8bf1b8420a
SEC-1563: Move PermissionEvaluator and related methods to SecurityExpressionRoot
16 years ago
ca44ebd3cc
SEC-1338: Applied submitted patch, making use of java.util.concurrent classes in place of traditional synchronization.
16 years ago
af56f4844d
SEC-1562: Created SecurityExpressionHandler interface and AbstractSecurityExpressionHandler.
16 years ago
577ec27507
Polishing.
16 years ago
f4d57ab5e8
SEC-1456: Remove maven poms as we are now using gradle for the build.
16 years ago
696150f3c3
Remove unused import.
16 years ago
1a1372ab84
Removed deprecated AspectJInterceptor classes since these cannot be used with the existing MethodSecurityMetadataSource implementations (which no longer support JoinPoin as a secured object). Added some more tests.
16 years ago
f71d9df7fe
Deprecate unnecessary method in SecurityConfig
16 years ago
bdb906e588
Enable parameterization for log levels in logback files to allow the use of command-line options for controlling log output.
16 years ago
1680807470
Added eclipse plugin to build. Some minor fixes to remove eclipse warnings.
16 years ago
3c02989d67
Removal of jmock test dependency and upgrading of mockito version to 1.8.5. Minor adjustments to other build deps and configurations (e.g. prevent groovy from being used as a transitive dep, since we only use it for tests).
16 years ago
281d77271e
SEC-1486, SEC-1538, SEC-1537: Generification of AuthenticationDetailsSource. Deprecation of non-web pre-authentication classes and other unnecessary classes. Removal of reflection in WebAuthenticationDetailsSource.
16 years ago
2222a7be07
Use Integer.valueOf() in preference to new Integer()
16 years ago
dca0fd871c
SEC-1532: Add cache of previously matched beans to ProtectPointcutPostProcessor to ensure that it doesn't perform pointcut matching every time a new prototype bean is created.
16 years ago
85c4c91e0e
IDEA inspection refactorings.
16 years ago
64375484a1
More build and logging tuning.
16 years ago
c4ee46824c
Removing log4j.properties files and adding logback config ones.
16 years ago
ab248b2583
SEC-1454: Added use of Spring's new AopProxyUtils.ultimateTargetClass() method when resolving the target class in MethodSecurityEvaluationContext.
16 years ago
b854e67952
SEC-1522: Treat empty attribute collection the same as null when returned by SecurityMetadataSource. Both are now treated as public invocations.
16 years ago
2afccfc633
Remove commons-logging dependency properly and switch tutorial sample to logback/slf4j.
16 years ago
443ac0487a
SEC-1093: Namespace support for jee element.
...
Adds a J2eePreAuthenticatedProcessingFilter to the stack, using a SimpleAttributes2GrantedAuthoritiesMapper to process the role attributes defined in the "mappable-roles" attribute. Provider uses a PreAuthenticatedGrantedAuthoritiesUserDetailsService by default.
16 years ago
03fa8fce4d
SEC-1507: Applied patch to return empty authority list rather than null from RoleHierarchyImpl.
16 years ago
026517f674
Removal of deprecated methods and classes.
16 years ago
db913f6857
SEC-1493: Added CredentialsContainer interface and implemented it in User, AbstractAuthenticationToken and UsernamePasswordAuthenticationToken. ProviderManager makes use of this to erase the credentials of the returned Authentication object (and its contents) if configured to do so by setting the 'eraseCredentialsAfterAuthentication' property.
16 years ago
d56adb8ffb
SEC-1495: Convert User class equals and hashcode methods to only use the "username" property.
...
This prevents situations where other data may have changed when a User object is reloaded (during a subsequent authentication attempt, in which case and Set.contains()/Map.containsKey() will return false even though the collection in question contains a principal representing the same user.
16 years ago
efb600166a
SEC-1488: Remove commons-logging dependencies from maven poms.
16 years ago
0e57ce2dc3
SEC-1481: Updated constructors of Authentication types to use a generic wildcard for authorities collection.
16 years ago
c95cf6ec7d
SEC-1483: Change User constructor to use a generic wildcard for authorities collection.
16 years ago
b3aad4cf19
Javadoc fixes.
