7faf2741f1
SEC-32: Patches to move isPermissable(int) method to the BasicAclEntry interface. Thanks to Andres March for this patch.
21 years ago
a42dec6fbf
SEC-21: Initial commit.
21 years ago
e9b1d9452f
SEC-9 and SEC-55: Refactor DaoAuthenticationProvider and deprecate PasswordDaoAuthenticationProvider.
21 years ago
f50cbd31ba
SEC-38: Make InMemoryDaoImpl support external Properties objects.
21 years ago
0d77abb9c1
SEC-64: Correct operation with Orion Web Application Server. Patch thanks to Paul Brooks.
21 years ago
d9be0f86fd
SEC-53: BasicProcessingFilter only to reauthenticate if the SecurityContextHolder contains an unauthenticated Authentication, or an Authentication with a different username.
21 years ago
690ab27a52
SEC-70 and SEC-71: Refactor event publishing.
21 years ago
b6dbfde55c
SEC-70: Refactor event publishing.
21 years ago
3811200599
Improve debug output.
21 years ago
2cbe42f493
SEC-7: Allow better chaining of authentication providers.
21 years ago
42c47c086a
JavaDocs formatting.
21 years ago
f8b0de3459
Corrected Javadoc link to interface name.
21 years ago
5235727d23
SEC-2
...
Refactor the CaptchaChannelProcessor and extract a CaptchaChannelProcessor that is an abstract class and add its implementations.
Jalopy on all java files.
21 years ago
1ae07779a2
SEC-710: Refactor concurrent session handling support.
21 years ago
a5ffda7369
SEC-63: Do not return an absolute URL unless switching from HTTP to HTTPS.
21 years ago
c6d5363e5d
SEC-60: Make method more friendly towards Hibernate detached object. Please note my comments in the JIRA task, as I believing calling toString() is not an unreasonable expectation.
21 years ago
d49198a944
SEC-43: Eliminate id column.
21 years ago
41202112bc
SEC-37: Only update HttpSession if SecurityContext has actually been changed.
21 years ago
494e35f009
Jalopy styling.
21 years ago
24a78be159
Corrected link in Javadoc.
21 years ago
c065c46668
Javadoc correction: ContextHolder -> SecurityContextHolder
21 years ago
df4b8f602f
Javadoc correction: SecureContext -> SecurityContext
21 years ago
a39339674e
login.config.url should be set to a url, not a file path
...
The System property java.security.auth.login.config will only be used if the useSystemProperty option is enabled. This is the default.
21 years ago
bc14dd62db
Fixed CVS line break
21 years ago
4717b64b83
Updated Siteminder auth processing filter and added test case. As of this weekend, this version is in production at a large financial org.
21 years ago
0f5e9ad372
Fix NPE. Thanks to Tom Dunstan.
21 years ago
f5741962ed
Add createSessionAllowed property, which should be set to false to avoid unnecessary session creation.
21 years ago
60d3b6505b
Finalizing the validation, entry point and channel processor concerning captchas. Replacing the Thread.sleep() in captchaChannelProcessorTest to avoid the build break issue.
21 years ago
fb3f4af3b2
when extracting the original user, fix by referencing by the interface (UserDetail) rather than the concrete class (User)
21 years ago
24394b7b2b
added fix to preserve custom UserDetails implementations (Matt DeHoust fix recommendation)
21 years ago
d44b570087
Disable failing tests until Marc-Antoine has a chance to look at them.
21 years ago
ae9e7733db
Fix broken tests.
21 years ago
35ca25f085
BasicAuthenticationProcessingFilter no longer creates HttpSession via WebAuthenticationDetails call.
21 years ago
c7dcceb05c
Do not setAuthenticated(false) in the event of a public (unsecured) invocation. Thanks to Joseph Dane for reporting this issue on acegisecurity-developer on 3 September 2005.
21 years ago
486bbee35d
added context path to redirect
21 years ago
9d359780d9
finish user context switch event publishing
21 years ago
20ebb668a6
Added event for user context switching and updated switch user filter
21 years ago
55f5c3397a
Relocated JdbcDaoExtendedImpl.convertAclObjectIdentityToString to superclass (pursuant to suggestion made by Tim Kettering on acegisecurity-developer).
21 years ago
2bda6ec25c
Fix: SEC-48 http://opensource2.atlassian.com/projects/spring/browse/SEC-48
...
If the principal is an instanceof UserDetails, UserDetails.getUsername();
21 years ago
40a81ed220
Revisit synchonization issue and correct problem identified by Volker Malzahn.
21 years ago
ec5e39c2e8
Initial checkin of user security context switching (see SEC-15). This is the first cut of the SwitchUserProcessingFilter that handles switching to a target uesr and exiting back to the original user. Note: This is going to be used for the common use-case of an Administrator 'switching' to another user (i.e. ROLE_ADMIN -> ROLE_USER). This is the initial cut of a Unix 'su' for Acegi managed web applications.
21 years ago
725ec767b6
Javadoc typo corrected (as suggested on mailing list)
21 years ago
c2c48b905b
Added package.html files to reamining java packages (see http://opensource.atlassian.com/projects/spring/browse/SEC-41 )
21 years ago
f5975dcf30
Whoops, almost forgot to remove System.out debug lines :-/
21 years ago
891cd7380c
Mirrored Ben's FilterChainProxy.java 1.5 spelling fix to its corresponding test class, which depended on equality of the exception message. All JUnit tests pass now.
21 years ago
dc31553f2a
Syntax
21 years ago
db4ed4bc44
Added debug statement to AbstractTicketValidator to help with Acegi+CAS+SSL setup (thanks Seth Ladd for the patch) (see http://opensource.atlassian.com/projects/spring/browse/SEC-34 )
21 years ago
c66c5dfab5
AuthorizeTag no longer depends on JDK 1.4. Tested on Websphere 5.0 w/JDK 1.3 (see http://opensource.atlassian.com/projects/spring/browse/SEC-11 )
21 years ago
32f62d1ef1
Added SiteminderAuthenticationProcessingFilter for Ben's review. <Untested>.
21 years ago
f625d06cd9
Avoid expense of HttpSession when working with anonymous users.
21 years ago
Ben Alex
Luke Taylor
Marc-Antoine Garrigue
Ray Krueger
Scott McCrory
Mark St. Godard