086056f191
SEC-2289: Make compatible with Spring 4 as well
...
There are a few subtle changes in Spring 4 that this commit addresses
13 years ago
e88800cd9b
SEC-2187: Polish
...
Create private utf8UrlEncode method to improve readability
13 years ago
54c1c20c69
SEC-2187: Encode query parameter names and values in return_to URL
13 years ago
a573e7b395
SEC-1820: Added null check for attributesToFetch in OpenID4JavaConsumer.
15 years ago
0120643721
SEC-1794: Convert OpenIDAuthenticationStatus to an enum.
15 years ago
89fa771093
SEC-1753: Cater for missing DiscoveryInformation object in OpenID4JavaConsumer.endConsumption.
15 years ago
ae5b402651
SEC-1729: Revert "SEC-1710: Added shutdown method to OpenID4JavaConsumer that invokes MultiThreadedHttpConnectionManager.shutdownAll()" since it is superseded by SEC-1729
...
This reverts commit 62ba0fca5c
15 years ago
a6b0c265db
SEC-1729: Revert "SEC-1711: Support verifying that attribute exchange parameters were signed" since it is superseded by SEC-1729
...
This reverts commit 68ba11ba7b
15 years ago
8178371927
SEC-1700: Add fixed serializationVersionUID values to security context, authentication tokens and related classes
15 years ago
4dc5d7d16e
Typo.
15 years ago
5c05575c0d
Cleaned up warnings in openid module
15 years ago
68ba11ba7b
SEC-1711: Support verifying that attribute exchange parameters were signed
15 years ago
62ba0fca5c
SEC-1710: Added shutdown method to OpenID4JavaConsumer that invokes MultiThreadedHttpConnectionManager.shutdownAll()
15 years ago
4a1908188a
SEC-1701: Trim claimed identity parameter value before submitting to OpenID4Java.
15 years ago
84ba7a0ea9
Additional tests for OpenID classes and minor refactoring of OpenID4JavaConsumer for easier testing.
15 years ago
43be9ea2a4
SEC-1430: Removed caching of username in session upon failed authentication. Improved Javadoc.
15 years ago
d64efe9747
SEC-1492: Added GrantedAuthoritiesMapper to provide mapping of loaded authorities to those which are eventually stored in the user Authentication object.
15 years ago
265cdaf2a6
SEC-1595: Added extra constructor to OpenID4JavaConsumer which takes a ConsumerManager to allow a version compatible with GAE to be injected.
15 years ago
85c4c91e0e
IDEA inspection refactorings.
16 years ago
0e57ce2dc3
SEC-1481: Updated constructors of Authentication types to use a generic wildcard for authorities collection.
16 years ago
2f025fba6c
SEC-1460: Added AxFetchListFactory which matches OpenID identifiers to lists of attributes to use in a fetch-request.
...
This allows different configurations to be used based on the identity-provider (google, yahoo etc). The default implementation iterates through a map of regex patterns to attribute lists. The namespace has also been extended to support this facility, with the "identifier-match" attribute being added to the attribute-exchange element. Multiple attribute-exchange elements can now be defined, each matching a different identifier.
16 years ago
f5468087c2
Remove cached DiscoveryInformation from session in OpenID4JavaConsumer's endConsumption method.
16 years ago
d3d9c5db59
Refactoring of UserDetailsService injection (for X509, OpenID and RememberMeServices) to use a factory bean rather than a post-processor.
16 years ago
c12c43da9e
Javadoc fixes.
16 years ago
36612377e2
Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents.
16 years ago
8720966d20
SEC-1390: Added null check on claimedIdentifier returned by DiscoveryInformation to prevent NPE.
16 years ago
e211f9b35f
SEC-1349: Allow configuration of OpenID with parameters which should be transferred to the return_to URL.
...
The OpenIDAuthenticationFilter now has a returnToUrlParameters property (a Set). If this is set, the named parameters will be copied from the incoming submitted request to the return_to URL. If not set, it defaults to the "parameter" property of the AbstractRememberMeServices of the parent class. If remember-me is not in use, it defaults to the empty set.
Enabled remember-me in the OpenID sample.
16 years ago
052537c8b0
Removing $Id$ markers and stripping trailing whitespace from the codebase.
16 years ago
8571571eaa
SEC-1306: OpenIDAttribute class is not marked as Serializable. Added Serializable interface.
16 years ago
4d8956a227
SEC-1288: Changed claimedIdentityFieldName in OpenIDAuthenticationFilter to "openid_identifier", as recommended by the 2.0 spec.
16 years ago
e94c7739d2
Remove dependency on MockAuthenticationManager
17 years ago
1286741c7c
SEC-1259: Improve consistency of authentication filter names.
17 years ago
caff3ee9ba
SEC-1231: Authentication.getAuthorities should be of type Collection<GrantedAuthority> and not List<GrantedAuthority>. Refactored the interface and related classes to match (UserDetails etc).
17 years ago
07d7c0ddae
Renamed form and openID filters to shorten names
17 years ago
ab0d66071a
SEC-1226: Introduce RedirectStrategy to replace RedirectUtils. Implemented strategy and applied throughout relevant classes.
17 years ago
48988bde84
SEC-935: Support for OpenID attribute exchange and changes to namespace syntax to allow simple configuration of attributes to request.
17 years ago
f536c80020
SEC-1202: Removed SpringSecurityFilter and replaced with use of GenericFilterBean from spring-web
17 years ago
3e9983c744
SEC-1186: Removed 'order' from openid filter
17 years ago
a8215fa2cb
SEC-1160: Renaming of authentication filters and entry points and associated doc changes
17 years ago
e94baf38b3
Tidying up to remove warnings (generics, use of deprecated test classes etc).
17 years ago
d7f202a111
Addition of final to constructor set fields to improve immutability of authentication and user objects
17 years ago
93bdcccaee
SEC-1132: Moved userdetails into core and added core/authority sub-package
17 years ago
ca7d055c2b
SEC-1132: Created core and authentication packages within core module.
17 years ago
9efb5a7007
SEC-1132: Moved access-control/authorization specific code to org.sf.security.access package. Created provisioning package for user management classes to remove cyclical deps. Some other moving of classes to remove code tangles. Restructuring of portlet module under org.sf.security.portlet
17 years ago
f746a20ab4
SEC-1132: package refactoring of non-core modules
17 years ago
bec84f874a
SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples.
17 years ago
2a9a8a41db
SEC-1125: Created separate web module spring-security-web
17 years ago
ddffdf1699
SEC-745: Renamed failureHandler and successHandler to have prefix 'authentication'
17 years ago
40ccd3be11
SEC-1058: Further refactoring to remove use of getDefaultTargetUrl(). Subclasses now pass the default value as a constructor argument.
17 years ago
2927b8464f
SEC-1058: Substantial refactoring of AbstractProcessingFilter to use AuthenticationFailureHandler strategy. Also changed attemptAuthentication method to take a response object and have the option of returning null, to allow OpenIDAuthenticationProcessingFilter to work without having to throw exceptions between the template methods (which made the logic very hard to follow). The OpenID filter now redirects to the OpenID provider service from this method, rather than treating it as a temporary failure and throwing OpenIDAuthenticationRequiredException.
17 years ago
Rob Winch
Tom Boettcher
Luke Taylor
Rob Winch