You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by fp...@apache.org on 2019/02/19 18:17:25 UTC
[shiro] branch pr-69 created (now c1c094b)
This is an automated email from the ASF dual-hosted git repository.
fpapon pushed a change to branch pr-69
in repository https://gitbox.apache.org/repos/asf/shiro.git.
at c1c094b [SHIRO-662] Changed the name of a private internal constant of the AuthenticationRealm class to match it's purpose.
This branch includes the following new commits:
new 307cef0 New repository initialized by cvs2svn.
new 5a1d837 initial checkin
new ba3cdd2 Initial revision
new d6e1252 Updated class files w/ LGPL header
new 1f62114 Updated javadoc
new 5a14da7 Updated javadoc
new a623402 added hasAll* methods
new a3a6488 added JSecurityException and updated others to use it
new 6fcccd8 Updated JavaDoc
new 2847018 changed name of apisupport directory to 'ri' for reference implementation
new 2f470f4 Added authentication events, annotations, and authorization granting code.
new 6960acb Fixed javadoc.
new 810c161 Updated javadoc
new eacad4a removed extends list in HasPermission and HasRole (annotations cannot have 'extends' list)
new 897d11e updated javadoc
new ed1d1c3 moved SessionManager to impl module, added SessionHandle implementation
new b1d2b21 Updated javadoc
new cca7d15 Updated javadoc
new 3544dff Reorganized class locations.
new ec3aac4 Updated AnnotationAuthorizationModule to work w/ newer HasPermission annotation and removed generic access to AuthorizationAnnotation since annotation subclassing is not allowed
new 26c906d changed the word 'user' to 'account' in javadoc and method names for consistency
new 67f5c2c updated author list
new 8d35bcc Renamed AuthorizationGranter to Authorizer to be consistent with the naming of Authenticator. Also checked in the reference implementation's libs and versions.txt file
new b12f8d7 Changed AuthorizationVote granted and denied fields to 'grant' and 'deny' to be consistent w/ 'abstain' (and since the act of voting is a verb, it made sense)
new ae54e03 source clean-up
new dc811fa renamed 'server' module to 'business' to better describe its purpose (i.e. an application may use business logic in a standalone Swing application, so 'server' isn't the best name)
new af4db6e new addition
new 80ade6a new addition
new c9510b8 updated build files and added jarjar task
new 392f887 separated old AnnotationAuthorizationModule into a module-per-annotation approach for easy extensibility
new 911596a optimized imports, fixed comments, cleanup
new d91364f Abstracted out DefaultSessionManager, adding an AbstractSessionManager. Adjusted numerous files related to session management. Removed AuthenticationToken interface (marker interfaces are useless and impose unnecessary coding practices) and adjusted Authenticator interface accordingly. Adjusted SessionException hierarchy to account for StoppedSessionExceptions as well as ExpiredSessions. Added ValidatingSessionManager interface and implementation.
new 9e4fdcc Updated javadoc and related build tasks
new 098c757 Checked in PermissionAnnotationAuthorizationModule
new 8a555b7 Added InstancePermission
new e8f4ca2 adjusted method modifier, added javadoc
new c56ab94 Committed initial code for security context and spring sample app.
new 37bb3f2 adjusted method declarations, chunked out code for readability, slightly adjusted classloader acquisition
new 80fe457 modified getContext( ClassLoader cl ) method for readability/logic flow
new 1ed026c little source code formatting for readability
new 7c090e3 Updated spring sample app and authentication filter.
new f77c0de Moved lib directory to top of build hierarchy, added Web support classes
new 43e0faf added WebSessionFactory implementation
new 689acc4 updated WebSessionFactory implementation, adjusted JavaDoc
new 14acff2 added ThreadContext
new ab8a47a removed (root lib directory has all libs now)
new 8e5f4ab initial check-in
new a9f944e Modified SecurityContext to use an accessor and only contain static methods. Implementations will now provide a SecurityContextAccessor. Started implementing a module authenticator and a DAO-based authentication module.
new 06e830f changed references of the string "factory" to "accessor" to be congruent with the implementation; adjusted getAuthContext to getAuthorizationContext to remove any possible ambiguity of the word 'auth' being confused with authorization or authentication.
new 0bfffce adjusted getAuthContext method name to getAuthorizationContext to remove any possible ambiguity of the word 'auth' being confused with authorization or authentication.
new 8177970 edited message wording
new 7cc2eec initial commit
new 3c18f3f updated build to include spring support. Added default SessionFactory implementation
new 6547323 modified to extend from DefaultSessionFactory
new 759e62f moved from ri-client to ri-common (needed on the business tier too)
new 0061297 updated interface and implementation
new f09c41e updated logging, ensured SessionInterceptor 'touched' sessions for each web request
new e716187 mostly updated javadoc in preparation for a public release
new 9504ce5 javadoc updates
new cd07aa8 minor optimization
new f2bdb9c moved all reference implementations under the org.jsecurity.ri.* package structure
new 4c4d193 Added DAO authentication support classes and implemented several classes.
new 2b07183 renamed class
new 6665c8e Authentication and authorization infrastructure improvements. Updated spring sample application to use authentication classes.
new 4ed8474 Added comments to the accessor.
new 4227f3a Changed serializable comment to string.
new 6a68d77 updated javadoc task, adjusted memory dao implementation
new 2eac640 Changed filter to delegate to a static utils class so that a future spring interceptor can use the same code.
new 1d00126 minor cleanup
new 538b35b added SecureSession interface
new f451329 Added spring support
new c5d7750 updated null check
new 398dc3f Added password hashing support to the password matching and changed Spring sample app to use SHA-1/Base64.
new f7586e1 Cleaned up comments.
new 4e4034a Added JavaDoc to password matching classes.
new 241eef2 Added permission support to the memory authentication DAO
new 1898a0b added JavaBeans compatible setter methods for username and password so the Token can be used in guis and form-field binding.
new c7cc996 ensured rolesPermissions map was not null to avoid NPE
new 675eba8 updated implementation to utilize the Spring RedirectView class to handle redirect logic
new a0b8f63 Added Realm interface
new f4df316 updated sources to reflect a Principal and Object credential (instead of a String username/char[] password, which is very application specific)
new 6fbbe60 moved org.jsecurity.ri.authc.password.* classes to package org.jsecurity.ri.authc.credential package to better reflect other potential forms of credentials
new 3f11b27 removed (replaced by StringPrincipal)
new 0c2ff25 Updated AuthenticationToken to include methods
new 57782d5 added copyright notice
new abd6231 added Spring autoproxy support for JSecurity JDK 1.5 annotations
new cba7320 renamed classes
new ba5e4e8 moved AuthenticationInfo interface into API
new 66992c2 no message
new dccbda4 minor cleanup
new 021fb99 minor cleanup
new db6df92 added AuthenticationEventSender support
new 4ca93de changed Calendar references to Date references; optimized imports
new 267904f Fixed setter method on DAO module.
new 810b401 Bugfixes.
new 9276400 minor cleanup
new 56a089b Bugfixes.
new d1607be AuthenticationInfo cleanup
new 3c59b51 changed @since versions to 0.1 to be in sync w/ the RI
new 5cf1240 updated JavaDoc, License Header and name
new bccf2dc merged conflict
new 7abc1ee added lazy initialization of attributes
new 0e10100 Added convenience method for spring configuration.
new 5b7ad7f Added active directory module.
new 5f6c154 Added active directory module.
new ab49043 Added debug main for testing ldap support.
new 0d51de3 Changed instance variables to protected.
new f86e813 Added multiple principal support and updated active directory module.
new 497e18d Fixed security problem where password was logged.
new 1388d97 added tag libraries
new 6d61dfe minor cleanup
new 53bf476 javadoc cleanup, exception hierarchy cleanup, optimize imports
new 501d7d8 adjusted default value of HasPermission annotation attribute 'actions' and corresponding permission instantiation logic
new 62eec64 minor javadoc change
new 62b4cd1 adjusted Permission creation logic based on optional actions attribute
new 52be60f updated verification method
new 7c3e739 logging/naming cleanup
new d4598b0 no message
new e50578f javadoc cleanup
new 75b7a57 added 'RI' to comment line
new 8495b27 javadoc updates
new 6652756 Split LDAP module out from active directory module.
new 093237a Added explanatory javadoc to explain the usage of a char[] to store a password.
new 466be7d Added explanatory javadoc to explain the usage of a char[] to store a password.
new db8015f javadoc updates
new 34a6c45 javadoc updates
new 9b521d8 changed delimiter split regex to a static final compiled Pattern for better performance
new 7121499 renamed hasPermission references to implies
new 206f2b4 Added constructor.
new 8d3a650 Added todo.
new 23159d9 update checkin
new 8ebab7e Added some remote invocation support classes (unfinished)
new dd95bde minor cleanup
new 9a9b10a minor cleanup - adding logging statements, clarifying javadoc, etc
new a5cb3fc JSEC-13 - renamed HasRole and HasPermission annotations
new e58cbf1 JSEC-13 - renamed PermissionRequired to PermissionsRequired for consistency
new 8747054 JSEC-10 - Renamed ModuleAuthorizer to ModularAuthorizer, ModuleAutorizationStrategy to ModularAuthorizationStrategy, and PluggableAuthenticator to ModularAuthenticator
new 8a2061e JSEC-7 - actually removed the SecureSession interface instead of renaming it
new a7cf543 Updated remoting code. Renamed sessionhandle to delegating session.
new efe759d Started integrating Quartz into default session manager.
new 4c26805 CVS import cleanup
new dcddc69 CVS import cleanup
new ddf547f CVS import cleanup
new 6ac5c40 CVS import cleanup
new 2598818 CVS import cleanup
new 8b43c6d CVS import cleanup
new a130141 CVS import cleanup
new ad34075 CVS import cleanup
new 44bd797 CVS import cleanup
new c346653 CVS import cleanup
new fd1577d CVS import cleanup
new c63039e CVS import cleanup
new a0e1bc8 CVS Import cleanup
new f5cfddf Added Quartz session validation support.
new df17dce Module refactoring, removal of DAOAuthenticationModule and supporting classes, migrated MemoryAuthenticationDAO to be a MemoryAuthenticationModule.
new 726bd64 Improvements to sample application.
new d011b1a Updates to sample code.
new 9907440 Removed file/folder
new 79d4284 Updates to sample application for session propagation.
new ae165d3 Change authorization context to default to delegating authorization context using a realm.
new 4a2f828 Fixes to sample app.
new d64ca8e Javadoc fix.
new e60923a .svn directory exclusion when creating release zip
new dfeef9f JSEC-25 - intial JBoss support check-in (minor integration w/ JBoss AOP). To isolate 3rd party APIs (AOP Alliance AOP, JBoss AOP, etc), some classes were refactored to abstract impl. specific details.
new a86ae21 JSEC-25 - added jboss-aop.jar and updated build.xml and library_versions.txt to reflect the corresponding change
new daeb35f Initial commit of realm refactoring.
new 3d20197 Fixed typo, added a couple of comments.
new 47c299e test commit (testing SF.net subversion)
new 00bae8c Removed SecurityContextAccessor in favor of proper SecurityContext subclass implementations - less verbose, more intuitive, and easier to understand. Also allows for API extensions via custom subclasses.
new 8fa26e7 minor file cleanup
new f065134 fixed missing file and import statement
new 4e20424 fixed missing file and import statement
new 942a473 SecurityContext refactory - moved configuration and caching to RI (these should be RI-related as other possible implementations may handle configuration and caching separately, or may not even directly support them).
new 9c47b44 SecurityContext refactory - moved configuration and caching to RI (these should be RI-related as other possible implementations may handle configuration and caching separately, or may not even directly support them).
new 1ff288b SecurityContext refactory - moved configuration and caching to RI (these should be RI-related as other possible implementations may handle configuration and caching separately, or may not even directly support them).
new fadbce1 SecurityContext refactory - moved configuration and caching to RI (these should be RI-related as other possible implementations may handle configuration and caching separately, or may not even directly support them).
new 25e7514 SecurityContext refactory - moved configuration and caching to RI (these should be RI-related as other possible implementations may handle configuration and caching separately, or may not even directly support them).
new e72ebc8 minor compile cleanup
new cb90bf0 fixed sessionId acquisition method that could cause a CCE
new c570422 javadoc generation adjustments (clear up warnings)
new eb1bd96 Removed Configuration interface and related dependencies in favor of a lighter-weight configuration via D.I., programmatic, or XML-based config.
new 250df42 Updated JavaDoc
new fa4bb66 Removed Spring dependency from RI.
new c976aab Modified credential matchers to support Strings as well as char[]s.
new 33e3b92 Added support for aggregating authentication module information. Added multi-realm authorization support.
new b728ccc Templatized the modular authenticator slightly to allow for merge overriding
new 0440a7e Made significant changes to the SecurityContext - now an interface, and not an abstract class - to reduce and/or eliminate problems with static memory references (as the old class had).
new 9856ac5 javadoc modifications
new 176851b git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@710415 13f79535-47bb-0310-9956-ffa450edef68
new 3386527 Changes to fix problems introduced by previous refactorings.
new af20d9d Added several custom tags.
new 4303a6d Renamed interceptor and filter to be more intuitive.
new ddff13d Fixed name bug and added support for grabbing the user's name from active directory.
new 48b7348 Added velocity support tool per JSEC-24.
new 9ed6290 Added realm classes, but haven't implemented anything.
new 66e6a60 Added exception to log output.
new 0be264c logging bugfix.
new f237702 Minor JavaDoc changes
new fd9f586 Moved source code to root trunk src directory for cleanliness - too many modules were confusing
new 355d579 delete
new 3914eb4 delete
new ec8a4ec delete
new da548ac Moved source code to root trunk src directory for cleanliness - too many modules were confusing
new e7fd72c Moved source code to root trunk src directory for cleanliness - too many modules were confusing
new 2c65972 Moved source code to root trunk src directory for cleanliness - too many modules were confusing
new cb90c94 Moved source code to root trunk src directory for cleanliness - too many modules were confusing
new dcfc12d Moved source code to root trunk src directory for cleanliness - too many modules were confusing
new 3527583 build changes to accomodate source code movement
new f5c27f5 Removing api directory - consolidating into root level src directory
new b07f6d2 Removing api directory - consolidating into root level src directory
new a80d784 removed jarjar 3rd party lib dependency - no longer needed
new 3c16c10 removed jarjar 3rd party lib dependency - no longer needed
new 477e1eb moved ri interfaces/classes into main src directory
new 2e92cd2 moved ri interfaces/classes into main src directory
new 60b9eb0 moved ri interfaces/classes into main src directory
new 4c875a5 empty directory clean-up after the src move
new f9ae29a empty directory clean-up after the src move
new 4fc76de empty directory clean-up after the src move
new 5c4e938 empty directory clean-up after the src move
new 52e195c empty directory clean-up after the src move
new f7b98fd empty directory clean-up after the src move
new 64d4605 empty directory clean-up after the src move
new 27a9cda empty directory clean-up after the src move
new a5defa4 empty directory clean-up after the src move
new 10b0a1a Updated copyright notice for 2007
new 2a8c2e9 minor build changes to build spring and jboss support
new e2640a5 minor build changes to build spring and jboss support
new 6bb229d removed unnecessary files (no longer used)
new e8358b2 javadoc updates cont'd
new 641afac LOTS of JavaDoc updates
new ee04483 Refactoring to simplify implementations.
new 3b7f0b4 Refactoring to simplify implementations.
new 4c68121 Updated realm javadoc.
new 3fe2113 Broke out authorization operations from the Realm and SecurityManager interfaces.
new 728e825 Fixed import.
new 78aa5cc Javadoc update.
new c725d9b more JavaDoc after AuthenticationModule refactor
new 7c5e34c minor javadoc
new d6a232f javadoc updates
new df5dd75 javadoc cleanup
new 1b622b6 Renamed SecurityManager variables to fix case.
new ffc2435 Fix accidental commit.
new 74b3a33 JavaDoc cleanup.
new e545d5b Cleaned up unused methods.
new 5bb616d Added more docs around securityManager in the filter.
new de51872 Renamed methods.
new 25d9f3a Updated JavaDoc.
new e2f238d Principals are not added if they are already bound.
