54694d5ab7
SEC-1583: Added hasAuthority and hasAnyAuthority imlementations to SecurityExpressionRoot.
16 years ago
695c8f4ad6
Import cleaning and suppression of deprecation warnings.
16 years ago
58d9903ebc
SEC-1564: JAAS Configuration can now be injected into DefaultJaasAuthenticationProvider
16 years ago
577ec27507
Polishing.
16 years ago
696150f3c3
Remove unused import.
16 years ago
1a1372ab84
Removed deprecated AspectJInterceptor classes since these cannot be used with the existing MethodSecurityMetadataSource implementations (which no longer support JoinPoin as a secured object). Added some more tests.
16 years ago
bdb906e588
Enable parameterization for log levels in logback files to allow the use of command-line options for controlling log output.
16 years ago
3c02989d67
Removal of jmock test dependency and upgrading of mockito version to 1.8.5. Minor adjustments to other build deps and configurations (e.g. prevent groovy from being used as a transitive dep, since we only use it for tests).
16 years ago
2222a7be07
Use Integer.valueOf() in preference to new Integer()
16 years ago
85c4c91e0e
IDEA inspection refactorings.
16 years ago
64375484a1
More build and logging tuning.
16 years ago
c4ee46824c
Removing log4j.properties files and adding logback config ones.
16 years ago
b854e67952
SEC-1522: Treat empty attribute collection the same as null when returned by SecurityMetadataSource. Both are now treated as public invocations.
16 years ago
2afccfc633
Remove commons-logging dependency properly and switch tutorial sample to logback/slf4j.
16 years ago
03fa8fce4d
SEC-1507: Applied patch to return empty authority list rather than null from RoleHierarchyImpl.
16 years ago
026517f674
Removal of deprecated methods and classes.
16 years ago
db913f6857
SEC-1493: Added CredentialsContainer interface and implemented it in User, AbstractAuthenticationToken and UsernamePasswordAuthenticationToken. ProviderManager makes use of this to erase the credentials of the returned Authentication object (and its contents) if configured to do so by setting the 'eraseCredentialsAfterAuthentication' property.
16 years ago
d56adb8ffb
SEC-1495: Convert User class equals and hashcode methods to only use the "username" property.
...
This prevents situations where other data may have changed when a User object is reloaded (during a subsequent authentication attempt, in which case and Set.contains()/Map.containsKey() will return false even though the collection in question contains a principal representing the same user.
16 years ago
024e6904ff
SEC-1464: Deprecate UserMap, InMemoryDaoImpl and other related classes in favour of the simpler (non-property editor based) InMemoryUserDetailsManager.
16 years ago
74896f217b
SEC-1459: Generifying AuthenticationUserDetailsService. Now parameterized with <? extends Authentication>.
16 years ago
0521d10069
SEC-1294: Enable access to beans from ApplicationContext in EL expressions.
...
ExpressionHandlers are now ApplicationContextAware and set the app context on the SecurityExpressionRoot. A custom PropertyAccessor resolves the properties against the root by looking them up in the app context.
16 years ago
977bc2b164
SEC-1433: Reduce the number of direct dependencies on DataAccessException from spring-tx.
...
It is still required as a compile-time dependency by classes which use Spring's JDBC support, but it doesn't really have to be used in many interfaces and classes which are not necessarily backed by JDBC implementations.
16 years ago
e60108ca8c
SEC-1443: Modify Jsr250Voter to handle multiple "RolesAllowed" roles.
...
It now votes to abstain if there are no Jsr250 attributes present. If any are found, it will either deny or grant access. For multiple "RoleAllowed" attributes, access will be granted if any user authority matches or denied if no match is found.
