Luke Taylor
|
731402e9f5
|
SEC-525: [PATCH] Add AccessCheckerTag based on URL resource access permissions. Added functionality to "authorize" tag to allow evaluation of whether a particual url is accessible to the user. Uses a WebInvocationPrivilegeEvaluator registered in the application context.
|
17 years ago |
|
Luke Taylor
|
1c4a809e09
|
SEC-1245: Add role hierarchy support to expression handlers. Done.
|
17 years ago |
|
Luke Taylor
|
b531a81176
|
SEC-1246: Introduce EL-based authorization tag. Added optional access expression to authorize tag.
|
17 years ago |
|
Luke Taylor
|
283aa1b34b
|
Fixed section boundaries in core-filters doc
|
17 years ago |
|
Luke Taylor
|
e7486fc203
|
Removed Ordered interface from Http403EntryPoint (unused).
|
17 years ago |
|
Luke Taylor
|
897960cd70
|
Add expression string to failed expression evaluation exception message to help clarify the context.
|
17 years ago |
|
Luke Taylor
|
27be04f5be
|
SEC-1223: Remove ntlm module from pom
|
17 years ago |
|
Luke Taylor
|
d52a806a1d
|
SEC-1233: Removed NTLM support for 3.0
|
17 years ago |
|
Luke Taylor
|
40cf50fc98
|
SEC-1148: Javadoc.
|
17 years ago |
|
Luke Taylor
|
ff78ec00f7
|
SEC-1226: Additional Javadoc.
|
17 years ago |
|
Luke Taylor
|
23c8f479b8
|
SEC-1226: Renamed useRelativeContext to contextRelative to match corresponding flag name in Spring Framework.
|
17 years ago |
|
Luke Taylor
|
593d2e227a
|
SEC-1226: Renamed useRelativeContext to contextRelative to match corresponding flag name in Spring Framework.
|
17 years ago |
|
Luke Taylor
|
9c7423599e
|
SEC-1167: Extended SavedRequest interface to allow it to be used by wrapper. Removed null checks in wrapper, as the SavedRequest cannot now be null.
|
17 years ago |
|
Luke Taylor
|
4064b7b4f6
|
SEC-1167: Introduce more flexible SavedRequest handling. Introduced interface for SavedRequest.
|
17 years ago |
|
Luke Taylor
|
71ab83255d
|
SEC-1242: Check that RememberMeServices is an instance of AbstractRememberMeServices before attempting to inject a UserDetailsService.
|
17 years ago |
|
Luke Taylor
|
acd10dd716
|
SEC-1243: Make determineTargetUrl protected.
|
17 years ago |
|
Luke Taylor
|
fa7404741b
|
SEC-1167: Introduce more flexible SavedRequest handling. Add namespace support for a custom RequestCache through the request-cache element.
|
17 years ago |
|
Luke Taylor
|
aa2999caec
|
SEC-1238: Removed portlet module
|
17 years ago |
|
Luke Taylor
|
1d00b92d25
|
Removed portlet sample
|
17 years ago |
|
Luke Taylor
|
aec730ae7e
|
SEC-1238: Disable portlet module
|
17 years ago |
|
Luke Taylor
|
6851655ea9
|
SEC-1177: MethodInvocationUtils Returns Null With Valid Method String and Class. Added very simple checking of declared methods on class.
|
17 years ago |
|
Luke Taylor
|
ef2df77889
|
SEC-1239: Special characters in JAAS config file location. Fix - convert Resource to a File before obtaining the URL from it. The URL.toString() obtained this way is different from the one obtained from Resource.getURL().toString().
|
17 years ago |
|
Luke Taylor
|
6640eab9dc
|
SEC-1240: Added {ssha} support to PasswordEncoderParser.
|
17 years ago |
|
Luke Taylor
|
ac4e7bbadb
|
SEC-1241: Make sure saved request is removed after a match.
|
17 years ago |
|
Luke Taylor
|
9d26527f30
|
SEC-1237-Re-enabled maven source plugin
|
17 years ago |
|
Luke Taylor
|
f518da9d8b
|
SEC-1236: Using HTTP Method-specific intercept-urls causes patterns with no method to be ignored. Fixed by also checking null key in map if no method-specific attributes are found.
