Ben Alex
27d89f3e91
Patch by Mike Youngstrom to fix Jameleon stripping of slash.
2004-06-17 01:23:13 +00:00
Ben Alex
b3e2d78c5d
Fix issue when encoded passwords are used. Modify Contacts sample to test encoded passwords.
2004-06-08 12:54:42 +00:00
Ben Alex
b5cbcdc591
Refactor DaoAuthenticationProvider cache model.
2004-06-06 06:31:28 +00:00
Ben Alex
1b24ff5ea8
Refactor DaoAuthenticationProvider cache model.
2004-05-31 04:41:22 +00:00
Ben Alex
d9f77a7ed1
Initial commit.
2004-05-31 02:37:29 +00:00
Ben Alex
b6cb84e937
Improve robustness so if ApplicationContext not shutdown correctly (thus destroy() not called) the cache will not fail on subsequent startups.
2004-05-31 02:08:34 +00:00
Ben Alex
e300a90890
Improve test coverage.
2004-05-31 01:19:18 +00:00
Ben Alex
0cbea9b452
Improve HTTP redirect URL encoding.
2004-05-26 22:17:14 +00:00
Ben Alex
d5c14142d1
Add event capabilities.
2004-05-24 00:09:27 +00:00
Ben Alex
42ccbfbad7
Store additional information about the authentication request.
2004-05-24 00:06:54 +00:00
Ben Alex
b6e0c3076f
Fixed issue with hot redeploy as cache not being closed.
2004-05-24 00:04:49 +00:00
Ben Alex
369ea24215
Extra mock functionality for new unit tests.
2004-05-24 00:02:09 +00:00
Ben Alex
3f6961d855
Improved exception handling if response already committed.
2004-05-23 23:57:29 +00:00
Francois Beausoleil
d5a6ea044d
Implemented a fix for a NullPointerException as reported by Pierre-Antoine Gr�goire (pa.gregoire@free.fr)
...
"The error comes from line 115 in AuthorizeTag....It seems there's no control
for a null value here..."
* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java:
Added a new test to confirm the existence of the bug.
* src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java:
And fixed the failing test.
2004-05-19 12:34:52 +00:00
Ben Alex
4cac2f1a62
Made serializable as per request by Mike Youngstrom.
2004-05-15 23:37:03 +00:00
Ben Alex
614f12448e
Create a NullRunAsManager, which is used by default by the AbstractSecurityInterceptor.
2004-05-06 23:13:32 +00:00
Ben Alex
8713d4d52c
Authentication subclasses Principal, so it's directly usable by classes that want a Principal. No implementations need to change if they subclass AbstractAuthenticationToken, as it implements the one and only method required by Principal.
2004-05-04 07:35:41 +00:00
Ben Alex
4152df1225
Allow filter to update multiple HttpSession attributes (useful if servlets etc expect to find an Authentication object in a given HttpSession attribute, like Jakarta Slide).
2004-05-04 07:27:57 +00:00
Ben Alex
eaa92cd80a
Fixed issue with caching by making AbstractIntegrationFilter (and its subclasses) write the new Authentication object to the well-known location.
2004-04-30 05:16:08 +00:00
Ben Alex
ecac5a2eed
Make ChannelDecisionManagerImpl iterate through a list of channel security processors.
2004-04-29 02:17:07 +00:00
Ben Alex
2421268baa
Improve IE 6 bug detection logic.
2004-04-29 02:14:20 +00:00
Ben Alex
b61c05ff89
Change classes to use PortMapperImpl and PortResolverImpl by default.
2004-04-28 00:10:56 +00:00
Ben Alex
901c7d4752
Significantly enhance channel processing filter.
2004-04-27 06:21:00 +00:00
Ben Alex
e555d77d4e
Move port mapping functionality into separate classes to allow reuse. Permit implementations to override the source port (required given some browsers do not respond to HTTP redirects correctly).
2004-04-27 06:17:53 +00:00
Ben Alex
c6a1b2b608
Clarify how URLs are constructed.
