial refactoring of AbstractProcessingFilter. It now uses the injected SuccssfulAuthenticationHandler strategy instead of managing everything itself. The default implementation is SavedRequestAwareSuccessfulAuthenticationHandler which encapsulates most of the filter's success logic along with the code which was previously in TargetUrlResolver. Removed TargetUrlResolver.
2008-12-12 22:30:57 +00:00
615194710e
SEC-745: Created AuthenticationFailureHandler and AuthenticationSuccessHandler strategy interfaces.
2008-12-12 17:25:09 +00:00
48dce501ce
SEC-942: Added createEmptyContext() method to SecurityContextHolderStrategy and SecurityContextHolder to encapsulate the context implemetentation in one place. HttpSessionSecurityContextRepository calls this method when it needs a new context to store in the session.
2008-12-12 14:27:23 +00:00
aec23749d7
SEC-1056: Remove deprecated FilterToBeanProxy: It's gone
2008-12-12 13:04:37 +00:00
3fcc7b5403
SEC-1051: Moved voter and afterinvocation packages into acl package. Also moved filterer classes fom core, as they are used in the acl after-invocation classes
2008-12-12 12:47:42 +00:00
a443e55832
SEC-1057: Refactored TargetUrlResolver to remove SavedRequest from determineTargetUrl method.
2008-12-11 17:00:13 +00:00
093365b2f4
Removed unnecessary cast.
2008-12-11 16:42:25 +00:00
30f9b3e72c
SEC-995: AbstractSecurityInterceptor exception message improvement. Added the secured object to the exception message to make it easier to track down the originating method which causes a problem with public invocations.
2008-12-10 16:57:40 +00:00
3f40604b82
SEC-1055: Converted interfaces and methods using ServletRequest/Response to HttpServletRequest/Response where appropriate.
2008-12-10 13:48:25 +00:00
acfcac4594
SEC-996: AccessDeniedhandlerimpl doesn't write response code if used with errorPage
...
Applied supplied patch which checks the committed flag before forwarding to the error page.
2008-12-10 12:36:59 +00:00
7fe6a0fc0d
SEC-1033: Added support for web IP ranges based on an address and netmask.
2008-12-09 23:14:44 +00:00
7767a9ed60
SEC-1033: Add basic equality support for hasIpAddress() expression.
2008-12-09 18:04:08 +00:00
3da68a7a82
Java5 stuff
2008-12-09 18:02:58 +00:00
046456c142
Removed unused constants.
2008-12-09 14:33:31 +00:00
3e8de229be
Java5 updates.
2008-12-09 14:30:37 +00:00
98422b69a8
Java5 updates.
2008-12-09 14:27:31 +00:00
c2ac125719
Tidying up.
2008-12-08 21:55:33 +00:00
a2ef10e65f
SEC-1033: Fixed missing AuthenticationTrustResolver in web SecurityExpressionRoot. Converted some logging to trace level.
2008-12-08 21:54:47 +00:00
6b4045667a
SEC-1033: Completed working version of web expression support.
...
SEC-999: Added getExpressionParser() method to the security handler interface to allow both web and method expression security to obtain a suitable parser from the configuration for parsing their expression attributes.
2008-12-08 01:01:14 +00:00
fd3990c1f8
SEC-1033: Refactored DefaultFilterInvocationDefinitionSource to remove legacy methods and make it immutable.
2008-12-07 22:46:36 +00:00
bed00e10f5
Reduced visibility of attribute names in HttpSecurityBDP.
2008-12-07 13:46:09 +00:00
9bb64d1974
Removed out of date javadoc reference to SecurityEnforcementFilter.
2008-12-06 17:56:24 +00:00
7265a70f0a
SEC-1012: Java5 - use of vararg methods.
2008-12-06 17:33:19 +00:00
c3d216e7bb
SEC-1012: Minor improvements to SecurityContextHolderAwareRequestFilter and conversion to use jmock for test.
2008-12-06 17:31:53 +00:00
953a4ab9ea
SEC-1036: Removed deprecated class and unnecessary mock.
2008-12-05 22:30:26 +00:00
6293541b73
SEC-1036: Updated DefaultSpringSecurityContextSource to enable pooling for "manager" users by default but not when binding directly as a user.
2008-12-05 22:04:51 +00:00
bc6878c1c5
SEC-1044: Removed remember-me functionality from http auto-config namespace configuration. Added explicit <remember-me> elements to contacts and tutorial sample configurations.
2008-12-05 16:36:43 +00:00
58c237fa74
SEC-1015: Removed final packages/directories for old acl code.
2008-12-05 16:07:40 +00:00
38f466dcfc
SEC-1039: Refactored post-request session-creation logic into separate method. Some comment improvements.
2008-12-05 15:51:29 +00:00
48874d69a7
SEC-1039: Made sure "old" security context session key points to new one so they always match.
2008-12-05 14:54:01 +00:00
fd7fc0c8a5
SEC-1039: Corrected reference to security context key to match new value.
2008-12-05 14:52:52 +00:00
c5e1fd77ec
SEC-1045: Added testsfor use of external context storage strategy through the namespace
2008-12-04 14:25:55 +00:00
7dfbcf2ddf
SEC-990: Clarify the semantics of the ConsensusBased ADM. Added the suggested patch to the Javadoc for this class.
2008-12-04 13:32:35 +00:00
ffc8637def
Tidying up.
2008-12-03 11:02:56 +00:00
8587d4c635
Switch to non-deprecated methods.
2008-12-03 10:21:27 +00:00
3e2930d785
SEC-1045: Added security-context-repository-ref attribute to <http>
2008-12-02 16:14:03 +00:00
f2969392a6
SEC-1043: Improved Javadoc for LdapAuthenticationProvider user details mapping methods.
2008-12-02 14:32:44 +00:00
9ab69ddcaf
Converted to use jmock.
2008-12-02 13:58:20 +00:00
72eee6f1ca
Removing unused mock classes.
2008-12-02 13:07:06 +00:00
fba57bdf5b
Removed unused MockAccessDecisionManager class
2008-12-02 12:56:04 +00:00
283b932fe0
Minor tidying up.
