8c605516b3
SEC-1463: Change namespace user-service parser to store username in lower-case when building map for in-memory UserDetailsService. Lookups are supposed to be case-insensitive with this class.
16 years ago
eda60b72b1
SEC-1448: Fixed failure to resolve generic method argument names in MethodSecurityEvaluationContext.
...
Changed to use AopUtils.getMostSpecificMethod() when obtaining the method on which the parameter resolution should be performed. Also added better error handling and log warning when parameter names cannot be resolved. The exception will then be a SpEL one, rather than a NPE.
16 years ago
4c8e9e2d7e
SEC-1450: Replace use of ClassUtils.getMostSpecificMethod() in AbstractFallbackMethodDefinitionSource with AopUtils.getMostSpecificMethod() equivalent.
...
Ensures protect-pointcut expressions match methods with generic parameters.
16 years ago
e518adbef1
SEC-1443: Modify Jsr250Voter to handle multiple "RolesAllowed" roles.
...
It now votes to abstain if there are no Jsr250 attributes present. If any are found, it will either deny or grant access. For multiple "RoleAllowed" attributes, access will be granted if any user authority matches or denied if no match is found.
16 years ago
91153df78d
SEC-1262: Added new (replacement) AspectJ interceptor which wraps the JoinPoint in a MethodInvocation adapter to provide compatibility with classes which only support MethodInvocation instances.
...
Also deprecated the existing AspectJ interceptors. This will also allow future simplification of the AbstractMethodSecurityMetadataSource, as it no longer needs to support JoinPoints.
16 years ago
87cf27ab7c
SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect.
16 years ago
bc6aae132b
SEC-1420: Add htmlEscape attribute to authentication JSP tag.
...
This allows HTML escaping to be disabled if required.
16 years ago
d2b2ca3bc6
SEC-1387: Use a transient object as the advice monitor, rather than a Serializable.
...
No need for an anonymous inner class.
16 years ago
10dc72b017
SEC-1387: Support serialization of security advised beans.
...
MethodSecurityMetadataSourceAdvisor now takes the SecurityMetadataSource bean name as an extra constructor argument and re-obtains the bean from the BeanFactory in its readObject method. Beans that are advised using <global-method-security> should therefore now be serializable.
16 years ago
dbee91002e
Deprecate EncryptionUtils.
16 years ago
c12c43da9e
Javadoc fixes.
16 years ago
36612377e2
Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents.
16 years ago
67c9a0b78d
SEC-1389: Added "iterations" property to BaseDigestpasswordEncoder to support "stretching" of passwords.
16 years ago
bd2fd3448b
SEC-1392: Mark PermissionEvaluator and MethodSecurityExpressionHandler as AopInfrastructure beans to prevent them being advised and causing premature use of MethodSecurityMetadataSource before it is initialized properly.
16 years ago
10d787ede2
Javadoc corrections to SessionRegistryImpl
16 years ago
d931495c8a
SEC-1380: Trim whitespace from config attributes when building a list in SecurityConfig.
16 years ago
1a7f71fc0f
SEC-1372: Return an empty list rather than null from SessionRegistryImpl.getAllSessions()
...
If the principal has no sessions, null is returned which contradicts the interface contract. In practice it didn't matter as the null was checked for, but it is cleaner to disallow a null value.
16 years ago
0f90e69004
SEC-1362: Updated French messages translation.
16 years ago
052537c8b0
Removing $Id$ markers and stripping trailing whitespace from the codebase.
16 years ago
93973a4b75
SEC-1304: Removed compareTo method from GrantedAuthorityImpl
...
This method had been left by mistake when the Comparable
interface was removed. See also SEC-1347.
16 years ago
80aacf447f
Refactored JaasAuthenticationProvider
...
The toUrl() method on File gives a deprecation warning with Java 6, so I reimplemented
the logic for building the Jaas config URL.
16 years ago
893f212fa5
Tidying
16 years ago
bcb1ff8921
SEC-1342: Introduced extra factory method in SecurityConfig to get round problem with Spring converting a string with commas to an array
16 years ago
fcce29f8df
SEC-1326: Updating dependencies to match Spring versions. Removing unused deps.
16 years ago
aeed49393c
Switching StringBuffer to StringBuilder throughout the codebase (APIs permitting).
16 years ago
354b043fd1
SEC-1337: Add Serializable interface to internal comparator
16 years ago
55679971f0
SEC-1337: Make User serializable by moving anonymous comparator class
16 years ago
cad32ffe39
SEC-1325: Tighten up Authentication interface contract to disallow null authorities. Modified internals of AbstractAuthenticationToken to use an empty list instead of null. Clarified Javadoc. removed unnecessary null checks in classes which use the interface.
16 years ago
ef3d9c7877
Tidying Javadoc.
16 years ago
1e8ea55030
SEC-1320: JaasAuthenticationProvider can not find jaas realm defined inside service archive. Added flag to control refresh of configuration on startup.
16 years ago
33b109f0b3
Made session maps final in SessionRegistryImpl.
16 years ago
558737363f
Added some extra tracing to SessionRegistryImpl.
16 years ago
cde9cd6b36
Correct toString() method in User class.
16 years ago
02a9db7bcf
SEC-1317: Removed check in ProviderManager.getProviders() for empty provider list. A ProviderManager with a non-null parent may have an empty provider list. The afterPropertiesSet() method performs the necessary checks.
16 years ago
dada789814
NOJIRA
...
removed unnecessary cast and use StringBuilder rather than non-final String and concatenation.
16 years ago
ed92d5ea71
SEC-1304: Removed unused compareTo method from custom GrantedAuthority.
16 years ago
8a0f69b955
SEC-1295: Placing Security on Roo Aspected method fails. Added suggested fix - check for null target and use Signature.declaredType instead.
16 years ago
7e0c7ffc0e
SEC-1304: Removed "Comparable" from GrantedAuthority
16 years ago
e72cfd58d4
SEC-1304: Remove Comparable interface from GrantedAuthority to enable it to be imlemented by an enum.
16 years ago
1df82654e3
SEC-1310: Added toString() implementations to Pre and PostInvocationExpressionAttribute classes.
16 years ago
69699431b1
SEC-1303: Added internal Hex and Base64 classes, and moved commons-codec dependency to test scope
16 years ago
d4d5012035
SEC-1272: <authentication-manager> does not register default event handler DefaultAuthenticationEventPublisher. Update AuthenticationManagerBeanDefinitionParser to register a DefaultAuthenticationeventPublisher and set it on the registered ProviderManager.
16 years ago
248e826342
SEC-1282: Clarified javadoc
16 years ago
0615b94f55
Converted expression test to use static method.
17 years ago
4dcb9de67a
SEC-1257: Some additional API changes to use Collection instead of List...
17 years ago
f213cc5d9e
SEC-1257: APIs using List<ConfigAttribute> should use a Collection instead. Converted.
17 years ago
caff3ee9ba
SEC-1231: Authentication.getAuthorities should be of type Collection<GrantedAuthority> and not List<GrantedAuthority>. Refactored the interface and related classes to match (UserDetails etc).
17 years ago
acf13c74ca
SEC-1229: Refactored authentication.concurrent in core, moving classes into core.session
17 years ago
2a1430f1ce
SEC-1229: Removed legacy concurrency classes
17 years ago
9639340fef
SEC-1049: RoleHierarchy in SidRetrievalStrategy. Added optional RoleHierarchy injection to SidRetrievalStrategyImpl
17 years ago
Luke Taylor
Luke Taylor
Scott Battaglia