2004-04-27 06:14:57 +00:00
Ben Alex
8a4edca136
Support new key requirement on DAO authentication provider.
2004-04-27 06:00:39 +00:00
Ben Alex
2c97583f27
Filter to ensure web requests are received over a suitable secure channel.
2004-04-23 08:57:43 +00:00
Ben Alex
d65b0e0bd2
Add correct supports() method and tests.
2004-04-23 06:28:23 +00:00
Ben Alex
ed68b701b2
Add toString() method and test.
2004-04-23 06:27:50 +00:00
Ben Alex
e0d57de330
Add DaoAuthenticationProvider caching support.
2004-04-23 05:01:57 +00:00
Ben Alex
babb908fea
Increase test coverage.
2004-04-23 04:51:56 +00:00
Ben Alex
83d871cd5d
Enhance equals() method to detect key variances.
2004-04-23 03:45:16 +00:00
Colin Sampaleanu
6eb0a47632
fix FilterInvocation so it doesn't lose the tail end (past the servlet path) of the request url
2004-04-23 02:29:18 +00:00
Ben Alex
0537900357
Remove unnecessary code.
2004-04-23 02:08:58 +00:00
Colin Sampaleanu
e2de3c9dbc
Enhance AuthenticationProcessingFilterEntryPoint and related classes, to support a property forcing the login page to be access via https even if the original intercepted request came in as http.
2004-04-22 21:47:05 +00:00
Colin Sampaleanu
20025da7c7
work on unit test, still some functionality to cover later
2004-04-22 11:54:52 +00:00
Colin Sampaleanu
2a46a975a5
allow automatic switch from http to https for login form.
...
unit tests will be updated tomorow to cover new functionality.
2004-04-22 03:56:55 +00:00
Colin Sampaleanu
ab9e783f79
after invocation, restore pre-RunAs Authentication regardless of exception that may be thrown by method being intercepted
2004-04-21 21:09:39 +00:00
Ben Alex
fa9b872570
Initial CAS support.
2004-04-19 07:34:32 +00:00
Ben Alex
b3f9f6f4e9
Updated tests to relocate common filter authentication functionality to an abstract parent.
2004-04-18 12:57:49 +00:00
Ben Alex
4500aba050
Expand unit test coverage.
2004-04-18 12:05:20 +00:00
Ben Alex
0a856b7f15
Expand coverage to test SaltProvider integration.
2004-04-18 12:04:43 +00:00
Ben Alex
872ace9164
Modify contract of AuthenticationProvider to allow AuthenticationProvider implementations to return null if they do not wish to process a given Authentication request, despite asserting they support it.
2004-04-18 12:03:07 +00:00
Ben Alex
a6b5b8d828
Initial commit.
2004-04-18 12:01:18 +00:00
Ben Alex
1cf2b333bd
Relocate common filter authentication functionality to an abstract parent, and update JavaDocs accordingly.
2004-04-18 12:00:02 +00:00
Ben Alex
96fa2a5a75
Update encoders so they process salts.
2004-04-18 11:56:50 +00:00
Ben Alex
b06833e0d7
Unit tests must be named *Tests (note the plural).
2004-04-18 11:55:49 +00:00
Ben Alex
5dbef97a1d
Expand unit test coverage.
2004-04-18 11:54:51 +00:00
Ben Alex
5b16c42e15
Enhance mock so it is told whether to grant or deny access.
2004-04-18 11:35:24 +00:00
Ben Alex
f38ed01b29
Detect nulls within GrantedAuthority[] passed to constructor. This ensures end-user DAO implementations are creating the User correctly.
2004-04-18 11:23:01 +00:00
Ben Alex
a0f809991d
JavaDoc updates.
2004-04-18 05:56:07 +00:00
Colin Sampaleanu
3ceb492cb2
move password encoder tests to proper packages.
...
rename saltSource param in PasswordEncoder interfce to salt. It was already called salt in subclasses, and is in fact supposed to be the salt, not the source for the salt, although depending on the implementation it may still be treated as the latter.