2008-12-02 12:53:48 +00:00
f3387cd879
2008-12-02 12:49:13 +00:00
a09b15ce5f
Added tests for AuthenticationDetailsSourceImpl (and AuthenticationDetails).
2008-12-01 15:50:31 +00:00
8283074097
Tidying.
2008-12-01 15:49:35 +00:00
e3dd12021b
Added extra calls to exercise CachingUserDetailsService
2008-12-01 15:49:13 +00:00
a2f7b7e4f1
Added optional args argument to constructor.
2008-12-01 14:29:58 +00:00
3fe112f769
Added tests for AbstractAclVoter.
2008-12-01 14:28:24 +00:00
e864dfa796
SEC-1039: Converted HttpBeanDefinitionParser to use new context persistence filter instead of HttpSessionContextIntegrationFilter
2008-12-01 12:37:31 +00:00
08ea70909d
Fixed broken test due to missing context file.
2008-12-01 00:36:13 +00:00
a318aacc4f
Converted MethodSecurityInterceptorTests to use mocks and deleted app context file.
2008-11-30 23:20:16 +00:00
bfd4bcfdb7
SEC-1012: Java5ing of RunAsUserToken constructor.
2008-11-30 23:16:39 +00:00
b25d6958d7
SEC-1036: Removed references to SpringSecurityContextSource
2008-11-29 12:15:51 +00:00
66897e1849
SEC-1036: Upgraded Spring LDAP to 1.3 and made corresponding code changes. Also some general tidying up of LDAP code. Removed deprecated context factory classes.
2008-11-28 22:22:51 +00:00
1918c50fd7
SEC-1039: Deprecated HttpSessionContextIntegrationFilter and made it extend SecurityContextPersistenceFilter.
2008-11-28 18:01:34 +00:00
8cfd515b27
SEC-988: Added Javadoc for UserDetailsChecker interface.
2008-11-27 21:21:25 +00:00
d508adbf8b
SEC-1037: Made LdapAuthenticationProvider implement MessageSourceAware.
2008-11-27 21:12:43 +00:00
843d0e6910
SEC-985: Added hideUsernameNotFoundException property to LdapAuthenticationProvider and set default to true.
2008-11-27 21:08:01 +00:00
4d81d750cd
SEC-1039: Created new filter SecurityContextPersistenceFilter and SecurityContextRepository strategy to replace HttpSessionContextIntegrationFilter functionality.
2008-11-27 20:18:54 +00:00
789be71d8c
SEC-398: Rolled back addition of erroneous test method for this issue (the fix was incorrect and the test method does nothing useful).
2008-11-27 10:41:08 +00:00
2dfd006665
SEC-1012: Converted Groupsmanager to use List<String>
2008-11-26 11:17:15 +00:00
1f78974073
Improved javadoc and debug message relating to clearing of security context.
2008-11-26 10:35:06 +00:00
dca0505d23
SEC-1012: generification
2008-11-21 12:39:30 +00:00
05e753de61
Converted to use jmock for mocks.
2008-11-21 12:26:56 +00:00
6b24637fbc
Further SavedRequestWrapper related tests and tidying up.
2008-11-21 12:17:43 +00:00
1cf59b249a
Added test class for DefaultLoginPageGeneratingFilter.
2008-11-16 05:07:33 +00:00
13caa48a24
Added clearContext() in @After. Test was leaving a TestingAuthenticationToken in the context.
2008-11-16 00:09:35 +00:00
18e74e7d3f
Import cleaning.
2008-11-16 00:03:42 +00:00
22cca49d4a
Added clearContext() call in @Before method. Test class appears to be failing on the build server because of a left over security context from a previous test
2008-11-16 00:03:01 +00:00
67c06d3d52
SEC-1012: Adding generics and general tidying up of tests etc
2008-11-15 13:00:38 +00:00
a535c5bd05
Removed unused imports.
2008-11-15 11:09:40 +00:00
9dc50bce82
SEC-1013: Removed ConfigAttributeDefinition
2008-11-15 10:55:23 +00:00
e259fe43a9
SEC-1034: Removed classes for converting a FilterInvocationDefinitionSource to a map for use in FilterChainProxy
2008-11-15 10:26:35 +00:00
31375b7212
SEC-1012: Futher generification. Also changed method signature of ObjectDefinitionSource.getAllConfigAtributes to return a single collection
2008-11-15 09:35:11 +00:00
5c1f4e60e3
Tidying stuff
2008-11-14 07:16:49 +00:00
3261fcb174
Tidying stuff
2008-11-14 07:16:30 +00:00
fa630a430d
Removed unused test files
2008-11-14 06:23:34 +00:00
3ce5ea7710
Add missing @Test attributes
2008-11-14 06:22:43 +00:00
df26b2447c
SEC-1035: Switch to using spring-el from the Spring 3 build
2008-11-14 06:21:24 +00:00
bd9b199599
Import cleaning.
2008-11-14 00:28:54 +00:00
648ba1c43a
SEC-1034: Fix broken tests.
2008-11-13 08:57:43 +00:00
ae05e74085
Replace use of deprecated Spring methods (addConstructorArg) with non-deprecated versions.
2008-11-13 08:56:59 +00:00
7a8bd8a673
SEC-1034: Removed FilterInvocationDefinitionSourceEditor.
2008-11-13 07:46:21 +00:00
464da0f0df
SEC-999: Refactored namespace to take an expression handler instead of a permission evaluator, allowig fo greater cusomtomization and for a single handler to be used in both web and method security expressions.
2008-11-13 07:41:21 +00:00
ee13be47b7
Call setAuthenticated() in constructor with authorities to mimic behaviour of UsernamePasswordAuthenticationToken
2008-11-13 07:29:43 +00:00
3ef34122fc
Converted to using JMock.
2008-11-13 06:50:55 +00:00
e18971fdf0
Fix test. BasicProcessingFilter doesn't work with TestingAuthenticationToken.
2008-11-13 06:30:39 +00:00
3acd515c6c
SEC-999: Refactored expression security classes for better separation of concerns and of method vs web authorization expressions.
