377 Commits

Author SHA1 Message Date
Luke Taylor
32dbb7e8bd import cleaning 2009-09-01 16:41:53 +00:00
Luke Taylor
2039200617 SEC-1217: AbstractRememberMeServices should set 'secure' attribute on remember-me cookie if in secure context. Added "useSecureCookie" configuration property and corresponding use-secure-cookie attribute in namespace. 2009-09-01 16:08:20 +00:00
Luke Taylor
b2c2b93545 SEC-1190: Added "invalidateSessionOnPrincipalChange" property to AbstactPreAuthenticatedProcessingFilter. If set to true (the default) and a new principal is detected, the existing session will be invalidated before proceeding to authenticate the user. 2009-09-01 00:18:48 +00:00
Luke Taylor
3cc47c9c4d SEC-1190: Added "checkForPrincipalChanges" property to AbstactPreAuthenticatedProcessingFilter. 2009-08-31 23:28:40 +00:00
Luke Taylor
dbcb13ad14 SEC-1229: Redesign Concurrent Session Control implementation. Renamed session strategy interface and introduced SessionAuthenticationException for rejection of session/Authentication combination. 2009-08-31 22:48:49 +00:00
Luke Taylor
a4ccc4ac21 Make WebSecurityExpressionRoot public to allow reuse. 2009-08-28 14:02:02 +00:00
Luke Taylor
471206a29d SEC-1229: Redesign Concurrent Session Control implementation. Added ConcurrentSessionControlAuthenticatedSessionStrategy 2009-08-27 10:43:01 +00:00
Luke Taylor
ab0d66071a SEC-1226: Introduce RedirectStrategy to replace RedirectUtils. Implemented strategy and applied throughout relevant classes. 2009-08-27 10:42:11 +00:00
Luke Taylor
fe33f08b73 SEC-1201: Allow requires-channel attribute to take placeholders. 2009-08-23 16:42:06 +00:00
Luke Taylor
0b5160d155 Javadoc correction. 2009-08-22 18:02:39 +00:00
Luke Taylor
5a8772df5b Reset pom versions post release 2009-08-21 12:02:49 +00:00
Luke Taylor
0e5aa7008d [maven-release-plugin] prepare release spring-security-3.0.0.M2 2009-08-20 15:51:26 +00:00
Luke Taylor
e6631be778 Import cleaning 2009-08-10 16:07:05 +00:00
Luke Taylor
6f76fe6fbb Import cleaning 2009-08-10 16:04:54 +00:00
Luke Taylor
eb059cfd12 SEC-1211: removed SessionUtils (no longer used) 2009-08-10 14:30:17 +00:00
Luke Taylor
f536c80020 SEC-1202: Removed SpringSecurityFilter and replaced with use of GenericFilterBean from spring-web 2009-08-10 14:18:18 +00:00
Luke Taylor
c12e5b4d0b SEC-1142: Renamed setter argument to match property. 2009-08-07 22:55:14 +00:00
Luke Taylor
ea73fd0130 SEC-1142: Simplified implementation by removing template method. 2009-08-07 22:54:07 +00:00
Luke Taylor
90d76373cc SEC-1142: Support for session timeout detection. Added redirect to invalidSessionUrl in SessionManagementFilter when an invalid session Id is supplied in the request. 2009-08-07 17:12:12 +00:00
Luke Taylor
3e6054b69f SEC-1211: Rename SessionFixationProtectionFilter to SessionManagementFilter, since it no longer performs session-fixation protection directly, but just executes the AuthenticatedSessionStrategy. 2009-07-29 00:52:30 +00:00
Luke Taylor
5e285b3692 SEC-1211: Set the default AuthenticatedSessionStrategy to a null implementation to preserve existing behaviour. 2009-07-28 23:57:46 +00:00
Luke Taylor
609a68b12a SEC-1077: Added DefaultAuthenticatedSessionStrategy test to check that saved request attribute is retained when migrateAttributes is false. 2009-07-28 23:47:26 +00:00
Luke Taylor
db90122179 SEC-1211: Create strategy for session handling on successful authentication. Added AuthenticatedSessionStrategy interface and default implementation which encapsulates the functionality that was previously in SessionFixationProtectionFilter and AbstractAuthentictationProcessingFilter. Updated the namespace to make use of these. 2009-07-28 18:00:24 +00:00
