7a8bd8a673
SEC-1034: Removed FilterInvocationDefinitionSourceEditor.
17 years ago
464da0f0df
SEC-999: Refactored namespace to take an expression handler instead of a permission evaluator, allowig fo greater cusomtomization and for a single handler to be used in both web and method security expressions.
17 years ago
ee13be47b7
Call setAuthenticated() in constructor with authorities to mimic behaviour of UsernamePasswordAuthenticationToken
17 years ago
3ef34122fc
Converted to using JMock.
17 years ago
e18971fdf0
Fix test. BasicProcessingFilter doesn't work with TestingAuthenticationToken.
17 years ago
3acd515c6c
SEC-999: Refactored expression security classes for better separation of concerns and of method vs web authorization expressions.
17 years ago
790c3e6f79
Updated FAQ to add variant of "redirecting to entry point" debug message when no AnonymousProcessingFilter is in use and an AuthenticationCredentialsNotFoundException is thrown instead of AccessDeniedException.
17 years ago
0bbab88504
SEC-1031: LdapShaPasswordEncoder.isPasswordValid startOfHash off by one
...
http://jira.springframework.org/browse/SEC-1031 . Fixed startOfHash value and added tests to check full length of password is used.
17 years ago
0ba690fb0e
SEC-1015: Removed acl package from core and also related taglib declaration and implementation class (AclTag).
17 years ago
e5b1073501
SEC-1012: Added more generics and warning suppression
17 years ago
be34724207
Matchers for use with JMock expectations
17 years ago
7731a3df57
Typo.
17 years ago
62986c700b
SEC-1027: Removed bnd plugin and 'bundle' package types from pom.xml files
17 years ago
e11114ce77
SEC-1023: Add hasPermission() support to SecurityExpressionRoot
...
http://jira.springframework.org/browse/SEC-1023 .
hasPermission() now delegates to a PermissionEvaluator interface, with a default implementation provided by the Acl module. The contacts sample now uses expressions on the ContactManager interface. The permission-evaluator element on global-method-security can be used to set the instance to an AclPermissionEvaluator. If not set, all hasPermission() expressions will evaluate to 'false'.
17 years ago
fa6f57e3dd
Fixed TestVoter to match recent API updates
17 years ago
d6cd392a9e
Tidying up some stuff in tutorial app
17 years ago
4bbc015e4c
Removed chackstyle file
17 years ago
d6bb6ccbf5
Removed .cvsignore files
17 years ago
da8a97b516
SEC-1024: Updated svn usage page
17 years ago
d33b13e52e
SEC-1023: Added support for hasPermission() based on Id and type
17 years ago
d601301de6
SEC-1023: Fix broken test.
17 years ago
1c3b576d91
SEC-1023: PermissionEvaluator based on the Acl module.
17 years ago
a207acf7cb
SEC-999: Fix broken test which was failing due to use of incorrect authentication object.
17 years ago
56141e9c5f
SEC-999: Refactoring out specific dependencies on Spring EL into SecurityExpressionHandler.
...
SEC:1023: Updates to expression root to allow evaluationof permissions.
17 years ago
dabb719456
SEC-1023: Add hasPermission() support to SecurityExpressionRoot
...
http://jira.springframework.org/browse/SEC-1023 . PermissionEvaluator interface for use by expressions when evaluating hasPermisson() expressions.
17 years ago
7ff5602dbc
Convert AclImplTests to use JMock mocks.
17 years ago
04e2fc7daf
Tidying.
17 years ago
b42fc7221f
Upgraded to jmock 2.5.1
17 years ago
514bca669f
SEC-999: Introduced custom SecurityExpressionEvaluationContext which is responsible for lazy initialization of parameter values in the context. Also some further conversion of code using GrantedAuthority arrays.
17 years ago
ec44f2bdfe
SEC-1012: Refactoring of use of GrantedAuthority[] to generified collections
17 years ago
e891b334e6
SEC-1009: removed additional container adapter specific code
17 years ago
09cc58d7ac
SEC-1009: removed additional container adapter specific code
17 years ago
3521af4cae
Added missing test class.
17 years ago
a7d046357b
SEC-1013: Refactored out use of ConfigAttributeDefinition from remaining interfaces
17 years ago
c7abdadc06
SEC-999: Moved caching from AbstractFallbackMethodDefinitionSource to DelegatingMethodDefinitionSource, to allow ExpressionBasedMethodDefinitionSource to take advantage of it. The latter no-longer uses the fallback approach as it requires its own strategy to combine annotations which may be defined at method-on-class, class, method-on-interface or interface level.
17 years ago
f2ec8c978a
Moved MethodDefinitionSource to standalone class.
17 years ago
f592357c27
SEC-999,SEC-1013: removed ConfigAtributeDefinition from ObjectDefinitionSource and implementations. Modified el-authz to allow methods which use an annotation without explicitly specifying a PreAuthorize condition
17 years ago
5174693c64
SEC-999: Expression language based access decision support
...
http://jira.springframework.org/browse/SEC-999 . Added missing test class.
18 years ago
4aa32f7d06
SEC-999: First commit of expression-based authorization implementation
18 years ago
0dd82cb91a
Temporary addition of spring-el to security source tree until binary is available
18 years ago
91c44a47fd
SEC-999: Added spel-annotations to newly created 2.5 schema file.
...
http://jira.springframework.org/browse/SEC-999
18 years ago
b031124f61
SEC-991: Removed deprecated getAttributes() method from LdapUserDetails interface
18 years ago
b589f78918
SEC-954: Deprecate AbstractMethodDefinitionSource
18 years ago
7f35f56f40
Added link to db schema appendix when discussing jdbc provider
18 years ago
c947d42146
SEC-1010: Moved TestingAuthenticationProvider and token to main core src tree and updated poms to match
18 years ago
6c8a82fa13
Updated poms to Spring 2.5 and fixed up sandbox to work with latest build
18 years ago
a62eae4587
Script for running all the sample apps
18 years ago
6a7bade049
SEC-1009: Removed adapters from main pom
18 years ago
ce93197cda
SEC-1009: Removed chapter on adapters
18 years ago
6183b7ec28
SEC-1009: Deleted container adapters
18 years ago
Luke Taylor