Commit Graph

459 Commits

Author SHA1 Message Date
Luke Taylor 443ac0487a SEC-1093: Namespace support for jee element.
Adds a J2eePreAuthenticatedProcessingFilter to the stack, using a SimpleAttributes2GrantedAuthoritiesMapper to process the role attributes defined in the "mappable-roles" attribute. Provider uses a PreAuthenticatedGrantedAuthoritiesUserDetailsService by default.
2010-07-07 22:42:26 +01:00
Luke Taylor 026517f674 Removal of deprecated methods and classes. 2010-06-26 16:23:42 +01:00
Luke Taylor 6a79cf7be2 SEC-1383: Make MethodSecurityMetadataSourceBeanDefinitionParser extend AbstractBeanDefinitionParser for automatic support of ID attribute. 2010-06-26 16:07:23 +01:00
Luke Taylor cd946c4e23 SEC-1493: Added namespace support. 2010-06-20 21:09:38 +01:00
Luke Taylor 8bddc8f820 SEC-1484: Documentation for some namespace attributes. 2010-06-05 17:35:24 +01:00
Luke Taylor 2e865752ff Upgraded groovy to 1.7.2 to avoid jansi dependency issue 2010-06-03 23:13:28 +01:00
Luke Taylor efb600166a SEC-1488: Remove commons-logging dependencies from maven poms. 2010-05-28 13:10:59 +01:00
Luke Taylor f7405cef82 Removed original Java version of refactored http namespace tests. 2010-05-27 18:06:26 +01:00
Luke Taylor 34401416b0 SEC-1171: Implement parsing of empty filter chain patters via http 'secured' attribute and remove filters='none' support. 2010-05-27 15:54:15 +01:00
Luke Taylor 05c7abe191 SEC-1445: Tests for setting of username and password parameter names through the form-login element. 2010-05-27 15:54:15 +01:00
Luke Taylor 7d74b7c87e SEC-1171: Allow multiple http elements and add pattern attribute to specify filter chain mapping. 2010-05-27 15:54:15 +01:00
Luke Taylor b0758dd8de Refactoring HTTP config tests to use spock and groovy MarkupBuilder 2010-05-27 15:53:52 +01:00
Luke Taylor b0308e41cb SEC-1455: Load namespace parsers when required, rather than on init() call, to avoid classloaded issue with dmServer failing to resolve web classes when the namespace handler is first used. 2010-05-21 15:36:37 +01:00
Luke Taylor a4ce14f604 Add "provisioning" package to config bundlor template. 2010-05-16 14:14:13 +01:00
Luke Taylor d5ffdd9c27 Import cleaning 2010-05-03 18:46:06 +01:00
Luke Taylor dccb30ad63 Remove use of wrong DOMUtils class (from com.sun package). 2010-05-01 15:06:48 +01:00
Luke Taylor 863ccecf55 SEC-1466: Report error if authentication-provider element has child elements when used with "ref" attribute. 2010-04-30 20:22:20 +01:00
Luke Taylor 165cbb0d19 SEC-1445: Added support for custom username and password parameters in form-login. 2010-04-30 18:14:50 +01:00
Luke Taylor a421370a3d SEC-1465: Change DelegatingMethodSecurityMetadataSource to use constructor injection to get round the problem of it being invoked before it has been initialized properly. Also changed the contacts tests to use the same app context and loading order as the actual webapp, to give better reassurance that the app will run successfully. 2010-04-25 22:00:25 +01:00
Luke Taylor f5859fabcf SEC-1464: Created InMemoryUserDetailsManager and converted user-service BDP to use it for its in-memory database. 2010-04-25 04:26:45 +01:00
Luke Taylor 2f025fba6c SEC-1460: Added AxFetchListFactory which matches OpenID identifiers to lists of attributes to use in a fetch-request.
This allows different configurations to be used based on the identity-provider (google, yahoo etc). The default implementation iterates through a map of regex patterns to attribute lists. The namespace has also been extended to support this facility, with the "identifier-match" attribute being added to the attribute-exchange element. Multiple attribute-exchange elements can now be defined, each matching a different identifier.
2010-04-20 23:47:48 +01:00
Luke Taylor d3d9c5db59 Refactoring of UserDetailsService injection (for X509, OpenID and RememberMeServices) to use a factory bean rather than a post-processor. 2010-04-20 23:47:47 +01:00
Luke Taylor 0521d10069 SEC-1294: Enable access to beans from ApplicationContext in EL expressions.
ExpressionHandlers are now ApplicationContextAware and set the app context on the SecurityExpressionRoot. A custom PropertyAccessor resolves the properties against the root by looking them up in the app context.
2010-04-01 01:24:23 +01:00
Luke Taylor a3ef8255d8 SEC-1232: GlobalMethodSecurityBeanDefinitionParser support for mode='aspectj'
Also added this syntax to the aspectj sample.
2010-03-31 18:31:28 +01:00
Luke Taylor 020e0aa49a SEC-1448: Fixed failure to resolve generic method argument names in MethodSecurityEvaluationContext.