2004-04-17 02:18:46 +00:00
Ben Alex
da5101cfb4
Make salt sources pluggable.
2004-04-17 01:29:52 +00:00
Ben Alex
03efc3e51f
Improve JavaDocs.
2004-04-17 01:28:38 +00:00
Ben Alex
ae16d96121
Moved to net.sf.acegisecurity.providers.encoding.
2004-04-17 01:28:05 +00:00
Ben Alex
6815e693a7
Make SecurityEnforcementFilter support pluggable authentication entry points. Enhance BASIC authentication so it's a viable alternative to form-based authentication for user agents like IE and Netscape.
2004-04-16 14:22:15 +00:00
Ben Alex
7e85bbc054
Relaxed requirement so targetClass OR targetBean can be used (targetBean no longer requires targetClass to be specified as well).
2004-04-16 12:37:58 +00:00
Ben Alex
38835da164
Provide a proxy so filters can be loaded directly from the application context.
2004-04-16 06:31:48 +00:00
Ben Alex
7b59d5f189
Expand test coverage now that prefix is configurable.
2004-04-16 06:28:21 +00:00
Colin Sampaleanu
3d089aaa67
move and rename password encoding classes.
...
change saltSource arument to salt argument, which impl may or may not use.
2004-04-16 03:44:04 +00:00
Colin Sampaleanu
5d9d734735
more final version of the various PasswordEncoder implementations.
...
add unit tests for PasswordEncoder implementations.
remove ignore password case and ignore username case flags and handling from DaoAuthenticationProvider.
remove requirement described in JavaDoc for AuthenticationDao that it ignore case when returning a user by username. Implementations may still do so if configured as such.
2004-04-15 16:32:09 +00:00
Colin Sampaleanu
41a837f8cd
add back HSQL db in test dir, as it turns out _it is_ supposed to be in CVS
...
modify JdbcDaoTests to test for role prefix functionality
fix glitch in JdbcDaoImpl
modify Eclipse classpath so HSQL lib is loaded, so unit tests can run in Eclipse as well.
2004-04-15 03:34:18 +00:00
Colin Sampaleanu
18d5c59532
'ant format' strikes again.
2004-04-14 21:31:22 +00:00
Colin Sampaleanu
aed9d2a1d8
initial cut at allowing pluggable digest strategy for use in password handling in DaoAuthenticationProvider
2004-04-14 21:30:59 +00:00
Colin Sampaleanu
fad252b0fe
allow special ROLE_ prefix to be overriden
2004-04-14 03:38:10 +00:00
Colin Sampaleanu
a09f2a4c18
ant format seems to have reformated these differently than what is in CVS
2004-04-13 21:59:02 +00:00
Colin Sampaleanu
2786312b8e
allow query strings to be specified
...
allow MappingSqlQuery to be specified
2004-04-13 21:58:03 +00:00
Ben Alex
f1abf780b5
Add support for HTTP Basic Authentication.
2004-04-11 12:09:08 +00:00
Ben Alex
670d007630
JavaDoc updates.
2004-04-11 12:05:46 +00:00
Ben Alex
bd35a47233
Support configuration via Apache Ant paths (not only regular expressions).
2004-04-09 09:51:23 +00:00
Ben Alex
5488bf4ca8
Renamed to RegExpBasedFilterDefinitionMapTests.
2004-04-09 09:49:07 +00:00
Ben Alex
7eefbd3bb2
Update to use contextConfigLocation.
2004-04-09 05:41:42 +00:00
Colin Sampaleanu
6c26e79a0f
change AuthenticationProcessingFilter and SecurityEnforcementFilter to use Spring's WebApplicationContextUtils by defualt to find their config context.
2004-04-09 02:44:17 +00:00
Francois Beausoleil
ea0e6b2577
* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagAttributeTests.java,
...
src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java:
Added three new tests to assert that whitespace is ignored in the
attribute's content.
2004-04-02 20:59:16 +00:00
Ben Alex
1b1d119836
Modifications consistent with changes to the objects being tested.