2008-11-12 04:07:56 +00:00
0bbab88504
SEC-1031: LdapShaPasswordEncoder.isPasswordValid startOfHash off by one
...
http://jira.springframework.org/browse/SEC-1031 . Fixed startOfHash value and added tests to check full length of password is used.
2008-11-11 23:34:40 +00:00
0ba690fb0e
SEC-1015: Removed acl package from core and also related taglib declaration and implementation class (AclTag).
2008-11-11 09:21:51 +00:00
e5b1073501
SEC-1012: Added more generics and warning suppression
2008-11-11 09:06:50 +00:00
be34724207
Matchers for use with JMock expectations
2008-11-11 08:43:17 +00:00
62986c700b
SEC-1027: Removed bnd plugin and 'bundle' package types from pom.xml files
2008-11-11 01:09:37 +00:00
e11114ce77
SEC-1023: Add hasPermission() support to SecurityExpressionRoot
...
http://jira.springframework.org/browse/SEC-1023 .
hasPermission() now delegates to a PermissionEvaluator interface, with a default implementation provided by the Acl module. The contacts sample now uses expressions on the ContactManager interface. The permission-evaluator element on global-method-security can be used to set the instance to an AclPermissionEvaluator. If not set, all hasPermission() expressions will evaluate to 'false'.
2008-11-10 04:27:25 +00:00
d6bb6ccbf5
Removed .cvsignore files
2008-11-06 01:11:08 +00:00
d33b13e52e
SEC-1023: Added support for hasPermission() based on Id and type
2008-11-05 22:44:46 +00:00
a207acf7cb
SEC-999: Fix broken test which was failing due to use of incorrect authentication object.
2008-11-05 01:09:14 +00:00
56141e9c5f
SEC-999: Refactoring out specific dependencies on Spring EL into SecurityExpressionHandler.
...
SEC:1023: Updates to expression root to allow evaluationof permissions.
2008-11-04 23:30:56 +00:00
dabb719456
SEC-1023: Add hasPermission() support to SecurityExpressionRoot
...
http://jira.springframework.org/browse/SEC-1023 . PermissionEvaluator interface for use by expressions when evaluating hasPermisson() expressions.
2008-11-04 22:46:21 +00:00
b42fc7221f
Upgraded to jmock 2.5.1
2008-11-04 05:37:56 +00:00
514bca669f
SEC-999: Introduced custom SecurityExpressionEvaluationContext which is responsible for lazy initialization of parameter values in the context. Also some further conversion of code using GrantedAuthority arrays.
2008-10-31 11:40:11 +00:00
ec44f2bdfe
SEC-1012: Refactoring of use of GrantedAuthority[] to generified collections
2008-10-31 03:53:00 +00:00
e891b334e6
SEC-1009: removed additional container adapter specific code
2008-10-30 05:45:13 +00:00
09cc58d7ac
SEC-1009: removed additional container adapter specific code
2008-10-30 05:44:38 +00:00
3521af4cae
Added missing test class.
2008-10-30 04:32:22 +00:00
a7d046357b
SEC-1013: Refactored out use of ConfigAttributeDefinition from remaining interfaces
2008-10-30 04:10:54 +00:00
c7abdadc06
SEC-999: Moved caching from AbstractFallbackMethodDefinitionSource to DelegatingMethodDefinitionSource, to allow ExpressionBasedMethodDefinitionSource to take advantage of it. The latter no-longer uses the fallback approach as it requires its own strategy to combine annotations which may be defined at method-on-class, class, method-on-interface or interface level.
2008-10-28 06:37:04 +00:00
f2ec8c978a
Moved MethodDefinitionSource to standalone class.
2008-10-27 21:51:58 +00:00
f592357c27
SEC-999,SEC-1013: removed ConfigAtributeDefinition from ObjectDefinitionSource and implementations. Modified el-authz to allow methods which use an annotation without explicitly specifying a PreAuthorize condition
2008-10-27 09:04:22 +00:00
5174693c64
SEC-999: Expression language based access decision support
...
http://jira.springframework.org/browse/SEC-999 . Added missing test class.
2008-10-24 00:57:52 +00:00
4aa32f7d06
SEC-999: First commit of expression-based authorization implementation
2008-10-24 00:38:36 +00:00
91c44a47fd
SEC-999: Added spel-annotations to newly created 2.5 schema file.
...
http://jira.springframework.org/browse/SEC-999
2008-10-21 05:54:42 +00:00
b031124f61
SEC-991: Removed deprecated getAttributes() method from LdapUserDetails interface
2008-10-17 05:12:11 +00:00
b589f78918
SEC-954: Deprecate AbstractMethodDefinitionSource
2008-10-17 01:06:21 +00:00
c947d42146
SEC-1010: Moved TestingAuthenticationProvider and token to main core src tree and updated poms to match
2008-10-15 06:35:11 +00:00
6c8a82fa13
Updated poms to Spring 2.5 and fixed up sandbox to work with latest build
2008-10-15 05:52:40 +00:00
7cc0965383
SEC-1001: Move core tiger code into core and adjust pom files
2008-10-03 15:23:31 +00:00
97381fb448
SEC-974: Made getExceptionMappings() protected.
2008-10-01 16:25:20 +00:00
4542f00b14
SEC-975: Namespace security syntax does not interpret properties
...
http://jira.springframework.org/browse/SEC-975 . Changed creation of AccessDeniedHandler to use a BeanDefinition to make sure placeholders work OK.
2008-09-12 19:06:53 +00:00
5e4634d216
Minor Javadoc improvement.
2008-09-12 14:57:21 +00:00
d291def963
Removed invalid comment.
2008-09-12 10:18:40 +00:00
df59cb9dcd
Import cleaning.
2008-09-11 14:41:00 +00:00
ef0389ae79
SEC-976: Removed checks for presence of core-tiger classes.
2008-09-11 14:37:55 +00:00
5b9bb8ba54
[maven-release-plugin] prepare for next development iteration
2008-09-05 19:04:22 +00:00
73eed2656d
[maven-release-plugin] prepare release spring-security-parent-2.0.4
2008-09-05 18:57:43 +00:00
8661e17df9
OPEN - issue SEC-960: DN Encoding in LDAPUserDetailsManager.changePassword() causes bind errors
...
http://jira.springframework.org/browse/SEC-960 . Replaced call to toUrl() with toString() to prevent URL encoding when setting up principal name for reconnect() in changePassword() method.