16 years ago
e7646a65f4
SEC-1421: Add setters to JdbcUserDetailsManager for group sql operations.
16 years ago
3c3aabf5be
SEC-1465: Change empty check to a null check for list of delegates for DelegatingMethodSecurityMetadataSource.
16 years ago
a421370a3d
SEC-1465: Change DelegatingMethodSecurityMetadataSource to use constructor injection to get round the problem of it being invoked before it has been initialized properly. Also changed the contacts tests to use the same app context and loading order as the actual webapp, to give better reassurance that the app will run successfully.
16 years ago
3bbbf07235
SEC-1464: Fix broken test (flags in returned user object were not being copied from stored user).
16 years ago
024e6904ff
SEC-1464: Deprecate UserMap, InMemoryDaoImpl and other related classes in favour of the simpler (non-property editor based) InMemoryUserDetailsManager.
16 years ago
f5859fabcf
SEC-1464: Created InMemoryUserDetailsManager and converted user-service BDP to use it for its in-memory database.
16 years ago
d3d9c5db59
Refactoring of UserDetailsService injection (for X509, OpenID and RememberMeServices) to use a factory bean rather than a post-processor.
16 years ago
74896f217b
SEC-1459: Generifying AuthenticationUserDetailsService. Now parameterized with <? extends Authentication>.
16 years ago
0521d10069
SEC-1294: Enable access to beans from ApplicationContext in EL expressions.
...
ExpressionHandlers are now ApplicationContextAware and set the app context on the SecurityExpressionRoot. A custom PropertyAccessor resolves the properties against the root by looking them up in the app context.
16 years ago
020e0aa49a
SEC-1448: Fixed failure to resolve generic method argument names in MethodSecurityEvaluationContext.
...
Changed to use AopUtils.getMostSpecificMethod() when obtaining the method on which the parameter resolution should be performed. Also added better error handling and log warning when parameter names cannot be resolved. The exception will then be a SpEL one, rather than a NPE.
16 years ago
977bc2b164
SEC-1433: Reduce the number of direct dependencies on DataAccessException from spring-tx.
...
It is still required as a compile-time dependency by classes which use Spring's JDBC support, but it doesn't really have to be used in many interfaces and classes which are not necessarily backed by JDBC implementations.
16 years ago
472c1fac84
SEC-1450: Replace use of ClassUtils.getMostSpecificMethod() in AbstractFallbackMethodDefinitionSource with AopUtils.getMostSpecificMethod() equivalent.
...
Ensures protect-pointcut expressions match methods with generic parameters.
16 years ago
e60108ca8c
SEC-1443: Modify Jsr250Voter to handle multiple "RolesAllowed" roles.
...
It now votes to abstain if there are no Jsr250 attributes present. If any are found, it will either deny or grant access. For multiple "RoleAllowed" attributes, access will be granted if any user authority matches or denied if no match is found.
16 years ago
9e049dfef4
SEC-1438: Removed JoinPoint support from AbstractMethodSecurityMetadataSource
16 years ago
c09cd3a9cb
Remove unused inner class in MethodSecurityMetadataSourceAdvisor
16 years ago
55de2cfcb1
SEC-1262: Added new (replacement) AspectJ interceptor which wraps the JoinPoint in a MethodInvocation adapter to provide compatibility with classes which only support MethodInvocation instances.
...
Also deprecated the existing AspectJ interceptors. This will also allow future simplification of the AbstractMethodSecurityMetadataSource, as it no longer needs to support JoinPoints.
16 years ago
f3264ba9ab
Addition of commons-logging exclusions and adjustments to pom generation.
16 years ago
b38b8e55ac
SEC-1432: Convert map keys to lower-case in UserMap.setUsers().
...
Otherwise the lookup on mixed-case fails, since the lookup is performed with a lower-case key.
16 years ago
530ab3ae30
SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect.
16 years ago
0551dd89ac
SEC-1420: Add htmlEscape attribute to authentication JSP tag.
...
This allows HTML escaping to be disabled if required.
16 years ago
b147652193
Make hsqldb a testRuntime/runtime dependency.
16 years ago
Luke Taylor