Changed to use AopUtils.getMostSpecificMethod() when obtaining the method on which the parameter resolution should be performed. Also added better error handling and log warning when parameter names cannot be resolved. The exception will then be a SpEL one, rather than a NPE.
2010-03-30 15:52:40 +01:00
Luke Taylor 977bc2b164 SEC-1433: Reduce the number of direct dependencies on DataAccessException from spring-tx.
It is still required as a compile-time dependency by classes which use Spring's JDBC support, but it doesn't really have to be used in many interfaces and classes which are not necessarily backed by JDBC implementations.
2010-03-26 18:05:28 +00:00
Luke Taylor 57150a6717 SEC-1440: Add entry-point-ref to http-basic element to allow setting a separate AuthenticationEntryPoint for the BasicAuthenticationFilter. 2010-03-26 12:47:24 +00:00
Luke Taylor 472c1fac84 SEC-1450: Replace use of ClassUtils.getMostSpecificMethod() in AbstractFallbackMethodDefinitionSource with AopUtils.getMostSpecificMethod() equivalent.
Ensures protect-pointcut expressions match methods with generic parameters.
2010-03-24 20:57:03 +00:00
Luke Taylor f3264ba9ab Addition of commons-logging exclusions and adjustments to pom generation. 2010-03-07 21:58:25 +00:00
Luke Taylor b38b8e55ac SEC-1432: Convert map keys to lower-case in UserMap.setUsers().
Otherwise the lookup on mixed-case fails, since the lookup is performed with a lower-case key.
2010-03-05 17:55:29 +00:00
Luke Taylor 530ab3ae30 SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect. 2010-03-04 21:21:07 +00:00
Luke Taylor e5a875d752 SEC-1407: Correct logger category in MatcherType. 2010-03-01 02:03:32 +00:00
Luke Taylor 90a7f1f00e SEC-1383: Namespace support for MethodSecurityMetadataSource. Initial commit. 2010-03-01 01:45:43 +00:00
Luke Taylor 93438defff SEC-1407: Use RequestMatcher instances as the FilterInvocationSecurityMetadataSource keys and in the FilterChainMap use by FilterChainProxy.
This greatly simplifies the code and opens up possibilities for other matching strategies (e.g. EL). This also means that matching is now completely strict - the order of the matchers is all that matters (not whether an HTTP method is included or not). The first matcher that returns true will be used.
2010-03-01 01:21:06 +00:00
Luke Taylor b147652193 Make hsqldb a testRuntime/runtime dependency. 2010-03-01 01:10:58 +00:00
Luke Taylor f0466b6488 SEC-1424: Added support for "stateless" option for create-session attribute, designed for applications which do not use sessions at all. 2010-02-27 00:22:21 +00:00
Luke Taylor 6a34807a07 SEC-1423: Cache PointcutExpression instances in ProtectPointcutPostProcessor for more efficient startup. 2010-02-26 17:21:25 +00:00
Luke Taylor 2f1479785e Refactoring to remove remaining circular dependencies indicated by structure101. 2010-02-22 01:48:22 +00:00
Luke Taylor f3f84da625 Increase upper bounds of Spring and Spring Security versions in bundlor templates to 3.2.0. 2010-02-21 23:25:36 +00:00
Luke Taylor 26cf6f5528 SEC-1399: Remove MockAuthenticationManager in app context file for FilterChainProxy tests. 2010-02-20 21:59:44 +00:00
Luke Taylor 68f6afd905 SEC-1383: Added namespace support for method-security-metadata-source 2010-02-20 19:05:25 +00:00
Luke Taylor b7fc5bc455 Update schema version to 3.1 2010-02-20 18:58:00 +00:00
Luke Taylor 2ee7696bf4 Update version number to 3.1.0.CI-SNAPSHOT. 2010-02-19 17:35:19 +00:00
Luke Taylor 44f45d21f0 3.0.2 release. Update version in build files. 2010-02-19 01:22:21 +00:00
Luke Taylor 10dc72b017 SEC-1387: Support serialization of security advised beans.
MethodSecurityMetadataSourceAdvisor now takes the SecurityMetadataSource bean name as an extra constructor argument and re-obtains the bean from the BeanFactory in its readObject method. Beans that are advised using <global-method-security> should therefore now be serializable.
2010-02-19 00:53:14 +00:00
Luke Taylor 5b5934144a Avoid infinite loop in InterceptMethodsBeanDefinitionDecoratorTests when upgrading to Spring 3.0.1.
Converted test target to implement ApplicationListener<SessionCreatedEvent> so that it doesn't receive events from its own interceptor (which are in turn intercepted).
2010-02-16 00:03:15 +00:00
Luke Taylor 36612377e2 Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents. 2010-02-14 23:23:23 +00:00
Luke Taylor dcbdfc2026 SEC-1396: Implement eager saving of SecurityContext in SessionManagementFilter on authentication.
