464da0f0df
SEC-999: Refactored namespace to take an expression handler instead of a permission evaluator, allowig fo greater cusomtomization and for a single handler to be used in both web and method security expressions.
17 years ago
ee13be47b7
Call setAuthenticated() in constructor with authorities to mimic behaviour of UsernamePasswordAuthenticationToken
17 years ago
3ef34122fc
Converted to using JMock.
17 years ago
e18971fdf0
Fix test. BasicProcessingFilter doesn't work with TestingAuthenticationToken.
17 years ago
3acd515c6c
SEC-999: Refactored expression security classes for better separation of concerns and of method vs web authorization expressions.
17 years ago
0bbab88504
SEC-1031: LdapShaPasswordEncoder.isPasswordValid startOfHash off by one
...
http://jira.springframework.org/browse/SEC-1031 . Fixed startOfHash value and added tests to check full length of password is used.
17 years ago
0ba690fb0e
SEC-1015: Removed acl package from core and also related taglib declaration and implementation class (AclTag).
17 years ago
e5b1073501
SEC-1012: Added more generics and warning suppression
17 years ago
be34724207
Matchers for use with JMock expectations
17 years ago
e11114ce77
SEC-1023: Add hasPermission() support to SecurityExpressionRoot
...
http://jira.springframework.org/browse/SEC-1023 .
hasPermission() now delegates to a PermissionEvaluator interface, with a default implementation provided by the Acl module. The contacts sample now uses expressions on the ContactManager interface. The permission-evaluator element on global-method-security can be used to set the instance to an AclPermissionEvaluator. If not set, all hasPermission() expressions will evaluate to 'false'.
17 years ago
d33b13e52e
SEC-1023: Added support for hasPermission() based on Id and type
17 years ago
a207acf7cb
SEC-999: Fix broken test which was failing due to use of incorrect authentication object.
17 years ago
56141e9c5f
SEC-999: Refactoring out specific dependencies on Spring EL into SecurityExpressionHandler.
...
SEC:1023: Updates to expression root to allow evaluationof permissions.
17 years ago
dabb719456
SEC-1023: Add hasPermission() support to SecurityExpressionRoot
...
http://jira.springframework.org/browse/SEC-1023 . PermissionEvaluator interface for use by expressions when evaluating hasPermisson() expressions.
17 years ago
b42fc7221f
Upgraded to jmock 2.5.1
17 years ago
514bca669f
SEC-999: Introduced custom SecurityExpressionEvaluationContext which is responsible for lazy initialization of parameter values in the context. Also some further conversion of code using GrantedAuthority arrays.
17 years ago
ec44f2bdfe
SEC-1012: Refactoring of use of GrantedAuthority[] to generified collections
17 years ago
e891b334e6
SEC-1009: removed additional container adapter specific code
17 years ago
09cc58d7ac
SEC-1009: removed additional container adapter specific code
17 years ago
3521af4cae
Added missing test class.
17 years ago
a7d046357b
SEC-1013: Refactored out use of ConfigAttributeDefinition from remaining interfaces
17 years ago
c7abdadc06
SEC-999: Moved caching from AbstractFallbackMethodDefinitionSource to DelegatingMethodDefinitionSource, to allow ExpressionBasedMethodDefinitionSource to take advantage of it. The latter no-longer uses the fallback approach as it requires its own strategy to combine annotations which may be defined at method-on-class, class, method-on-interface or interface level.
17 years ago
f2ec8c978a
Moved MethodDefinitionSource to standalone class.
17 years ago
f592357c27
SEC-999,SEC-1013: removed ConfigAtributeDefinition from ObjectDefinitionSource and implementations. Modified el-authz to allow methods which use an annotation without explicitly specifying a PreAuthorize condition
17 years ago
5174693c64
SEC-999: Expression language based access decision support
...
http://jira.springframework.org/browse/SEC-999 . Added missing test class.
18 years ago
4aa32f7d06
SEC-999: First commit of expression-based authorization implementation
18 years ago
91c44a47fd
SEC-999: Added spel-annotations to newly created 2.5 schema file.