16 years ago
9e049dfef4
SEC-1438: Removed JoinPoint support from AbstractMethodSecurityMetadataSource
16 years ago
c09cd3a9cb
Remove unused inner class in MethodSecurityMetadataSourceAdvisor
16 years ago
55de2cfcb1
SEC-1262: Added new (replacement) AspectJ interceptor which wraps the JoinPoint in a MethodInvocation adapter to provide compatibility with classes which only support MethodInvocation instances.
...
Also deprecated the existing AspectJ interceptors. This will also allow future simplification of the AbstractMethodSecurityMetadataSource, as it no longer needs to support JoinPoints.
16 years ago
530ab3ae30
SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect.
16 years ago
0551dd89ac
SEC-1420: Add htmlEscape attribute to authentication JSP tag.
...
This allows HTML escaping to be disabled if required.
16 years ago
ea7ccc718d
SEC-1399: Removed AbstractAuthenticationManager.
...
MockAuthenticationManager was the only other subclass (apart from the main ProviderManager) and has been removed also.
16 years ago
dacb8dd25a
SEC-1382: Removed deprecated label-based voter and related classes.
16 years ago
10dc72b017
SEC-1387: Support serialization of security advised beans.
...
MethodSecurityMetadataSourceAdvisor now takes the SecurityMetadataSource bean name as an extra constructor argument and re-obtains the bean from the BeanFactory in its readObject method. Beans that are advised using <global-method-security> should therefore now be serializable.
16 years ago
dbee91002e
Deprecate EncryptionUtils.
16 years ago
67c9a0b78d
SEC-1389: Added "iterations" property to BaseDigestpasswordEncoder to support "stretching" of passwords.
16 years ago
1a7f71fc0f
SEC-1372: Return an empty list rather than null from SessionRegistryImpl.getAllSessions()
...
If the principal has no sessions, null is returned which contradicts the interface contract. In practice it didn't matter as the null was checked for, but it is cleaner to disallow a null value.
16 years ago
052537c8b0
Removing $Id$ markers and stripping trailing whitespace from the codebase.
16 years ago
93973a4b75
SEC-1304: Removed compareTo method from GrantedAuthorityImpl
...
This method had been left by mistake when the Comparable
interface was removed. See also SEC-1347.
16 years ago
893f212fa5
Tidying
16 years ago
fcce29f8df
SEC-1326: Updating dependencies to match Spring versions. Removing unused deps.
16 years ago
55679971f0
SEC-1337: Make User serializable by moving anonymous comparator class
16 years ago
02a9db7bcf
SEC-1317: Removed check in ProviderManager.getProviders() for empty provider list. A ProviderManager with a non-null parent may have an empty provider list. The afterPropertiesSet() method performs the necessary checks.
17 years ago
ed92d5ea71
SEC-1304: Removed unused compareTo method from custom GrantedAuthority.
17 years ago
0615b94f55
Converted expression test to use static method.
17 years ago
4dcb9de67a
SEC-1257: Some additional API changes to use Collection instead of List...
17 years ago
f213cc5d9e
SEC-1257: APIs using List<ConfigAttribute> should use a Collection instead. Converted.
17 years ago
caff3ee9ba
SEC-1231: Authentication.getAuthorities should be of type Collection<GrantedAuthority> and not List<GrantedAuthority>. Refactored the interface and related classes to match (UserDetails etc).
17 years ago
acf13c74ca
SEC-1229: Refactored authentication.concurrent in core, moving classes into core.session
17 years ago
2a1430f1ce
SEC-1229: Removed legacy concurrency classes
17 years ago
1c4a809e09
SEC-1245: Add role hierarchy support to expression handlers. Done.
17 years ago
6851655ea9
SEC-1177: MethodInvocationUtils Returns Null With Valid Method String and Class. Added very simple checking of declared methods on class.
17 years ago
ef2df77889
SEC-1239: Special characters in JAAS config file location. Fix - convert Resource to a File before obtaining the URL from it. The URL.toString() obtained this way is different from the one obtained from Resource.getURL().toString().
17 years ago
Luke Taylor
rwinch