The user is then seen as being authenticated to further (re-entrant) requests which occur before the existing request has completed. The saving logic is contained with the SecurityContextRepository implementation.
2010-02-11 17:47:22 +00:00
Luke Taylor 70ef0d8b3e Added extra test to itest/context as POC of using extra interceptor with http ns. 2010-02-11 01:48:00 +00:00
Luke Taylor 23511c930f Standardising slf4j versions. 2010-02-11 01:33:31 +00:00
Luke Taylor 2173029216 SEC-1404: Use a factory method to convert the path to lower case for use in the filter-chain map.
Delays the conversion till after palceholders have been substituted, preventing the placeholder from being converted (or the value not being converted).
2010-02-10 23:49:26 +00:00
Luke Taylor 5753d69465 SEC-1404: Updated test for placeholders in intercept-url elements to check they work for filter='none' elements 2010-02-10 16:49:53 +00:00
Luke Taylor bd2fd3448b SEC-1392: Mark PermissionEvaluator and MethodSecurityExpressionHandler as AopInfrastructure beans to prevent them being advised and causing premature use of MethodSecurityMetadataSource before it is initialized properly. 2010-02-06 15:42:01 +00:00
Luke Taylor d931495c8a SEC-1380: Trim whitespace from config attributes when building a list in SecurityConfig. 2010-01-23 02:12:30 +00:00
Luke Taylor 51dfc0fb39 Set versions to 3.0.2-CI-SNAPSHOT, post release. 2010-01-15 18:15:19 +00:00
Luke Taylor 05634f97dc Updated version numbers for 3.0.1 release. 2010-01-15 18:04:28 +00:00
Luke Taylor 670297c55d SEC-1369: Make sure beans aren't registered twice in case allowBeanDefinitionOverriding=false in the app context.
The use of registerBeanComponent() also registers the bean definition, which causes an error if overriding is disallowed and the bean has already been registered using registerBeanDefinition(). I've also set the allowBeanDefinitionOverriding to 'false' on InMemoryXmlApplicationContext to detect future mistakes of this kind in testing.
2010-01-14 15:48:14 +00:00
Luke Taylor b323098167 Added gradle build files for taglibs, tutorial, contacts and openid.
Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).
2010-01-10 23:31:23 +00:00
Luke Taylor e211f9b35f SEC-1349: Allow configuration of OpenID with parameters which should be transferred to the return_to URL.
The OpenIDAuthenticationFilter now has a returnToUrlParameters property (a Set). If this is set, the named parameters will be copied from the incoming submitted request to the return_to URL. If not set, it defaults to the "parameter" property of the AbstractRememberMeServices of the parent class. If remember-me is not in use, it defaults to the empty set.

Enabled remember-me in the OpenID sample.
2010-01-09 01:04:13 +00:00
Luke Taylor 51abedcbef Parameterize getFilter() method in HttpSecurityBeanDefinitionParserTests.
Removes the need for casting to specific filter type.
2010-01-08 23:20:16 +00:00
Luke Taylor f40a1fda34 SEC-1357: Use getClass().getClassLoader() in SecurityNamespaceHandler to check for web classes.
This is used in preference to ClassUtils.getDefaultClassLoader() which fails to find the web classes in some situations.
2010-01-08 21:12:36 +00:00
Luke Taylor 052537c8b0 Removing $Id$ markers and stripping trailing whitespace from the codebase. 2010-01-08 21:05:13 +00:00
Luke Taylor dc5417f1d5 SEC-1352: Added support for placeholders in <user-service>
The username, password and authorities attributes can now be placeholders.