...
http://jira.springframework.org/browse/SEC-999
18 years ago
b031124f61
SEC-991: Removed deprecated getAttributes() method from LdapUserDetails interface
18 years ago
b589f78918
SEC-954: Deprecate AbstractMethodDefinitionSource
18 years ago
c947d42146
SEC-1010: Moved TestingAuthenticationProvider and token to main core src tree and updated poms to match
18 years ago
7cc0965383
SEC-1001: Move core tiger code into core and adjust pom files
18 years ago
97381fb448
SEC-974: Made getExceptionMappings() protected.
18 years ago
4542f00b14
SEC-975: Namespace security syntax does not interpret properties
...
http://jira.springframework.org/browse/SEC-975 . Changed creation of AccessDeniedHandler to use a BeanDefinition to make sure placeholders work OK.
18 years ago
5e4634d216
Minor Javadoc improvement.
18 years ago
d291def963
Removed invalid comment.
18 years ago
df59cb9dcd
Import cleaning.
18 years ago
ef0389ae79
SEC-976: Removed checks for presence of core-tiger classes.
18 years ago
8661e17df9
OPEN - issue SEC-960: DN Encoding in LDAPUserDetailsManager.changePassword() causes bind errors
...
http://jira.springframework.org/browse/SEC-960 . Replaced call to toUrl() with toString() to prevent URL encoding when setting up principal name for reconnect() in changePassword() method.
18 years ago
5102be3a59
SEC-971: getter for cookieName in AbstractRememberMeServices
...
http://jira.springframework.org/browse/SEC-971 . Added getCookieName() method.
18 years ago
4e2d6f8b2e
SEC-967: TextUtils.java does not escape ampersand character
...
http://jira.springframework.org/browse/SEC-967 . Added escaping of '&' character
18 years ago
d781deffe7
OPEN - issue SEC-966: Consider adding escapeXml attribute to security:authentication
...
http://jira.springframework.org/browse/SEC-966 . Added escaping of rendered text as default.
18 years ago
a4e4120443
SEC-963: LDAP Group Search Root
...
http://jira.springframework.org/browse/SEC-963 . Changed namespace instances of DefaultAuthoritiesPopulator to use the root as the default search location.
18 years ago
83868a7334
SEC-955: ability to externalize port mapping for secured channel to a property file
...
http://jira.springframework.org/browse/SEC-955 . Changed schema to make port-mapping type xsd:string to allow placeholders.
18 years ago
150f3d97d0
SEC-832: NamingEnumeration.hasMore fails on MS AD with PartialResultException
...
http://jira.springframework.org/browse/SEC-832 . Changed searchForSingleEntry method to ignore PartialResultException, similar to Spring LDAP's approach.
18 years ago
7f28a8bc5d
Refactored DefaultLdapAuthoritiesPopulator to remove contextSource field and setter method.
18 years ago
1cfd886517
SEC-922: Spring Security should respect Spring XML boolean operators for AJ pointcut
...
http://jira.springframework.org/browse/SEC-922 . Added method to substitute boolean operators "and, not, or" with aspectj versions "&&, !, ||".
18 years ago
bb457e1d07
SEC-957: logger.debug without guard causing massive performance hit
...
http://jira.springframework.org/browse/SEC-957 . Added debug logging guard as requested.
18 years ago
09cf90258f
SEC-758: Both AspectJSecurityInterceptor and AspectJAnnotationSecurityInterceptor not usable with @AspectJ notation
...
http://jira.springframework.org/browse/SEC-758 . Added "throws Throwable" to AspectJAnnotationCallback signature.
18 years ago
e15d7a78cd
SEC-956: Remove MapBasedMethodDefinitionSource.lookupAttributes
...
http://jira.springframework.org/browse/SEC-956 . Done.
18 years ago
3bf5e406b7
SEC-936: NPE in AbstractFallbackMethodDefinitionSource
...
http://jira.springframework.org/browse/SEC-936 . Changed to check if the value of MethodInvocation.getThis() is null to prevent NPE. MapBasedMethodDefinitionSource now ignores calls to findAttributes() with a null target class (all its entries require a class) and the fallback option in AbstractFallbackMethodDefinitionSource is used if the targetClass is null (i.e. Method.getDeclaringClass() will be used as the Class)
18 years ago
Luke Taylor