new 15c74cc Changed key values.
new 2a9c754 LDAP enhancements.
new e55a45b Added JDBC realm implementation.
new a5abdfc Updated javadoc and credential matcher logic.
new a30abd2 onInit method adjustment to avoid overriding a final parent method
new a4cee88 used JSecurity JdbcUtils instead of Spring's to reduce 3rd party dependency
new 4157331 Initial commit of property file support - still needs more work.
new ca927cb enabled AuthenticationToken to extend from Serializable, Fixed UsernamePasswordToken's Principal equals() implementation
new 9727c2e git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@710483 13f79535-47bb-0310-9956-ffa450edef68
new 4a4d5b2 More work on files realm.
new 734f08f More work on files realm.
new 31cda3d altered SecurityContext API to allow creation of Sessions. Underlying implementation of SecurityManager was changed to accomodate this new logic.
new 6d1630a Updated DefaultSecurityManager to dynamically create a SessionFactory if one has not explicitly been set. Updated sample application to show this simplified configuration.
new 4c14ff6 Bugfixes and work on sample application.
new 7c8a0af Updated WebSessionFactory implementation and supporting classes and sample application configuration
new bcca299 Upgraded to latest stable version of ehcache (to 1.2.4) - well tested for high volume and clustered environments
new 218318b Added more robust disk-based session management via a SessionDAO implementation using Ehcache (in memory + disk-based cache & persistant across server restarts). This is now the default SessionDAO for the DefaultSessionManager, as it is production-worthy.
new 12293d2 Added more robust disk-based session management via a SessionDAO implementation using Ehcache (in memory + disk-based cache & persistant across server restarts). This is now the default SessionDAO for the DefaultSessionManager, as it is production-worthy.
new 48cef24 Small changes.
new 52d7785 Enhanced Session DAO implementation & updated ehcache session settings to prevent preemptive cache timeout (interfering w/ JSecurity's session timeout)
new e97d7a5 Enhanced Session DAO more ehcache work - using sensible defaults, tested w/ overflow to disk
new 4aed58a Added JUnit 4.2 support, test cases and modified code based on the results of tests
new 35a2249 Cleanup and JavaDoc
new e16e800 Added post processor for spring that automatically invokes init() and destroy() on beans. Updated beans to implement the Initializable and Destroyable interfaces. Updated version of Spring used in JSecurity.
new 4c3c564 Small changes to project and webstart stuff.
new 032beac Added JUnit and Easymock support to IDEA project files.
new d5e1d46 Added JUnit 4.2 test cases
new 61c1d77 Adjusted test case
new ba788d5 JavaDoc.
new 59182cb Added todo.
new 8bd0689 JavaDoc adjustments
new b9ff00a Cleaned up todo statements
new 8a211c0 enabled InetAddress binding to the thread to support DelegatingSecurityContext.getSession() in server-side environments (was previously only in Filter implementation)
new 790064d Work on spring sample application.
new d6e34d3 Work on spring sample application.
new 31f721e Fix for remoting. Work on JDBC support in sample app. (for testing)
new cb235c9 Modified filter to support DI. Modified security manager to disable sessions by default.
new df44aed enabled Sessions by default to eliminate exceptions in case SecurityContext.getSession() is ever used.
new e0d472a updated ehcache.xml to include a jsecurity session cache (default production-quality session cache is not enabled when an explicit ehcache.xml is in the classpath).
new d8c3a9c added hsqldb jar file (removed hypersonic dir - that is hsqldb's old name)
new 598ca82 added version note about hsqldb.jar
new ffce367 updated SessionManager to lazily create a sessionManager if sessions will be in use
new 57b2072 Added checkRole methods.
new 5bbdbca Removed contains() usage for JDK 1.4 compatibility.
new 51645b8 Fix for security JSP tags.
new a55594a Changed ThreadLocalSecurityContext.current() to return null instead of throwing an exception if there is no current security context.
new 54236e8 Added null checks to JSP tags.
new bd8d9ae restructured how Ehcache works within the SessionManager, specifically to address default activeSessionCache settings. This removed the need for the jsecurity-specific failsafe xml file.
new e94b72d added Serializable interface
new e2374a3 added check to fail-safe the sessionDAO if ehcache is not in the classpath, added a utility method to ClassUtils
new 58a3547 JSEC-32 - updated SessionManager implementation and related JavaDoc to reflect lastAccessTime adjustments
new 04264b1 JSEC-42 - initial adjustments in preparation for the Permission interface swap
new d0b7408 JSEC-42 - remainder API adjustments for Permission interface swap
new 9741e1c JSEC-42 - continued API adjustments for Permission interface swap
new 4844b00 JSEC-42 - completed Permission class/interface swap.
new 434e711 JSEC-48 - Applied patch (Thanks Peter!)
new 6b94730 JSEC-49 - Applied patch
new 05cbf8c JSEC-47 - Applied patch
new 49136d4 JSEC-50 - initial ModularAuthorizationStrategy support/implementation complete.
new 5741332 returned String,String argument constructor to AbstractPermission
new 6f5553a made toCommaDelimited and toSet public static
new 7fb6423 slight wording change in an exception message
new df79147 JSEC-8 - Removed event-class specific methods in Listeners for a single onEvent method allowing for the most flexibility. Listener implementations are now free to choose to implement delegation, visitor pattern, etc., in whatever way is appropriate for the application. Logging implementations are provided as simple examples of both AuthenticationEventListener and SessionEventListener interfaces.
new f62eb84 JSEC-8 - Removed event-class specific methods in Listeners for a single onEvent method allowing for the most flexibility. Listener implementations are now free to choose to implement delegation, visitor pattern, etc., in whatever way is appropriate for the application. Logging implementations are provided as simple examples of both AuthenticationEventListener and SessionEventListener interfaces.
new 98c67c4 Added HasAnyRoles tag.
new 7566b17 Added HasAnyRoles tag.
new 0ec3a2b JSEC-39, JSEC-44 - Began extensive clean up to consolidate Filter and Interceptor behavior in a generic Web support hierarchy. Removed WebUtils as respective util methods are now more "OO" in proper abstract classes. Removed ThreadUtils by consolidating these methods in ThreadContext (api was previously too noisy w/ little benefit).
new 4deb3b1 added .trim() to roleName in case the user delimites with commas and spaces
new b95dd1d JSEC-39 - implemented common code support for Session interception (servlet filter, aop interceptor, etc)
new 2553432 JSEC-44 - The WebUtils class was removed as superceded by the SecurityContextWebSupport class, whereby a more elegant solution has been implemented with the usage of a 'preferHttpSessionStorage' attribute to address these preferences.
new 66e17e1 JSEC-51 - updated DefaultSessionManager and QuartzSessionValidationScheduler implementation to call Quartz scheduler.shutdown() in the event that JSecurity was responsible for creating it to begin with
new f1f00e2 added some simple utility methods to assist in general hashing that could be used outside of the password matching method (for subclasses, direct method calls, etc)
new 81083cc Added retroweaving for jdk13 and jdk14 support.
new 8ab65fe added JUG jar for UUID generation on JDK 1.3 and 1.4 systems.
new 68c072a used Long.toString for random based ids to ensure strings are used for all id mechanisms
new b60702b made session cookie's default path to be the request context's path. This can be overridden by calling setSessionIdCookiePath
new 9d13f62 removed setRealms method from SecurityManager interface (this should be an impl method, not an API interface method forced upon all implementations), added setRealm method to DefaultSecurityManager for convience for single-realm applications (majority).
new a74d428 JSEC-46 - made changes to the sample app so it is jdbc-driven
new 5b8c46a updated build environment to make project releases easier
new a3ace57 minor adjustments to the samples/spring build setup
new 0bb5d39 JSEC-40 - Adjusted Web-based interceptor/filter mechanism. Made all 'pointcut' behavior consistent across all types of web based interceptors (SecurityContext, Session, Authentication) and for supported subclass implementations (Spring Interceptor, Servlet Filter, etc).
new 9eca31b JSEC-43 - web tags support implemented (annotations still tbd)
new 09f35aa Random fixes/improvements.
new 9e2b3c8 A few fixes.
new 451b5bc adjusting SecurityUtils usage
new 5dd2a81 removed old comment that no longer pertains to the current code (was for old *Interceptor mechanisms)
new 661f6ad removed JSecurityTool.java as it is now just a passthrough to the SecurityContext instance itself. The SecurityContext itself should instead be passed to context maps directly now that it is capable of almost all security operations.
new 561c9b9 Committed refactoring of security context to always create a context and separate authenticated flag from principals/presence of security context.
new 24c3093 Small bugfixes.
new 49808fb Fixes for sample app.
new 2c1f124 added destroy/cleanup code to EhcacheSessionDAO to cleanly destroy an implicitly acquired Ehcache CacheManager instance (was previously throwing log4j exceptions due to shutdown hook never being cleaned)
new c4174e3 JSEC-54 - put in a constant defining the default attempted page key
new 803c099 JSEC-55 - Finished re-implementation and moving files
new 7d58d41 JSEC-55 - Finished re-implementation and moving files
new 09c20cc JSEC-55 - Finished re-implementation and moving files
new 1cd8b1b JSEC-55 - Enabled passthrough of CacheProvider instance to SecurityManager child components
new d2cacc7 JSEC-55 - Enabled passthrough of CacheProvider instance to SecurityManager child components
new ed2a2b1 JSEC-53 - initial refactoring of Permission hierarchy
new 0c08cb6 JSEC-53 - initial refactoring of Permission hierarchy
new fed6f4d cleaned up interceptor mechanisms further
new 95d2ef8 added Spring filter support
new 6365381 Updated web support classes to better support the notion of WebStore objects instead of using if/else statements to determine where to store security information
new 78011bf Renamed BeanPostProcessor to better reflect its functionality
new e521b8a made string constant
new caa9b27 fixed some NPEs and added logging
new 006cb6c adjusted WebStore creation logic based on interceptor and HTTP header behavior
new b1b2640 adjusted WebStore creation logic based on interceptor and HTTP header behavior
new 70a1873 fixed SecurityContextWebInterceptor to handle implicit Session acquisition/creation as well through the use of an internal SessionWebInterceptor
new fb95221 Fixed class JavaDoc
new ef2540e Fixed class JavaDoc for Permission classes
new 5ba4f90 Changed SecurityContext#implies methods to be isPermitted methods to match those in the Realm/Authorizer/SecurityManager interfaces. Also removed unnecessary exception when null check could be used instead for program flow
new 61ca58e edited JavaDoc, added method to ModularAuthenticationStrategy for pre-authentication attempt logic
new 442d51e updating implementation
new 9af6789 initial changes to MemoryRealm/PropertyFilesRealm refactoring (in progress)
new 65c2938 Work on property file realm.
new d821658 Adjusted Realm implementations for cleaner hierarchy separation
new 8a3349b Finished cleaner Realm hierarchy separation
new 6b5d267 Renamed realm to better reflect .properties file name
new c97b2a6 Finished initial Memory/Properties Realm refactoring, renamed PropertiesFileRealm to PropertiesRealm to reflect that not just file-based operations are supported (i.e. any Properties object from any source is supported)
new fff3e74 Refactored AuthorizationInfo to match AuthenticationInfo more closely. Enhanced Ldap realm support.
new 776c8f9 Fixed cache manager destroy problem in EhCache.
new 0c79803 Commented out broken code and made some fixes to ldap realm.
new c2bb62d updated servlet-initialization support
new 7fd3897 removed file - renamed to PropertiesRealm
new 6cfa7b4 JavaDoc/Formatting adjustments only
new 20ec42f removed java.security.Principal as a required API implementation point - it provided little real value and often placed cumbersome implementation expecations that weren't necessary at all. Removed all *Principal implementations in the framework as well, since they're no longer used.
new 06c246a Continued JavaDoc updates in preparation for 0.2 release
new b98c09d Continued JavaDoc updates in preparation for 0.2 release
new 4c7ca61 JavaDoc updates.
new fc66aa5 Permission, NamedPermission, TargetedPermission refactoring, JavaDoc updates
new 46b206a JavaDoc updates
new 79eb4cd JSEC-56 - added Peter's patch to prevent IndexOutOfBoundsException - cleaned up the merge method too
new 79e94fb permission support cleanup
new 3932827 javadoc cleanup - made public api interfaces utilize java.util.Collection instead of List for most method signatures
new 2ee7453 users.properties testing/verification as well as new Request/Session wrappers
new a156066 added Servlet spec (Section 7, Session Management) initial support to use JSecurity session's transparently in a web application
new b459fb1 test commit
new 71a62aa Resolved JSEC-65 & JSEC-66; added some simple unit tests that helped with these changes
new d1fea0d added new constructor to DelegatingSecurityContext.java in an effort to cleanup instances where principal or collection of principals was unknown
new 4e96e27 test commit
new 6ba214a fixing exception message
new 6785957 updating javadoc based on recent changes
new e427059 added additional assert to test
new 91f661d Updated generics in authentication info and security context.
new c9184fe Changed all built-in realms to use a helper method for building the authentication info so it can easily be overridden by subclasses.
new 96ced16 Changed to return unmodifiable list for encapsulation and security.
new ed17226 Fix.
new e695674 minor cleanup, added documentation, removed unnecessary SecureRemoteInvocation class (same thing can be attained without subclassing via RemoteInvocation attributes)
new d5f05b5 changed a info message to be a little clearer
new a1bd0aa Added test case for overriding createAuthenticationInfo. Also fixed bugs in setPrincipals()
new a47405d updating javadoc based on recent changes
new 3650d5c Finished initial JSecurity Servlet Specification for Sessions, converted most HttpServletRequest/Response to ServletRequest/Response calls where available to enable easy support for Portlets later on
new 2ae9c5e Minor JavaDoc fix
new a999cb9 git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@710628 13f79535-47bb-0310-9956-ffa450edef68
new 056bd48 Fixes after testing Servlet Spec for Sessions implementation
new 35255e7 changed URL parameter to be lowercase to conform to the Servlet Specification
new a17a62d minor exception message change
new 6d6d291 changed Spring support to Loader based SecurityManager acquisition instead of via a Filter (more appropriate)
new def9492 updated init-param comment to provide more information
new bd6729e fixed erroneous null return value
new 9d08884 changed release number
new 4820133 implemented JSecurity Session implementation to use HttpSession as an alternate implementation strategy
new 247a4f4 intermediate changes
new f5f0969 git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@710638 13f79535-47bb-0310-9956-ffa450edef68
new d668db3 git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@710639 13f79535-47bb-0310-9956-ffa450edef68
new 267d8b1 git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@710640 13f79535-47bb-0310-9956-ffa450edef68
new 315eb35 Continued Web SessionFactory/SecurityManager support
new f652218 removed java.io.Serializable interface inclusion since its already included by a parent interface
new 4c49354 The setSessionManager() method on DefaultSessionFactory would always throw an exception if the 'sessionManager' field was not initialised via the constructor. This is because the method was checking for a valid value on the field before setting it!
new 49934b0 DefaultWebSecurityContextFactory was always throwing an exception if the session factory was not explicitly wired in. This was simply a case of a missing 'else' which has now been added.
