Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-11-23 18:01:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,800 Commits 47 Branches 367 Tags
Commit Graph

101 Commits

Author SHA1 Message Date
Rob Winch
cd352f665b SEC-1915: Polish 
* Restore default search filter to remain passive
* Check the search filter in setSearchFilter
* Add additional tests
 2015-02-24 21:37:49 -06:00
Mateusz Rasiński
c54346b690 SEC-1915: Custom ActiveDirectory search filter 
Currently the search filter used when retrieving user details is hard coded.

New property in ActiveDirectoryLdapAuthenticationProvider:
- searchFilter - the LDAP search filter to use when searching for authorities,
default to search using 'userPrincipalName' (current) OR 'sAMAccountName'
 2015-02-24 21:14:58 -06:00
Rob Winch
1761b29e58 SEC-2690: String[]->List<String> 
Use Collections rather than Arrays since Collections can be immutable.
 2014-07-28 16:25:27 -05:00
Rob Winch
6b43b261bc SEC-2690: Formatting cleanup 2014-07-28 12:41:56 -05:00
Filip Hanik
93b863d2e5 SEC-2690: Support static nested groups in LDAP 
This refers to groups that have member: <another group DN> as an attribute
- Add in a utility method in the SpringSecurityLdapTemplate to retrieve multiple attributes and their values from an LDAP record
- Make the DefaultLdapAuthoritiesPopulator more extensible
- Add an LdapAuthority object that holds the DN in addition to other group attributes
- Add a NestedLdapAuthoritiesPopulator to search statically nested groups
 2014-07-28 12:40:19 -05:00
Rob Winch
a7005bd742 SEC-2500: Prevent anonymous bind for ActiveDirectoryLdapAuthenticator 2014-03-10 14:33:39 -05:00
Rob Winch
5bc6f64b03 SEC-2405: Added tests for OBJECT_FACTORIES 2013-11-20 14:04:15 -06:00
Mattias Hellborg Arthursson
bc6fc518d3 SEC-2405: Use DirContextAdapter directly from search. Configure OBJECT_FACTORIES on DirContext created for ActiveDirectory. 2013-11-20 13:51:51 -06:00
Rob Winch
e6593151fc SEC-2017: Convert IncorrectResultsSizeException.size() == 0 to BadCredentialsException in ActiveDirectoryAuthenticationProvider 2012-08-01 16:19:57 -05:00
Rob Winch
a5ec116e80 SEC-1919: Log error when fail to communicate with LDAP 
Previously communication errors with LDAP were only logged at debug level.

Communication errors (along with other non-authenticated related NamingExceptions)
are now logged as error messages. We created an InternalAuthetnicationServiceException
to represent errors that should be logged as errors to distinguish between internal
and external authentication failures. For example, we do not want an OpenID Provider
being able to report errors that cause our logs to fill up. However, an LDAP system is
internal and should be trusted so logging at an error level makes sense.
 2012-07-31 16:55:48 -05:00
Rob Winch
37aed0660d SEC-1938: Add ActiveDirectoryAuthenticationException as caused by for ActiveDirectoryAuthenticationProvider 
Previously there was no way to extract the original exception or to easily
obtain details about the failure if Spring Security was not able to translate
the exception into a Spring Security AuthenticationException.