2010-01-05 22:34:10 +00:00
Luke Taylor 893f212fa5 Tidying 2010-01-02 19:53:19 +00:00
Luke Taylor bcb1ff8921 SEC-1342: Introduced extra factory method in SecurityConfig to get round problem with Spring converting a string with commas to an array 2009-12-23 14:12:59 +00:00
Luke Taylor 115d5b84ff [maven-release-plugin] prepare for next development iteration 2009-12-22 22:20:01 +00:00
Luke Taylor 6c6ef08353 [maven-release-plugin] prepare release spring-security-3.0.0.RELEASE 2009-12-22 22:19:38 +00:00
Luke Taylor e64866ae6a Updated bundlor templates and introduced spring.version variable 2009-12-22 01:10:04 +00:00
Luke Taylor fcce29f8df SEC-1326: Updating dependencies to match Spring versions. Removing unused deps. 2009-12-21 17:32:38 +00:00
Luke Taylor fac07ba8ff Schema updates to Spring 3.0 2009-12-18 18:44:17 +00:00
Luke Taylor 85a58fd473 SEC-1331: Modify namespace to allow omission of user passwords in user-service element and generate random ones internally, preventing authentication against the data.. 2009-12-18 15:39:13 +00:00
Luke Taylor 520e733cb2 [maven-release-plugin] prepare for next development iteration 2009-12-08 21:19:41 +00:00
Luke Taylor f2cf17bd49 [maven-release-plugin] prepare release spring-security-3.0.0.RC2 2009-12-08 21:19:20 +00:00
Luke Taylor 1dc4bb112e SEC-1318: Correct logic for checking combination of session-management attributes. 2009-12-07 22:40:47 +00:00
Luke Taylor 3469a8d4a3 Javadoc. 2009-12-07 21:40:06 +00:00
Luke Taylor ac564fc34e SEC-1317: Forgot to commit test from config module. 2009-12-07 21:39:49 +00:00
Luke Taylor d4e4a09801 SEC-1312: Add detection of 2.0 schemas. Added check to SecurityNamespaceHandler and reinstated old schemas. 2009-12-06 21:15:11 +00:00
Luke Taylor dab76249db Added gradle build files (experimental) 2009-12-04 21:33:17 +00:00
Luke Taylor eddde8ea28 SEC-1309: Namespace configurations should support Spring EL. Removed premature conversion of URL paths to lower case, which messes up if they are case-sensitive expressions or placeholders. Some other minor changes to suppport EL configuration. 2009-12-01 14:23:58 +00:00
Luke Taylor e9402fa0f9 Removed commented deps from pom. 2009-11-24 09:34:05 +00:00
Luke Taylor 69699431b1 SEC-1303: Added internal Hex and Base64 classes, and moved commons-codec dependency to test scope 2009-11-24 09:31:03 +00:00
Luke Taylor 5546698fef SEC-1253: Decouple spring-security-config module from spring-security-web. Added ClassUtils.isPresent() check for FilterChainProxy before attempting to register web-related parsers and decorators. Added use of namespace to dms sample for testing. 2009-11-17 23:39:42 +00:00
Luke Taylor 66b1b1957c SEC-1298: Deleted custom-filter BeanDefinitionDecorator 2009-11-17 21:36:11 +00:00
Luke Taylor 3444b31615 SEC-1291: Add logout namespace support for custom success handler. Added attribute "success-handler-ref" to <logout> element in namespace. 2009-11-17 17:29:43 +00:00
Luke Taylor 9eae7b899c SEC-1284: Added proxy-target-class attribute to method security namespace 2009-11-17 16:19:05 +00:00
Luke Taylor afdd80235c SEC-1272: <authentication-manager> does not register default event handler DefaultAuthenticationEventPublisher. Fixed Spring RC1 - RC2 regression problem with test (addApplicationListener() behaviour has changed). 2009-11-17 14:34:43 +00:00
Luke Taylor d4d5012035 SEC-1272: <authentication-manager> does not register default event handler DefaultAuthenticationEventPublisher. Update AuthenticationManagerBeanDefinitionParser to register a DefaultAuthenticationeventPublisher and set it on the registered ProviderManager. 2009-11-17 12:55:53 +00:00
Luke Taylor a2468c523a SEC-1283: AuthenticationConfigBuilder.createAnonymousFilter uses httpElt instead of anonymousElt. Corrected element name. 2009-11-04 17:39:26 +00:00
Luke Taylor 197737a2b4 SEC-1281: make sure correct 'key' value is used for RememberMeAuthenticationProvider when external RememberMeServices is used 2009-11-04 14:55:58 +00:00
Luke Taylor 799b96520b SEC-1269: Combining <form-login> and <open-id> fails to find entry point. Fixed entry point choice conditions when using openID and/or form-login 2009-10-14 00:30:28 +00:00
Luke Taylor 3f963ef8ca Restore versions and svn URLs in trunk (release plugin fail) 2009-10-11 21:59:38 +00:00
Luke Taylor af563e826c [maven-release-plugin] prepare release spring-security-3.0.0.RC1 2009-10-11 21:43:42 +00:00
Luke Taylor 73df14c912 Allow any ordering of authentication-provider elements within authentication-manager 2009-10-11 19:58:04 +00:00