|
17 years ago |
|
Luke Taylor
|
5bdfd8cd77
|
Tidying imports etc to remove compiler warnings.
|
17 years ago |
|
Luke Taylor
|
d099d14e9b
|
SEC-1235: Added test to attempt to verify (failed to reproduce).
|
17 years ago |
|
Luke Taylor
|
8632946f30
|
SEC-1213: Added "order" atrribute to global-method-security
|
17 years ago |
Mike Wiesner
|
ed0686cacf
|
Upgraded to AspectJ 1.6.5 and fixes some maven plugin config bugs
|
17 years ago |
|
Mike Wiesner
|
a1751aec2c
|
SEC-1232: Added the aspect library needed for <global-method-security mode="aspectj"/> and a small sample
|
17 years ago |
|
Luke Taylor
|
002b788a8c
|
Minor refactoring.
|
17 years ago |
|
Luke Taylor
|
8081a1a3cc
|
Set Id svn keyword.
|
17 years ago |
|
Mike Wiesner
|
5623c13038
|
SEC-1047: Added an option to DigestProcessingFilter that the created Authentication object is now marked as "authenticated"
|
17 years ago |
|
Mike Wiesner
|
e14a904306
|
SEC-1181: fixed recursive import in template.mf
|
17 years ago |
|
Mike Wiesner
|
660b408e6e
|
SEC-1181: added import to template.mf for the DNS classes
|
17 years ago |
|
Mike Wiesner
|
58ee9a364e
|
SEC-1181: DNS helper classes, will primarily be use for lookup of Active Directory servers.
|
17 years ago |
|
Luke Taylor
|
245fc96137
|
SEC-1075: Update the embedded LDAP server to use Apache DS 1.5. Updated to use the new 1.5.5 release for the embedded server.
|
17 years ago |
Scott Battaglia
|
53baac2fd9
|
SEC-1228
started adding support for supporting creating UserDetails via Assertions.
|
17 years ago |
|
Scott Battaglia
|
bfd421016e
|
SEC-1228
added constructor so a wrapper can be instanciated in one line of code.
|
17 years ago |
|
Luke Taylor
|
936326f4ab
|
SEC-1180: Unreachable code inside UrlUtils.buildRequestUrl(...). Removed code block.
|
17 years ago |
|
Luke Taylor
|
f6f5855b52
|
SEC-1222: Provide a constructor for LdapUserDetailsService that does not require an LdapAuthoritiesPopulator. Done.
|
17 years ago |
|
Luke Taylor
|
32dbb7e8bd
|
import cleaning
|
17 years ago |
|
Luke Taylor
|
2039200617
|
SEC-1217: AbstractRememberMeServices should set 'secure' attribute on remember-me cookie if in secure context. Added "useSecureCookie" configuration property and corresponding use-secure-cookie attribute in namespace.
|
17 years ago |
|
Luke Taylor
|
b2c2b93545
|
SEC-1190: Added "invalidateSessionOnPrincipalChange" property to AbstactPreAuthenticatedProcessingFilter. If set to true (the default) and a new principal is detected, the existing session will be invalidated before proceeding to authenticate the user.
|
17 years ago |
|
Luke Taylor
|
3cc47c9c4d
|
SEC-1190: Added "checkForPrincipalChanges" property to AbstactPreAuthenticatedProcessingFilter.
|
17 years ago |
|
Luke Taylor
|
dbcb13ad14
|
SEC-1229: Redesign Concurrent Session Control implementation. Renamed session strategy interface and introduced SessionAuthenticationException for rejection of session/Authentication combination.
|
17 years ago |
|
Luke Taylor
|
0d7b990e0a
|
SEC-1184: Moved ACL cache classes and interface out of jdbc package.
|
17 years ago |
|
Luke Taylor
|
6236858356
|
SEC-951: Acl Serialization Errors that cohere with parent-child-structure of Acls. Modified tests to reproduce the issue and applied suggested fix (recursive call to set transient fields on parent).
|
17 years ago |
|
Luke Taylor
|
98ffda85e0
|
minor doc update
|
17 years ago |