2008-09-05 13:49:38 +00:00
5102be3a59
SEC-971: getter for cookieName in AbstractRememberMeServices
...
http://jira.springframework.org/browse/SEC-971 . Added getCookieName() method.
2008-09-04 16:05:34 +00:00
4e2d6f8b2e
SEC-967: TextUtils.java does not escape ampersand character
...
http://jira.springframework.org/browse/SEC-967 . Added escaping of '&' character
2008-08-29 12:01:45 +00:00
d781deffe7
OPEN - issue SEC-966: Consider adding escapeXml attribute to security:authentication
...
http://jira.springframework.org/browse/SEC-966 . Added escaping of rendered text as default.
2008-08-26 16:21:29 +00:00
a4e4120443
SEC-963: LDAP Group Search Root
...
http://jira.springframework.org/browse/SEC-963 . Changed namespace instances of DefaultAuthoritiesPopulator to use the root as the default search location.
2008-08-26 13:51:01 +00:00
83868a7334
SEC-955: ability to externalize port mapping for secured channel to a property file
...
http://jira.springframework.org/browse/SEC-955 . Changed schema to make port-mapping type xsd:string to allow placeholders.
2008-08-26 13:20:01 +00:00
150f3d97d0
SEC-832: NamingEnumeration.hasMore fails on MS AD with PartialResultException
...
http://jira.springframework.org/browse/SEC-832 . Changed searchForSingleEntry method to ignore PartialResultException, similar to Spring LDAP's approach.
2008-08-26 12:49:37 +00:00
7f28a8bc5d
Refactored DefaultLdapAuthoritiesPopulator to remove contextSource field and setter method.
2008-08-26 12:38:02 +00:00
1cfd886517
SEC-922: Spring Security should respect Spring XML boolean operators for AJ pointcut
...
http://jira.springframework.org/browse/SEC-922 . Added method to substitute boolean operators "and, not, or" with aspectj versions "&&, !, ||".
2008-08-18 23:31:14 +00:00
bb457e1d07
SEC-957: logger.debug without guard causing massive performance hit
...
http://jira.springframework.org/browse/SEC-957 . Added debug logging guard as requested.
2008-08-18 18:20:48 +00:00
09cf90258f
SEC-758: Both AspectJSecurityInterceptor and AspectJAnnotationSecurityInterceptor not usable with @AspectJ notation
...
http://jira.springframework.org/browse/SEC-758 . Added "throws Throwable" to AspectJAnnotationCallback signature.
2008-08-18 14:47:28 +00:00
e15d7a78cd
SEC-956: Remove MapBasedMethodDefinitionSource.lookupAttributes
...
http://jira.springframework.org/browse/SEC-956 . Done.
2008-08-18 13:13:18 +00:00
3bf5e406b7
SEC-936: NPE in AbstractFallbackMethodDefinitionSource
...
http://jira.springframework.org/browse/SEC-936 . Changed to check if the value of MethodInvocation.getThis() is null to prevent NPE. MapBasedMethodDefinitionSource now ignores calls to findAttributes() with a null target class (all its entries require a class) and the fallback option in AbstractFallbackMethodDefinitionSource is used if the targetClass is null (i.e. Method.getDeclaringClass() will be used as the Class)
2008-08-16 02:31:36 +00:00
55d357f42d
OPEN - issue SEC-905: <protect-pointcut /> pointcuts do not respect method arguments
...
http://jira.springframework.org/browse/SEC-905 . Added extra registration method to MapBasedMethodDefinitionSource which takes a Method instance rather than the method name.
2008-08-12 17:11:38 +00:00
d9ab0758ee
SEC-954: Removed test dependency on AbstractMethodDefinitionSource.
2008-08-12 17:08:55 +00:00
36b35e3b1f
CLOSED - issue SEC-953: Query string isn't ignored while url - filterchain pattern matching
...
http://jira.springframework.org/browse/SEC-953 . Fixed autoboxing issue.
2008-08-11 21:15:09 +00:00
39a656eb78
OPEN - issue SEC-953: Query string isn't ignored while url - filterchain pattern matching
...
http://jira.springframework.org/browse/SEC-953 . Added stripQueryStringFromUrls parameter to FilterChainProxy which works the same as the one on DefaultFilterInvocationDefinitionSource. This defaults to true when used with ant path matching.
2008-08-11 19:15:33 +00:00
b6dec19e90
SEC-932: Added supplied class and test class.
2008-08-11 16:36:01 +00:00
3ab9fcdcaf
Tidying.
2008-08-11 15:05:16 +00:00
3a9eb018ba
SEC-950: Added test to attempt to reproduce problem.
2008-08-08 15:41:14 +00:00
b3a23b4377
Some minor improvements to schema comments
2008-08-07 19:15:13 +00:00
25814d341d
Tidying.
2008-08-06 16:18:05 +00:00
e951c42c2b
Improved javadoc. Some tidying up.
2008-08-06 15:28:04 +00:00
7258d30e13
Reinstated missing author tag and some minor tidying (de-jalopying). Removed unused logger.
2008-08-06 13:41:01 +00:00
3ee3591feb
SEC-947: Added check on "before" and "after" values to make sure they don't overflow when decremented/incremented respectfully.
2008-08-05 23:26:01 +00:00
1af7eed433
SEC-883: RoleHierarchyVoter
...
http://jira.springframework.org/browse/SEC-883 . Added RoleHierarchyVoter and deprecated existing approach. Also moved TestingAuthenticationToken to test package structure.
2008-08-04 13:08:03 +00:00
54ac7b3e46
SEC-935: Updated schema to include OpenID filter name. Also updated some doc comments and added default schema name (spring-security.xsd) to schemas.
2008-08-01 12:51:31 +00:00
3049b933d9
Moved XML test snippet to ConfigTestUtils class and removed context files from core-tiger tests in favour of in-memory XML
2008-07-31 21:35:29 +00:00
1d96283876
Removed commented out line.
2008-07-31 20:45:25 +00:00
d7926f3557
SEC-943: Forgot to commit tests.