Luke Taylor ed2ddf9323 SEC-1263: Add FactoryBean for namespace AuthenticationManager. <http> now uses AuthenticationManagerFactoryBean. Method security already uses a delegate object to lookup the AuthenticationManager. This now uses the same error message if the bean isn't found, rather than allowing the BeanFactory NoSuchBeanDefinitionException to be thrown directly. 2009-10-09 14:41:34 +00:00
Luke Taylor ac5237c127 SEC:1263: Added FactoryBean for AuthenticationManager 2009-10-09 12:11:45 +00:00
Luke Taylor e398922f85 Removing elements that are no longer supported from the namespace 2009-10-08 14:40:52 +00:00
Luke Taylor 80eb47c6fe SEC-1261: Convert FilterChainOrder to an enum (SecurityFilters). 2009-10-08 13:18:32 +00:00
Luke Taylor 4dcb9de67a SEC-1257: Some additional API changes to use Collection instead of List... 2009-10-07 21:08:20 +00:00
Luke Taylor 1286741c7c SEC-1259: Improve consistency of authentication filter names. 2009-10-07 14:43:55 +00:00
Luke Taylor f213cc5d9e SEC-1257: APIs using List<ConfigAttribute> should use a Collection instead. Converted. 2009-10-06 19:46:44 +00:00
Luke Taylor 5d486a51b6 SEC-1256: Added support for expression attributes in filter-security-metadata-source configuration. 2009-10-06 16:39:56 +00:00
Luke Taylor 07d7c0ddae Renamed form and openID filters to shorten names 2009-10-05 17:33:34 +00:00
Luke Taylor 1042305cfe Renamed web.wrapper to web.servletapi. Added some package.html files. 2009-10-05 16:59:37 +00:00
Luke Taylor 673cf300fb SEC-1229: Refactoring to remove package cycles. 2009-10-05 16:40:32 +00:00
Luke Taylor acf13c74ca SEC-1229: Refactored authentication.concurrent in core, moving classes into core.session 2009-10-05 15:51:00 +00:00
Luke Taylor 2b89ebdfbb SEC-1229: Further doc and mods to namespace config/naming to make it more consistent 2009-10-03 16:08:51 +00:00
Luke Taylor 073198886d SEC-1255: Modified UrlUtils. Full request URL for redirects uses the requestURI (which is encoded). The URL for path comparsions is built using the servletpath, as before. 2009-10-02 17:29:43 +00:00
Luke Taylor c34d719004 SEC-1252: Remove 2.0.x schemas from 3.0. Removed files and updated spring.schemas to remove 2.0.x versions 2009-09-29 17:56:01 +00:00
Luke Taylor 2a1430f1ce SEC-1229: Removed legacy concurrency classes 2009-09-29 16:18:25 +00:00
Luke Taylor ebada9fd12 SEC-1229: Added support for parsing error URL in session-management 2009-09-29 16:17:05 +00:00
Luke Taylor 203cc5a8dc SEC-1229: Added error-url to concurrency-control element and changed "exception-if-max-exceeded" to "error-if-max-exceeded" 2009-09-29 16:16:06 +00:00
Luke Taylor 7109b7e183 Import cleaning. 2009-09-29 00:30:29 +00:00
Luke Taylor aa153681bf SEC-1229: Added session-management element to namespace and refactored existing session-related attributes and concurrency control. Refactored <http> parsing code to split it up into more manageable units. 2009-09-29 00:29:09 +00:00
Luke Taylor 731402e9f5 SEC-525: [PATCH] Add AccessCheckerTag based on URL resource access permissions. Added functionality to "authorize" tag to allow evaluation of whether a particual url is accessible to the user. Uses a WebInvocationPrivilegeEvaluator registered in the application context. 2009-09-16 00:23:13 +00:00
Luke Taylor 71ab83255d SEC-1242: Check that RememberMeServices is an instance of AbstractRememberMeServices before attempting to inject a UserDetailsService. 2009-09-11 21:10:16 +00:00
Luke Taylor fa7404741b SEC-1167: Introduce more flexible SavedRequest handling. Add namespace support for a custom RequestCache through the request-cache element. 2009-09-09 21:40:12 +00:00
Luke Taylor aec730ae7e SEC-1238: Disable portlet module 2009-09-09 20:03:00 +00:00
Luke Taylor 6640eab9dc SEC-1240: Added {ssha} support to PasswordEncoderParser. 2009-09-09 12:12:29 +00:00
Luke Taylor d099d14e9b SEC-1235: Added test to attempt to verify (failed to reproduce). 2009-09-05 14:14:12 +00:00
Luke Taylor 8632946f30 SEC-1213: Added "order" atrribute to global-method-security 2009-09-04 15:54:42 +00:00
Luke Taylor 245fc96137 SEC-1075: Update the embedded LDAP server to use Apache DS 1.5. Updated to use the new 1.5.5 release for the embedded server. 2009-09-01 23:21:44 +00:00
Luke Taylor 2039200617 SEC-1217: AbstractRememberMeServices should set 'secure' attribute on remember-me cookie if in secure context. Added "useSecureCookie" configuration property and corresponding use-secure-cookie attribute in namespace. 2009-09-01 16:08:20 +00:00
Luke Taylor dbcb13ad14 SEC-1229: Redesign Concurrent Session Control implementation. Renamed session strategy interface and introduced SessionAuthenticationException for rejection of session/Authentication combination. 2009-08-31 22:48:49 +00:00
