spring-security

Commit Graph

Author	SHA1	Message	Date
Rob Winch	dc201b7989	Remove log4jConfigLocation from sample web.xml files This prevents errors looking for the LogManager which is no longer on the classpath since we use sl4j.	13 years ago
Luke Taylor	4b0fbe1606	Remove session timeout check in tutorial sample.	15 years ago
Rob Winch	d5f1f6cbff	SEC-1757: Updated tutorial sample to state that listing of accounts is allowed by anyone and to display accounts for the different types of access to posting to Accounts	15 years ago
Luke Taylor	0974e21fb6	SEC-1379: Added creation of a session if session timeout is detected (requested session ID is invalid). This prevents problems with repeated detection of the same invalid session when the redirected request comes in.	16 years ago
Luke Taylor	a5dde8b28f	Updated doc on invalid session detection. Invalid session URL must typically be omitted from the filter chain to prevent an infinite loop.	16 years ago
Luke Taylor	052537c8b0	Removing $Id$ markers and stripping trailing whitespace from the codebase.	16 years ago
Luke Taylor	893f212fa5	Tidying	16 years ago
Luke Taylor	fac07ba8ff	Schema updates to Spring 3.0	16 years ago
Luke Taylor	7247902911	SEC-1229: Updated sample and itest namespace concurrency configs.	16 years ago
Luke Taylor	aa153681bf	SEC-1229: Added session-management element to namespace and refactored existing session-related attributes and concurrency control. Refactored <http> parsing code to split it up into more manageable units.	16 years ago
Luke Taylor	731402e9f5	SEC-525: [PATCH] Add AccessCheckerTag based on URL resource access permissions. Added functionality to "authorize" tag to allow evaluation of whether a particual url is accessible to the user. Uses a WebInvocationPrivilegeEvaluator registered in the application context.	17 years ago
Luke Taylor	b531a81176	SEC-1246: Introduce EL-based authorization tag. Added optional access expression to authorize tag.	17 years ago
Luke Taylor	5953af0f6b	SEC-1196: Change use of <authentication-manager> to actually register the global ProviderManager instance. This element now registers the global ProviderManager instance and must contain any authentication-provider elements (or ldap-authentication-provider elements).	17 years ago
Luke Taylor	1afa67c954	SEC-1195: Added internal AuthenticationManager for use by beans which are generated by the <http> block.	17 years ago
Luke Taylor	853b4c8753	SEC-1186: Make sure an Element is always supplied when registering the AuthenticationManager. Fixes broken tests.	17 years ago
Luke Taylor	0134a5646d	Changed to use expressions in commented-out XML instead of outdated syntax.	17 years ago
Luke Taylor	f976080d1d	Fixes to sample app context files	17 years ago
Luke Taylor	14c4739605	SEC-1158: Decoupling of Pre/Post annotations implementation from Spring EL.	17 years ago
Luke Taylor	e94baf38b3	Tidying up to remove warnings (generics, use of deprecated test classes etc).	17 years ago
Luke Taylor	13af4b95a2	Sample package name updates	17 years ago
Luke Taylor	ca7d055c2b	SEC-1132: Created core and authentication packages within core module.	17 years ago
Luke Taylor	9efb5a7007	SEC-1132: Moved access-control/authorization specific code to org.sf.security.access package. Created provisioning package for user management classes to remove cyclical deps. Some other moving of classes to remove code tangles. Restructuring of portlet module under org.sf.security.portlet	17 years ago
Luke Taylor	bec84f874a	SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples.	17 years ago
Luke Taylor	4a41416c9b	Tidying up and removing compiler warnings.	17 years ago
Luke Taylor	cc5966bc7e	Tidying up, removing compiler warnings etc.	17 years ago
Luke Taylor	2927b8464f	SEC-1058: Substantial refactoring of AbstractProcessingFilter to use AuthenticationFailureHandler strategy. Also changed attemptAuthentication method to take a response object and have the option of returning null, to allow OpenIDAuthenticationProcessingFilter to work without having to throw exceptions between the template methods (which made the logic very hard to follow). The OpenID filter now redirects to the OpenID provider service from this method, rather than treating it as a temporary failure and throwing OpenIDAuthenticationRequiredException.	17 years ago
Luke Taylor	6ccdcec629	SEC-1033: Added web expressions to tutorial sample configuration.	17 years ago
Luke Taylor	bc6878c1c5	SEC-1044: Removed remember-me functionality from http auto-config namespace configuration. Added explicit <remember-me> elements to contacts and tutorial sample configurations.	17 years ago
Ben Alex	7e562031cc	Better demonstrate the new EL-based "overdraft" authorization rules.	17 years ago
Luke Taylor	d6cd392a9e	Tidying up some stuff in tutorial app	17 years ago
Luke Taylor	a7d046357b	SEC-1013: Refactored out use of ConfigAttributeDefinition from remaining interfaces	17 years ago
Luke Taylor	4f6b4e4bfd	Make sample login pages use c:out for data output	18 years ago
Luke Taylor	fc498954c6	Updated sample context files to point at 2.0.1 schema	18 years ago
Luke Taylor	882509fb2a	Renamed context file	18 years ago
Luke Taylor	eba18675fc	Removed old acegi file from tutorial sample as it's causing confusion with users.	18 years ago
Luke Taylor	80cd7f4acc	Removed accidental commit of tutorial context file	18 years ago
Luke Taylor	0cf745b85f	Updated clean plugin to 2.2	18 years ago
Luke Taylor	c7f182309f	Removed excess config from tutorial sample file	18 years ago
Ben Alex	f7ae69880c	Minor tweaking so the tutorial is a little more illustrative of the present namespace capabilities.	18 years ago
Ben Alex	1490fe0b0a	Various fine-tuning so people can see AspectJ expressions and a simple, minimal configuration.	18 years ago
Ben Alex	595a14dbd5	Sample should permit people to anonymously call all methods except post(Account).	18 years ago
Luke Taylor	ef5b3e2f9c	SEC-733: Changed names of <global-method-security> attributes as discussed with Ben and updated sample to reflect the changes. Also changed explicit instantiation of Jsr250 and Secured annotation MethodDefinitionSource beans in GlobalMethodSecurityBDP into bean definitions to make more tooling friendly.	18 years ago
Luke Taylor	743d72ca7b	Added log4j support to tutorial app	18 years ago
Ben Alex	0860333a3f	SEC-733: AspectJ Pointcut Expression Parsing support.	18 years ago
Luke Taylor	114969f7f7	SEC-706: Removed LDAP dependencies from tutorial app, since we now have a separate sample	18 years ago
Luke Taylor	8c00bb1537	SEC-674: Updated samples to work with new module layout. Changed taglib build to copy tld file to META-INF directory. Also standardized JSTL version to 1.1.0 (impl 1.1.2), moving deps to root sample pom.	18 years ago
Luke Taylor	be62979a01	Switch JSTL back to 1.1.2.	18 years ago
Luke Taylor	10ab4136d1	SEC-309: Patch for Authentication tag to use property of authentication object, rather than invoking an operation on the principal. Allows use of nested properties.	18 years ago
Luke Taylor	adba67326f	Removed accidentally committed version of tutorial app context file.	18 years ago
Luke Taylor	84c7ac5e57	SEC-664: Removed validateUserDetails method from AbstractRememberMeServices, wrapped the UserDetailsService in a status-checking one and added a catch block for AccountStatusExceptions. Also some minor tidying up of other remember-me classes.	18 years ago

1 2

98 Commits (39918b4a01f6cc847dcddf77ea644ccc4a87ab74)