new 0feaa15 continued web-tier support
new e3d2038 continued web-tier support
new 35a2910 continued web-tier support
new 0fabc8d minor exception-wording change
new 6fdb4f9 git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@710649 13f79535-47bb-0310-9956-ffa450edef68
new 733bf22 minor comment fix
new acb0942 minor comment fix
new 30cfcc2 JSEC-70 - 1.0 preparation
new 6ea48e5 git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@710653 13f79535-47bb-0310-9956-ffa450edef68
new 8dcfa15 interim checkin - annotations not functional at the moment (currently working on refactor)
new 5b268e8 removed unused package
new 4b0c2b2 removed unused package
new a26e9ae minor comment update
new 3ce2e7a AOP/method authorization changes
new fa52747 AOP/method authorization changes
new fd95c03 AOP/method authorization changes
new dc55e1c initial RememberMeAuthenticationToken support
new 0a1cf55 minor change for binding for subsequent requests
new 3045283 minor javadoc change
new ce59eba JSEC-72 - renamed AuthenticationInfo and corresponding references to Account
new 080c8a6 JavaDoc updates
new dca65ee JavaDoc updates, removed unnecessary class
new 696b429 continued prep for 1.0
new 5f040f4 continued prep for 1.0
new 63798fd continued prep for 1.0
new a4c8998 continued prep for 1.0
new 317693d method cleanup
new 8c404cf Starting support for RememberMe authentication
new dc04b7c Added intermediary AuthenticationEvent abstract class to support retaining the AuthenticationToken used during the attempt
new 50ea71c RememberMe support continued
new a4611ff removed commons-codec dependency due to new JSecurity crypto package (self reliant)
new 2538f9a removed commons-codec dependency due to new JSecurity crypto package (self reliant)
new f5343c8 RememberMe support continued
new 08e0ad9 finished initial crypto and hash support
new 079f672 continued RememberMe support
new 37d97c0 continued RememberMe support
new c6c3fae continued RememberMe support
new 292699c RememberMe support continued
new 7c4dfcd RememberMe support continued
new caf9f7f RememberMe support continued
new 4e8bce5 RememberMe support continued
new f6b008d removed extraneous 'support' package
new c39ab47 removed extraneous 'support' package
new 96d8a1f initial completion of RememberMe support
new cf89c7d adjusted exception message
new 653e82e minor logic change
new cca86aa updated google analytics snippet
new 0a85ee2 updated rememberme logic for checking for identity
new 92e8288 minor cleanup
new e7a0758 JavaDoc and hash support updates
new d642c01 removed unnecessary package
new b721964 javadoc updates
new 95dbcb0 removed SecurityContext.getAllPrincipals in anticipation for application-specific support
new 7798bb2 git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@710698 13f79535-47bb-0310-9956-ffa450edef68
new 0fe226d JSEC-76 - AuthenticationEventListener registration support
new b83db78 package restructuring
new e389fa4 package restructuring
new 5c447a2 package restructuring
new b1d37a3 package restructuring
new f4bcadb package restructuring
new 55e74ae package restructuring
new 96fa791 package restructuring
new b03dc69 package restructuring
new 38e9f5b package restructuring
new 6c585fc package restructuring
new 5e0edf1 package restructuring
new b39e7ec package restructuring
new 132aded minor javadoc update
new 08684e9 cleaned up destroying logic (*ImplicitlyCreated booleans not needed)
new cb6eb54 SecurityManager implementation hierarchy refactoring for cleaner separation of logic
new 879bcce git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@710715 13f79535-47bb-0310-9956-ffa450edef68
new 073a846 Adding support for string based permissions and permission resolvers with a core permission type that supports named and targeted permissions.
new b06b373 AuthorizationInfo to AuthorizingAccount name change
new 202d2c5 AuthorizingAccount and corresponding Realm refactoring + cleanup
new c146300 AuthorizingAccount and corresponding Realm refactoring + cleanup
new 5862e70 removed empty directories
new 0c14f90 CredentialException renamed to CredentialsException
new fab4782 JavaDoc adjustments
new 3459df5 added String permission support
new 197f5a4 JavaDoc adjustments
new f7dd12c Renamed SecurityContext (and all associated Classes and Methods) to Subject
new c7f54fa Moved Subject interface and associated classes to the new org.jsecurity.subject package (org.jsecurity.context is being removed)
new e9731e2 Moved Subject interface and associated classes to the new org.jsecurity.subject package (org.jsecurity.context is being removed)
new d7e9196 JavaDoc fix
new c52574c JavaDoc updates
new 3a43dba CredentialException renamed to CredentialsException
new 96fbc2f Start of adding URL path authorization.
new 25e77f0 JavaDoc updates
new 0cbad79 JavaDoc changes
new c00f613 moving package
new 9996d64 moving package
new c327453 packages and filter changes
new a51b3c4 Continued 0.9 prep
new 38420c0 Continued 0.9 prep
new 9aefa2a Modified exception catch block to not swallow exceptions
new 7f790c6 Modified exception catch block to not swallow exceptions
new ea97123 javadoc changes
new f4032c9 JavaDoc updates and more prep for 0.9
new 52bd21f JavaDoc updates and more prep for 0.9
new 91f708c removed unnecessary directory
new b1bb343 JavaDoc updates cont'd
new 6a7686a init() logic cleanup
new f7c9795 package/naming cleanup
new 2c7ec69 package/naming cleanup
new 137f14b package/naming cleanup
new 96c10be Continued 0.9 prep
new b64a130 renamed ShaHash and related classes and configuration files to reference Sha1Hash, which is compliant with algorithm naming
new 993dae4 Cleanup by deleting/removing unused classes/interfaces.
new 8014b9b SessionManager refactoring
new d6a9841 SessionManager refactoring to support events even in a web environment
new d9e8807 AuthcEventManager refactoring
new af5ccd3 AuthcEventManager modifications, JavaDoc updates
new e4bf437 renamed web store and corresponding package to web attribute
new 0165fea removed empty directories
new ebb52a2 removed empty directories
new a9dfb3d git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@710760 13f79535-47bb-0310-9956-ffa450edef68
new eee332e Enabled SessionEvent support even with Servlet Container implementations for SessionManager. Eliminated unnecessary intermediary SessionFactory implementations.
new 46fb095 Initial check-in of http basic interceptor authenticator.
new 6a8f5d3 Minor refactoring and cleaning up of basic authentication interceptor.
new 786cd58 javadoc updates
new b3ecf7e quickstart app modifications
new 67e23cf Added debugging, trimming basic header string, and ignoring case for determing if we have a Basic authentication attempt.
new 52d7466 Added new methods to convert AuthenticationToken and Account to byte arrays so that the equals method can properly compare the two.
new 5cddbcb Added basic logout page.
new 5fa8b5c Removed code to send back a page body when authentication fails.
new 5d234c2 quickstart app changes after debugging
new a83b566 intial InterceptorBuilder support for web.xml configuration of security interceptors
new 6612cad url mapping support for interceptors cont'd
new 6f426fa url mapping support for interceptors cont'd
new ae8d12f Fixed logout page to ensure logout() is called before any HTML is rendered (Cookie requirement)
new 8f0896c minor init() cleanup
new 6151cc9 url mapping support for interceptors cont'd
new 85a686e url mapping support for interceptors cont'd
new e427382 test refactoring
new b94b863 url mapping support for interceptors cont'd, added JUnit tests
new 3464e85 url mapping support for interceptors cont'd, added JUnit tests
new 19fe2ea renamed org.jsecurity.web.filter package to org.jsecurity.web.interceptor to avoid confusion with ServletFilter terminology
new d7ea62d renamed org.jsecurity.web.filter package to org.jsecurity.web.interceptor to avoid confusion with ServletFilter terminology
new f74c4af renamed org.jsecurity.web.filter package to org.jsecurity.web.interceptor to avoid confusion with ServletFilter terminology
new dbf54d6 created top-level 'mgt' package for SecurityManager interface and implementations; moved Properties realm to a 'text' subpackage and created intermediate parent class for cleaner abstraction
new 728463a javadoc updates
new 3c8c056 fixed PropertiesRealm reload thread problem, abstracted init methods
new b84b388 ehcache optimizations for the PropertiesRealm
new 12519a4 added ExecutorService based implementation of SessionValidationScheduler interface and made it the default in the AbstractValidatingSessionManager class (Quartz no longer default so as to not force a dependency on end-users).
new 051b807 fixed css path
new a5a9970 removed old url handlers - superceded by new interceptor infrastructure
new 8676e20 removed old url handlers - superceded by new interceptor infrastructure
new 99a108e quickstart web.xml documentation and testing
new ae6b2c4 quickstart web.xml documentation and testing
new 0dd8d62 quickstart web.xml documentation and testing
new 081e58e authcBasic name fix
new 7468684 typo fix
new 2653306 null check
new 85055b1 Renamed CacheProvider to CacheManager
new 55d20a6 Cache, CacheManager, and CacheManager aware cleanup
new 5d4b350 JSEC-86 - Cache and CacheManager interface and method cleanup
new 0f3d051 JavaDoc modifications
new 5bce27e JavaDoc modifications
new 10fcaca JSEC-87 - ModularAuthenticationStrategy modifications for cleaner account data aggregation
new f1d5fb5 JSEC-88 - converted to the Apache 2.0 license
new 600f497 minor url/path interceptor definition
new cb55db8 moved commented version into JavaDoc for better maintainence
new a614fab sessionMode cleanup - wasn't being set properly (now resolved)
new 7900c2a JavaDoc cleanup and made the JSESSIONID request param uppercase to match the values checked by the WebSessionManager
new 625fef5 quickstart sample app cleanup. Added new tags (user/guest)
new a191f6c rounded out quickstart sample .war and implemented initial form-based AuthenticationWebInterceptor
new f7b88ad initial addition of ivy build support (not yet enabled)
new e26cc66 ivy / m2 repo support
new bdcc942 removing ivy-managed dependencies
new abedf9c removing unnecessary directories that previously held manually checked-in jar files (moving to ivy - no need to check in dependencies manually anymore)
new cba3124 build modifications to support ivy cont'd
new f8661a5 intermediate build changes checkin (docbook resolutions - need to clean up sample app still)
new 1f1ba80 removing unused jar files (until we can relocate them to the maven2 repo and use them when necessary)
new 0e9139f re-enabled retroweaver
new d1f5f3d removed empty dirs
new 40fc46f updated to reflect retroweaver jar
new 1dea63e provided default no-op implementation of the LogoutAware.onLogout method for convenience.
new c45fb64 removed docbook libs from SVN - using ivy autodownload now
new 8ae963e removed docbook libs from SVN - using ivy autodownload now
new 8dc9c55 removed docbook libs from SVN - using ivy autodownload now
new 36f15e0 removed docbook libs from SVN - using ivy autodownload now
new 063b3fd removed jug jars from SVN - using ivy autodownload now
new 9b390a3 removed jboss AOP support from SVN - JBoss support slated when JBoss Microcontainer 5.0 becomes final
new 916d393 removed jboss AOP support from SVN - JBoss support slated when JBoss Microcontainer 5.0 becomes final
new 829cf96 removed jboss AOP support from SVN - JBoss support slated when JBoss Microcontainer 5.0 becomes final
new 78ecf07 removed jboss AOP support from SVN - JBoss support slated when JBoss Microcontainer 5.0 becomes final
new 729550e removed jboss AOP support from SVN - JBoss support slated when JBoss Microcontainer 5.0 becomes final
new b74741b removed jboss AOP support from SVN - JBoss support slated when JBoss Microcontainer 5.0 becomes final
new e2e4073 removed jboss AOP support from SVN - JBoss support slated when JBoss Microcontainer 5.0 becomes final
new b4fd05c removed jboss AOP support from SVN - JBoss support slated when JBoss Microcontainer 5.0 becomes final
new 96e9bf4 removed jboss AOP support from SVN - JBoss support slated when JBoss Microcontainer 5.0 becomes final
new 83c1330 removed jboss AOP support from SVN - JBoss support slated when JBoss Microcontainer 5.0 becomes final
new 390370c removing lib dir - not necessary in SVN since now using ivy
new 7e1f358 removing lib dir - not necessary in SVN since now using ivy
new b8ac566 removing ivysettings.xml since ivy's defaults are fine now that JSecurity's public repo is automatically sync'd with the maven2 repo
new 9c8bce2 fixing JSEC-96
new 27cd5af JSEC-94 - commited fix and test case
new 40769e3 updated license header
new 0cef878 removed invalid test case
new 3a0c0df Updated few remaining files that needed to be converted to Apache 2.0
new a39b98f adding servlet-api.jar to samples config to resolve build issues
new 2acf61b adding clean-deploy-dir task to spring samples build; removing SolTech info from AD realm sample and plugging in JDBC Realm instead; spring sample still not working
new 68da8b1 working to fix spring sample app. added retroweaver-rt as "sample" dependency to fix CNF exception. injecting "storedCredentialsHexEncoded" value "false" into credential matcher
new 397075c working to fix spring sample app. added retroweaver-rt as "sample" dependency to fix CNF exception. injecting "storedCredentialsHexEncoded" value "false" into credential matcher; fixing html issue, etc
new 9581d8b sample issues resolved relating to login; still having problems with session
new 39995e7 still working issues in sample app; Updating DelegatingSubject so session is recreated with session is null or session.getId is null.
new bfc140b adding new image
new a12b628 adding new logo to webstart; removing old logo
new afba833 displaying principal name on sampleIndex
new 6d773e5 cleaning up jsp page
new 80f6e71 cleaning up login.jsp page
new 54cd337 adding properly configured filter config, but leaving commented out. When uncommented, sample app gets lots of strange errors. getting closer, but with filter in place sample app is still not functional
new e427ff7 removing old security image
new 53f6e07 more sample cleanup; but still not working completely
new 5d3ce24 PARTIAL completion of implementing a PrincipalCollection
new 98fb293 PrincipalCollection work cont'd
new c108bba JSEC-93: Initial completion of PrincipalCompletion support
new 84fb384 JSEC-93: fixes for test cases to pass
new da66131 fixed bug where session id (but not the session) was null for incoming requests
new c42ee63 added overloading constructor
new 96ab67b spring sample session sharing finally working
new b7c2068 Fixed bug that required both web.xml and spring config to specify the sessionMode
new 5561c72 fixing annotations in spring sample
new a81583a adding support for permissions in sample; fixing bug with PermissionTag
new 709f758 fixing issue with PrincipalTag where string representing class name was not properly converted to class behind the scenes. Handling this conversion manually in the Tag now.
new a3c6f8e used servlet-api of 2.4 instead of 2.5
new a36fac0 using jsp 2.0 instead of 2.1
new c8e1798 fixed erroneous cast assumption (added interface to counteract)
new 26dcf82 renamed WebSecurityManager to DefaultWebSecurityManager and created a WebSecurityManager interface
new 5196d39 enabled Default Java serialization instead of JavaBeans serializer
new 17fa219 minor build changes
new fe628ea minor build changes
new 9775a3b Added backport-util-concurrent to the quickstart webapp - it's required by the provided ehcache jar.
new 8851fb7 final checkin before 0.9.0-beta release
new 374f24a google analytics re-enabled during javadoc task (needed to escape quotes)
new e2d70d1 fixed javadoc
new 9559cd2 prevented exception from being swallowed (now propagates correctly)
new efa44f9 Fixed rememberMe manager cookie attribute settings
new b2a05bc Fixed rememberMe manager cookie attribute settings
new cf65118 JavaDoc updates
new 7341416 killing superstition :)
new 8c20351 killing superstition :)
new ab861e2 JavaDoc changes, updated build.xml header to 0.9.0-beta2
new d121cf0 Finished initial support for a proper reference manual (pdf, html, html_single)
new c709ddb Finished initial support for a proper reference manual (pdf, html, html_single)
new 4e1680d git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@710896 13f79535-47bb-0310-9956-ffa450edef68
new 80f6b6c added descriptions to all ant targets so they would display when calling ant -p
new 3ee153b added descriptions to all ant targets so they would display when calling ant -p
new 38195b8 removed JUG dependency, verified regression tests pass
new 4cd41f9 added legal cryptography notice
new 40517a4 fixed pom.xml per Siegfried's recommendations
new d1a73e4 added initial support for vm singleton deployments (non container environment)
new 3627a61 JavaDoc updates
new 018d70e JavaDoc modifications
new ef15f4e doc updates
new 91b3afb JavaDoc update
new a2a1442 Initial commit of the spring-hibernate sample application
new 0a1d2af ensured user id was acquired (username used only during login)
new c42f6a2 JavaDoc updates - added convenience JavaBean properties for passthrough configuration, changed default rememberMe cookie max age due to Jetty bug
new 4d83019 JavaDoc'd a class constant
new 1954098 JSEC-102: removed all web-related classes from the ThreadContext and migrated existing bind/unbind/get thread-based methods to WebUtils
new 18992d9 JavaDoc correction
new 4e1b1c9 JavaDoc correction
new 5958af2 Initial Configuration check-in (work in progress)
new 03adb04 more Configuration work
new 55ce41e more Configuration work
new 12c0509 more Configuration work
new e31961c ensured user id was acquired (username used only during login)
new affb4bc more Configuration work
new e9464e8 more Configuration work
new a7b38c1 Changes to SpringJSecurityFilter behavior for JSEC-106.
