85c4c91e0e
IDEA inspection refactorings.
16 years ago
413b2a06e3
Improvements in up-to-date checking and use of parallel tests where possible.
16 years ago
64375484a1
More build and logging tuning.
16 years ago
2d9a848265
Added missing gradle build files for remaining samples. Some related reordering, dependency fixing etc. CAS sample no longer requires two separate subprojects as both client and server app can be run from a single gradle build.
16 years ago
c1c8fd1874
SEC-1171: Changed attribute name/value from secured="false" to security="none" to allow future extension by adding extra options (e.g. contextOnly to provide security context information during the request).
16 years ago
a4fd191499
Added check for use of "ref" with other attributes in <authentication-provider>.
16 years ago
4683273c2c
Correct message in namespace handler when web classes are missing.
16 years ago
69a10c48ae
Switch to using slf4j/logback for logging.
...
We still compile modules against commons-logging but all runtime logging and samples will use logback
16 years ago
443ac0487a
SEC-1093: Namespace support for jee element.
...
Adds a J2eePreAuthenticatedProcessingFilter to the stack, using a SimpleAttributes2GrantedAuthoritiesMapper to process the role attributes defined in the "mappable-roles" attribute. Provider uses a PreAuthenticatedGrantedAuthoritiesUserDetailsService by default.
16 years ago
026517f674
Removal of deprecated methods and classes.
16 years ago
6a79cf7be2
SEC-1383: Make MethodSecurityMetadataSourceBeanDefinitionParser extend AbstractBeanDefinitionParser for automatic support of ID attribute.
16 years ago
cd946c4e23
SEC-1493: Added namespace support.
16 years ago
8bddc8f820
SEC-1484: Documentation for some namespace attributes.
16 years ago
2e865752ff
Upgraded groovy to 1.7.2 to avoid jansi dependency issue
16 years ago
efb600166a
SEC-1488: Remove commons-logging dependencies from maven poms.
16 years ago
f7405cef82
Removed original Java version of refactored http namespace tests.
16 years ago
34401416b0
SEC-1171: Implement parsing of empty filter chain patters via http 'secured' attribute and remove filters='none' support.
16 years ago
05c7abe191
SEC-1445: Tests for setting of username and password parameter names through the form-login element.
16 years ago
7d74b7c87e
SEC-1171: Allow multiple http elements and add pattern attribute to specify filter chain mapping.
16 years ago
b0758dd8de
Refactoring HTTP config tests to use spock and groovy MarkupBuilder
16 years ago
b0308e41cb
SEC-1455: Load namespace parsers when required, rather than on init() call, to avoid classloaded issue with dmServer failing to resolve web classes when the namespace handler is first used.
16 years ago
a4ce14f604
Add "provisioning" package to config bundlor template.
16 years ago
d5ffdd9c27
Import cleaning
16 years ago
dccb30ad63
Remove use of wrong DOMUtils class (from com.sun package).
16 years ago
863ccecf55
SEC-1466: Report error if authentication-provider element has child elements when used with "ref" attribute.
16 years ago
165cbb0d19
SEC-1445: Added support for custom username and password parameters in form-login.
16 years ago
a421370a3d
SEC-1465: Change DelegatingMethodSecurityMetadataSource to use constructor injection to get round the problem of it being invoked before it has been initialized properly. Also changed the contacts tests to use the same app context and loading order as the actual webapp, to give better reassurance that the app will run successfully.
16 years ago
f5859fabcf
SEC-1464: Created InMemoryUserDetailsManager and converted user-service BDP to use it for its in-memory database.
16 years ago
2f025fba6c
SEC-1460: Added AxFetchListFactory which matches OpenID identifiers to lists of attributes to use in a fetch-request.
...
This allows different configurations to be used based on the identity-provider (google, yahoo etc). The default implementation iterates through a map of regex patterns to attribute lists. The namespace has also been extended to support this facility, with the "identifier-match" attribute being added to the attribute-exchange element. Multiple attribute-exchange elements can now be defined, each matching a different identifier.
16 years ago
d3d9c5db59
Refactoring of UserDetailsService injection (for X509, OpenID and RememberMeServices) to use a factory bean rather than a post-processor.
16 years ago
0521d10069
SEC-1294: Enable access to beans from ApplicationContext in EL expressions.
...
ExpressionHandlers are now ApplicationContextAware and set the app context on the SecurityExpressionRoot. A custom PropertyAccessor resolves the properties against the root by looking them up in the app context.
16 years ago
a3ef8255d8
SEC-1232: GlobalMethodSecurityBeanDefinitionParser support for mode='aspectj'
...
Also added this syntax to the aspectj sample.
16 years ago
020e0aa49a
SEC-1448: Fixed failure to resolve generic method argument names in MethodSecurityEvaluationContext.
...
Changed to use AopUtils.getMostSpecificMethod() when obtaining the method on which the parameter resolution should be performed. Also added better error handling and log warning when parameter names cannot be resolved. The exception will then be a SpEL one, rather than a NPE.
16 years ago
977bc2b164
SEC-1433: Reduce the number of direct dependencies on DataAccessException from spring-tx.
...
It is still required as a compile-time dependency by classes which use Spring's JDBC support, but it doesn't really have to be used in many interfaces and classes which are not necessarily backed by JDBC implementations.
16 years ago
57150a6717
SEC-1440: Add entry-point-ref to http-basic element to allow setting a separate AuthenticationEntryPoint for the BasicAuthenticationFilter.
16 years ago
472c1fac84
SEC-1450: Replace use of ClassUtils.getMostSpecificMethod() in AbstractFallbackMethodDefinitionSource with AopUtils.getMostSpecificMethod() equivalent.
...
Ensures protect-pointcut expressions match methods with generic parameters.
16 years ago
f3264ba9ab
Addition of commons-logging exclusions and adjustments to pom generation.
16 years ago
b38b8e55ac
SEC-1432: Convert map keys to lower-case in UserMap.setUsers().
...
Otherwise the lookup on mixed-case fails, since the lookup is performed with a lower-case key.
16 years ago
530ab3ae30
SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect.
16 years ago
e5a875d752
SEC-1407: Correct logger category in MatcherType.
16 years ago
90a7f1f00e
SEC-1383: Namespace support for MethodSecurityMetadataSource. Initial commit.
16 years ago
93438defff
SEC-1407: Use RequestMatcher instances as the FilterInvocationSecurityMetadataSource keys and in the FilterChainMap use by FilterChainProxy.
...
This greatly simplifies the code and opens up possibilities for other matching strategies (e.g. EL). This also means that matching is now completely strict - the order of the matchers is all that matters (not whether an HTTP method is included or not). The first matcher that returns true will be used.
16 years ago
b147652193
Make hsqldb a testRuntime/runtime dependency.
16 years ago
f0466b6488
SEC-1424: Added support for "stateless" option for create-session attribute, designed for applications which do not use sessions at all.
16 years ago
6a34807a07
SEC-1423: Cache PointcutExpression instances in ProtectPointcutPostProcessor for more efficient startup.
16 years ago
2f1479785e
Refactoring to remove remaining circular dependencies indicated by structure101.
16 years ago
f3f84da625
Increase upper bounds of Spring and Spring Security versions in bundlor templates to 3.2.0.
16 years ago
26cf6f5528
SEC-1399: Remove MockAuthenticationManager in app context file for FilterChainProxy tests.
16 years ago
68f6afd905
SEC-1383: Added namespace support for method-security-metadata-source
16 years ago
b7fc5bc455
Update schema version to 3.1
16 years ago
Luke Taylor