2004-04-02 12:20:41 +00:00
Ben Alex
a278db8df9
Functionality moved to new tests or mocks.
2004-04-02 12:18:58 +00:00
Ben Alex
eaffc00fc4
Initial commit.
2004-04-02 12:16:39 +00:00
Ben Alex
852cea437c
Reflect new secure object API, which is no longer bound to MethodInvocations.
2004-04-02 12:13:56 +00:00
Ben Alex
f026b3a08a
Documentation improvements.
2004-04-02 12:11:13 +00:00
Ben Alex
15588123ba
Additional import statement.
2004-04-02 12:10:31 +00:00
Ben Alex
33edeb5a2f
Moved to net.sf.acegisecurity.ui
2004-04-02 12:07:24 +00:00
Ben Alex
e54ad9b4e8
Reflect new secure object API, which is no longer bound to MethodInvocations.
2004-04-02 12:05:49 +00:00
Ben Alex
3ece12c386
Moved to net.sf.acegisecurity.intercept.method.
2004-04-02 12:03:18 +00:00
Ben Alex
738fd2161d
Initial commit.
2004-04-02 12:02:01 +00:00
Ben Alex
dd39d747d5
Improved documentation and added methods to facilitate unit testing.
2004-03-29 13:39:30 +00:00
Ben Alex
c220ff583c
Initial commit.
2004-03-29 13:36:45 +00:00
Ben Alex
0a17d65d37
Initial commit.
2004-03-29 02:49:51 +00:00
Ben Alex
ea05e0b931
Simplified sub-class usage. Made compatible with changes to User constructor.
2004-03-29 02:48:10 +00:00
Ben Alex
1b726825fa
Changed internals to use list instead of set, to preserve element ordering.
2004-03-28 12:19:13 +00:00
Ben Alex
adb1971873
Enhancements to detect errors and faciltiate easier testing.
2004-03-28 12:17:46 +00:00
Ben Alex
d59a5da321
Changed to not detect null returns, as the UserMap will now throw the UsernameNotFoundException.
2004-03-28 12:16:44 +00:00
Ben Alex
f203979237
Update to be compatible to changes made to User's no-arg constructor.
2004-03-28 12:15:11 +00:00
Ben Alex
489c941101
Improved detection of invalid parameters in constructors.
2004-03-28 12:14:11 +00:00
Ben Alex
3179f5f1e7
Fixed support for lowercase usernames and passwords.
2004-03-28 12:10:23 +00:00
Ben Alex
1573491fbe
Changed no-arg constructor to a form more suitable for unit testing.
2004-03-28 12:09:35 +00:00
Ben Alex
cab961bfa6
Enhanced equals() method.
2004-03-28 12:08:20 +00:00
Ben Alex
cff8894b99
Changed interface to extend Context. This provides interface-level compatibility with objects requiring a Context, rather than requiring implementations to also implement Context.
2004-03-28 12:07:34 +00:00
Ben Alex
c5951ff1c0
Changed no-arg constructor to a form more suitable for unit testing.
2004-03-28 12:02:41 +00:00
Ben Alex
3fa1534c94
Added license information.
2004-03-28 11:58:37 +00:00
Ben Alex
4b1e738bb5
Minor formatting changes.
2004-03-28 11:57:55 +00:00
Ben Alex
8d24027443
Added debug statement at commencement of interception and additional comment re ContextHolder.
2004-03-28 11:56:32 +00:00
Ben Alex
cf043ad35f
Numerous formatting changes, and methods to facilitate unit testing.
2004-03-28 11:54:10 +00:00
Ben Alex
dc6357d504
Improved JavaDocs.
2004-03-28 11:51:23 +00:00
Ben Alex
22b8be49f0
Changed no-arg constructor to a form more suitable for unit testing. Also added an equals() method.
2004-03-28 11:49:24 +00:00
Ben Alex
dcf78213a3
Corrected @author tag.