new 7cd6d46 Fix bug in code.
new c6fb056 Fixed NPE and classpath dependency for sample app
new 5585792 Fixed NPE and classpath dependency for sample app
new 5031350 added some basic unit tests
new 88946ae Initial directories
new 528a301 updated config filter processing
new 467db5f updated config filter processing
new 7157f5d Renamed all *Interceptor to *Filter
new 5c31752 renamed WebIniConfiguration to IniWebConfiguration
new c92d25d removed due to parent package renaming (interceptor -> filter)
new 7605250 removed due to package renaming (interceptor -> filter)
new 2e544f4 removed due to package renaming (interceptor -> filter)
new af3e45d renamed 'interceptors' section to 'filters'
new 841b73c fixed filter parsing definitions
new 3101202 added JndiRealmFactory to support EJB3 environment configurations
new 8806472 various cleanup
new 2079457 various cleanup
new 4ae7048 JavaDoc linebreak changes
new 72fa49d basic error checking for JndiRealmFactory
new 2ddf66b JSEC-113 - initial implementation complete
new 67fae13 JSEC-100, JSEC-110 fixes
new 851bf3f JSEC-109 - added JavaDoc
new baf62bb JSEC-109 - added JavaDoc
new 0eb1a4c JavaDoc update
new 038bf31 JavaDoc update
new f990f71 updated copyright headers for all files per http://www.apache.org/legal/src-headers.html#headers
new 16f42ed Added anonymous filter and a jar.deploy task.
new 5c7f46a Added user filter for remember me support.
new fc70bea updated JavaDoc
new 3295c5d Applied patch suggested by JSEC-107 to fix null pointer bug.
new 06d6133 Fix to resolve JSEC-108 by applying principalSuffix to username.
new 1425926 enabled one more username null check to avoid NPE
new b27d0a6 Updated Spring JSecurity Filter to use SpringConfiguration object for configuring. Modified cipher to accept the key as bytes and use the default unless one is specified. Modified remember me to accept pass through args from the security manager. Added support for global properties in the ini config. Added a user and pass thru filter. Added redirection after login by saving request in the session.
new 0aad0e8 Refactoring of filters to make better use of inheritance hierarchy.
new 1cb8be6 Changed configuration to load file based on configUrl parameter. If configUrl parameter isn't found, falls back to jsecurity.ini. If that isn't found, loads from the config filter param.
new de9ad2e git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@710956 13f79535-47bb-0310-9956-ffa450edef68
new 2b3c56a Removed HashedCookieComposer - mostly because it is not being used and secondly because it was authored by non-CLA contributor
new 8d6b546 Ensured RememberMe identity iis always removed on any login attempt. It will be reset if necessary based on the AuthenticationToken
new 2935591 Ensured RememberMe identity iis always removed on any login attempt. It will be reset if necessary based on the AuthenticationToken
new bc7c503 moved to io package
new aad335c formatting only
new 643bf7c javadoc modifications, et. al.
new c35307d changed build file to ensure no core components can depend on the web components
new e1fdf4d git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@710964 13f79535-47bb-0310-9956-ffa450edef68
new 4813f57 JSEC-117 - initial logging framework support
new b12ad9b JSEC-118 - addedd SLF4J dependency directives
new 12bd2f4 JSEC-118 - addedd SLF4J and removed commons logging.
new 15eb3a8 JSEC-118 - addedd SLF4J and removed commons logging.
new f908938 fixed slf4j jar references
new f2bbb6c git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@710970 13f79535-47bb-0310-9956-ffa450edef68
new c15132f git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@710971 13f79535-47bb-0310-9956-ffa450edef68
new bdb66a8 trying to finalize adjustments for ongoing dev list discussion
new daa29fd trying to finalize adjustments for ongoing dev list discussion
new 09b3c12 javadoc update
new 9fee5cb git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@710975 13f79535-47bb-0310-9956-ffa450edef68
new 844a554 git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@710976 13f79535-47bb-0310-9956-ffa450edef68
new 9776179 removed ClassUtils usage to avoid CL issues (now uses static linking)
new 9abce2a removed ClassUtils usage to avoid CL issues (now uses static linking)
new 2dee7da test commit
new 0ff6c4d reverted to JCL
new 94f3a0f reverted to JCL
new 7f67179 reverted to JCL
new ff274fb fixed FirstSuccessfulStrategy - was previousl broken
new cc8fc6d altered potential cause of bugs in classloader-segmented environments
new 316d6b3 adjusted for potential NPE, updated JavaDoc
new 2b38a16 reverted back to JCL
new fda011a Refactoring of Account into AuthenticationInfo and AuthorizationInfo, and deprecation of AuthorizingAccount for JSEC-105.
new ae24d13 Bugfix for JSEC-105.
new c82c5b0 Set 1.5 as the target of all compile tests to prevent accidentally building for only Java 6.
new 623a306 added JavaDoc
new 5512933 event support modifications
new e879934 quite a bit of architectural cleanup to simplify instantiation across all components as well as simplify event management
new 0386609 quite a bit of architectural cleanup to simplify instantiation across all components as well as simplify event management
new 489803e quite a bit of architectural cleanup to simplify instantiation across all components as well as simplify event management
new bbc4509 javadoc correction
new b4e6093 javadoc modification
new e6f9276 removed missed dependency (not necessary)
new a48405d added delegation method for overriding
new bb2ecf5 fixed minor initialization race condition (http session mode not set yet)
new d68591c chunked up a complex method for simplicity/readability
new eb7d797 removed unnecessary init call
new 590db8f added delegate method for overriding
new d120707 javadoc updates
new 6b6135d javadoc updates
new 0a86035 javadoc updates
new 09bc310 javadoc updates
new b4ebbd6 javadoc updates
new 49d3d7c quick fix to ensure cookies are set properly
new 5470cf3 git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@711009 13f79535-47bb-0310-9956-ffa450edef68
new 5a8e9d4 added quick sanity check for session id cookie attribute passthrough methods to ensure the correct instance exists at runtime
new dd6d42a added quick sanity check for remember me attribute passthrough methods to ensure the correct instance exists at runtime
new 61d5a3f renamed FirstSuccessfulStrategy to FirstSuccessfulAuthenticationStrategy to maintain consistency. Will be renamed back to FirstSuccessfulStrategy for 1.0 final
new 945800d consolidated method calls to a consistent location
new dbcd88f Updated pass thru javadoc.
new a634805 Updates to authc filter javadoc.
new d11a974 javadoc updates
new 6965773 javadoc updates
new 6e0c37d updated javadoc
new 413d043 updated javadoc
new 3daaa18 removed WebUtils.getSubject (not needed as Filter parent class consolidated this behavior), optimized imports
new 896bd3b moved unnecessary method from interface - only used by one implementation
new e109994 fixed bug that wouldn't load spring configuration without ini embedded in web.xml
new 5ba2ab4 enabled lazy-loading of default PropertiesRealm instead of at instantiation time (was confusing to most users)
new 7400bc5 fixed Class Cast Exception bug
new 9af4f84 javadoc updates
new 98f1979 javadoc updates
new f0094a7 fixed bug where the challenge may not be sent in all necessary cases
new a483944 minor implementation cleanup
new 837fa56 variable renamed for clarity
new 9659098 javadoc updates, BasicHttpAuthenticationFilter adjustments for better flexibility
new cea3e38 Fixed null pointer bugs when a null authorization info is returned. Added a unit test to confirm behavior. Fixed problem where decryption errors are not handled correctly by remember me manager.
new ceaf6a3 method parameter re-ordering, minor javadoc updates
new 86d720f JavaDoc updates, added clearCachedAuthorizationInfo method
new 21d2f9e More JavaDoc
new 782ccb0 More JavaDoc
new 2c8275f fixed source of potential bug
new c733b07 more JavaDoc updates
new caff40d more JavaDoc updates
new 9447d20 added ImmutableProxiedSession to ensure SessionListeners don't modify a Session during an onStop/onExpired notification
new 5ec5dec javadoc fix
new 2d5fe44 javadoc fix
new 30648f1 javadoc fix
new a0ac3ed Changed loggers to all be private/static.
new df7ae6e javadoc updates, chunked up BasicHttpAuthenticationFilter's logic to be more maintainable and configurable
new bb4d211 ensured subject can start and stop sessions multiple times in the same transaction. Moved some Test classes to their appropriate packages.
new bd1b0ae removed remaining orphan 'Event' references to reflect the newer Listener mechanism
new d09a0fa removed session.isExpired and session.getStopTimestamp() from the interface (still exists in implementation)
new 5f4dc71 fixed session isStopped() bug
new 72f6990 BlowfishCipher 'defaultKey' attribute renamed to just 'key' to avoid confusion with the default value set. BasicHttpAuthenticationFilter method stubbing and more JavaDoc.
new 5463391 JavaDoc adjustments (<pre> and <code> adjustments)
new 02ace2b removed more init() methods where possible (where the default constructor would suffice)
new 1f9d5c7 javadoc updates
new 025fc80 javadoc updates
new 1d1e16b final javadoc updates and code modifications for RC1
new 61d8091 JSEC-119 - fixed problem for type conversion
new cc59abd JavaDoc updates and removed validation checks after subject.logout() is called - a Subject is still valid even after logout - it is just considered anonymous again after that point.
new a7ace51 renamed hasPrincipal to hasPrincipals to better reflect a collection
new cf42006 javadoc updates and added changes.txt file
new 96d763f git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@711062 13f79535-47bb-0310-9956-ffa450edef68
new a7d4b84 git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@711063 13f79535-47bb-0310-9956-ffa450edef68
new 8e2b39e JSEC-123 - added intermediary abstract class to consolidate common executeLogin behavior
new 8b4324c JSEC-122 - fixed NPE
new 9fd4833 JSEC-120 - added PatternMatcher interface to support pluggable pattern matching implementations for configuration
new e33e503 JSEC-123 - added some configuration changes to ensure the authc filter could process the login url
new 24c6437 Throw exception when request/response isn't set on WebUtils so that you get a nice error instead of a NPE.
new 1d0b3e6 JSEC-119 - cleaned up primitive and object reference reflection/injection. Objects now can now be referenced via $beanId notation
new d70b47f JSEC-119 - added one more test case for testing values starting with to ensure escaping is performed correctly.
new 03d1b7f renamed WebUtils getServletRequest and getServletResponse to getRequiredServletRequest and getRequiredServletResponse respectively, and updated where those methods were being called.
new 9dcb6ba JavaDoc updates
new 11042b8 cleaned up formatting for readability
new 31a7f45 Lots of JavaDoc cleanup preparing for release (mostly moving from package.html to package-info.java representation)
new a1cfdfe made comment about the differences running JavaDoc in Windows vs Mac environments
new 7c47678 changed version for snapshots
new 5f42558 Moving sample webapp to samples/web to make room for a new quickstart (non web-based)
new 624b398 Moving sample webapp to samples/web to make room for a new quickstart (non web-based)
new a8b21f5 Moving sample webapp to samples/web to make room for a new quickstart (non web-based)
new a877d92 working on test cases in preparation for quickstart modifications
new 97f2753 working on test cases in preparation for quickstart modifications
new 4d59716 cleaning up for the quickstart
new 9bdefd9 more quickstart prep
new 88ddbe2 more quickstart prep
new 41ed79c finalized Quickstart code, preparing for RC2
new d2bb6f4 final RC2 release edits
new 019b86b upated revision back to 'snapshot' for further non-release development
new ba44d5c fixed invalid date format
new 10b06d9 minor javadoc correction
new 7810fd7 JSEC-124 - renamed SpringWebConfiguration to SpringIniWebConfiguration
new 3140ac4 javadoc
new 6d4174c git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@711094 13f79535-47bb-0310-9956-ffa450edef68
new e348681 added a standalone sample app
new b4bc3f4 javadoc additions, template methods created
new 3900ffd javadoc additions, template methods created
new c6c3913 made use of clearCachedAuthorizationInfo method on logout (was duplicating logic)
new 7a157be Enabled better logging for sample apps
new 24c704d added InheritableThreadLocal.childValue method implementation
new 2f4fbdc fixed erroneous path
new 3504c1f javaDoc
new 5168d55 JSEC-125 - moved quartz-based classes to the 'support' directory
new 76d8acb JSEC-125 - moved quartz-based classes to the 'support' directory
new 8abb4ee JSEC-125 - moved ehcache-based classes to the 'support' directory
new 32f5fd6 JSEC-125 - moved ehcache-based classes to the 'support' directory
new 9278d8d JSEC-125 - moved ehcache-based classes to the 'support' directory
new 74d0949 JSEC-125 - moved ehcache-based classes to the 'support' directory
new d3fe228 JavaDoc updates and notes for more JavaDoc
new cb876ff Indicated which classes require JavaDoc
new f768f7f brought JavaDoc up to 100%
new 14d4f63 brought JavaDoc up to 100%
new 4d8b8a0 100% JavaDoc coverage
new 1247937 100% JavaDoc coverage
new d87befb minor JavaDoc chages - also removed unused log instances where possible
new 64011c6 javadoc and renamed FilterChainWrapper to ProxiedFilterChain
new b6e6a45 JSEC-29 - fixed
new 6443cc4 added RequiresAuthentication, RequiresGuest, RequiresUser annotations and corresponding MethodInterceptor implementations to support them.
new b74b7af JavaDoc modifications and new feature (3 new annotations and corresponding AnnotationHandler and *MethodInterceptor implementations to support them)
new 42fcc06 fixed imports
new 5e7eb01 updated JavaDoc
new e165f17 JavaDoc updates
new c077da3 Moved to import directory, the place to hold the original import
new 07a3cda Minor fix to JavaDoc.
new ceb3580 JSEC-24 Temporarily commented out code in anticipation of an immanent fix.
new 11746c6 JSEC-23 the lastAccessTime field is now updated whenever attributes are retrieved or set
new 06a8a29 JSEC-25 renamed some classes to get JUnit to work properly
new 8734588 JSEC-24 CachingSecurityManager always needs a default cache manager, for now
new 09de488 Created the initial directories
new b694475 Re-enabled the EhCacheManager
new 9804a1c fixed release comments for 0.9 release
new 2639fc7 Final 0.9.0 final tag from imported source code
new 352f080 0.9.0 import for incubation
new 3101e09 JSEC-33 - added two test cases to verify the issue is resolved
new 44e4655 JSEC-40 - added initial CacheManager implementations potentially to be used in 1.0
new 2c34c03 Moved source code to a 'core' module and a 'web' module. Test directories reflected this move as well
new 9fd5bb2 removing empty directories after src move
new fd3dbae removing empty directories after src move
new 7c13d4c removing empty directories after src move
new 0dd8052 removing empty directories after src move
new 1e55132 removing empty directories after src move
new 38cd07b removing empty directories after src move
new eb03dc9 replaced EhCache classes
new 75af745 reinstated Quartz classes
new 2e572b8 necessary modifications to coincide with the src dir move
new 9900fe4 replaced missing Test cases that were not copied during the src dir restructuring. All tests are now back in place.
new 6234867 Modularized the build files to correspond to the new modular structure. Ensured the default CacheManager is a DefaultCacheManager (not EhCacheManager), pending final outcome on dev list whether or not enable or disable caching expliclity.
new b45080f remaining build modifications to match the src structure. Appended -${version} to jar names to allow easy upload to the central maven repository.
new e04cadb JSEC-39 - had AuthenticationInfo and AuthorizationInfo extend Serializable. Also updated the NOTICE file to reflect Dr. Heinz Kabut's permission for us to use his source code to seed our SoftHashMap implementation.
new 274f228 JSEC-27, JSEC-40, JSEC-41 - removed default realm. Removed core depdency on Ehcache (now uses DefaultCacheManager which uses core SoftHashMap caches to prevent memory leaks), removed ensureRealms() method in SecurityManager implementation since the Authorizer and Authenticator implementations now assert if realms were properly configured or not
new 35cbea6 JSEC-42 - made SecurityManager extend SessionManager instead of SessionFactory (reasons documented in the issue).
new 6b558be JSEC-37 - architectural preparation to enable easy assumed identity support. Need to vet modifications before they can be verified as the final solution.