2008-07-31 20:30:56 +00:00
e5d86b13b7
SEC-941: Embedded ldap-server uses hard-coded ldap url for importing ldif files
...
http://jira.springframework.org/browse/SEC-941 . Changed LdapUtils.parseRootDnFromUrl to use URI.getRawPath() so the returned root value still contains the escaping. I think this should be Ok.
2008-07-31 19:50:08 +00:00
67e5afbb79
OPEN - issue SEC-881: PreAuthenticatedFilter continues filter chain after unsuccessfulAuthentication(...)
...
http://jira.springframework.org/browse/SEC-881 . Updated Javadoc.
2008-07-31 15:56:37 +00:00
000bb1cbed
OPEN - issue SEC-881: PreAuthenticatedFilter continues filter chain after unsuccessfulAuthentication(...)
...
http://jira.springframework.org/browse/SEC-881 . Added test class.
2008-07-31 15:42:04 +00:00
243c4f22d4
OPEN - issue SEC-899: GrantedAuthorityImpl.compareTo should handle null roles
...
http://jira.springframework.org/browse/SEC-899 . Changed to return -1 when compared to custom auhority which returns null from getAuthority()
2008-07-31 13:01:22 +00:00
d4c105d8ba
OPEN - issue SEC-934: security:intercept-url throws NPE if defined twice with the same url
...
http://jira.springframework.org/browse/SEC-934 . Added log warning when the same url is used multiple times.
2008-07-30 15:03:47 +00:00
f6ff958411
Renamed rnc file.
2008-07-30 11:05:44 +00:00
4bb3eb12c3
SEC-933: global-method-security and aop:aspectj-autoproxy throws NullPointerException in some situations
...
http://jira.springframework.org/browse/SEC-933 . Removed the setting of the attributeSource field from the interceptor in MethodDefinitionSourceAdvisor as this was overwriting the version supplied with the constructor with null (causing the NPE).
Also implemented lazy initialization of the authentication provider list from the bean factory in a custom NamespaceAuthenticationManager (extends ProviderManager and introspects the BeanFactory when getProviders() is first called). This should prevent the perennial problem of the eager initialization of UserDetailsService and other beans when the interceptor is eagerly initialized by something like aspectj-autoproxy.
2008-07-30 11:01:23 +00:00
f453264bde
SEC-909: custom remember me services doesn't get registered as logout handler
...
http://jira.springframework.org/browse/SEC-909 . HttpSecurityBeanDefinitionParser now passes the resolved RememberMeServices bean name to the LogoutBeanDefinitionparser so that it an use it explicitly.
2008-07-15 18:22:53 +00:00
1ddc033fe5
SEC-903: Wrong attribute mapping when using jdbc-user-service bean
...
http://jira.springframework.org/browse/SEC-903 . Corrected property name set by JdbcUserServiceBeanDefinitionParser (was setting authorities query rather than groups one).
2008-07-15 16:43:57 +00:00
e303e8b71a
SEC-924: Implement automatic injection of namespace created RememberMeServices into custom AbstractProcessingFilter based beans.
...
http://jira.springframework.org/browse/SEC-924 . Delayed setting of NullRememberMeServices in AbstractProcessingFilter until afterPropertiesSet method is called, allowing the null value to be read by the namespace and the confgiured RememberMeServices bean injected.
2008-07-15 14:52:13 +00:00
bf5896600e
OPEN - issue SEC-913: SwitchUserProcessingFilter modifies the switchFailureUrl member variable on failure
...
http://jira.springframework.org/browse/SEC-913 . Applied patch as suggested (use sendRedirect method for failure URL).
2008-07-15 13:42:30 +00:00
b4c63db680
SEC-921: Improved messages_zh_CN.properties for Chinese
...
http://jira.springframework.org/browse/SEC-921 . Added contributed file.
2008-07-15 11:11:21 +00:00
a56c13fb22
SEC-912: Added callback methods to BasicProcessingFilter for successful and unsuccessful authentication.
2008-07-12 17:40:39 +00:00
697c7c5f48
SEC-918: Added more info on DB schema to javadoc
2008-07-12 15:21:24 +00:00
6d179122d3
SEC-916: Added Spanish messages contribution.
2008-07-10 15:32:01 +00:00
2cda6242c8
SEC-904: Moved multi-threaded tests into sandbox
2008-07-02 19:19:21 +00:00
479693ced7
SEC-900: Added extra checks on expiry time
2008-07-02 18:40:55 +00:00
775a6c3939
[maven-release-plugin] prepare for next development iteration
2008-06-23 14:10:35 +00:00
87d50aecce
[maven-release-plugin] prepare release spring-security-parent-2.0.3
2008-06-23 14:05:36 +00:00
3ee8733261
SEC-879: Added required BeanPostProcessor to set SessionRegistry is set on namespace registered AbstractProcessingFilter and SessionFixationProtectionFilter when using custom ConcurrentSessionController
...
http://jira.springframework.org/browse/SEC-879 .
2008-06-20 22:08:05 +00:00
d5ee89bb7c
Correct typo in error message.
2008-06-19 15:21:03 +00:00
ff5bfccdba
SEC-892: Linked use of create-session='never' in namespace to corresponding properties in ExceptionTranslationFilter and AbstractProcessingFilter
2008-06-19 13:46:45 +00:00
c56d524bd9
SEC-887: Added setter method for account status checker.
2008-06-18 12:00:45 +00:00
af5f193ec1
SEC-890: Corrected use of dataSource property name in RememberMeBDP.
2008-06-18 10:35:30 +00:00
7d79ae5424
SEC-880: Fix incorrect index value.
2008-06-13 10:58:01 +00:00
32b8009bee
SEC-875: Removed duplicated parameters from SavedRequestWrapper.getParameterValues()
2008-06-09 23:33:36 +00:00
3b775d29d3
SEC-870: Polish messages file contribution
2008-06-08 22:09:47 +00:00
358f284f42
SEC-760: Correct bug where more than one concurrent JaasAuthenticationProvider used.
