295e0ded18
SEC-1483: Change User constructor to use a generic wildcard for authorities collection.
16 years ago
8c605516b3
SEC-1463: Change namespace user-service parser to store username in lower-case when building map for in-memory UserDetailsService. Lookups are supposed to be case-insensitive with this class.
16 years ago
eda60b72b1
SEC-1448: Fixed failure to resolve generic method argument names in MethodSecurityEvaluationContext.
...
Changed to use AopUtils.getMostSpecificMethod() when obtaining the method on which the parameter resolution should be performed. Also added better error handling and log warning when parameter names cannot be resolved. The exception will then be a SpEL one, rather than a NPE.
16 years ago
4c8e9e2d7e
SEC-1450: Replace use of ClassUtils.getMostSpecificMethod() in AbstractFallbackMethodDefinitionSource with AopUtils.getMostSpecificMethod() equivalent.
...
Ensures protect-pointcut expressions match methods with generic parameters.
16 years ago
e518adbef1
SEC-1443: Modify Jsr250Voter to handle multiple "RolesAllowed" roles.
...
It now votes to abstain if there are no Jsr250 attributes present. If any are found, it will either deny or grant access. For multiple "RoleAllowed" attributes, access will be granted if any user authority matches or denied if no match is found.
16 years ago
91153df78d
SEC-1262: Added new (replacement) AspectJ interceptor which wraps the JoinPoint in a MethodInvocation adapter to provide compatibility with classes which only support MethodInvocation instances.
...
Also deprecated the existing AspectJ interceptors. This will also allow future simplification of the AbstractMethodSecurityMetadataSource, as it no longer needs to support JoinPoints.
16 years ago
1b0ac9c785
Porting of gradle changes from master.
16 years ago
87cf27ab7c
SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect.
16 years ago
bc6aae132b
SEC-1420: Add htmlEscape attribute to authentication JSP tag.
...
This allows HTML escaping to be disabled if required.
16 years ago
9831980bc2
Update versions to 3.0.3.CI-SNAPSHOT.
16 years ago
44f45d21f0
3.0.2 release. Update version in build files.
16 years ago
d2b2ca3bc6
SEC-1387: Use a transient object as the advice monitor, rather than a Serializable.
...
No need for an anonymous inner class.
16 years ago
10dc72b017
SEC-1387: Support serialization of security advised beans.
...
MethodSecurityMetadataSourceAdvisor now takes the SecurityMetadataSource bean name as an extra constructor argument and re-obtains the bean from the BeanFactory in its readObject method. Beans that are advised using <global-method-security> should therefore now be serializable.
16 years ago
dbee91002e
Deprecate EncryptionUtils.
16 years ago
c12c43da9e
Javadoc fixes.
16 years ago
36612377e2
Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents.
16 years ago
67c9a0b78d
SEC-1389: Added "iterations" property to BaseDigestpasswordEncoder to support "stretching" of passwords.
16 years ago
bd2fd3448b
SEC-1392: Mark PermissionEvaluator and MethodSecurityExpressionHandler as AopInfrastructure beans to prevent them being advised and causing premature use of MethodSecurityMetadataSource before it is initialized properly.
16 years ago
10d787ede2
Javadoc corrections to SessionRegistryImpl
16 years ago
d931495c8a
SEC-1380: Trim whitespace from config attributes when building a list in SecurityConfig.
16 years ago
1a7f71fc0f
SEC-1372: Return an empty list rather than null from SessionRegistryImpl.getAllSessions()
...
If the principal has no sessions, null is returned which contradicts the interface contract. In practice it didn't matter as the null was checked for, but it is cleaner to disallow a null value.
16 years ago
51dfc0fb39
Set versions to 3.0.2-CI-SNAPSHOT, post release.
16 years ago
05634f97dc
Updated version numbers for 3.0.1 release.
16 years ago
0f90e69004
SEC-1362: Updated French messages translation.
16 years ago
b323098167
Added gradle build files for taglibs, tutorial, contacts and openid.
...
Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).
16 years ago
052537c8b0
Removing $Id$ markers and stripping trailing whitespace from the codebase.
16 years ago
93973a4b75
SEC-1304: Removed compareTo method from GrantedAuthorityImpl
...
This method had been left by mistake when the Comparable
interface was removed. See also SEC-1347.
16 years ago
80aacf447f
Refactored JaasAuthenticationProvider
...
The toUrl() method on File gives a deprecation warning with Java 6, so I reimplemented
the logic for building the Jaas config URL.
16 years ago
893f212fa5
Tidying
16 years ago
bcb1ff8921
SEC-1342: Introduced extra factory method in SecurityConfig to get round problem with Spring converting a string with commas to an array
16 years ago
115d5b84ff
[maven-release-plugin] prepare for next development iteration
16 years ago
6c6ef08353
[maven-release-plugin] prepare release spring-security-3.0.0.RELEASE
16 years ago
e64866ae6a
Updated bundlor templates and introduced spring.version variable
16 years ago
fcce29f8df
SEC-1326: Updating dependencies to match Spring versions. Removing unused deps.
16 years ago
aeed49393c
Switching StringBuffer to StringBuilder throughout the codebase (APIs permitting).
16 years ago
354b043fd1
SEC-1337: Add Serializable interface to internal comparator
16 years ago
55679971f0
SEC-1337: Make User serializable by moving anonymous comparator class
16 years ago
cad32ffe39
SEC-1325: Tighten up Authentication interface contract to disallow null authorities. Modified internals of AbstractAuthenticationToken to use an empty list instead of null. Clarified Javadoc. removed unnecessary null checks in classes which use the interface.
16 years ago
ef3d9c7877
Tidying Javadoc.
16 years ago
1e8ea55030
SEC-1320: JaasAuthenticationProvider can not find jaas realm defined inside service archive. Added flag to control refresh of configuration on startup.
16 years ago
520e733cb2
[maven-release-plugin] prepare for next development iteration
16 years ago
f2cf17bd49
[maven-release-plugin] prepare release spring-security-3.0.0.RC2
16 years ago
adfac7e718
Added gradle file for cas and standardised ehcache version
16 years ago
33b109f0b3
Made session maps final in SessionRegistryImpl.
16 years ago
558737363f
Added some extra tracing to SessionRegistryImpl.
16 years ago
cde9cd6b36
Correct toString() method in User class.
16 years ago
02a9db7bcf
SEC-1317: Removed check in ProviderManager.getProviders() for empty provider list. A ProviderManager with a non-null parent may have an empty provider list. The afterPropertiesSet() method performs the necessary checks.
16 years ago
dab76249db
Added gradle build files (experimental)
16 years ago
dada789814
NOJIRA
...
removed unnecessary cast and use StringBuilder rather than non-final String and concatenation.
16 years ago
ed92d5ea71
SEC-1304: Removed unused compareTo method from custom GrantedAuthority.
16 years ago
Luke Taylor
Luke Taylor
Scott Battaglia