new 6b796dd JSEC-37 - architectural refactoring in preparation for 1.0 - simplified implementations and implemented some best practices based on Joshua Bloch's "Effective Java" book.
new 41d1ac1 Modified to be more robust and based on common Subject lookup mechanisms (SecurityUtils). If not found there, only then fall back to a system property (previous behavior).
new 5a304dd Modified destroy() method chaining - previously used destroy and chain of before*Destroyed() method calls, which was confusing and hard to trace across the class hierarchy. Now using simple super.* overriding calls for easy traceability. The previous before*Destroyed() methods existed for simple subclassing overrides, but are no longer relevant since the next release will favor a composition over inheritance model (subclasses should be very rare). Also modified some J [...]
new c08e385 JSEC-34 - added logic to add '/' if the request contextPath is null or empty, accompanied by two test cases for verification
new bb66971 JavaDoc update
new 150e9bc JSEC-45 Initial work. Samples still needs to be completed
new 849c715 upgraded ivy to 2.0.0 (final) now that it has been released. Continuing to work to enable samples builds
new ddc0f10 Break the build to test Hudson
new 2db3ebe Fix the build to test Hudson
new 6176665 re-enabled samples builds
new 9e128e7 JSEC-46 Implemented functionality for issue, also added minor updates to reference documentation
new 7432a0e JSEC-46 Minor adjustment to catch a possible exception
new e2d3231 JSEC-15 - applied patch code w/ minor modification
new e54b43e JSEC-20 - added JavaDoc and modified code to now throw an IllegalStateException if the SecurityManager is inaccessible, indicating invalid configuration.
new 5c838be JSEC-22 - implemented fix for DelegatingSubject to retain the SecurityManager instance (not null it out) upon logout for continued re-use. Accompanied by DefaultSecurityManagerTest.testSubjectReuseAfterLogout() test case to verify.
new ac4b50e updated JavaDoc
new 9fcb655 minor update to pass a test
new d60e580 JSEC-50 - changed log level to debug
new 50da0f2 JSEC-45 fixed destination of TLD file.
new 0e68c8a JSEC-45 Getting the web demo to work
new ed4f5f5 JSEC-45 better names for jars/wars
new 280d868 JSEC-45 updated Jetty version
new 68ec111 JSEC-45 Getting the web demo to work
new 9aa52ea JSEC-45 Added properties realm
new 9a1c6a4 JSEC-45 added web sample to build
new eb00fa3 JSEC-45 Moved to get demo to run
new c914b13 JSEC-52 - implemented serializable
new 07d984c JSEC-45 oops
new a00b312 Added a quick fix to extract out the ivy base repository url in case that needs to be overridden (e.g. when using a company internal repository proxy)
new 0df7067 deprecated HashtableCache
new 766b9f1 removing project files for now (seeing errors in my IDE) - will re-add them after cleanup. Also added some utility methods to reduce method complexity
new 41ec5f3 JSEC-56 - implemented functionality recommended by patch.
new 567dd4e Added the ability to hash a File and InputStream
new a22db77 JSEC-57 - implemented functionality required to ignore identity calls after logout
new 1a86f3b Merged changes from the import branch that were accidentally committed into the trunk.
new 9d001c2 Cleanup sample app.
new c0e5348 KI-66 intermediate changes
new eaa4940 KI-66 intermediate changes
new 4168832 KI-66 intermediate changes
new dfb65b0 KI-66 intermediate changes
new b90e819 KI-66 intermediate changes
new c262c51 KI-66 intermediate changes
new a1c9e2e KI-66 intermediate changes
new ce62cb8 KI-66 intermediate changes
new fe4df12 KI-66 intermediate changes
new 7948f48 KI-66 intermediate changes
new 42d7197 KI-66 intermediate changes
new 09084f1 KI-66 intermediate changes
new 2776f20 KI-66 intermediate changes
new ff238cc KI-66 intermediate checkin
new fe5723d KI-66 intermediate changes
new ca56ce3 KI-66 intermediate changes
new 6c2dd85 KI-66 intermediate changes
new 47ff03c KI-66 intermediate changes
new 54166cd KI-66 intermediate changes
new 73a38ab KI-69 commented out broken tests
new 5244781 KI-66 intermediate changes
new 716c302 KI-66 intermediate changes
new 760bad5 KI-66 intermediate changes
new 7a653c3 KI-66 intermediate changes
new 278e15d Fix for KI-70 so that an AuthenticationException is thrown if LDAP throws a javax.naming.AuthenticationException instead of logging it as an error and returning null.
new 4eb3137 ki renaming changes - removed empty directories as well
new 9210b94 ki renaming changes - removed empty directories as well
new 7164888 ki renaming changes - removed empty directories as well
new 705370f moved files to maven standard directory layout
new 2b1ff7d moved files to maven standard directory layout
new d63d64d moved files to maven standard directory layout
new f6f41ad moved files to maven standard directory layout
new a44585c moved files to maven standard directory layout
new fcb931b moved files to maven standard directory layout
new cbe1dc5 moved files to maven standard directory layout
new 4c006b5 moved files to maven standard directory layout
new 4f813a7 moved files to maven standard directory layout
new 3513557 moved files to maven standard directory layout
new f7895fe moved files to maven standard directory layout
new ae34d7d moved files to maven standard directory layout, one file's JavaDoc updated
new f1ef254 added ASF parent pom to pick up distribution management settings for snapshot and staging publishing
new 39d64e9 added '-incubating-' to the version to make our incubation status clear
new e80880b Fixed POMs' versions
new 0308ddd added jar bundle module
new 73bc38b Updated many files where a default JSecurity -> 'Apache Ki' was unnatural or didn't make sense (for example KiFilter -> Apache KiFilter in servlet filter definitions and related documentation). Just using 'Ki' was more appropriate and natural in these cases.
new 733ea8d KI-72: swapped out commons-logging for slf4j
new 1361690 fixed cause of stack overflow
new f9e5ff0 modifications to clean up spring-remoting support (was causing stack overflows)
new cb39c33 final modifications to prevent stack overflow in a federated session environment
new 2517a72 documentation work - prepared to use the docbkx plugin for DocBook documentation
new 7b3db3b removed unnecessary property 'kiVersion' since project.version is suitable (no need to maintain version in 2 places)
new 2db783a Added two new default filters - 'port' and 'ssl' to ensure a request comes in on a certain port (with the 'ssl' filter being a PortFilter that just defaults to 443).
new 998fe8a added Apache license and @since information
new 1b08e14 fixed code that returned a null subject - Subject should never be null (they can be re-used even after logout - they're just considered anonymous again after that point).
new 81b35b1 KI-75 - added more to JavaDoc to better explain how to define Realms, RealmFactories, and other objects in an object graph, as well as how to apply them to the SecurityManager
new eed77b5 removed two unnecessary html <p/> elements, which was preventing the JavaDoc from displaying correctly in Idea
new 0b2e723 removed two unnecessary html <p/> elements, which was preventing the JavaDoc from displaying correctly in Idea
new ff26ba8 changed DEFAULT_ERROR_KEY_ATTRIBUTE_NAME constant to be 'ki.authenticationExceptionClassName' to be more explicit as to what it represents as well as to remove the 'jsec' name remnant.
new cdf2fe7 changed DEFAULT_ERROR_KEY_ATTRIBUTE_NAME constant to be 'kiLoginFailure' for simplicity and to ease backwards compatibility.
new 9675821 Added JavaDoc
new 79d8f4f Started working on a HostFilter. Not yet complete.
new ddbcc70 re-enabled the Quickstart executable. Updated the QuickStart wiki page
new ccd01fa further jsecurity name changes. Also moved jsecurity.tld to ki.tld in the appropriate META-INF location in maven resource tree
new 4a44bbf Fixed bug where session.stop was not delegating at all times to the security manager (required for the security manager to clear out a cookie in web environments)
new e6f4e6a added log level corresponding to new package structure
new f9371e5 minor logging clean up with slf4j, added root-level javadoc pom config
new d13150f refactored out constructor logic to protected method to be accessible to custom type-safe subclasses
new 99a2f37 Added WildcardPermission default,no-arg constructor (protected - not public) for use by subclasses. Added new 'DomainPermission' subclass for those that wish to use type-safe permissions (work in progress)
new 58da0f8 Modified SoftHashMap for highly concurrent environments
new 3d6f06f javadoc & minor enhancements (implemented all methods in the Map API instead of subclassing AbstractMap)
new e15ab4a Added SessionFactory for OO delegation instead of requiring to subclass the SessionManager implementation. Also added some JavaDoc
new 16f14da JavaDoc modifications
new 7f34f89 added SessionFactoryAware for passthrough configuration via the SecurityManager
new c769b2f Added SessionDAOAware interface to allow passthrough configuration of SessionDAOs on the DefaultSecurityManager (to the underlying DefaultSessionManager)
new 447f4f8 added JavaDoc @since indicator
new f627388 Began preparing for new Factory style methods - added SessionManager#createSession(Map) and adjusted SessionFactory to support this. Current behavior is retained, just implemented in a different way. Added AuthorizingRealm#getAvailablePrincipal utility method to eliminate duplicate code used across many realms. Cleaned up much JavaDoc.
new 8253515 Cleaned up extraneous line breaks in JavaDoc (extra <p> tags)
new 747c0a5 minor JavaDoc fix
new c60adf6 JavaDoc additions
new dd0051b KI-80: Added passthrough configuration attributes for Cookie domain, comment and version
new 27a0d12 KI-80: minor logging cleanup
new 9ab38da fixed erroneous Maven scope for logging
new 9be3cdf s/jsecurity/shiro/
new be025ce Changed all poms to reference the project's new name. No source code was changed yet though (all still under org.apache.ki.*). Package/source changes will occur later.
new 2640688 ensured the cached hex and base64 encoded values are marked as transient to prevent double payload size when remoting. Also implemented Serializable to allow easy transfer over the wire
new 65215e0 Ki to Shiro rename
new 1fd8544 Ki to Shiro rename
new a34643b Ki to Shiro rename
new d6aacc4 Additional name change fixes related to jsecurity/ki -> shiro migration (changed case-sensitive references). Re-enabled the spring-hibernate module, cleaned up dependency management by excluding all uses of commons-logging and using jcl-over-slf4j where requried by 3rd-party dependencies. Moved spring-hibernate module's org.jsecurity.* package to org.apache.shiro.*.
new 793fef0 Removed unused/empty package
new 2f72e83 Ugraded to apache parent pom version 6. Removed retroweaver dependencies as Shiro 1.0+ will use JDK 1.5 as its base requirement per email thread http://mail-archives.apache.org/mod_mbox/incubator-jsecurity-dev/200904.mbox/%3C44b57a610904301058tfd3c7e8oa389df45b2c45b08@mail.gmail.com%3E
new 36e56ca attempted to get the spring-hibernate application running. All dependencies are now resolving correctly, but there is still a runtime error - will look into it tomorrow when I'm not falling asleep ;)
new 1a88048 prevented removing session attributes from the Session on unbind - this was eliminating session identity, which might need to be queried against by any potential registered SessionListeners later in the thread's execution
new d3b85c1 Added DelegatingWebSecurityManager and supporting components. Cleaned up some JavaDoc
new 807cf5a added for SessionManager testing
new 5baf6f0 added for SessionManager testing
new 888f812 Fixed session timeout bug - globalSessionTimeout configuration was not being applied
new b435a40 Added DelegatingSessionTest
new 614dcf6 Added another test case for sessionTimeout
new 68276b9 AbstractSessionManager#applyGlobalSessionTimeout was not persisting the session timeout change back to the persistent store - fixed this. Also modified documentation. Also added 'updateSessionLastAccessTime' to the ShiroFilter to ensure that the sessions' lastAccessTime was accurately being updated for 'native' (non servlet container) sessions.
new 6396af3 Override to applyGlobalSessionTimeout in the DelegatingWebSessionManager to ensure it does not override the session settings specified by the back-end SecurityManager
new 895993f SHIRO-30 - enabled SecurityManager#getSubject(Map initData) method and altered underlying implementations to support this construct. This allowed for a significant amount of duplicate boilerplate code to be consolidated into the DefaultSubjectFactory implementation
new 30848a7 - SHIRO-53 - enabled auto-deletion of Session objects after invalidation to prevent orphans. Added DefaultSessionManagerTest#testSessionDeleteOnExpiration() testcase for verification. - Removed auto-deletion of cached objects from CachingSessionDAO - this was preventing the SessionManager from performing appropriate cleanup/notification logic necessary for any invalid sessions held by the cache (this was preventing SessionListeners from receiving onExpiration and onStop [...]
new c6ae240 minor logging fixes
new 4b665c5 Continued work homogenizing Session access - previous work on DefaultSubjectFactory and DefaultSecurityManager allowed the removal of the WebSubjectFactory entirely. Made minor code enhancements per IDEA inspections. Enabled log4j as the logging mechanism for test cases, but will probably change that to be Logback so we can have one less jar dependency. Lots of minor JavaDoc fixes
new c1552e3 fixed minor typo, changed <code> and <tt> tags to javadoc {@code } tags
new 2fbaf89 Fixed a few bugs related to remote proxy Session management (exceptions not properly propagating to the correct layer). Added some performance enhancements in the DelegatingWebSecurityManager to cache the session on a thread-local instead of regularly accessing the back-end system avoiding network round-trips where possible.
new 7166032 Changed method signature of SecurityManager#logout(PrincipalCollection) to be SecurityManager#logout(Subject). This was surprisingly a very minimal change - the method was only referenced in one location. This was mandatory because of the need to send in not only the PrincipalCollection, but the currently referenced session ID, which could potentially be different than the thread-bound session id. Also, a more coarse-grained method argument affords for more flexible c [...]
new 9942d15 Minor JavaDoc formatting
new d83b6a0 Extracted saved request redirect method to WebUtils (all the other saved request methods were in web utils already - it made sense to keep this consistent)
new 49df27a Added SessionListenerAdapter, created more unit tests to verify SessionListener notification works as expected.
new 981cfd8 Removed ReplacedSessionException and its uses - it turns out recovery logic was already available in the SecurityManager implementations - the SessionManager should not auto-recreate sessions and instead should be left to the decision of the SecurityManager based on application needs. The default SecurityManager behavior works acceptably well in both web and non web applications.
new 0227ead removed session timeout that was used in local testing only
new f3bbe39 Removed last remnant of ReplacedSessionException logic
new 36edeea Added sources and javadoc plugins to the deploy phase, fixed test case sleep timeout
new 700f227 changed sources and javadoc plugins to an earlier revision - current revision is taking too long during build time, probably due to erroneous configuration (gotta look in to that later)
new 97d5e14 removed association of sources/javadoc plugins to 'deploy' phase - this was not working. After removal, the sources and javadoc .jars appear to be created and deployed successfully.
new 6b4a0d5 fixed typo
new c316856 adding test support
new 99ec911 removing - incorrect location (not Ehcache specific)
new 4c94e53 fixed Exception message incorrect interface name reference
new ea4ab3b SHIRO-85 - fixed by using LinkedHashMap instead of HashMap
new 902e40d SHIRO-25 - began initial support for RunAs capabilities - started with Runnable/Callable support. Also fixed various minor typos. root pom.xml - commented out the DocBook plugin as it is not being used
new 061e034 fixed erroneous file path constant for embedded ehcache.xml file
new 240f16b SHIRO-25 & SHIRO-86 - created initial Builder implementations which allowed for significant cleanup of ThreadContext usage across code. Builder implementations could probably be used in 'runAs' functionality moving forward. Will investigate later.
new bebfafc SHIRO-87 - applied patch and fixed remaining org.shiro occurrences to org.apache.shiro
new 93ee323 removed ThreadContext references in comments where unnecessary
new c795904 ensured WebUtils binding works temporarily while the SubjectBuilder API is being flushed out
new 9627d74 updated SubjectBuilder/WebSubjectBuilder implementations. Refactored ThreadStateManager to be interface-driven (ThreadState). Refactored code where necessary to call these APIs. Still debating on final name for SubjectBuilder (mailing list post to ensue).