2008-06-06 06:13:14 +00:00
ff785a829f
[maven-release-plugin] prepare for next development iteration
2008-06-03 16:07:20 +00:00
db1d8604a6
[maven-release-plugin] prepare release spring-security-parent-2.0.2
2008-06-03 16:05:40 +00:00
9308284bd4
SEC-864: Removed duplicate OpenID provider.
2008-06-03 14:53:43 +00:00
122e1c47ed
Changed rnc filename prior to 2.0.2 release
2008-06-01 19:34:50 +00:00
64ab7e534c
Spelling corrections in Javadoc.
2008-06-01 17:26:27 +00:00
ab6d29d927
SEC-862: Make logoutSuccessUrl accessible to sub-classes.
2008-06-01 16:15:09 +00:00
1d9d7eb9a7
Removed accidental commit of SavedRequest clearing code in TargetUrlResolverImpl
2008-05-30 17:53:09 +00:00
ecd2cc6da7
Added some Assert calls to setters and improved comments.
2008-05-30 15:29:51 +00:00
f228d013d8
SEC-861: Change default value of justUseSavedRequestOnGet to false
2008-05-30 15:09:51 +00:00
4de4bb8e87
SEC-860: Added setter for authenticationDetailsSource to AbstractRememberMeServices
2008-05-30 14:29:32 +00:00
f8cded10ee
Typo.
2008-05-30 11:20:16 +00:00
c031588975
SEC-606: Added support for customizable credentials character set.
2008-05-29 18:00:15 +00:00
36a192b70f
SEC-858: Replaced integer properties in schema with strings to allow use of placeholders.
2008-05-29 16:13:14 +00:00
980a72f9a0
Removed TODO (done).
2008-05-29 15:54:50 +00:00
517a7f117a
SEC-857: Make request wrapper getParameterValues() consistent with getParameterMap() etc.
2008-05-29 15:49:43 +00:00
244579faf4
OPEN - issue SEC-856: GroupManager JdbcUserDetailsManager implementation: addGroupAuthority() method doesn't work.
...
http://jira.springframework.org/browse/SEC-856 . Refactored class to remove the JDBC-related inner classes.
2008-05-28 16:25:28 +00:00
d63536cc0d
SEC-821: Added support for eternal session registry and concurrent session controller to the 2.0.2 namespace.
2008-05-27 13:14:21 +00:00
8b5bbe3800
SEC-830: Changed SavedRequestAwareWrapper to make wrapped request parameters take precedence over saved request ones.
2008-05-25 22:57:03 +00:00
45c3084502
SEC-836: Made LDAP namespace elements use subtree group searching by default.
2008-05-23 23:57:01 +00:00
871e529840
SEC-850: custom-authentication-provider Registering Separate Bean Definitions in App Context and Providers List
...
http://jira.springframework.org/browse/SEC-850 . Added extra test.
2008-05-23 23:32:57 +00:00
d1005e4cfb
SEC-850: custom-authentication-provider Registering Separate Bean Definitions in App Context and Providers List
...
http://jira.springframework.org/browse/SEC-850 . Changed bean decorator to add a bean reference to the ProviderManager rather than a bean definition.
2008-05-23 23:25:09 +00:00
9ce0270226
Fixed typo in test name
2008-05-23 22:57:30 +00:00
7603ce2f97
SEC-848: Remove all Spring LDAP dependecy loading from namespace parsers
...
http://jira.springframework.org/browse/SEC-848 . Replaced class references with class names.
2008-05-23 21:30:57 +00:00
25ba269db0
SEC-835: use setContentType on response for J2EE 1.3 compatibility.
2008-05-23 20:55:10 +00:00
11b448c0e0
SEC-847: Updated the xsl file to inline openid-login and other elements
2008-05-23 16:29:44 +00:00
08c5fe8925
Fixed autoboxing issue
2008-05-22 12:19:00 +00:00
fbe3ca48f4
SEC-823, SEC-843: Allow setting of custom RememberMeServices and token validity periodon remember-me namespace element
2008-05-21 16:03:05 +00:00
3e33b8a880
Update InMemoryXmlApplicationContext to use 2.0.2 schema
2008-05-20 22:46:37 +00:00
b60c578b25
SEC-844: Support for SHA-256 hashing.
2008-05-20 22:45:02 +00:00
03981ab6a0
SEC-844: Added sec-256 to namespace schema
2008-05-20 22:32:03 +00:00
e9adbd4d62
SEC-844, SEC-843, SEC-823: Added support for sha-256, custom remember-me services and setting of remember me token validity period to namespace schema. Also added 2.0.2 XSD file
2008-05-20 19:48:32 +00:00
29d31b72d0
SEC-837: Add special character filtering to LDAP search filters
2008-05-20 19:25:37 +00:00
3fb1f59fde
SEC-837: Add special character filtering to LDAP search filterscore/src/test/java/org/springframework/security/ldap
2008-05-20 19:22:49 +00:00
5af53da106
Improved doc for'filters' attribute
2008-05-18 11:09:50 +00:00
2329dadf48
Removed jalopy parameter comments
2008-05-15 17:58:15 +00:00
f269373442
IDE-791: Remove explicit Spring LDAP class dependencies from LdapServerBDP.
2008-05-15 14:33:42 +00:00
8b2c0468ff
OPEN - issue SEC-834: Session fixation attack protection will cause problems with URL rewriting
...
http://jira.springframework.org/browse/SEC-834 . Modified HttpSecurityBDP to add session-fixation parameters to openId and form-login filters. Also added sessionRegistry property to AbstractProcessingFilter so that it doesn't conflict with concurrent session control.
2008-05-15 01:34:14 +00:00
d17a2da9e0
SEC-834: Session fixation attack protection will cause problems with URL rewriting
...
http://jira.springframework.org/browse/SEC-834 . Changed position of SessionFixationProtectionFilter and modified it to make a decision about whether authentication has taken place prior to calling doFilter(). Previously it did this on the return through the filter chain, which caused the problem described in this issue.
2008-05-15 00:26:27 +00:00
7f38c656ca
SEC-820: Expand regular expression used in hierarchical roles.
2008-05-14 22:59:33 +00:00
6493df13f8
SEC-803: Removed use of websphere SubjectHelper class.