Luke Taylor 0d7b990e0a SEC-1184: Moved ACL cache classes and interface out of jdbc package. 2009-08-31 22:15:37 +00:00
Luke Taylor 471206a29d SEC-1229: Redesign Concurrent Session Control implementation. Added ConcurrentSessionControlAuthenticatedSessionStrategy 2009-08-27 10:43:01 +00:00
Luke Taylor fe33f08b73 SEC-1201: Allow requires-channel attribute to take placeholders. 2009-08-23 16:42:06 +00:00
Luke Taylor 00352227ac Tidying. 2009-08-23 16:03:40 +00:00
Luke Taylor ea01e9cdf7 SEC-1201: PropertyPlaceholderConfigurer does not work for intercept-url attributes. Ensure that channel processing handles paths which are placeholders. 2009-08-23 15:57:59 +00:00
Luke Taylor 9bf8656d66 SEC-1201: PropertyPlaceholderConfigurer does not work for intercept-url attributes. Added use of ManagedMaps and BeanDefinitions to support placeholders in the pattern and access attributes. 2009-08-22 21:09:34 +00:00
Luke Taylor 579644fa95 SEC-1225: Use bean references for authentication providers. Updated AuthenticationManagerBDP to regsiter the providers as top level beans. 2009-08-22 12:37:14 +00:00
Luke Taylor 24911eb606 Corrected links in manual, comment in schema file. 2009-08-22 01:54:31 +00:00
Luke Taylor 5a8772df5b Reset pom versions post release 2009-08-21 12:02:49 +00:00
Luke Taylor 0e5aa7008d [maven-release-plugin] prepare release spring-security-3.0.0.M2 2009-08-20 15:51:26 +00:00
Luke Taylor 48988bde84 SEC-935: Support for OpenID attribute exchange and changes to namespace syntax to allow simple configuration of attributes to request. 2009-08-13 23:55:25 +00:00
Luke Taylor f536c80020 SEC-1202: Removed SpringSecurityFilter and replaced with use of GenericFilterBean from spring-web 2009-08-10 14:18:18 +00:00
Luke Taylor 966f3e4101 SEC-1182: Added tst to confirm that this is no longer an issue due to other changes 2009-08-10 11:32:02 +00:00
Luke Taylor b4bb489638 SEC-1164: Further registering on bean components for tooling and removal of global ids. 2009-08-08 21:08:12 +00:00
Luke Taylor b387d63aba Removing unnecessary global bean names. 2009-08-08 18:57:51 +00:00
Luke Taylor a67448c867 SEC-1216: Remove unused code. 2009-08-08 18:51:15 +00:00
Luke Taylor 229866e293 SEC-1142: Support for session timeout detection. Added namespace support for invalid-session-url 2009-08-07 23:57:10 +00:00
Luke Taylor 0f6642d3ab SEC-1216: Replacement of custom-after-invocation-provider with after-invocation-provider element. Some changes to help prevent proxying of aop infrastructure classes (use of AopInfrastructureBean marker interface) 2009-08-04 00:18:07 +00:00
Luke Taylor eaa0dc4fce typo 2009-08-03 16:30:26 +00:00
Luke Taylor e40b9fbc75 SEC-1196: Introduce AuthenticationManagerDelegator is MethodSecurityInterceptor which is configured by global-method-security. Prevents regression of SEC-933 caused by eager init of AuthenitcationManager and dependent beans 2009-08-03 01:44:49 +00:00
Luke Taylor 997faabe1e SEC-1196: Removed ConfigUtils (no longer used). 2009-08-03 00:22:47 +00:00
Luke Taylor 5953af0f6b SEC-1196: Change use of <authentication-manager> to actually register the global ProviderManager instance. This element now registers the global ProviderManager instance and must contain any authentication-provider elements (or ldap-authentication-provider elements). 2009-08-03 00:21:11 +00:00
Luke Taylor c5d6484b54 SEC-1210: RememberMe filter misses UserDetailsService in default <http /> tag config when it is declared in parent app context. Fixed by getting the UserDetailsServiceInjectionPostProcessor to check ancestor bean factories for a UserDetailsService if one isn't found in the current bean factory. 2009-07-31 19:40:20 +00:00
Luke Taylor 160aa512a1 Remove "infrastructure" type from authentication provider bean. 2009-07-31 19:38:16 +00:00
Luke Taylor 6ae61f95db Minor updates to test XML context implementation. 2009-07-31 19:37:05 +00:00
Luke Taylor a4a0aab66f SEC-1164: Add additional component definitions so that Spring IDE picks them up and doesn;t report missing bean definitions 2009-07-31 00:18:16 +00:00
Luke Taylor 5d5df0c63d Added extra 'manual' security interceptor config 2009-07-29 16:08:04 +00:00
Luke Taylor 3e6054b69f SEC-1211: Rename SessionFixationProtectionFilter to SessionManagementFilter, since it no longer performs session-fixation protection directly, but just executes the AuthenticatedSessionStrategy. 2009-07-29 00:52:30 +00:00
Luke Taylor 609a68b12a SEC-1077: Added DefaultAuthenticatedSessionStrategy test to check that saved request attribute is retained when migrateAttributes is false. 2009-07-28 23:47:26 +00:00