new b084631 SHIRO-43 - committed patch changes
new 8dbea5d Initial fix for missing ServletRequest/Response problems
new 54cf65b SHIRO-91 - re-enabled tests
new c96ea60 SHIRO-90 - changed timeouts to account for JVM speed differences. Test should be refactored to use a mock DAO that returns a Session instance that simulates expiration instead of depending on sleep logic
new b6feada SHIRO-90 - wrote a better global timeout test avoiding Thread sleep() - ensures the changed session is persisted to the data store with a configured timeout value.
new 06ffc18 SHIRO-91 - submitted fix for rememberMe
new f41b5b7 SHIRO-91: supplemental fix (ShiroFilter - thread binding for WebRememberMeManager). SHIRO-86: refactored SubjectBuilder and WebSubjectBuilder to Subject.Builder and WebSubject.Builder per mailing list discussion.
new c70b514 SHIRO-92: added interface method and implementation SHIRO-93: applied patches and added Apache license header general apache header verification for all pom.xml files
new b47afa9 SHIRO-88: added patch for moving javadocs/sources .jars to the 'docs' profile
new 0f429ab SHIRO-50 - included Spring's required NOTICE statement
new 8d770b7 SHIRO-50 - fixed typo
new 7a14780 Updated JavaDoc
new 3d0b1b2 SHIRO-10: removed 'sm' alias - no other aliases exist and end-users cannot define their own alias. It should be removed as a feature (it was previously undocumented anyway). Configuration mechanisms will also change for 1.0 probably making this an irrelevant issue.
new e04539c SHIRO-96: applied patch
new 4bea498 SHIRO-96: Had to temporarily comment out a test case due to failure on the command line
new 293bbb2 improved JavaDoc a bit
new d6eeca8 Began initial 'composition over inheritance' support for configuration. None of the additions are used in existing code yet - they are there as placeholders only at the moment to be used later when refactoring existing components (e.g. IniWebConfiguration)
new 8b5cad1 Commented out the tests temporarily - for some reason the Hudson build regularly fails when trying to execute this test.
new c9613a0 Moved Filter management components to new 'mgt' package to cleanly distinguish between frequently-accessed end-user filter support classes and those for framework development. Refactored IniWebConfiguration to use the new components, utilizing a cleaner 'composition over inheritance' implementation strategy. Cleaned up various JavaDoc.
new 0b4d3f5 fixed incorrect comment
new 0251a83 fixed an issue where the filter name was not being set correctly
new c29c815 Changed logging message to include the filter name for easier tracing
new 09cdc99 minor formatting and spelling and JavaDoc changes
new 0f4529e SHIRO-25: added execute(Callable) and execute(Runnable) methods to associate single-call-only 'runAs' support. Also refactored the Spring SecureRemoteInvocationExecutor to use this more convenient approach, rather than having to manage a ThreadState object manually.
new 501899f Filter clean-up - refactored OncePerRequestFilter out to the new AbstractFilter and NamedFilter for clarity and to constrain OPRF to only already-filtered checks (overall functionality remains the same though). Modified WebConfiguration to add a getFilterChainResolver method and deprecated the old getFilterChain method (it still functions as expected for now). Further modifications will wait pending mailing list discussion 'Configuration: ShiroFilter vs WebConfiguratio [...]
new be7f8cd Fixed issue where a filter with no configuration was not being added to processing paths
new 0be8441 SHIRO-104 - changed the default AuthenticationStrategy to AtLeastOneSuccessfulStrategy to cater to most users' needs.
new fff96c9 Removed 2 unused constants
new f74c017 SHIRO-104 - JavaDoc and minor cleanup
new e866168 Created DefaultFilterChainManagerTest - 100% code coverage - yay!
new 2c6a684 Oops - forgot that java.util.Deque was a 1.6 construct - commented out for now
new 71a8eba Added ASF license header
new 377794b Added test case
new 1e17ab0 SHIRO-25: Subject 'assumeIdentity' additions. Work in progress - do not use yet. Method names reflect current list discussion, but could change at any time.
new 1b3f630 Had to comment out the extends clause in the class definition - causing Hudson build to fail. Need to investigate why.
new f5f1efb SHIRO-105 - added getPrimaryPrincipal() method and default implementation retaining existing default heuristic (iterator().next() == assumed primary). Updated various JavaDoc reflecting this change.
new 26525a8 added two test cases - execute(Callable) and execute(Runnable)
new 61c1542 Fix issue SHIRO-106, call sendError instead of setStatus for setting 401 to invoke container's ERROR dispatcher
new 445c0a3 Minor constructor cleanup
new c23c8fc Fixed typos
new f2b181a Minor visibility modification
new ba60ebc Configuration overhaul - initial commit. New AbstractShiroFilter and IniShiroFilter and Ini classes added. The old ShiroFilter has been deprecated. The next step will be to deprecate all *Configuration and *Resource classes that are no longer used and only referenced by the old ShiroFilter class.
new 898e66e Removing deprecated warnings until the FilterChainResolver construction logic is finished in IniShiroFilter and it can be 100% functionality compliant.
new 586b59b SoftHashMap - made some adjustments after re-reading Java Concurrency in Practice. MapCache - removed destroy() method (called clear(), which could have negative effects on a stateful cache. This also allowed removing import of the Destroyable interface.
new bd35069 SHIRO-104 - fixed JavaDoc to reflect the previous code change
new 521f3e8 Minor JavaDoc cleanup
new bb8e265 Fixed Heinz's name
new c3b8d18 SHIRO-108: BasicHttpAuthenticationFilter now creates empty authentication tokens when the username and/or password are missing, rather than returning null.
new 92aaa75 Added unit test for SHIRO-108.
new c5a3280 Add the new value in put() to strongreferences queue by default to solve the test reliability issue with SHIRO-96 (because account info in memory realms may get garbage collected). However, this doesn't ultimately solve the issue as values that don't fit to strong references would still get garbage collected. Additionally, there's no need to use a cache for memory realms anyway - see SHIRO-49 for that.
new b5c5e9c SHIRO-96: Re-enable the in-container integration tests that were commented out because they didn't reliably succeed (in-memory accounts in memory realms may be garbage collected, see SHIRO-49). Since the account info in SoftHashMap is now added to strong references queue by default, the caching will work predictably enough for these tests to succeed reliably. The tests would still fail if 9180 port is reserved on the machine. It would be better if the embedded Jetty woul [...]
new cb58cc4 Whoops - related to SHIRO-96 managed to break the Hudson build. Interesting that different JREs seem to deal with this differently as I didn't see the issue when I run the build locally. Anyway the issue is http://stackoverflow.com/questions/749394/java-object-cannot-be-dereferenced and should be fixed now by specifying HtmlInput as the type of returned getInputByName call
new 8b85580 Update to 6.1.21 Jetty
new eaeaa0c - Finished initial change to configuration infrastructure to use the new IniShiroFilter and supporting classes. The existing ShiroFilter class and all of its supporting *Resource and *Configurtion classes still exist and have not been changed, but they are now deprecated in favor of the new AbstractShiroFilter and IniShiroFilter mechanisms. - Updated the sample web application's web.xml to use the new IniShiroFilter. - Added or modified unit tests for 99-100% line cover [...]
new e440074 JavaDoc enhancements
new 27f178a Exclude javamail dependency from log4j and mark log4j in test scope
new 656e3b2 Ignore target folder from svn
new c6037cd SHIRO-115 - applied suggested code to prevent code injection
new 699d748 changed exception check for more correct isEmpty call
new 9b25181 Ensured the backing map was a LinkedHashMap to retain section definition order (could be nice for iterating or when writing to an output stream to retain input order)
new 0e4068f SHIRO-49 - Changed SimpleAccountRealm to use internal memory Maps instead of caching - however, auto-reloading of the .properties file source has been temporarily disabled. SHIRO-118 -Created IniRealm with accompanying unit tests at 100% code coverage. Changed parent TextConfigurationRealm to support map-based configuration.
new 8df63ee changed Factory.createInstance method name to Factory.getInstance. This name change allows for either a new object to be created or a cached object to be returned at the discretion of the underlying implementation. The previous ''createInstance' name implied a new instance is always created, which may or may not be desirable depending on the implementation strategy or usage.
new a95341b SHIRO-116 - ensured that an implicit IniRealm would be created if the startup configuration contains [users] or [roles] ini sections. Also provided the ability to turn caching on or off at a global level via CachingRealm.setCachingEnabled.
new fc41ccf Added constructors to IniRealm and IniSecurityManagerFactory to load an Ini by resource path and included accompanying tests. Also updated the Quickstart to use this mechanism (a little easier to understand).
new e260399 fixed user name to 'root' to match sample app
new 0d0a58c SHIRO-121 - removed all references to java.net.InetAddress and replaced with Strings. All tests pass.
new b4df185 Deprecated 2 constants, cleaned up the sample webapp to use the .ini configuration for users/roles instead of the older PropertiesRealm
new b757038 SHIRO-114 - removed circular dependency. The SecurityManager instance is now passed in as a context attribute
new 763746f Changed DefaultCacheManager to use a ConcurrentMap to manage Cache instances. SoftHashMapCache now implements Destroyable, clearing out its memory at shutdown.
new a814fb2 Removed unnecessary thread-binding of session ID. This was an old remnant for spring remoting and has not been needed in Shiro's ThreadState mechanism for a while now. Deprecated ThreadContext methods and will remove them permanently at 1.0 final.
new 11077e7 SHIRO-120 - propagated exceptions as shiro-specific exceptions instead of logging them.
new 794f94f Spelling/JavaDoc fixes
new 882f646 Used native Java generics-inferred Collections methods where possible instead of re-implementing.
new e998216 Changed the destroy method to be a more concurrent-friendly implementation
new da93a38 SHIRO-125 - implemented fix by enabling the implicitly created IniRealm to be configurable in the [main] section. Added accompanying 'testImplicitIniRealmWithAdditionalRealmConfiguration' test.
new 8ba59ef SHIRO-131 - initial implementation with simple test case
new 9db5138 SHIRO-131 - wrapped up initial implementation. Incorporated and tested with 2 spring sample applications.
new 2a2de4e Updated copyright dates to reflect 2010
new dc09f2c SHIRO-129: Create new module shiro-aspectj based on the originally contributed code. Applied with minor changes and some clean up of the code, mavenized, re-organized directory structure and configured the aspectj plugin to weave in the aspects to the unit tests at runtime. Ignored build artifacts from svn. Module's not connected to the reactor build yet but unit tests succeed
new 328d109 SHIRO-129 attach shiro-aspectj module to the reactor build
new 461f314 Revert r903386 and detach shiro-aspectj module from reactor build until jdk version issue is resolved
new db148f7 SHIRO-129: attach shiro-aspectj module to the reactor build (again) with fixed plugin configuration to make it work on JRE 1.5
new a8b68de SHIRO-129: attach shiro-aspectj module to the reactor build (again) with fixed plugin configuration to make it work on JRE 1.5
new 723696d Lock down version of shade plugin used
new 69319aa Complete - issue SHIRO-133: Automatically shut down the Session validation thread http://issues.apache.org/jira/browse/SHIRO-133 - Create the executor as a daemon thread and add javadoc for enableSessionValidation()
new 35759fc Complete - issue SHIRO-133: Automatically shut down the Session validation thread http://issues.apache.org/jira/browse/SHIRO-133 - Added TODO as a reminder to implement an integration test for this
new 1b06e0a testTimeout failed on the last Hudson run after I added the fix for SHIRO-133 (that did modify the behaviof of SessionValidator). However, it doesn't seems there's anything wrong with the code. The test is unreliable since it's unpredictable when exactly the executor runs the next time. Made the test more robust by touching the session just before the setTimeout() (that caused it to fail, i.e. it expired even before when it was expected to expire)
new 34fb74c Fix for SHIRO-130: I have introduced a WebSecurityManager interface that the servlet filter classes use. This fixes the problem with proxies because they can now proxy the new interface and provide the isHttpSessionMode() method. This also fixes:
new 24f12b0 Add shiro-aspectj to dependencyManagement section
new 8db85a1 Add contributed aspectj sample (from SHIRO-129) after Mavenizing it and minor clean-up
new 25f9c65 Attach the newly added aspectj sample to the build so I can close out SHIRO-129. Also suggested refactoring standalone and aspectj sample into one but will deal with that as a separate issue
new bd2244b Added the ASF license header where necessary
new 1f233b8 SHIRO-135 - Refactored class utils to not propagate exceptions if a ClassLoader can't be acquired.
new 745a1f0 Enabled generic types for the Serializer interface and updated the AbstractRememberMeManager implementation to reference a Serializer<PrincipalCollection>
new 412ae80 Changed invalid sesion id exception log to be trace rather than debug
new 28e2bf2 SHIRO-107 - Added patch with minor adjustments and added JavaDoc
new b4a9079 SHIRO-136: Mark the Spring dependency with scope provided in shiro-spring (and mark test dependencies with test scope)
new 537fa9c Update to the latest Apache parent and add distributionManagement/site section
new c15ce5c Uncomment reporting section and update javadoc plugin configuration to use 2.6.1 format (with reportSets)
new 0205777 Various spelling and JavaDoc fixes
new e471004 Various spelling and JavaDoc fixes (part 2)
new e19b7c9 SHIRO-109 - Changed RememberMeManager interface and implementations to not require threadlocal data
new 0c3b5b4 SHIRO-112 - ShiroException - removed unnecessary 'implements Serializable' clause because all Throwables are Serializable. SimplePrincipalCollection - iimplemented Serialization readObject/writeObject methods to mitigate serialization problems resulting from implementation changes. This should allow most implementation changes to occur without affecting application end-users (e.g. no rememberMe cookie breakage).
new 65de3f6 Complete - issue SHIRO-59: Refactor Realm implementations to favor delegation over inheritance http://issues.apache.org/jira/browse/SHIRO-59 - Applying high-quality patch from Brian Demers that introduces new RolePermissionResolver, modeled after WildCardPermissionResolver. Tests included and passing - Checked and added Apache license header to a few files, otherwise applied as is
new cf986d4 Ignore target folder from svn
new dcd9895 SHIRO-138 - fixed bug and added accompanying test case
new 96e327c Complete - issue SHIRO-110: Remove org.apache.shiro.mgt.SubjectBinder and its usages http://issues.apache.org/jira/browse/SHIRO-110 - removed SubjectBinder and SecurityManager.getSubject. Added two TODO comments as a hint to consider refactoring the functionality to Subject.Binder as part of a separate issue. Needs some discussion first. - Changed SecurityUtils.getSubject() implementation to use Subject.Builder if subject wasn't available in ThreadContext - verified inte [...]
new ddad8e1 SHIRO-137: Go through Shiro dependencies and consider marking most third-party dependencies as provided - not much to do here, marked jstl as provided in the parent, everything else looks good. - fixed a typo in support/pom.xml and extended comment in web/pom.xml
new 4541779 SHIRO-89: Sample Spring Application - WebStart won't launch - Refactor Spring sample client from Spring sample into its own module to make packaging & dependency management easier and simpler. Work in progress
new 03651c0 RESOLVED - issue SHIRO-110: Remove org.apache.shiro.mgt.SubjectBinder and its usages http://issues.apache.org/jira/browse/SHIRO-110 - As discussed on the users list, bind the newly created subject to ThreadContext if an existing one wasn't found from the context
new 6d65fb0 IN PROGRESS - issue SHIRO-89: Sample Spring Application - WebStart won't launch http://issues.apache.org/jira/browse/SHIRO-89 - ignore target folder and Eclipse configuration files
new 9a115a2 SHIRO-140 - added initial implementations with basic tests. More tests to come over the weekend. Need to document this in the wiki too.
new 0296b89 Triggering dummy commit to force hudson to build. Hudson is failing but both windows and mac environments are building fine - trying to see if it was merely an environmental issue in the Hudson environment.
new 399e775 Complete - issue SHIRO-124: MethodInvocation is missing a getThis() (or equivalent) method http://issues.apache.org/jira/browse/SHIRO-124 - Added getThis(). Both AspectJ and and aopalliance are using getThis() naming so I didn't see any need to change it
new cf5f500 SHIRO-142: ensured only the error code or the redirect occured. Added accompanying test cases for verification.
