Luke Taylor
f54831f2b5
SEC-1398: Minor changes to method security annotation information in namespace chapter.
...
Added some explanation of the different annotation types and their suitability.
2010-02-06 18:03:05 +00:00
Luke Taylor
67c9a0b78d
SEC-1389: Added "iterations" property to BaseDigestpasswordEncoder to support "stretching" of passwords.
2010-02-06 17:34:07 +00:00
Luke Taylor
bd2fd3448b
SEC-1392: Mark PermissionEvaluator and MethodSecurityExpressionHandler as AopInfrastructure beans to prevent them being advised and causing premature use of MethodSecurityMetadataSource before it is initialized properly.
2010-02-06 15:42:01 +00:00
Luke Taylor
984604b026
SEC-1384: Removed check for empty authority list from DefaultWebInvocationPrivilegeEvaluator.
...
The class previously rejected access if the user had no authorities. It will now allow the AccessDecisionManager to make the decision.
2010-02-06 14:38:44 +00:00
Luke Taylor
8720966d20
SEC-1390: Added null check on claimedIdentifier returned by DiscoveryInformation to prevent NPE.
2010-02-06 14:38:44 +00:00
Luke Taylor
b1243416fc
Minor corrections to aspectj interceptor docs
2010-02-05 20:24:05 +00:00
Luke Taylor
38837775a5
Minor corrections to aspectj interceptor docs.
2010-02-05 17:10:27 +00:00
Luke Taylor
10d787ede2
Javadoc corrections to SessionRegistryImpl
2010-02-03 23:49:36 +00:00
Luke Taylor
c4d2f59eec
SEC-1381: Update source repo information in docs to point to git rather than subversion.
2010-01-27 01:37:45 +00:00
Luke Taylor
912e7976da
Added doc upload capability to build.
2010-01-23 02:12:31 +00:00
Luke Taylor
dcf9ea25a6
Updated access-decision and after-invocation diagrams in manual.
2010-01-23 02:12:30 +00:00
Luke Taylor
0974e21fb6
SEC-1379: Added creation of a session if session timeout is detected (requested session ID is invalid).
...
This prevents problems with repeated detection of the same invalid session when the redirected request comes in.
2010-01-23 02:12:30 +00:00
Luke Taylor
d931495c8a
SEC-1380: Trim whitespace from config attributes when building a list in SecurityConfig.
2010-01-23 02:12:30 +00:00
Luke Taylor
04447bdbf0
SEC-1377: Extended HTML escaping functionality to take account of control characters, whitespace and to handle Unicode supplementary characters (surrogate pairs).
2010-01-22 01:55:13 +00:00
Luke Taylor
dbf673ec37
Build updates to include uploading of distro and docs, plus addition of admon graphics path to docbook plugin.
2010-01-21 20:12:12 +00:00
Luke Taylor
9734e4c82f
Added generation of sha1 of distro archive to build.
2010-01-21 20:00:17 +00:00
Luke Taylor
56849dc41e
Added tasks for apidocs, doc and distro archive generation to the build file.
2010-01-21 19:59:48 +00:00
Luke Taylor
10cd080090
SEC-1356: Update createUser method in LdapUserDetailsManager to create the LDAP entry before adding authorities. Prevents removal of authorities for an existing user.
2010-01-20 18:51:29 +00:00
Luke Taylor
0c10efbbf8
Revert SEC-1356.
...
Checking the path of a submitted cookie will never work as the path is not sent by the browser, so will be null.
2010-01-19 22:26:21 +00:00
Luke Taylor
1a7f71fc0f
SEC-1372: Return an empty list rather than null from SessionRegistryImpl.getAllSessions()
...
If the principal has no sessions, null is returned which contradicts the interface contract. In practice it didn't matter as the null was checked for, but it is cleaner to disallow a null value.
2010-01-19 01:07:33 +00:00
Luke Taylor
8137a8bcd0
Enabled detection of release builds and s3 maven deployment capability to gradle build.
...
The s3 deployment requires an updated snapshot of the spring aws-maven dependency, as the old one was incompatible with changes in the latest version (1.0-beta6) of the Maven "wagon" api.
2010-01-18 02:02:28 +00:00
Luke Taylor
a5dde8b28f
Updated doc on invalid session detection.
...
Invalid session URL must typically be omitted from the filter chain to prevent an infinite loop.
2010-01-17 14:41:24 +00:00
Luke Taylor
51dfc0fb39
Set versions to 3.0.2-CI-SNAPSHOT, post release.
2010-01-15 18:15:19 +00:00
Luke Taylor
05634f97dc
Updated version numbers for 3.0.1 release.
2010-01-15 18:04:28 +00:00
Luke Taylor
e1d41177bb
Update docbook plugin use to new gradle 0.9+ syntax.
2010-01-14 15:49:05 +00:00
Luke Taylor
81f91d28eb
Add docbook note and tip images.
2010-01-14 15:48:36 +00:00
Luke Taylor
670297c55d
SEC-1369: Make sure beans aren't registered twice in case allowBeanDefinitionOverriding=false in the app context.
...
