ea8914f9ba
Moved Http post processor bean name to BeanIds class.
2007-12-23 01:06:22 +00:00
9d671fbdbf
Deleted original Ldap BD parser.
2007-12-23 01:05:35 +00:00
14e68618a5
Make constants class abstract.
2007-12-23 01:02:48 +00:00
46285a0ec0
SwitchUserProcessingFilter should come after FilterSecurityInterceptor (See SEC-376).
2007-12-23 01:02:12 +00:00
a38ed3cfde
Added check for multiple RememberMeServices beans.
2007-12-23 00:18:14 +00:00
debfbe47cf
Improvements to LDAP namespace configuration - splitting "ldap" element into ldap-server and ldap-authentication-provider. Also some minor changes to authentication-provider.
2007-12-23 00:17:37 +00:00
d0490e6322
Upgraded maven surefire and cobertura plugins.
2007-12-21 15:54:38 +00:00
cf80292de3
Changes to namespace reinstating authentication-provider element in preference to "repository" to wrap convey that a user-service will be used as to authenticate against. Also introduced separate password-encoder element for use within authentication-provider.
2007-12-21 15:50:56 +00:00
70286f1197
Fixed problem caused by maven-2.0.8 change in test classpath. ldif file wasn't being loaded for tests. Default path should be "classpath*:" not "classpath:". (See discussing in Spring's PathMatchingResourcePatternResolver).
2007-12-20 20:53:26 +00:00
6e74d925fb
Boosted logging to try to resolve issues on bamboo server.
2007-12-20 19:45:43 +00:00
78e376312a
Added logging of working directory location.
2007-12-20 18:29:05 +00:00
85b10f79c2
Made servlet-api integration into an attribute of http, rather than a child element since it has no configuration.
2007-12-20 17:51:27 +00:00
1c9bd8bf5f
Updates to release description.
2007-12-20 17:47:05 +00:00
e65cb9b472
Made group names singular and added "teller" role.
2007-12-14 20:41:33 +00:00
31c09896ea
Fixed problem with relative name being used in (member={0}) search in DefaultAuthoritiesPopulator.
2007-12-14 20:41:00 +00:00
09f68400ec
Add <intercept-methods> to example, but it is disabled in favour of @Secured annotation. Still, we include it so people can have a play around and switch between the two syntaxes easily in demos etc.
2007-12-14 19:56:31 +00:00
55e4568003
Throw an exception instead of sending back a HTTP error code. This is necessary so any demonstration of upgrading from Servlet Spec authorization to Spring Security authorization, as the latter's ExceptionTranslationFilter expects specific exceptions to be thrown if you wish to commence the authentication process.
2007-12-14 19:44:50 +00:00
2e4773525b
Updated tutorial to allow authentication against ldap provider using <ldap /> namespace element.
2007-12-14 19:18:18 +00:00
d90ff50686
Use Java 5 to illustrate annotation support.
2007-12-14 16:54:10 +00:00
1a171ea316
SEC-595: Introduced loadUserAuthorities method. This can be overridden to allow loading of authorities with the authenticated user's credentials (by setting the security context). The Ldap ContextSource used in the authorities populator would also be configured with a SpringSecurityAuthentcationSource, to make use of the information in the security context.
2007-12-14 14:13:39 +00:00
b1bc39a0df
Provide some shell scripts that help with demos. These assume the application is deployed to http://localhost:8080/spring-security-samples-tutorial .
2007-12-14 02:45:01 +00:00
f4c3e701d5
Enhance sample to show method authorization.
2007-12-14 02:27:48 +00:00
77d286c36f
Enhance tutorial to also demonstrate Spring Security method
...
authorization, and add a services layer accordingly.
2007-12-14 02:26:27 +00:00
fa510b3187
Modify attribute names to use "ref" instead of "id", plus use a hyphen
...
as an attribute value separator rather than a colon. This was changed
for compatibility with other components in the Spring Portfolio. tests
pass.