new 79b1d98 SHIRO-140: Made SubjectAwareExecutorService and SubjectAwareScheduledExecutorService abstract to allow the Hudson build to continue. Will try to figure out a fix for this if Kalle's solution for another project is applicable.
new 36e29b5 SHIRO-140: just adding abstract didn't work. This commit will additionally comment out those two methods.
new f00c405 SHIRO-140: ugh - trying again by commenting out the invokeAll methods as well
new 471b0d1 OncePerRequestFilter now removes the 'already filtered' request attribute once the request has completed. This helps fix a problem that the filter has on Tomcat, when the request completes before the server forwards to the error handler.
new e598396 SHIRO-140: Committing back the ExecutorService implementation of the 1.6 API (runtime erasure will work on JDK 1.5 - we are still 1.5 compatible) now that Hudson has been configured to build with 1.6
new 54f1882 Changed SecurityUtils from throwing an IllegalStateException during SecurityManager lookup to a more descriptive UnavailableSecurityManagerException
new d18f050 SHIRO-140: overrode parent classes setter methods to ensure that only a required target instance could be set.
new 96894a0 SHIRO-141: changed unbind method to be symmetric with bind - unbinding the subject instance from the thread at that point causes problems such as the inability to re-use a subject instance in web apps because the thread-bound subject references the ServletRequest and Response
new ffc17d0 Fixed minor spelling and/or formatting issues (try to keep code formatted the same to make real code chages easily noticeable)
new 7a67104 IN PROGRESS - issue SHIRO-89: Sample Spring Application - WebStart won't launch http://issues.apache.org/jira/browse/SHIRO-89 - Remove DefaultSampleManager from this module and reference to it from WebStartView - the implementation is only needed on the server side
new ff4ff67 IN PROGRESS - issue SHIRO-89: Sample Spring Application - WebStart won't launch http://issues.apache.org/jira/browse/SHIRO-89 - configure remoting url to match with the server configuration
new 1a1d256 IN PROGRESS - issue SHIRO-89: Sample Spring Application - WebStart won't launch http://issues.apache.org/jira/browse/SHIRO-89 - add samples-spring-client version to dependencyManagement
new 1f0f4b5 IN PROGRESS - issue SHIRO-89: Sample Spring Application - WebStart won't launch http://issues.apache.org/jira/browse/SHIRO-89 - Remove duplicate classes that were moved to samples-spring-client and add dependency to it instead. Still won't work - what's missing is that shiro.jnlp.jsp needs to specify all dependent libs for the webstart application, the file needs to be filtered and finally all jars need to be signed and deployed to the appropriate location.
new f727d6b Attach samples-spring-client module to the reactor build
new be75de9 IN PROGRESS - issue SHIRO-89: Sample Spring Application - WebStart won't launch http://issues.apache.org/jira/browse/SHIRO-89 - configure webstart plugin to pack this module as a webstart zip. Move the keystore file here and create a jnlp template for webstart plugin
new c1bf394 Reformat using tabs
new 274ea00 IN PROGRESS - issue SHIRO-89: Sample Spring Application - WebStart won't launch http://issues.apache.org/jira/browse/SHIRO-89 - unpack the webstart zip and copy the jnlp file to the proper location. Remove the static jnlp file.
new 8526fa0 Fix typos
new 82b8c1f Fix one more typo
new 852d9a4 SHIRO-146: - Committed changes PermissionAnnotationHandler and RoleAnnotationHandler to ensure that Permission/Role assertions throw an UnauthenticatedException if the user isn't authenticated or remembered. Accompanied by 2 test classes. - Reformatted DummyTestService to use standard coding conventions so we can easily determine real changes - Slightly changed the DelegatingSubject UnauthenticatedException message to be slightly less verbose
new 37f7fc5 SHIRO-146: added quick comments linking the tests back to the target Jira issue
new e03a68f IN PROGRESS - issue SHIRO-89: Sample Spring Application - WebStart won't launch http://issues.apache.org/jira/browse/SHIRO-89 - when creating a remote invocation, try to obtain a singleton securityManager to find the session id but catch the exception and ignore if not set
new cc70289 Minor typo and comment fix.
new 2b5ea05 SHIRO-144: - Created AbstractSessionDAO and made CachingSessionDAO an abstract subclass. - MemorySessionDAO is now a concrete class of AbstractSessionDAO and does not subclass CachingSessionDAO. - The DefaultSessionManager now uses the MemorySessionDAO due to the previous SoftHashMap based default CacheManager losing sessions due to garbage collection. - Deprecated HashtableCacheManager and HashtableCache classes have been deleted in preparation for the 1.0 release.
new 79b9e26 SHIRO-148: Implemented efficient readObject/writeObject Serialization methods using a bitmask for detecting serialized fields.
new 3d77979 Fixed increment bug in toString()
new d8e4fb8 fixed minor issue with wording for a setter method
new 0097c21 IN PROGRESS - issue SHIRO-89: Sample Spring Application - WebStart won't launch http://issues.apache.org/jira/browse/SHIRO-89 - pass the sessionId as the webstart app argument and set it to static property of WebStartDriver
new 22c32ff IN PROGRESS - issue SHIRO-89: Sample Spring Application - WebStart won't launch http://issues.apache.org/jira/browse/SHIRO-89 - Make it possible to inject sessionId as a constructor parameter to SecureRemoteInvocationFactory. Don't like the whole heuristic approach but will do for now. The implementation can be changed later without changing the interfaces
new d2f0537 Refactoring of cryptograhy support. Converted Cipher name and implementations to 'CipherService' and relative implementations to reflect their stateful nature. Did more JavadDoc than I ever care to remember...
new 350391a SHIRO-141:
new d5237a8 SHIRO-128:
new aeba46c SHIRO-128:
new 7212f20 SHIRO-143: Changed logging level to trace and debug.
new 2a0ce61 SHIRO-152 - added ability to configure sets, lists and maps. Added test cases for validation
new de7beee SHIRO-153 - altered code to allow all bean configuration to be based on what is in the [main] section. The [filters] section is now deprecated.
new fb429d1 Ensured CodecSupport and the SimpleCredentialsMatcher's check for a byte source is easier and also supports the ByteSource type.
new 9f72315 Oops - forgot to make a method public - it is needed by a calling component
new 1c01f3f SHIRO-128 - removed all convenience configuration methods and related *Aware and *Registrar interfaces. All configuration can now be done via simple object graph navigation (e.g. securityManager.sessionManager.sessionDAO.blah = someValue). Also added ReflectionBuilder support for configuring byte arrays as String hex-encoded or Base64-encoded values
new dfb3570 SHIRO-83 - Made sessionId cookie optional for native session mode. Added DefaultWebSessionManagerTest class for test case verification. Also removed an empty package.
new 6cd3537 Fixed license headers to have the proper ASF header (was previously accidentally the end-user Apache 2.0 header)
new 11a72cf Fixed license headers in all remaining known files
new 2d55171 removing empty directories
new 4f1dc56 removing empty directories
new 3fd2fe9 removing empty directories
new 73fa792 removing empty directories
new 1d44726 removing unused docbook files - all documentation is done exclusively in the wiki
new 02158b4 removing empty/unused directories
new bd60afa removing empty/unused directories
new 7043ec8 removing empty/unused directories
new 756c6c0 removing empty/unused directories
new b852fe8 removing empty/unused directories
new 7cfd45f SHIRO-95 - created test case to verify explicitly set Cache and CacheManager instances are not overwritten by defaults. Both AuthorizingRealm and CachingSessionDAO were setting their respective caches to null when a CacheManager instance was set - this behavior has been removed as it is unexpected by end-users. Also made Cache and CacheManager interfaces and implementations generics-capable. IniSecurityManagerFactoryTest#testCacheManagerConfigOrderOfOperations test me [...]
new 3e5b0d4 Ensured WebUtils used subjectContext.resolveServletRequest and resolveServletResponse where possible to perform more exhaustive lookup heuristics
new e5eb5bc SHIRO-140 - added a few sanity tests
new a56eca2 SHIRO-154 - verified EhCacheManager functions and can be set properly on the SecurityManager. Added test cases for verification.
new 8357ce5 Publish snapshot and release sites to different locations
new de8eb4e COMPLETE - issue SHIRO-89: Sample Spring Application - WebStart won't launch http://issues.apache.org/jira/browse/SHIRO-89 - removed the url-based permission check from remoting urls - added pom description as well as a note on the sampleIndex page on how to run the sample webstart app successfully
new 4a85c66 Improved JavaDoc
new dade98a SHIRO-158 - Called correct delegate method
new d7b0f32 Fixed bug introduced by forcing cookies to default to the root path ('/'). Cookie path defaults to null now, which will use the request's context path. User-specified explicit paths will of course override this default.
new 86aa55b SHIRO-157 - implemented functionality. Remembered principals will automatically be added to the session, and if there isn't a session, a new one will be created to receive the principals. This ensures that the RememberMeManager will only be consulted if a session does not yet have an identity associated with it.
new e6adcfb Minor JavaDoc adjustment
new 2b2d611 SHIRO-159: Moved thread binding logic inside of try/finally block. If there are any errors that occur at all during binding or request execution, the ThreadContext will still be cleared.
new 4e1f25a SHIRO-159: Added a little extra cleanup logic to the unbind method just in case.
new b919555 SHIRO-139: Implemented Cookie HttpOnly support. Defaulted both DefaultWebSessionManager's sessionId cookie and the RememberMe cookie both to HttpOnly = true for extra security (reduced chance of XSS attacks)
new 6db0abf Ensured that the SubjectRunnable.doRun mirrored the method signature of SubjectCallable.doCall for consistency
new c27e19a SHIRO-157 - minor JavaDoc updates
new f7e6ca5 SHIRO-25 - Implemented 'runAs' functionality! Finally! :) Implementation is localized to DelegatingSubject at the moment. Accompanied by test case for verification.
new afd1847 SHIRO-139: ensured that cookie removal was also done via the 'Set-Cookie' header instead of re-using the Cookie instance read from the request (this shared instance was causing problems - the outgoing value was overwriting the incoming value in Wicket application tests)
new b53571b SHIRO-159: Modified ThreadContext and ThreadState implementations to use remove() instead of clear() in all cases. Most of the changes are in Test cases setUp/tearDown - core code/web code was modified very little.
new aef096a SHIRO-159: updated JavaDoc to indicate 1.0 methods
new dc12c74 FIXED - issue SHIRO-156: SimpleAuthenticationInfo.merge does not merge principals if its internal principal collection is not mutable https://issues.apache.org/jira/browse/SHIRO-156 - modified as suggested - Added a unit test to assert the case
new 1beae60 SHIRO-155: Removed all deprecated classes and methods and updated comments and JavaDoc that might have referenced the old classes and/or methods.
new a51227b Removed concrete dependency on Log4J and used SLF4J instead
new 77ff374 Documentation/clean-up work. Moved AspectJ sample app into a org.apache.shiro.samples.aspectj package to mirror the other sample app conventions. Also updated root parent pom to exclude sample app packages from the generated JavaDoc (they're not part of Shiro's API)
new 5761d9d Incomplete - issue SHIRO-161: No SecurityManager accessible to the calling code https://issues.apache.org/jira/browse/SHIRO-161 The root cause of this issue was "resources = null;" in line 261 of remove() in r944585. The ThreadLocal attribute itself should *never* be nullified as that'll remove ThreadLocal variables for all threads. There's no need to create ThreadLocal lazily, so therefore there's no need for the createThreadLocal() method either. Since the ThreadLocal [...]
new afd4092 SHIRO-161: Very minor JavaDoc fix
new 8ba8fa1 FIXED - issue SHIRO-163: ModularRealmAuthorizer.setRealms needs to call applyRolePermissionResolverToRealms https://issues.apache.org/jira/browse/SHIRO-163 - applied attached path
new e8f054d SHIRO-162: Created SessionContext interface and implementations to mirror SubjectContext concept. SessionManager.start was changed to return a Session instead of a Serializable sessionId because not all environments can support Session acquisition by ID (e.g. servlet container environments).
new af78387 Removing empty directories and unused files. shiro-default-users.properties was removed because we don't default Realms anymore - that is the one part of Shiro that must be explicitly provided by end-users. Updated test cases to use the IniRealm instead as it is easier to configure than a PropertiesRealm.
new b8d7375 Removing empty packages
new 847a41f Removing empty packages/directories
new 78578b3 Removing empty packages/directories
new a5a7e76 Removing empty packages/directories
new cb20764 Excluding *.iml files from commit
new 3f54f20 Add empty resources dir
new 486963a Configure default set of Maven reports to publish, including Cobertura. Fight with Javadoc plugin and try to make it skip particular modules (without succeeding). Add dashboard to display summaries of detailed reports
new 131eeb5 Add developers, mailingLists meta information
new 0a186eb Change the release-profile id to apache-release, apache parent pom disables the default release profile, see http://maven.apache.org/developers/release/apache-release.html for more info
new 9d9d503 Fix typo
new cae736a SHIRO-164: merge SessionManager API changes from branch into trunk
new 1059c0b Change to deploy mvn site under target path /static/, override gpg plugin version to 1.0 in pluginManagement
new e8d7d2b Add release plugin configuration
new f2bd489 Must specify forked-path for release plugin configuration to make it possible to enter GPG passphrase interactively. Release dry run now succeeds! The current configuration will try to deploy site as part of perform which was disabled in the apache parent pom release plugin configuration but if that causes problems, will deal with that at release time.
new 3888bd0 Lots of JavaDoc enhancements
new fa4a6aa Moved classes and interfaces in web to mirror the package structure in core. This constitutes the final coding change for 1.0!
new 64a8c2c [maven-release-plugin] prepare branch 0.0.x
new adb44f4 [maven-release-plugin] prepare release 0.0.x
new 792849f Update to newly release 2.2 version of pir plugin
new 998511d SHIRO-167 - implemented fix with accompanied test case and updated both JavaDoc and wiki documentation to reflect that the DelegatingFilterProxy's targetFilterLifecycle init-param must be set when using Shiro native sessions.
new d05aab8 Added developer information for myself (aditzel).
new 6c54f0f Updated w/ authors
new eec703a Updated my profile in the POM.
new 761542f Added my committer info to root pom.
new 005f8c8 Fixed url
new 8d1242a Nice to have this disclaimer
new cad2fcb SHIRO-172 fixed svn props. Many thanks to Sebb.
new 7094069 SHIRO-168 - remove all @author tags using: find . | xargs grep -l "@author" | grep -v "\.svn" | xargs sed -i.bak "/@author/d"
new f6b80a1 Made a minor change to the IndexController to see the actual session attributes and values (previous code only showed that there was a value, but didn't show the value itself)
new 92695a1 update site version to 2.1.1, pir 2.2 requires that as a minimum for site generation to work correctly
new 27fb02c FIXED - SHIRO-181: Typo in IniShiroFilter javadoc https://issues.apache.org/jira/browse/SHIRO-181 - changed all occurrences of some.pkg to example.pkg
new c9a3ff4 FIXED - SHIRO-177: Wron SimpleCookie expires locale https://issues.apache.org/jira/browse/SHIRO-177 - Explicitly set dateformat to use US locale
new 776a0a9 FIXED - issue SHIRO-182: SimpleSession cannot be deserialized https://issues.apache.org/jira/browse/SHIRO-182 - fixed the incorrect comparison of expired flag in getAlteredFieldsBitMask - added two unit tests
new 59ed241 Added ASF header
new 7e5bd08 test semantics were slightly incorrect - fixed to reflect @RequiresGuest semantics
new b3f1981 SHIRO-185: Implemented fix, using Spring's AnnotationUtils to correctly detect annotations on either the interface methods or the implementation methods. Accompanied with both bean ProxyCreator spring config as well as Schema namespace <aop:config/> config tests.
new 1acf7e4 Follow through on the suggestions given when 1.0.0 release was made. Removed LICENSE.txt as that is added to the source distro via Apache parent pom and its remote resource plugin configuration. Renamed NOTICE.txt to NOTICE so it'll replace the default one. Note that http://www.apache.org/legal/src-headers.html#notice indicates that the LICENSE file needs to be present only in the source distro (and not in svn as Sebb claimed) so we are ok. Also note that ant suggested r [...]
