ba890cf7e5
Removed invalid test method.
16 years ago
d1e8b8e29d
More tests. Minor refactoring.
16 years ago
bf9d4a9747
Remove unnecessary local variable.
16 years ago
bdb906e588
Enable parameterization for log levels in logback files to allow the use of command-line options for controlling log output.
16 years ago
102bc2d6a0
Reduce unnecessary use of aspectj as a build dependency
16 years ago
c37ca1c2a9
Sample app build adjustments to remove unwanted deps such as jsp-api, tidy up use of JSTL, make sure all are using servlet 2.5 etc.
16 years ago
1680807470
Added eclipse plugin to build. Some minor fixes to remove eclipse warnings.
16 years ago
3c02989d67
Removal of jmock test dependency and upgrading of mockito version to 1.8.5. Minor adjustments to other build deps and configurations (e.g. prevent groovy from being used as a transitive dep, since we only use it for tests).
16 years ago
591bd532bd
Polishing FilterChainProxy and its tests.
16 years ago
4bd41cbf72
SEC-1133: Support for setting of authenticationDetailsSource property for form-login, openid-login, http-basic and x509 namespace elements. These elements now support an additional 'authentication-details-source-ref' attribute.
16 years ago
281d77271e
SEC-1486, SEC-1538, SEC-1537: Generification of AuthenticationDetailsSource. Deprecation of non-web pre-authentication classes and other unnecessary classes. Removal of reflection in WebAuthenticationDetailsSource.
16 years ago
2222a7be07
Use Integer.valueOf() in preference to new Integer()
16 years ago
db6da77a5f
SEC-1413: Add RedirectStrategy to AbstractRetryEntryPoint.
16 years ago
183333d189
SEC-1430: Forgot to commit changes to new ExceptionMappingAuthenticationFailureHandlerTests.
16 years ago
2e98b84494
SEC-1430: internalize session key for SavedRequest. This should be accessed using the RequestCache interface if required. Additional refactoring of related tests which were still in AbstractAuthenticationProcessingFilterTests for historical reasons, but should be in their respective success/failure handler test classes.
16 years ago
85c4c91e0e
IDEA inspection refactorings.
16 years ago
a3d27a9863
SEC-1314: cloneFromHttpSession accidentally go left behind, even though it is always false.
16 years ago
a2bd1bc9af
SEC-1498: Allow use of absolute URL fopr login form in LoginUrlAuthenticationEntryPoint.
16 years ago
64375484a1
More build and logging tuning.
16 years ago
63734cfcf9
SEC-1528: Remove logic which checks if context in the session is the same as the current context to make sure that session.setAttribute() is called when the value in the session has been modified directly.
16 years ago
9dd6a5eb8f
SEC-1499: Added some Javadoc and doc on the problems of using session-fixation protection with attributes that implement HttpSessionBindingListener.
16 years ago
d7d8448120
SEC-1521: Add check for null SecurityContextRepository and clarify related docs on use of null implementation (NullSecurityContextRepository).
16 years ago
5d35919ca3
SEC-1490: Code for GAE Sample webapp
16 years ago
69a10c48ae
Switch to using slf4j/logback for logging.
...
We still compile modules against commons-logging but all runtime logging and samples will use logback
16 years ago
8df356de29
SEC-1471: Allow use of a RequestMatcher with HttpSessionRequestCache to configure which requests should be cached by calls to saveRequest.
...
Also removed the justUseSavedRequestOnGet property, as this behaviour can be controlled by the RequestMatcher.
16 years ago
026517f674
Removal of deprecated methods and classes.
16 years ago
09176b0af4
SEC-1501: Fix bean classname in Javadoc for SwitchUserFilter.
16 years ago
ea8d37892c
SEC-1496: Added support for use of any non-standard URL schemes in DefaultRedirectStrategy.
16 years ago
4d10d4b67f
SEC-1500: Convert AbstractRetryEntryPoint to use requestURI to correctly encode URLs.
16 years ago
76ebb759f3
Removed unnecessary casts.
16 years ago
7d74b7c87e
SEC-1171: Allow multiple http elements and add pattern attribute to specify filter chain mapping.
16 years ago
e156d5339a
Fix build when upload properties are missing. Added missing hsql test dependency
16 years ago
0e57ce2dc3
SEC-1481: Updated constructors of Authentication types to use a generic wildcard for authorities collection.
16 years ago
978bb9f601
Remove commented-out code in ETF.
16 years ago
f0c4cccb0d
SEC-1479: Clarify that matching is against servletPath + pathInfo for ant pattern matching. Added some extra pointers to request-matching info in namespace doc.
16 years ago
bf288101a0
Javadoc improvements
16 years ago
b3aad4cf19
Javadoc fixes.
16 years ago
0c09780644
SEC-1476: Modify AbstractPreAuthenticatedProcessingFilter to store authentication exception in request instead of creating a new session.
16 years ago
fcf33afce0
Formatting.
16 years ago
bca6c1aeac
SEC-1468: Doc and Javadoc updates.
16 years ago
024e6904ff
SEC-1464: Deprecate UserMap, InMemoryDaoImpl and other related classes in favour of the simpler (non-property editor based) InMemoryUserDetailsManager.
16 years ago
ee1fd1bc50
SEC-1431: Modify OpenID sample to use a custom UserDetailsService which allows any user to authenticate, allocating them a standard role and "registers" their ID in a map, allowing it to be retrieved in subsequent logins.
16 years ago
74896f217b
SEC-1459: Generifying AuthenticationUserDetailsService. Now parameterized with <? extends Authentication>.
16 years ago
a45d2a4fb2
SEC-1462: Only apply session fixation protection strategy if request.isRequestedSessionIdValid() returns true. We don't need to create a new session if the current one already has a different Id from the client.
16 years ago
93deec8d40
SEC-1458: Remove logger field in HttpSessionEventPublisher in favour of direct lookup. Prevents early initialization of logging system when listener is initialized.
16 years ago
0521d10069
SEC-1294: Enable access to beans from ApplicationContext in EL expressions.
...
ExpressionHandlers are now ApplicationContextAware and set the app context on the SecurityExpressionRoot. A custom PropertyAccessor resolves the properties against the root by looking them up in the app context.
16 years ago
2e2625873c
SEC-1446: Modified BasicAuthenticationFilter to treat invalid base64 and invalid Basic authentication tokens as a failed authentication (raising a BadCredentialsException, without calling the AuthenticationManager).
...
This solves the problem in this issue (invalid Base64 not resulting in a 401) and also prevents unnecessary calls to the AuthenticationManager.
16 years ago
d5df53f1db
SEC-1439: Make getters and setters public on HttpRequestResponseHolder.
...
Necessary to allow use of custom SecurityContextRepository.
16 years ago
f3264ba9ab
Addition of commons-logging exclusions and adjustments to pom generation.
16 years ago
43f0e11106
SEC-1429: Removed cached authentication from session after successful authentication.
16 years ago
Luke Taylor
Luke Taylor