The use of registerBeanComponent() also registers the bean definition, which causes an error if overriding is disallowed and the bean has already been registered using registerBeanDefinition(). I've also set the allowBeanDefinitionOverriding to 'false' on InMemoryXmlApplicationContext to detect future mistakes of this kind in testing.
2010-01-14 15:48:14 +00:00
Luke Taylor
0f90e69004
SEC-1362: Updated French messages translation.
2010-01-13 15:37:18 +00:00
Luke Taylor
a9567a58d8
SEC-1359,SEC-1360,SEC-1361,SEC-1363,SEC-1364,SEC-1365,SEC-1366,SEC-1367: Minor doc and Javadoc typos.
2010-01-13 15:36:58 +00:00
Luke Taylor
3a8daa1bf4
Gradle build improvements.
...
Added generation of source archives and trial support for maven deployment and pom generation, with "provided" configuration mapped to "provided" scope.
2010-01-13 00:44:05 +00:00
Luke Taylor
f62d97b092
SEC-1356: Fix broken tests.
...
Test cookies now require that the path be set in order for them to be recognised for auto-login purposes..
2010-01-12 01:32:02 +00:00
Luke Taylor
6eff4d90b7
SEC-1356: Modify AbstractRememberMeService to check the cookie path as well as the name when extracting it from the incoming request.
...
This makes things consistent with the cookie setting methods. If someone wants to share a cookie between multiple applications then they should modify the cookie extraction and setting methods to use a less-specific path.
2010-01-12 00:49:53 +00:00
Luke Taylor
d900829921
Added bundlor and maven support to gradle build
2010-01-12 00:35:20 +00:00
Luke Taylor
fa42d9d5ec
Fix taglibs template.mf
...
Was missing sub-packages of org.sfw.security.acls.
2010-01-12 00:33:20 +00:00
Luke Taylor
2023ca283e
SEC-1358: Support empty context path in DefaultWebInvocationPrivilegeEvaluator
...
This class was failing when an application was deployed at the root context because of an assertion which checked that the contexPath was not empty. An empty context path doesn't actually cause problems for the class so I've removed the assertion.
2010-01-12 00:30:27 +00:00
Luke Taylor
b323098167
Added gradle build files for taglibs, tutorial, contacts and openid.
...
Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).
2010-01-10 23:31:23 +00:00
Luke Taylor
e211f9b35f
SEC-1349: Allow configuration of OpenID with parameters which should be transferred to the return_to URL.
...
The OpenIDAuthenticationFilter now has a returnToUrlParameters property (a Set). If this is set, the named parameters will be copied from the incoming submitted request to the return_to URL. If not set, it defaults to the "parameter" property of the AbstractRememberMeServices of the parent class. If remember-me is not in use, it defaults to the empty set.
Enabled remember-me in the OpenID sample.
2010-01-09 01:04:13 +00:00
Luke Taylor
bc02fc2de1
Corrected "incorrect numer of tokens" error message in TokenBasedRememberMeServices.
2010-01-08 23:57:27 +00:00
Luke Taylor
51abedcbef
Parameterize getFilter() method in HttpSecurityBeanDefinitionParserTests.
...
Removes the need for casting to specific filter type.
2010-01-08 23:20:16 +00:00
Luke Taylor
f40a1fda34
SEC-1357: Use getClass().getClassLoader() in SecurityNamespaceHandler to check for web classes.
...
This is used in preference to ClassUtils.getDefaultClassLoader() which fails to find the web classes in some situations.
2010-01-08 21:12:36 +00:00
Luke Taylor
052537c8b0
Removing $Id$ markers and stripping trailing whitespace from the codebase.
2010-01-08 21:05:13 +00:00
Luke Taylor
9a323f15bc
Bring versions in itext module up-to-date
2010-01-07 17:56:32 +00:00
Luke Taylor
68ae49ebe1
SEC-1355: Update manual code snippet to cast to OpenIDAuthenticationToken.
2010-01-07 17:22:45 +00:00
Luke Taylor
4e4242d010
SEC-1354: Added integration tests for combinations of @PreAuthorize and @Secured annotations.
2010-01-06 22:23:01 +00:00
Luke Taylor
846aa40a7b
Updated "heavyduty" sample version information.
2010-01-06 22:21:59 +00:00
Luke Taylor
be72ed1350
Remove commented out beans from contacts sample app context.
...
These were left when the app was updated to use Spring MVC @Controller syntax and scanning.
2010-01-06 22:21:34 +00:00
Luke Taylor
9730600777
Revert bundlor version update.
...
Config was wrong, but even with the correct config
the maven jar plugin generates its own manifest
file and ignores the one generated by bundlor.
2010-01-05 23:47:27 +00:00
Luke Taylor
3c97d68346
Upgrade to bundlor RC1
2010-01-05 22:34:27 +00:00
Luke Taylor
dc5417f1d5
SEC-1352: Added support for placeholders in <user-service>
...
The username, password and authorities attributes can now be placeholders.
2010-01-05 22:34:10 +00:00
Luke Taylor
f5d36aef65
SEC-1350: Improved Javadoc for AbstractPreAuthenticatedProcessingFilter
...
Added clarification that the credentials returned
by the subclass should not be null or they will
typically be rejected by the provider. Also added
some general overview.
2010-01-05 16:01:55 +00:00