2008-05-14 22:51:39 +00:00
59543af4fb
SEC-826: Support for JPA PersistenceContext annotation broken
...
http://jira.springframework.org/browse/SEC-826 Moved all injection post-processing to BeanPostProcessors (and deleted bean factory post-processor) to prevent early instantiation problems. Beas should now all be instantiated before the injection takes place.
2008-05-14 16:41:52 +00:00
1fee538c7e
Fixed typo in setter method (uses of).
2008-05-13 15:32:30 +00:00
ae2470127c
Fixed typo in setter method "seAttributePrefix"
2008-05-13 13:51:49 +00:00
e1b226ee57
Added 2.0.2 namespace file
2008-05-10 17:16:46 +00:00
add2649397
Javadoc typo.
2008-05-09 18:09:56 +00:00
781d88bd30
OPEN - issue SEC-825: Query string isn't beig stripped from URLs when ant matcher is in use (regression issue)
...
http://jira.springframework.org/browse/SEC-825 . Make sure the property is set on DefaultFilterInvocationDefinitionSource when ant paths are in use.
2008-05-09 18:08:32 +00:00
883b92e7bd
SEC-822: Converted to long arithmetic to prevent integer overflowing with long token validity periods
2008-05-08 15:07:40 +00:00
301d021bf5
SEC-817: NPE in org.springframework.security.config.FilterChainProxyPostProcessor
...
Reversed order of beanName.equals() call as suggested.
2008-05-07 13:58:53 +00:00
8ad2d681ab
SEC-818: Changed redirect URL validation to ignore potential property placeholders at parsing time and report a warning through the parser context rather than an error. Also validated the URLs in the beans themselves using Asserts, so an exception will occur later when the beans have been created rather than while assembling the bean definitions.
2008-05-07 13:49:20 +00:00
afc757e618
Removed reference to LdapDataAccessException since it isn't actually mentioned except in javadoc
2008-05-06 14:43:52 +00:00
c333070fe3
Javadoc tidying
2008-05-06 13:59:46 +00:00
fca3a2a709
SEC-812: Added missing TextUtils file
2008-05-05 19:09:09 +00:00
fa44c74993
SEC-812: Added entity-escaping of username stored under last username key, to prevent problems if it is rendered in a page without escaping the text.
2008-05-05 18:37:02 +00:00
06719053f1
Removed commons lang dependency.
2008-05-05 17:18:47 +00:00
9961c7f867
Moved to correct build location.
2008-05-02 10:52:57 +00:00
7a2e1e13d3
SEC-811: Provide a mechanism to allocate and rebuild cryptographically strong, randomised tokens.
2008-05-02 10:38:56 +00:00
a599ef5398
[maven-release-plugin] prepare for next development iteration
2008-05-01 20:09:03 +00:00
3e808335a4
[maven-release-plugin] prepare release spring-security-parent-2.0.1
2008-05-01 20:07:46 +00:00
6ecfa0541f
SEC-806: Osgi-ified more modules
2008-05-01 17:11:31 +00:00
4984d4be65
OPEN - issue SEC-757: Add validation of redirect URLs on namespace
...
http://jira.springframework.org/browse/SEC-757 . Added validation method to ConfigUtils and calls to it for url attributes.
2008-05-01 16:39:31 +00:00
0df9dee9dd
SEC-806: Improved OSGi bundle version information support
2008-04-30 18:02:47 +00:00
81ebd094ff
OPEN - issue SEC-808: Switch namespace schema version to 2.0.1 and update spring.schemas
...
http://jira.springframework.org/browse/SEC-808 . Replaced 2.0 text with that from the 2.0 release, rather than the website schema.
2008-04-29 18:59:25 +00:00
473f6a32c6
OPEN - issue SEC-808: Switch namespace schema version to 2.0.1 and update spring.schemas
...
http://jira.springframework.org/browse/SEC-808 . Created new 2.0.1 schema files and updated tests to use them.
2008-04-29 18:53:33 +00:00
8281aeb0da
SEC-807: Allow mapping to a standard Ldap UserDetails through the namespace
...
http://jira.springframework.org/browse/SEC-807 . Added extra test for Ldap provider parser.
2008-04-29 18:01:59 +00:00
e4b32b8d29
OPEN - issue SEC-807: Allow mapping to a standard Ldap UserDetails through the namespace
...
http://jira.springframework.org/browse/SEC-807 . Added support for user-details-class attribute to ldap-authentication-provider and ldap-user-service.
2008-04-29 16:53:24 +00:00
104716fedb
SEC-805: Add extra fields to InetOrgPerson
...
http://jira.springframework.org/browse/SEC-805 . Added a substantial number of new fields to the class.
2008-04-29 14:39:58 +00:00
ef112f7967
Fixed autoboxing problem.
2008-04-28 15:26:20 +00:00
341455cde4
SEC-799: Import cleaning following other changes.
2008-04-28 15:19:25 +00:00
2d692718e0
SEC-799: Add better detection of missing server-ref element for <ldap-user-service> and <ldap-authentication-provider />
...
http://jira.springframework.org/browse/SEC-799 . Updated ContextSourceSettingPostProcessor to set the standard ContextSource as an alias if it is needed by a bean but has not been set (because the user specified their own server id on <ldap-server />).
2008-04-28 15:01:20 +00:00
270fa92780
Improved Javadoc comment
2008-04-28 09:20:37 +00:00
d3a0f05de9
SEC-783: GlobalMethodSecurityBeanDefinitionParser should support AfterInvocationProviders
...
http://jira.springframework.org/browse/SEC-783 . Added support for custom-after-invocation-provider
2008-04-25 12:28:30 +00:00
348d211b8c
SEC-797: Minor javadoc correction.
2008-04-24 23:12:55 +00:00
d1e23b3d2c
SEC-783: Added custom-after-invocation-provider element to namespace.
2008-04-24 02:02:23 +00:00
1090072fff
SEC-795: Add check for protected login page when using namespace
...
http://jira.springframework.org/browse/SEC-795 . I've added checks for the various scenarios which will result in a protected login page and suitable warning messages.
2008-04-24 01:59:19 +00:00
5d51b35cfa
SEC-792: Filters should only be added to the default stack if they are labelled using custom-filter.