2004-03-28 11:48:35 +00:00
Ben Alex
4124b1c298
Changed internals to use list instead of set, to preserve element ordering.
2004-03-28 11:44:02 +00:00
Ben Alex
fe379d9712
Initial commit.
2004-03-28 11:41:20 +00:00
Ben Alex
6c5a5cd311
No longer required.
2004-03-28 11:40:29 +00:00
Ben Alex
8808f5e8dd
Expanded unit test coverage.
2004-03-28 11:39:38 +00:00
Ben Alex
6038d56ece
Expanded unit test coverage, moving relevant methods to AbstractAdapterAuthenticationTokenTests.
2004-03-28 11:35:35 +00:00
Ben Alex
bc847f564f
Expanded unit test coverage.
2004-03-28 11:31:22 +00:00
Ben Alex
6a2870d8f0
No longer required.
2004-03-28 11:29:10 +00:00
Ben Alex
ab01d829c5
Initial commit.
2004-03-27 00:46:50 +00:00
Ben Alex
14f27ae683
Make compatible with interface changes to aopalliance.jar.
2004-03-27 00:44:27 +00:00
Ben Alex
e3dc29ae96
No longer required.
2004-03-27 00:43:12 +00:00
Ben Alex
94e384b944
Expand test coverage.
2004-03-26 13:17:48 +00:00
Ben Alex
e153a54406
Expand test coverage.
2004-03-26 12:20:54 +00:00
Ben Alex
02559344bc
Expand test coverage.
2004-03-26 12:02:30 +00:00
Ben Alex
1a040c7ddf
Made no arg constructor protected to enable unit test coverage.
2004-03-26 11:51:47 +00:00
Ben Alex
b4273c62b7
Expand test coverage.
2004-03-26 11:49:43 +00:00
Ben Alex
a8c9b2c96f
No longer required.
2004-03-26 11:18:44 +00:00
Ben Alex
22272223d2
Initial commit.
2004-03-26 11:12:54 +00:00
Ben Alex
f7a82c29b3
Expand test coverage.
2004-03-26 11:12:08 +00:00
Ben Alex
b485c40175
Improve JavaDocs.
2004-03-26 11:05:55 +00:00
Ben Alex
a9569a2f60
Added equals() method.
2004-03-26 11:05:10 +00:00
Ben Alex
ae434bd8b3
Initial commit.
2004-03-26 11:03:36 +00:00
Francois Beausoleil
1e4c234ea7
* src/net/sf/acegisecurity/adapters/AutoIntegrationFilter.java:
...
Use reflection instead of hard-coding the values to determine
if we should integrate with a specific container implementation.
2004-03-24 18:33:19 +00:00
Francois Beausoleil
36a955e197
* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java:
...
Removed testUsesAllAuthoritiesToDetermineAccess(), because it wasn't
asserting anything. Needs to be rewritten.
2004-03-23 17:33:47 +00:00
Francois Beausoleil
d8275171e4
* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java:
...
Bring Clover coverage to 100% by adding a single test.
2004-03-23 17:28:10 +00:00
Ben Alex
c3507b26c9
Change to Apache License version 2.0.
2004-03-23 04:44:48 +00:00
Ben Alex
47a2d03429
Added tearDown() method to clear ContextHolder.
2004-03-23 00:35:43 +00:00
Francois Beausoleil
48b21524ed
* build.xml:
...
Modified to create an acegi-taglib.jar.
* project.properties:
Added new property to build acegi-taglib.jar.
* src/net/sf/acegisecurity/taglibs/authz.tld:
Declare the Acegi Security authz tag library.
* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java,
test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagAttributeTests.java:
A set of tests that force the creation of a javax.servlet.jsp.Tag
implementation that authorizes the output of the tag's body if the
request's principal has or doesn't have certain authorities.
* src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java:
New class. Implements AuthorizeTagTests and
AuthorizeTagAttributeTests.
2004-03-22 16:42:53 +00:00
Ben Alex
35fe1e7b73
Initial commit.
2004-03-16 23:57:17 +00:00