670297c55d
SEC-1369: Make sure beans aren't registered twice in case allowBeanDefinitionOverriding=false in the app context.
...
The use of registerBeanComponent() also registers the bean definition, which causes an error if overriding is disallowed and the bean has already been registered using registerBeanDefinition(). I've also set the allowBeanDefinitionOverriding to 'false' on InMemoryXmlApplicationContext to detect future mistakes of this kind in testing.
16 years ago
e211f9b35f
SEC-1349: Allow configuration of OpenID with parameters which should be transferred to the return_to URL.
...
The OpenIDAuthenticationFilter now has a returnToUrlParameters property (a Set). If this is set, the named parameters will be copied from the incoming submitted request to the return_to URL. If not set, it defaults to the "parameter" property of the AbstractRememberMeServices of the parent class. If remember-me is not in use, it defaults to the empty set.
Enabled remember-me in the OpenID sample.
16 years ago
51abedcbef
Parameterize getFilter() method in HttpSecurityBeanDefinitionParserTests.
...
Removes the need for casting to specific filter type.
16 years ago
f40a1fda34
SEC-1357: Use getClass().getClassLoader() in SecurityNamespaceHandler to check for web classes.
...
This is used in preference to ClassUtils.getDefaultClassLoader() which fails to find the web classes in some situations.
16 years ago
052537c8b0
Removing $Id$ markers and stripping trailing whitespace from the codebase.
16 years ago
dc5417f1d5
SEC-1352: Added support for placeholders in <user-service>
...
The username, password and authorities attributes can now be placeholders.
17 years ago
893f212fa5
Tidying
17 years ago
bcb1ff8921
SEC-1342: Introduced extra factory method in SecurityConfig to get round problem with Spring converting a string with commas to an array
17 years ago
fac07ba8ff
Schema updates to Spring 3.0
17 years ago
85a58fd473
SEC-1331: Modify namespace to allow omission of user passwords in user-service element and generate random ones internally, preventing authentication against the data..
17 years ago
1dc4bb112e
SEC-1318: Correct logic for checking combination of session-management attributes.
17 years ago
3469a8d4a3
Javadoc.
17 years ago
ac564fc34e
SEC-1317: Forgot to commit test from config module.
17 years ago
d4e4a09801
SEC-1312: Add detection of 2.0 schemas. Added check to SecurityNamespaceHandler and reinstated old schemas.
17 years ago
eddde8ea28
SEC-1309: Namespace configurations should support Spring EL. Removed premature conversion of URL paths to lower case, which messes up if they are case-sensitive expressions or placeholders. Some other minor changes to suppport EL configuration.
17 years ago
5546698fef
SEC-1253: Decouple spring-security-config module from spring-security-web. Added ClassUtils.isPresent() check for FilterChainProxy before attempting to register web-related parsers and decorators. Added use of namespace to dms sample for testing.
17 years ago
66b1b1957c
SEC-1298: Deleted custom-filter BeanDefinitionDecorator
17 years ago
3444b31615
SEC-1291: Add logout namespace support for custom success handler. Added attribute "success-handler-ref" to <logout> element in namespace.
17 years ago
9eae7b899c
SEC-1284: Added proxy-target-class attribute to method security namespace
17 years ago
afdd80235c
SEC-1272: <authentication-manager> does not register default event handler DefaultAuthenticationEventPublisher. Fixed Spring RC1 - RC2 regression problem with test (addApplicationListener() behaviour has changed).
17 years ago
d4d5012035
SEC-1272: <authentication-manager> does not register default event handler DefaultAuthenticationEventPublisher. Update AuthenticationManagerBeanDefinitionParser to register a DefaultAuthenticationeventPublisher and set it on the registered ProviderManager.
17 years ago
a2468c523a
SEC-1283: AuthenticationConfigBuilder.createAnonymousFilter uses httpElt instead of anonymousElt. Corrected element name.
17 years ago
197737a2b4
SEC-1281: make sure correct 'key' value is used for RememberMeAuthenticationProvider when external RememberMeServices is used
17 years ago
799b96520b
SEC-1269: Combining <form-login> and <open-id> fails to find entry point. Fixed entry point choice conditions when using openID and/or form-login
17 years ago
73df14c912
Allow any ordering of authentication-provider elements within authentication-manager
17 years ago
ed2ddf9323
SEC-1263: Add FactoryBean for namespace AuthenticationManager. <http> now uses AuthenticationManagerFactoryBean. Method security already uses a delegate object to lookup the AuthenticationManager. This now uses the same error message if the bean isn't found, rather than allowing the BeanFactory NoSuchBeanDefinitionException to be thrown directly.
17 years ago
ac5237c127
SEC:1263: Added FactoryBean for AuthenticationManager
17 years ago
e398922f85
Removing elements that are no longer supported from the namespace
17 years ago
80eb47c6fe
SEC-1261: Convert FilterChainOrder to an enum (SecurityFilters).
17 years ago
4dcb9de67a
SEC-1257: Some additional API changes to use Collection instead of List...
17 years ago
1286741c7c
SEC-1259: Improve consistency of authentication filter names.
17 years ago
f213cc5d9e
SEC-1257: APIs using List<ConfigAttribute> should use a Collection instead. Converted.
17 years ago
5d486a51b6
SEC-1256: Added support for expression attributes in filter-security-metadata-source configuration.
17 years ago
07d7c0ddae
Renamed form and openID filters to shorten names
17 years ago
1042305cfe
Renamed web.wrapper to web.servletapi. Added some package.html files.
17 years ago
673cf300fb
SEC-1229: Refactoring to remove package cycles.
17 years ago
acf13c74ca
SEC-1229: Refactored authentication.concurrent in core, moving classes into core.session
17 years ago
2b89ebdfbb
SEC-1229: Further doc and mods to namespace config/naming to make it more consistent
17 years ago
073198886d
SEC-1255: Modified UrlUtils. Full request URL for redirects uses the requestURI (which is encoded). The URL for path comparsions is built using the servletpath, as before.
17 years ago
c34d719004
SEC-1252: Remove 2.0.x schemas from 3.0. Removed files and updated spring.schemas to remove 2.0.x versions
17 years ago
2a1430f1ce
SEC-1229: Removed legacy concurrency classes
17 years ago
ebada9fd12
SEC-1229: Added support for parsing error URL in session-management
17 years ago
203cc5a8dc
SEC-1229: Added error-url to concurrency-control element and changed "exception-if-max-exceeded" to "error-if-max-exceeded"
17 years ago
7109b7e183
Import cleaning.
17 years ago
aa153681bf
SEC-1229: Added session-management element to namespace and refactored existing session-related attributes and concurrency control. Refactored <http> parsing code to split it up into more manageable units.
17 years ago
731402e9f5
SEC-525: [PATCH] Add AccessCheckerTag based on URL resource access permissions. Added functionality to "authorize" tag to allow evaluation of whether a particual url is accessible to the user. Uses a WebInvocationPrivilegeEvaluator registered in the application context.
17 years ago
71ab83255d
SEC-1242: Check that RememberMeServices is an instance of AbstractRememberMeServices before attempting to inject a UserDetailsService.
17 years ago
fa7404741b
SEC-1167: Introduce more flexible SavedRequest handling. Add namespace support for a custom RequestCache through the request-cache element.
17 years ago
aec730ae7e
SEC-1238: Disable portlet module
17 years ago
6640eab9dc
SEC-1240: Added {ssha} support to PasswordEncoderParser.
17 years ago
Luke Taylor