Now the caused by is an ActiveDirectoryAuthenticationException which contains
the original Active Directory error code.
 2012-07-31 09:34:06 -05:00
Luke Taylor
373d07ce46 SEC-1181: Added mock testing, to avoid need for AD server 2011-04-15 20:10:48 +01:00
Luke Taylor
59ac4c8b96 SEC-1181: Added option to parse AD sub-error codes. 2011-04-15 20:10:48 +01:00
Luke Taylor
530f686149 SEC-1181: Basic AuthenticationProvider for Active Directory. 2011-04-15 20:10:47 +01:00
Luke Taylor
a225dc3776 SEC-1677: Split out integration tests from LDAP test code. 2011-02-14 15:02:40 +00:00
Luke Taylor
eb9482b33b Removal of some unused internal methods, plus additional tests for some areas lacking coverage. 2011-02-07 00:24:20 +00:00
Luke Taylor
a790c7e192 SEC-1670: Take account of JNDI CompositeName escaping in value of SearchResult.getName() when performing a search for a user entry in SpringSecurityLdapTemplate. 2011-02-03 17:57:43 +00:00
Luke Taylor
077af5e187 SEC-1661: Use a DistinguishedName to wrap the search base to avoid the need for JNDI escaping. 2011-01-26 17:13:11 +00:00
Luke Taylor
592782dc7f Added test for getAdditionalRoles in DefaultLdapAuthoritiesPopulator. 2010-12-20 17:31:14 +00:00
Luke Taylor
eebcfd28ef Move Ldap authorities populator tests to the correct package. 2010-12-20 17:23:43 +00:00
Luke Taylor
dbe270f132 SEC-1641: Correct code and test for null groupSearchBase. 2010-12-20 16:50:37 +00:00
Luke Taylor
3547cfcc92 SEC-1641: Remove the private setGroupSearchBase method and allowed a null value to be set for the group search base in the constructor. 2010-12-19 17:33:26 +00:00
Luke Taylor
1c8d28501c SEC-1550: Convert signatures to use Collection<? extends GrantedAuthority> where appropriate. 2010-11-03 13:48:59 +00:00
Luke Taylor
20988c8cf6 Minor refactoring of debug filter and tidying up tests. 2010-08-27 01:49:30 +01:00
Luke Taylor
bdb906e588 Enable parameterization for log levels in logback files to allow the use of command-line options for controlling log output. 2010-08-24 18:25:39 +01:00
Luke Taylor
3c02989d67 Removal of jmock test dependency and upgrading of mockito version to 1.8.5. Minor adjustments to other build deps and configurations (e.g. prevent groovy from being used as a transitive dep, since we only use it for tests). 2010-08-18 02:32:43 +01:00
Luke Taylor
64375484a1 More build and logging tuning. 2010-08-04 22:55:17 +01:00
Luke Taylor
ea5f2088b5 Comment out OpenLDAP tests to allow running in IDEA, and reduce default load configuration of performance test class. 2010-07-12 12:40:19 +01:00
Luke Taylor
69a10c48ae Switch to using slf4j/logback for logging. 
We still compile modules against commons-logging but all runtime logging and samples will use logback
 2010-07-12 12:39:52 +01:00
Luke Taylor
e1f575c545 SEC-1480: Add simple equals and hashcode methods based on DN value to LdapUserDetailsImpl to allow its use as a map key (in SessionRegistry, for example). 2010-05-15 02:29:11 +01:00
Luke Taylor
2b9beffd08 SEC-1444: Fix JNDI escaping problems in LDAP authentication. 
CompositeName adds quotes to names which contain a forward slash ("/") character. These are automatically removed by Spring LDAP's DistinguishedName, but only if they are at the ends of the String. Since we were preprending the base to the (quoted) DN, resulting in something like ["cn=joe/b",ou=people], this was causing problems with the DN value returned from the search. Additionally, the bind succeeds when a DN is used with a slash, but the subsequent call to getAttributes() fails. This call now passes in a DistinguishedName for the user DN instance instead of a String.
 2010-03-27 15:30:15 +00:00
Luke Taylor
052537c8b0 Removing $Id$ markers and stripping trailing whitespace from the codebase. 2010-01-08 21:05:13 +00:00
Luke Taylor
caff3ee9ba SEC-1231: Authentication.getAuthorities should be of type Collection<GrantedAuthority> and not List<GrantedAuthority>. Refactored the interface and related classes to match (UserDetails etc). 2009-10-05 19:28:53 +00:00
Luke Taylor
245fc96137 SEC-1075: Update the embedded LDAP server to use Apache DS 1.5. Updated to use the new 1.5.5 release for the embedded server. 2009-09-01 23:21:44 +00:00
Luke Taylor
f6f5855b52 SEC-1222: Provide a constructor for LdapUserDetailsService that does not require an LdapAuthoritiesPopulator. Done. 2009-09-01 16:42:11 +00:00
Luke Taylor
2f9a98c7ce SEC-214: Update keywords. 2009-08-18 23:39:33 +00:00
Luke Taylor
8ed9f8a057 Remove wrongly named file 2009-08-18 23:32:40 +00:00
Luke Taylor
4df370b100 SEC-214: Add functionality to be able to use LDAP password policy request/response controls. Added PasswordPolicyAwareContextSource, ppolicy control implementations (from Sandbox) and modified BindAuthenticator to check for the presence of the response control, adding the control to the retured DirContextAdapter if appropriate. LdapUserDetailsImpl also contains the data for grace logins remaining and time till password expiry. Added OpenLDAP startup script with test data and integration test which operates against the data (must be run manually). 2009-08-18 23:09:16 +00:00
Luke Taylor
01b8def455 SEC-1145: Added test to confirm that there is no pooling issue in the trunk. There are already checks for the presence of the pooling flag. 2009-06-03 17:13:33 +00:00
Luke Taylor
6d655aa514 SEC-1132: More refactoring to remove cycles ad reduce complexity metrics 2009-05-04 14:24:54 +00:00
Luke Taylor
929b6bb1a0 Refactoring to remove warnings in LDAP module. 2009-04-27 11:05:58 +00:00
Luke Taylor
b2b2c95e55 SEC-1098: Added ignorePartialResultException property which is set on the LDAP template. 2009-04-21 03:37:16 +00:00
Luke Taylor
c7baeab172 SEC-1117: Moved check for empty password from LdapAuthenticationProvider to BindAuthenticator to allow use with Ntlm. 2009-04-20 06:08:00 +00:00
Luke Taylor
350f75f7f3 SEC-1084: Retain Authentication.details when authenticating in LdapAuthenticationProvider. 2009-04-20 05:02:42 +00:00
Luke Taylor
93bdcccaee SEC-1132: Moved userdetails into core and added core/authority sub-package 2009-04-15 07:39:21 +00:00
Luke Taylor
10673780db OPEN - issue SEC-1136: Removed SpringSecurityException. Introduced new AclException as base class for Acl module. Refactored JAAS authentication to map to AuthenticationExcpetions rather than SpringSecurityException. Modified ExceptionTranslationFilter to look explicitly for AuthenticationException or AccessDeniedException (which it should do since these are the only two it handles). 2009-04-13 14:56:49 +00:00
Luke Taylor
ca7d055c2b SEC-1132: Created core and authentication packages within core module. 2009-04-13 13:43:23 +00:00
Luke Taylor
f746a20ab4 SEC-1132: package refactoring of non-core modules 2009-03-27 05:01:03 +00:00
Luke Taylor
bec84f874a SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples. 2009-03-26 07:18:36 +00:00
Luke Taylor
2c985a1c36 SEC-1126: separated out spring-security-config module containing namespace configuration classes and resources 2009-03-23 04:23:48 +00:00