2007-12-13 20:19:56 +00:00
0f12d31d90
Corrected code for choosing entry point in namespace configuration.
2007-12-12 19:44:54 +00:00
7ff533735f
Changes (made by Ben Hale) to support publishing of snapshots and
...
releases to Spring S3 repository.
2007-12-12 19:06:12 +00:00
6f7590eb05
Updates to sandbox to allow it to compile against latest core changes.
2007-12-12 16:15:04 +00:00
1cae1719bc
Fix bean referencing error.
2007-12-11 19:18:44 +00:00
2655955a40
Add MethodSecurityInterceptor, to more accurately reflect the capabilities offered by auto-config="true".
2007-12-11 19:14:34 +00:00
9728f48adf
Convert to using AopNamespaceUtils, to avoid potentially creating
...
duplicate DefaultAdvisorAutoProxyCreator bean instances.
2007-12-11 18:46:20 +00:00
82cfa722be
Upgrade Spring-LDAP to 1.2.1 version.
2007-12-11 18:08:44 +00:00
1bbe6ca456
Proper comparison with auto-configure="true".
2007-12-11 16:44:24 +00:00
ca996de2dc
Added tests for SpringSecurityAuthenticationSource.
2007-12-10 23:37:08 +00:00
894c90dadd
Moved AbstractAuthenticationManagerTests into ProviderManager as tested methods have already been moved there (maven wasn't running Abstract* tests but they were actually failing).
2007-12-10 23:36:27 +00:00
32038d8b92
Tidying.
2007-12-10 19:14:17 +00:00
47dec4e597
Make getters in AbstractRememberMeServices protected rather than public
2007-12-10 16:00:49 +00:00
ee31305fd5
Deprecated InitialDirContextFactory
2007-12-10 15:29:26 +00:00
5382627d4a
Added property to LdapAuthenticationProvider to allow the credentials to be set either using the submitted password (the default) or the credentials from the loaded UserDetails object (which may be null if the attribute isn't readable).
2007-12-09 23:46:28 +00:00
78529f6d28
SEC-620: AuthenticationSource implementation.
2007-12-09 23:44:15 +00:00
5e0cb21c8d
SEC-619: Added test class for LdapUserDetailsService. The LdapAuthoritiesPopulator interface and also implementations have been moved to the org.springframework.security.ldap package since they are now used by both the ldap provider and the user service.
2007-12-09 18:40:28 +00:00
4770c29094
Use hyphens in attribute names, and not Camel Case. This is to maintain
...
consistency with the rest of Spring Portfolio. Camel Case was preserved
for attribute values, consistent with Spring Portfolio usage such as
autowiring modes (byName, byType etc).
2007-12-09 03:42:20 +00:00
6ad176ce1a
Tidying.
2007-12-07 17:00:40 +00:00
4984024314
SEC-618: Moved copyDetails method down to ProviderManager so that it can be called prior to checking if authentication is allowed by ConcurrentSessionController.
2007-12-07 16:26:50 +00:00
b12a4939df
SEC-619: LdapUserDetailsService implementation.
2007-12-07 13:16:44 +00:00
a569ff01e2
Tidying.
2007-12-07 12:32:54 +00:00
382dc50f3c
SEC-299: Change ConcurrentSessionFilter to delegate to an array of LogoutHandlers rather than invalidating an expired session directly.
2007-12-06 17:39:04 +00:00
cb980f12d5
Tidying.
2007-12-06 17:26:04 +00:00
628227f5e7
Corrected out of date comment (constructor doesn't create a session). Removed unnecessary default constructor.
2007-12-06 16:53:35 +00:00
4b8455c831
Tidying comments.
2007-12-06 16:40:16 +00:00
4c6e41af7d
Tidying comments.
2007-12-06 16:33:59 +00:00
Luke Taylor
Ben Alex