Luke Taylor
8b115e2a21 SEC-1167: Added setRequestCache to SavedRequestAwareAuthenticationSuccessHandler and updated namespace parsing to set PortResolver on created HttpRequestCache. 2009-07-20 22:52:48 +00:00
Luke Taylor
f404bb3d74 SEC-1167: Introduce more flexible SavedRequest handling. Separated the concept of SavedRequest from SecurityContextHolderAwareFilter since the two are orthogonal requirements. This no longer takes a wrapper class property or uses reflection. SavedRequest functionality is accessed through the RequestCache interface, with the default implementation being HttpSessionRequestCache. A separate filter RequestCacheAwareFilter is now responsible for reconstituting the SavedRequest if it matches the current request. The functionality for matching and returning the wrapper is contained in the RequestCache method though. 2009-07-20 22:34:40 +00:00
Luke Taylor
e63fba3a36 Tidying 2009-07-08 23:55:42 +00:00
Luke Taylor
8ddd96af2b SEC-1186: intermediate commit of namespace changes for improved tooling support 2009-06-26 12:44:46 +00:00
Luke Taylor
c6b9371029 Updated to latest Spring build snapshot. Required minor EL changes to parser class name 2009-06-15 23:41:20 +00:00
Luke Taylor
e92aac225f Minor javadoc. 2009-06-15 13:53:56 +00:00
Luke Taylor
5808da12ff SEC-1094: Simplified WebXml attribute mapping. Removed generic jaxen-based implementation on which it was based in favour of simple DOM model traversal. Updated sample. 2009-06-08 15:23:41 +00:00
Luke Taylor
33eef5ec7a Javadoc updates 2009-06-08 13:04:31 +00:00
Luke Taylor
66f7e8bcc8 SEC-1168: Added filter-security-metadat-source to namespace. 2009-06-08 12:59:13 +00:00
Luke Taylor
bb7ef1fa8b Added HTML tags 2009-05-31 21:27:23 +00:00
Luke Taylor
131ba5c62e Reset poms to 3.0.0.CI-SNAPSHOT after tagging M1 release 2009-05-27 00:12:30 +00:00
Luke Taylor
e2c218e8c9 [maven-release-plugin] prepare release spring-security-3.0.0.M1 2009-05-26 23:44:11 +00:00
Luke Taylor
0cb40d6ae4 Javadoc update 2009-05-26 22:16:11 +00:00
Luke Taylor
45c54c558c Updated build to use maven.springframework.org deps 2009-05-13 06:16:05 +00:00
Luke Taylor
a8215fa2cb SEC-1160: Renaming of authentication filters and entry points and associated doc changes 2009-05-12 05:37:11 +00:00
Luke Taylor
5a03e842bd Correcting Javadoc. 2009-05-12 01:40:15 +00:00
Luke Taylor
4bad213b19 SEC-1132: Moved remaining preauth code from core to web 2009-05-12 00:11:06 +00:00
Luke Taylor
d5b7ce69cc SEC-1158: Decoupling of Pre/Post annotations implementation from Spring EL. 2009-05-11 05:35:20 +00:00
Luke Taylor
29fafbbf18 Misc tidying up of old files and refactoring of tests 2009-05-05 13:29:59 +00:00
Luke Taylor
6d655aa514 SEC-1132: More refactoring to remove cycles ad reduce complexity metrics 2009-05-04 14:24:54 +00:00
Luke Taylor
5b543f83ec Removed web dependency on core-tests 2009-05-04 02:25:49 +00:00
Luke Taylor
dca566ff1f SEC-1149: WebInvocationPrivilegeEvaluator now contains methods to evaluate the permissions on URIs directly. Deleted FilterInvocationUtils. 2009-05-02 06:02:17 +00:00
Luke Taylor
d1cb85e4f3 Refactoring of methods names in UrlUtils for consistency. 2009-05-01 10:43:41 +00:00
Luke Taylor
f6800fbe04 Refactored to remove dependency on FilterInvocationUtils. 2009-05-01 08:57:28 +00:00
Luke Taylor
4bc788828c SEC-1147: Remove use of SessionRegistryUtils. Inlined the methods. 2009-05-01 06:45:34 +00:00
Luke Taylor
6db9a3facc Minor debugging optimizations. 2009-04-30 05:21:54 +00:00
Luke Taylor
e94baf38b3 Tidying up to remove warnings (generics, use of deprecated test classes etc). 2009-04-28 06:49:43 +00:00