Luke Taylor db90122179 SEC-1211: Create strategy for session handling on successful authentication. Added AuthenticatedSessionStrategy interface and default implementation which encapsulates the functionality that was previously in SessionFixationProtectionFilter and AbstractAuthentictationProcessingFilter. Updated the namespace to make use of these. 2009-07-28 18:00:24 +00:00
Luke Taylor 931cf90dbb SEC-1203: Allow configuration of X509 subject-dn-regex attribute using PropertyPlaceholderConfigurer. Modified parser to use a BeanDefinition for the SubjectPrincipalDnExtractor to allow property subsititution. 2009-07-21 00:14:57 +00:00
Luke Taylor 8b115e2a21 SEC-1167: Added setRequestCache to SavedRequestAwareAuthenticationSuccessHandler and updated namespace parsing to set PortResolver on created HttpRequestCache. 2009-07-20 22:52:48 +00:00
Luke Taylor f404bb3d74 SEC-1167: Introduce more flexible SavedRequest handling. Separated the concept of SavedRequest from SecurityContextHolderAwareFilter since the two are orthogonal requirements. This no longer takes a wrapper class property or uses reflection. SavedRequest functionality is accessed through the RequestCache interface, with the default implementation being HttpSessionRequestCache. A separate filter RequestCacheAwareFilter is now responsible for reconstituting the SavedRequest if it matches the current request. The functionality for matching and returning the wrapper is contained in the RequestCache method though. 2009-07-20 22:34:40 +00:00
Luke Taylor 491837ae34 SEC-1197: Moved support from session-controller-ref from authentication-manager to concurrent-session-control element. Plus refactoring of config classes into separate packages. 2009-07-17 23:36:35 +00:00
Luke Taylor 1afa67c954 SEC-1195: Added internal AuthenticationManager for use by beans which are generated by the <http> block. 2009-07-15 23:09:47 +00:00
Luke Taylor 6346e31517 SEC-1195: Change <http> parsing behaviour to use an internal AuthenticationManager instance. Implemented "parent" AuthenticationManager in ProviderManager which is delegated to when no authentication is returned by the instances list of authentication providers. Extracted the Authentication success/failure publishing into a separate strategy. 2009-07-15 01:28:28 +00:00
Luke Taylor d59bdc0cbc Reducing use of global bean Ids as part of SEC-1186 2009-07-08 23:54:26 +00:00
Luke Taylor 7622dfe092 SEC-1194: Added support for services-alias to remember-me 2009-07-08 23:53:47 +00:00
Luke Taylor d02bbbf560 import cleaning. 2009-07-08 17:17:45 +00:00
Luke Taylor 43dab4c3b3 SEC-1186: Additional changes to remove custom-filter decorator functionality. 2009-07-08 16:50:47 +00:00
Luke Taylor abddcb044a SEC-1186: Remove functionality from CustomFilterBeanDefinitionDecorator and report a warning instead. 2009-07-08 16:49:30 +00:00
Luke Taylor b3366a1646 SEC-1186: Tidying up changes to http parsing 2009-07-08 16:19:26 +00:00
Luke Taylor eae670269d Tidying 2009-07-06 10:33:57 +00:00
Luke Taylor 853b4c8753 SEC-1186: Make sure an Element is always supplied when registering the AuthenticationManager. Fixes broken tests. 2009-06-28 13:36:54 +00:00
Luke Taylor d5bf5d7adc SEC-1186: validator for filter chain beans 2009-06-26 12:47:03 +00:00
Luke Taylor 8ddd96af2b SEC-1186: intermediate commit of namespace changes for improved tooling support 2009-06-26 12:44:46 +00:00
Luke Taylor f6e2e36346 Remove use of property editor internally. 2009-06-18 23:37:36 +00:00
Luke Taylor 074fa7d629 SEC-1186: Refactoring to bring all filter registrations into the HttpBDP parse method in preparation for building the filter chain and map at that point, rather than in a post-processor 2009-06-18 22:33:16 +00:00
Luke Taylor 37d3401d0c SEC-1016: Rollback changes. 2009-06-14 21:10:02 +00:00
Luke Taylor a963be4719 SEC-1095: Register AuthenticationManager from GlobalMethodSecurityBDP. 2009-06-09 01:38:53 +00:00
Luke Taylor 0473cfbfc0 SEC-1137: Added support for an external UserDetailsContextMapper using the attribute user-context-mapper-ref. 2009-06-08 23:35:05 +00:00
Luke Taylor bfa2806034 Add component definition registration for tooling. 2009-06-08 22:27:55 +00:00
Luke Taylor aa511bb1f4 SEC-1175: Changed default anonymous username to match that in the schema docs. 2009-06-08 13:09:07 +00:00
Luke Taylor 66f7e8bcc8 SEC-1168: Added filter-security-metadat-source to namespace. 2009-06-08 12:59:13 +00:00
Luke Taylor 9993a7f6e4 Added newlines to filter list to test use of xsd:token. 2009-05-31 21:28:16 +00:00