...
http://jira.springframework.org/browse/SEC-792 . Updated FilterChainProxyPostProcessor to raise an exception if two filters have the same order, and also to unwrap wrapped filters once the sorting by order has been performed.
2008-04-23 23:19:44 +00:00
38774ec94f
SEC-792: Filters should only be added to the default stack if they are labelled using custom-filter.
...
http://jira.springframework.org/browse/SEC-792 . The filters are now maintained as a list in the context and have to be stored there explicitly on registration.
2008-04-23 16:06:54 +00:00
01185475a1
OPEN - issue SEC-793: ldap-authentication-provider element parser ignores hash attribute.
...
http://jira.springframework.org/browse/SEC-793 . Added support for hash attribute. password-encoder still takes precendence with a warning if both are present.
2008-04-23 12:50:09 +00:00
7e63fe7357
SEC-790: DefaultLoginPageGeneratingFilter should be a better HTTP citizen
...
http://jira.springframework.org/browse/SEC-790 . Applied submitted patch.
2008-04-23 00:41:52 +00:00
8ea7487ec3
Removed unused method.
2008-04-22 23:20:49 +00:00
ec81e780b2
Import cleaning.
2008-04-22 22:27:51 +00:00
599d9fea04
Minor improvements to toString() methods for logging.
2008-04-22 22:21:20 +00:00
b2e9e82727
Fixed typo in message.
2008-04-22 21:54:54 +00:00
63decfeb93
SEC-761: HttpSessionContextIntegrationFilter.contextObject should be created in afterPropertiesSet(), not the constructor
...
http://jira.springframework.org/browse/SEC-761 . Added call to generateNewContext() in the afterPropertiesSet() method to take account of custom security context classes.
2008-04-22 21:51:12 +00:00
1ae167434a
SEC-756: Add checks for duplicate use of namespace elements such as global-method-security
...
http://jira.springframework.org/browse/SEC-756 . Refactored HttpSecurityBDP and added check for duplicate usage of the element.
2008-04-22 21:25:35 +00:00
083644f2fe
SEC-756: Refactored GlobalMethodSecurityDefinitionParser and added check for duplicate registration.
2008-04-22 18:25:35 +00:00
1258fa854e
SEC-788: x509 authentication does not work properly
...
http://jira.springframework.org/browse/SEC-788 . Added check for X509 element when choosing entry point, if nothing else is available.
2008-04-22 14:53:11 +00:00
e12b6afefa
SEC-776: Http Session created for Anonymous request
...
http://jira.springframework.org/browse/SEC-776 . Added AuthenticationtrustResolver to HttpSCIF to check for anonymous authentication.
2008-04-22 13:22:38 +00:00
88ea87642a
SEC-791: RequestKey.equals throws NPE if method is null
...
http://jira.springframework.org/browse/SEC-791 . Fixed handling of equals when one http method is null.
2008-04-22 12:32:33 +00:00
9eaa1cbbdd
OPEN - issue SEC-789: Add support for optional role-prefix attribute to namespace
...
http://jira.springframework.org/browse/SEC-789 . Added role-prefix attribute to ldap provider and jdbc/ldap user-service elements.
2008-04-21 18:29:54 +00:00
aba5a22b6c
SEC-789: Add support for optional role-prefix attribute to namespace
...
http://jira.springframework.org/browse/SEC-789 . Added support for role-prefix to jdbc-user-service element.
2008-04-21 17:44:32 +00:00
1a4130528a
SEC-782: Incorrect UrlMatcher initialization in FilterChainProxy results in wrong lowercase/uppercase matching
...
http://jira.springframework.org/browse/SEC-782 . I've updated FilterChainProxy to make sure the same UrlMatcher is used throughout when converting a legacy configuration.
2008-04-21 16:51:06 +00:00
5bb558bd6a
SEC-777: The disabled status cannot be set in <user-service>
...
http://jira.springframework.org/browse/SEC-777 . Added the disabled flag to the relax grammar file.
2008-04-21 15:59:08 +00:00
993fdd7a32
Added better toString() method to OrderedFilterDecorator to make it report the delegate filter information.
2008-04-21 12:53:54 +00:00
469f55ce05
SEC-773: global-method-security fails with JPA
...
http://jira.springframework.org/browse/SEC-773 . Added extra constructor to MethodDefinitionSourceAdvisor to allow for lazy initialization of the advice (MethodSecurityInterceptor), and in turn the AuthenticationManager and ay referenced UserDetailsService implementations.
2008-04-18 13:15:56 +00:00
7238097310
OPEN - issue SEC-775: CLONE -impossible to specify "observeOncePerRequest" property in the namespace based configuration.
...
http://jira.springframework.org/browse/SEC-775 . Corrected check for value of observe-once-per-request attribute. Should be a check for "false" as it is true by default.
2008-04-15 16:57:47 +00:00
b5dc523041
[maven-release-plugin] prepare for next development iteration
2008-04-14 07:06:44 +00:00
0c42670431
[maven-release-plugin] prepare release spring-security-parent-2.0.0
2008-04-14 07:05:46 +00:00
4d714b33e0
SEC-770: Mark old org.springframework.security.acl module as @deprecated.
2008-04-14 06:50:01 +00:00
57b5f38df1
OPEN - issue SEC-769: Remember-Me functionality not available in namespace configuration
...
http://jira.springframework.org/browse/SEC-769 . I've added a check in FormLoginBeanDefintionParser to see if RememberMeServices is registered. If so, it will inject the bean into the filter. Also added a check in HttpSecurityBeanDefinitionParserTests that the field has been set.
2008-04-13 22:11:09 +00:00
4ae40150c9
SEC-752: ClassLoading in GlobalMethodSecurityBeanDefinitionParser doesn't work in tooling
...
http://jira.springframework.org/browse/SEC-752 . Removed check for JSR-250 class.
2008-04-13 20:59:39 +00:00
552dc6486a
SEC-703: Expose customization of SQL used by <jdbc-user-service>
...
http://jira.springframework.org/browse/SEC-703 . Added suggested attributes for sql queries.
2008-04-13 20:51:40 +00:00
Luke Taylor
Ben Alex