ddffdf1699
SEC-745: Renamed failureHandler and successHandler to have prefix 'authentication'
17 years ago
4a41416c9b
Tidying up and removing compiler warnings.
17 years ago
f5d2e7a7ce
Make error message when multiple UserDetailsServices are found more explicit.
17 years ago
9cb361e88a
SEC-745: Added LogoutSuccessHandler strategy for use in LogoutFilter.
17 years ago
66e586ec67
Added Id keyword.
17 years ago
cc5966bc7e
Tidying up, removing compiler warnings etc.
17 years ago
8154161ef5
SEC-1035: Updated build to use Spring 3.0.0.M1 Release
17 years ago
8f598e9b11
SEC-1052: Add support for the namespace option 'disable-url-rewriting'.
17 years ago
171456a26c
SEC-1018: Changes to allow external reference to SaltSource bean from the namespace.
17 years ago
00125cddee
SEC-1016: Moved the MapBasedDefinitionSource to the top of the list of delegates (before expressions), but changed the code to only add it if there are pointcuts defined, so there should be no unnecessary overhead.
17 years ago
585e5f393a
Added warning suppression for deprecation.
17 years ago
d8b5f770e9
Added warning suppression for deprecation.
17 years ago
db5f1e69f1
SEC-949: Added the option of specifying -1 as the token-validity-seconds value in order to set the cookie maxAge to expire when the browser closes.
17 years ago
c2e688610c
SEC-1011: Introduced methods for extracting the remember-me cookie and for creating the returned token.
17 years ago
998f0b3ea1
SEC-993: Updated retrievePassword method to return null if an Authentication object with null credentials is presented (e.g. with OpenID). Prevents NPE when toString() is called.
17 years ago
d0fcbd9baf
Tidying up Javadoc.
17 years ago
a1bd48733a
Minor Javadoc correction.
17 years ago
74fd5fe8a4
Finish refactoring JdbcDaoIml to remove MappingSqlQuery objects. Updated Javadoc to avoid user confusion.
17 years ago
b24cc17dea
SEC-1052: Added "disableUrlRewriting" parameter to HttpSessionSecurityContextRepository.
17 years ago
bf409b5b25
Improvements to Javadoc.
17 years ago
f54d7ee6bc
SEC-535: Added "postOnly" flag to AuthenticationProcessingFilter, defaulting to "true" so that only POST requests are allowed by default.
17 years ago
898ef36d02
SEC-959: Converted SwitchUserFilter to use new Authentication success and failure strategies from SEC-745 for managing redirects.
17 years ago
c3181d9db0
SEC-1063: Moved the justUseSavedRequestOnGet property to ExceptionTranslationFilter. If set, it will not store the SavedRequest for unless the request is a GET.
17 years ago
40ccd3be11
SEC-1058: Further refactoring to remove use of getDefaultTargetUrl(). Subclasses now pass the default value as a constructor argument.
17 years ago
fcc68e636e
SEC-1062: Added authentication-success-handler-ref and authentication-failure-handler-ref to the namespace definition.
17 years ago
a0bcf7184c
SEC-1061: Renamed serverSideRedirect property.
17 years ago
cf3cac90ad
SEC-1058, SEC-745: Updating comments
17 years ago
3f38035057
SEC-1058: Renamed "forwardToDestination" to "useForward" for simplicity and consistency with the namespace.
17 years ago
2927b8464f
SEC-1058: Substantial refactoring of AbstractProcessingFilter to use AuthenticationFailureHandler strategy. Also changed attemptAuthentication method to take a response object and have the option of returning null, to allow OpenIDAuthenticationProcessingFilter to work without having to throw exceptions between the template methods (which made the logic very hard to follow). The OpenID filter now redirects to the OpenID provider service from this method, rather than treating it as a temporary failure and throwing OpenIDAuthenticationRequiredException.
17 years ago
839279161d
SEC-745: Added concrete failure handling strategies.
17 years ago
6664f57ff6
SEC-992: Removed the line setting returningObj to false.
17 years ago
10e4d1fe1a
SEC-1058: Partial refactoring of AbstractProcessingFilter. It now uses the injected SuccssfulAuthenticationHandler strategy instead of managing everything itself. The default implementation is SavedRequestAwareSuccessfulAuthenticationHandler which encapsulates most of the filter's success logic along with the code which was previously in TargetUrlResolver. Removed TargetUrlResolver.
17 years ago
615194710e
SEC-745: Created AuthenticationFailureHandler and AuthenticationSuccessHandler strategy interfaces.
17 years ago
48dce501ce
SEC-942: Added createEmptyContext() method to SecurityContextHolderStrategy and SecurityContextHolder to encapsulate the context implemetentation in one place. HttpSessionSecurityContextRepository calls this method when it needs a new context to store in the session.
17 years ago
aec23749d7
SEC-1056: Remove deprecated FilterToBeanProxy: It's gone
17 years ago
3fcc7b5403
SEC-1051: Moved voter and afterinvocation packages into acl package. Also moved filterer classes fom core, as they are used in the acl after-invocation classes
17 years ago
a443e55832
SEC-1057: Refactored TargetUrlResolver to remove SavedRequest from determineTargetUrl method.
17 years ago
093365b2f4
Removed unnecessary cast.
17 years ago
30f9b3e72c
SEC-995: AbstractSecurityInterceptor exception message improvement. Added the secured object to the exception message to make it easier to track down the originating method which causes a problem with public invocations.
17 years ago
3f40604b82
SEC-1055: Converted interfaces and methods using ServletRequest/Response to HttpServletRequest/Response where appropriate.
17 years ago
acfcac4594
SEC-996: AccessDeniedhandlerimpl doesn't write response code if used with errorPage
...
Applied supplied patch which checks the committed flag before forwarding to the error page.
17 years ago
7fe6a0fc0d
SEC-1033: Added support for web IP ranges based on an address and netmask.
17 years ago
7767a9ed60
SEC-1033: Add basic equality support for hasIpAddress() expression.
17 years ago
3da68a7a82
Java5 stuff
17 years ago
046456c142
Removed unused constants.
17 years ago
3e8de229be
Java5 updates.
17 years ago
98422b69a8
Java5 updates.
17 years ago
c2ac125719
Tidying up.
17 years ago
a2ef10e65f
SEC-1033: Fixed missing AuthenticationTrustResolver in web SecurityExpressionRoot. Converted some logging to trace level.
17 years ago
6b4045667a
SEC-1033: Completed working version of web expression support.
...
SEC-999: Added getExpressionParser() method to the security handler interface to allow both web and method expression security to obtain a suitable parser from the configuration for parsing their expression attributes.
17 years ago
Luke Taylor