Luke Taylor 545550bb0c Made ApacheDS deps optional 2009-05-27 02:15:45 +00:00
Luke Taylor 131ba5c62e Reset poms to 3.0.0.CI-SNAPSHOT after tagging M1 release 2009-05-27 00:12:30 +00:00
Luke Taylor e2c218e8c9 [maven-release-plugin] prepare release spring-security-3.0.0.M1 2009-05-26 23:44:11 +00:00
Luke Taylor 45c54c558c Updated build to use maven.springframework.org deps 2009-05-13 06:16:05 +00:00
Luke Taylor a8215fa2cb SEC-1160: Renaming of authentication filters and entry points and associated doc changes 2009-05-12 05:37:11 +00:00
Luke Taylor 4bad213b19 SEC-1132: Moved remaining preauth code from core to web 2009-05-12 00:11:06 +00:00
Luke Taylor 76561813e9 Fixed config bundlor template 2009-05-11 07:57:52 +00:00
Luke Taylor 76438b3347 SEC-1132: Refactoring of access/intercept package to extract packages and classes which are externally depended on or potentially may be used outside of the standard interceptor model (e.g. SecurityMetadataSource) 2009-05-11 05:44:31 +00:00
Luke Taylor 14c4739605 SEC-1158: Decoupling of Pre/Post annotations implementation from Spring EL. 2009-05-11 05:18:20 +00:00
Luke Taylor b3ccee4dbc Some additional tests on session creation. 2009-05-07 07:10:10 +00:00
Luke Taylor 29fafbbf18 Misc tidying up of old files and refactoring of tests 2009-05-05 13:29:59 +00:00
Luke Taylor cef089376c SEC-1152: Changes to add anonymous filter to default namespace configuration and added enabled flag to allow overriding of the behaviour. 2009-05-05 07:23:31 +00:00
Luke Taylor 6d655aa514 SEC-1132: More refactoring to remove cycles ad reduce complexity metrics 2009-05-04 14:24:54 +00:00
Luke Taylor 8c94e39150 SEC-1118: Added run-as-manager-ref attribute to global-method-security element. Also updated schema to use xsd:token in place of xsd:string where appropriate. 2009-05-01 05:16:19 +00:00
Luke Taylor 5aeca2d7dd Added test XML file for use messing about in an XML editor while generating schema. 2009-04-30 06:58:38 +00:00
Luke Taylor 90b849c271 SEC-1100: Added support for <access-denied-handler> element which can take a ref or an error-page attribute. 2009-04-30 05:46:55 +00:00
Luke Taylor 39cc865a36 SEC-1143: Fixed by using BeanDefinitionRegistry.isBeanNameInUse() instead of containsBeanDefinition() to check for the SessionRegistry availability. The former picks up the alias registration of the standard bean Id for user's bean Id. 2009-04-28 12:08:48 +00:00
Luke Taylor 4f33f4677b Import cleaning. 2009-04-26 10:06:58 +00:00
Luke Taylor 1ac0ea9d3f Moved InMemoryXmlApplicationContext to test src as it is only used in tests. 2009-04-25 06:52:57 +00:00
Luke Taylor 22e7142f45 SEC-998: Bundlor enabled in web, ldap, config and core modules 2009-04-24 09:12:53 +00:00
Luke Taylor 21e36e0a57 Updated version number from 2.5.0-SNPSHOT to 3.0.0.CI-SNAPSHOT 2009-04-22 12:55:52 +00:00
Luke Taylor cac2bce382 Refactored SessionRegistryImpl to remove servlet API deps and moved back into core, along with other concurrent authentication package classes. 2009-04-21 06:05:14 +00:00
Luke Taylor 93bdcccaee SEC-1132: Moved userdetails into core and added core/authority sub-package 2009-04-15 07:39:21 +00:00
Luke Taylor 10673780db OPEN - issue SEC-1136: Removed SpringSecurityException. Introduced new AclException as base class for Acl module. Refactored JAAS authentication to map to AuthenticationExcpetions rather than SpringSecurityException. Modified ExceptionTranslationFilter to look explicitly for AuthenticationException or AccessDeniedException (which it should do since these are the only two it handles). 2009-04-13 14:56:49 +00:00
Luke Taylor ca7d055c2b SEC-1132: Created core and authentication packages within core module. 2009-04-13 13:43:23 +00:00
Luke Taylor 9efb5a7007 SEC-1132: Moved access-control/authorization specific code to org.sf.security.access package. Created provisioning package for user management classes to remove cyclical deps. Some other moving of classes to remove code tangles. Restructuring of portlet module under org.sf.security.portlet 2009-04-12 12:23:23 +00:00
Luke Taylor 32ebd277d4 SEC-1132: Deleted empty packages 2009-03-27 07:01:42 +00:00
Luke Taylor f746a20ab4 SEC-1132: package refactoring of non-core modules 2009-03-27 05:01:03 +00:00
Luke Taylor bec84f874a SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples. 2009-03-26 07:18:36 +00:00
Luke Taylor 2a9a8a41db SEC-1125: Created separate web module spring-security-web 2009-03-25 06:28:18 +00:00
Luke Taylor 2c985a1c36 SEC-1126: separated out spring-security-config module containing namespace configuration classes and resources 2009-03-23 04:23:48 +00:00