new b1e6fe1 Follow through on the suggestions given when 1.0.0 release was made. - Added Incubator disclaimer to README.txt as suggested (happily stole the one used by Apache Kato)
new f44ed7d Ignore Eclipse .externalToolBuilders configuration folder
new dbf3479 Ignore Eclipse .externalToolBuilders configuration folder
new b40c3d6 Incomplete - issue SHIRO-175: Improve Set of permission and role checks https://issues.apache.org/jira/browse/SHIRO-175 - extend all core authz annotations to @Target(ElementType.TYPE) as well - change value parameter of RequiresPermissions and RequiresRoles annotations from String to String[] - Change DefaultAnnotationResolver to consider classes as well - remove obsolete imports and code - add test for authz annotation attached to classes - fix the ambiguity in the jav [...]
new 3e35e6d Incomplete - issue SHIRO-175: Improve Set of permission and role checks https://issues.apache.org/jira/browse/SHIRO-175 - Change SpringAnnotationResolver to consider classes as well, following the previous commit
new 45bd532 Rephrase the wording for copyright & courtesy notices of the code origins
new 20b21f1 Complete - issue SHIRO-175: Improve Set of permission and role checks https://issues.apache.org/jira/browse/SHIRO-175 - added Logical enum and implemented optional Logical.OR annotation parameter for RequiresRoles and RequiresPermissions annotations - added Subject.checkRoles(String... roleIdentifiers) etc. (there are several pass-through operations underneath) for completeness
new 7e51b5e SHIRO-127: re-work of LDAP support. First initial commit - introduced two new classes, JndiLdapRealm and JndiLdapContextFactory that effectively supercede the now-deprecated AbstractLdapRealm and DefaultJndiContextFactory. Test coverage for the new classes reaches 90% and 100% respectively. We should be able to get to 100% once Authorization is flushed out. Discussion to ensue on the list before this issue should be closed...
new 3e9f3b3 Configure apache-rat and add missing ASF headers as needed
new 404d567 Based on the TLP graduation discussion on general@incubator, restore LICENSE.txt from r979180 and rename to LICENSE. Note that the contents of this file should match with the one that Apache's Maven release process and its remote resources bundle would otherwise bring in to the source distro.
new ed8cf17 SHIRO-189: Added OSGi manifest data via the maven-bundle-plugin for all distributable jars except for the 'all' .jar. Will discuss this last one on the dev list.
new 786f608 SHIRO-190: Added port fix w/ accompanying test case
new 5065b20 added additional serialization test method
new 8e788b8 Minor spelling fixes
new 48ccd4e JavaDoc updates
new d443a2a Ignore .externalToolBuilders Eclipse configuration folder
new 9a86723 Shiro is tlp now
new 30a8f4b Remove -incubating suffix from versions!
new d7263cd Remove incubator references, adjust SCM urls to reflect the move to TLP location
new 58e3f46 SHIRO-195 - removed Incubation related disclaimers now that we're TLP. Removed README-runtime-requirements.txt as that file was entirely based on the very old ant build and was no longer relevant
new 035bab2 SHIRO-195 - removed README.txt to README to be consistent in naming convention with the existing LICENSE and NOTICE files
new 97533f9 FIXED - issue SHIRO-183: Unable to correctly extract the Initialization Vector or ciphertext https://issues.apache.org/jira/browse/SHIRO-183 - ignore cookies scheduled for removal (based on their value) in CookieRememberMeManager.getRememberedSerializedIdentity(...)
new a9477e4 FIXED - issue SHIRO-183: Unable to correctly extract the Initialization Vector or ciphertext https://issues.apache.org/jira/browse/SHIRO-183 - always write value for cookie's Max-Age attribute
new 239e543 SHIRO-196 - Ensured StringBuilder instead of StringBuffer was used where possible. One method chould not be changed without breaking backwards compatibility and was flagged as deprecated to be changed for Shiro 2.x. Added RELEASE_NOTES.txt as a place holder for developers to jot down notes while working in source code. See the file for more information on proposed usage.
new 2a6fc07 SHIRO-196 - Reverted changes that were intended as fixes for another issue (fix not 100% complete yet)
new 62cf890 SHIRO-197: Commited initial fix (Properties is no longer used - LinkedHashMaps are used now to retain order).
new 73b9ceb RESOLVED - issue SHIRO-191: Change all StringBuffer usages to StringBuilder https://issues.apache.org/jira/browse/SHIRO-191 - Fixed the only remaining use of StringBuffer (Javadoc stated the fix is for 2.x and comments talk about JDK 1.3 compatibility which is likely not relevant anymore)
new ee12324 RESOLVED - issue SHIRO-173: Make the HttpMethodPermissionFilter as the 'rest' filter in the pool of default filters https://issues.apache.org/jira/browse/SHIRO-173 - added and update Confluence docs
new 0b4151f SHIRO-191: updated release notes to reflect a backwards-incompatible change. Also changed the file name to just RELEASE-NOTES (with no extension) to be congruent with the other end-user notification files in the project.
new b45d857 SHIRO-199: Committed fix w/ accompanying test case
new 0d18b86 FIXED - issue SHIRO-201: SessionsSecurityManager destroy() doesn't call super.destroy() https://issues.apache.org/jira/browse/SHIRO-201 - added the call
new e4b6978 SHIRO-198: Applied patch. Cleaned up 2 minor spelling errors.
new d4bbb17 SHIRO-186 - initial implementation complete. Up for peer review
new 11b4318 SHIRO-186 - ensured 'credentialsSalt' attribute has symmetric getter/setter methods per peer review.
new 317554a SHIRO-186 - quick JavaDoc update
new c5eb763 Fixed analytics tracking for site JavaDoc (was in 0.9, but lost in 1.0 I think)
new 77a3ad7 SHIRO-204: committed implementation. HashedCredentialsMatcher is now no longer abstract and all of its subclasses have been deprecated. Introduced new SimpleHash implementation to allow ad-hoc hash algorithms to be used and all existing AbstractHash subclasses (Md5Hash, etc) have been updated to subclass SimpleHash instead of AbstractHash directly. AbstractHash has been marked deprecated.
new c0fd67c SHIRO-204: minor JavaDoc update
new 40fbf3a SHIRO-18 Merged into trunk
new 4f8ac60 RESOLVED - issue SHIRO-183: Unable to correctly extract the Initialization Vector or ciphertext https://issues.apache.org/jira/browse/SHIRO-183 - Mike K reports: "Having grabbed the latest shiro-1.10 snapshot I started experiencing login issues in the application. Digging in further, I have noticed the following difference with cookies dropped at login between the earlier code drop and the newest: OLD: Set-Cookie: JSESSIONID=6fd35335-6dd6-4d37-9813-71264e027bfe; Path=/s [...]
new ab82949 Normalize requestURI in getRequestURI using normalize() operations originally implemented in org.apache.catalina.util.RequestUtil, Tomcat trunk r939305
new 26ab333 Disable crowd module for now since it is blocking 1.1.0 release - the dependency the module requires is not in central and licensing is unclear
new f30b7a4 Add unit tests for requestURI normalization
new 1d4db9e Lock down org.apache.felix:maven-bundle-plugin to 2.1.0
new f6c1a41 [maven-release-plugin] prepare release shiro-root-1.1.0
new 6fd9fd0 [maven-release-plugin] prepare for next development iteration
new fe4aeb8 SHIRO-18 - removed crowd support source code (but it still exists in the 1.0.x branch) to ensure it is not included with the release.
new 0a09375 SHIRO-180: Updated libraries:
new fc6810c Reverting POM versions to 1.1.0-SNAPSHOT to retry the release
new 541daa3 fixed erroneous jsp-api artifact reference
new a28d395 removed use of Java 1.6 method to be 1.5 compatible
new afc4f04 SHIRO-208: found known incompatibilities, but they are due to source erasure and one test case - Shiro will run fine on 1.5, it just can't build on it at the moment. I'll create another issue to address this for Shiro 1.1.1 or 1.2
new cec2d31 SHIRO-208: fixed erroneous comment
new 903fef4 [maven-release-plugin] prepare release shiro-root-1.1.0
new 2c48a81 [maven-release-plugin] prepare for next development iteration
new fbe1a70 [maven-release-plugin] rollback the release of shiro-root-1.1.0
new 35fbaea [maven-release-plugin] prepare release shiro-root-1.1.0
new 0401887 [maven-release-plugin] prepare for next development iteration
new 6e751a9 Minor adjustments: Created a basic 'AbstractShiroTest' class w/ example subclass to accompany new 'Testing' documentation page. Upgraded the maven gpg plugin from version 1.0 to 1.1
new b39c291 Updated example test classes to reflect updated documentation.
new eb99295 Javadoc fix - could be misleading
new 6fe9fc5 Fixed bug in AbstractShiroTest implementation that didn't work well when using only mock Subject instances (without the presence of a SecurityManager)
new 1c1ab8d Updated trunk to reflect version 1.2.0-SNAPSHOT to reflect forward-incompatible changes and new features. Any point release (1.1.x) bug fixes will be done in the branches/shiro-root-1.1.x branch and merged into the trunk.
new 3c97522 Updated sample Spring application to use the correct Spring libraries. Now deploys successfully, although Spring remoting is failing for the Swing app.
new 0f3fbb9 SHIRO-221: Finished initial implementation, with accompanying test cases
new 8130668 removed direct use of Logging provider API in favor of SLF4J
new 44c5699 SHIRO-218: added ASF DOAP file as described here: http://projects.apache.org/create.html
new 0845c25 FIXED - issue SHIRO-231: Realm shouldn't implement Authorizer but AuthorizingRealm should implement it directly https://issues.apache.org/jira/browse/SHIRO-231 - implemented as specified - ModularRealmAuthorizer now invokes only AuthorizingRealm to participate in authorization - Fix AuthorizingRealmTest to expect AuthorizingRealm only
new 54e4275 FIXED - issue SHIRO-231: Realm shouldn't implement Authorizer but AuthorizingRealm should implement it directly https://issues.apache.org/jira/browse/SHIRO-231 - remove obsolete import
new 259e7a8 FIXED - issue SHIRO-231: Realm shouldn't implement Authorizer but AuthorizingRealm should implement it directly https://issues.apache.org/jira/browse/SHIRO-231 - ModularRealmAuthorizer should test for Authorizer type, not AuthorizingRealm
new ec3a2af SHIRO-238: implemented proposed fix
new 1e50f68 Added tests for path traversal prevention, had implemented them way before but apparently never committed
new 63206b3 RESOLVED - issue SHIRO-236: Adding <relativePath> to the <parent> element to avoid Maven 3.0.x issue where parent is not in local repo yet. https://issues.apache.org/jira/browse/SHIRO-236 - applied the proposed patch as is (add relativePath element to the poms)
new e235acc RESOLVED - issue SHIRO-243: when method is unauthorized, please include method info in stack trace https://issues.apache.org/jira/browse/SHIRO-243 - catch, re-wrap and re-throw AuthorizationException with Method Interceptor specific message
new 3d98efa REOPENED - issue SHIRO-243: when method is unauthorized, please include method info in stack trace https://issues.apache.org/jira/browse/SHIRO-243 - breaks unit tests in aspectj module, revert and re-evaluate the suggested solution
new 36fab3b RESOLVED - issue SHIRO-243: when method is unauthorized, please include method info in stack trace https://issues.apache.org/jira/browse/SHIRO-243 - second try: instead of wrapping the specific exception into a more generic one, initialize cause of the thrown AuthorizationException in case not set with the message indicating the method name
new 313fb59 RESOLVED - issue SHIRO-243: when method is unauthorized, please include method info in stack trace https://issues.apache.org/jira/browse/SHIRO-243 - removed unused import
new ae97fd0 FIXED - issue SHIRO-237: nullpointer error at permission check when no permissionresolver is set https://issues.apache.org/jira/browse/SHIRO-237 - refactor constructors to use best practices for overloading, consolidate initialization logic in the constructor with most arguments - throw IllegalArgumentException from the permission resolver setter to indicate that its a required attribute
new eb0435e FIXED - issue SHIRO-227: Leak in getPermissions method of JdbcRealm https://issues.apache.org/jira/browse/SHIRO-227 - applied suggested patch from Jared Bunting without further changes
new cb68e5d SHIRO-272 Ignore Eclipse configuration files
new 1383c37 SHIRO-273: implemented fix w/ accompanying test cases
new 93175c4 SHIRO-273: added Apache license header
new 6145d07 SHIRO-276: removed unused/empty Groovy module
new 59f86be SHIRO-21: began implementation. Code compiles but is not yet ready to be used. Work in Progress.
new 103e591 SHIRO-274: applied patch + some addtional changes. See SHIRO-274 for details.
new 493c607 SHIRO-274: updated bundle versions per Andreas' last comment
new 051543d SHIRO-234: fix implemented
new 6d2b36d SHIRO-270: fix implemented
new e0cb603 SHIRO-270: added issue comment
new e6d6833 SHIRO-251: added SCM url and revision to .jar MANIFEST.MF to facilitate re-creation.
new 18110f6 SHIRO-235: implemented fix
new 11968e9 SHIRO-222: applied patch
new 6bf959f SHIRO-240: implemented fix, added accompanying test cases. ServletContainerSessionManager now at 100% coverage.
new 179fa67 SHIRO-279: Implemented command-line/console hashing program. It will hash strings, resources (files, urls, classpath entries), and passwords. It allows specification of the hash algorithm and number of hash iterations, defaulting to MD5 and 1 respectively. Salting is not performed at the moment.
new 93713be SHIRO-279: simple assembly fix
new f34973d SHIRO-279: added ASF header
new 38532a0 SHIRO-279: added some additional options, added support for shiro .ini password format
new 2517806 SHIRO-281: added initial implementations
new 4ac4517 SHIRO-281: fixed import statement
new 29e21eb added experimental principal feature (PrincipalMap, SimplePrincipalMap). Not used anywhere in code yet.
new 4aa767d SHIRO-280: created an initial implementation - still need to flush out some test cases
new 28b81f3 Adding self to developer list
new 478aeb7 SHIRO-282: added ByteSource.Util inner class and changed direct SimpleByteSource usages to use ByteSource.Util instead.
new e918326 SHIRO-73: Added Authentication Caching support (finally!) to AuthenticatingRealm. Added unit tests for 100% method and line coverage for both AuthenticatingRealm and its parent class, CachingRealm
new ee70b03 SHIRO-73: minor JavaDoc addition
new aee8970 SHIRO-73: minor JavaDoc addition
new 46ee0a2 SHIRO-287: implemented functionality with unit tests. Feature is disabled by default unless explicitly configured as an init-param, pending further dev review.
new 1cdf63b SHIRO-178: implemented functionality w/ test cases. /WEB-INF/shiro.ini is checked by default, but any servlet context resource path may be specified via the 'configPath' filter init-param. Documentation on the website has been updated to reflect this. Also updated sample 'web' application to use this new approach (using a /WEB-INF/shiro.ini file)
new 8f18e05 SHIRO-288 - removed the call to WebUtils.normalize - the value specified is done by a developer configuring Shiro, not an application end user - if the url the dev specifies is invalid, startup will fail fast showing what went wrong - no need to 'sanitize' developer configuration input in this case. Added test cases for verification.
new 9847b10 SHIRO-284: implemented filter, added it to the DefaultFilter enum, updated the 'web' sample application to show its usage.
new 7ade362 SHIRO-293: implemented new 'Environment' and 'WebEnvironment' concepts, which are loaded in web apps via the new EnvironmentLoader and EnvironmentLoaderListener implementations. The EnvironmentLoaderListener is now the preferred way to initialize Shiro in a standard web application (in web.xml), with the new org.apache.shiro.web.servlet.ServletFilter being the new preferred servlet filter in web.xml. IniShiroFilter has been deprecated.
new 8ee71e1 SHIRO-299, updating root pom to ignore specific maven lifecycle mappings updated the ignores, and added a missing package declaration in the ldap package-info
new 883f8b8 FIXED - issue SHIRO-302: DefaultHasher does not generate random salt https://issues.apache.org/jira/browse/SHIRO-302 - apply Maria Jurcovicova's patch as is, including unit tests
new 30bf035 Minor JavaDoc fix
new 5f0dc06 Added an intermediate getRedirectUrl(request,response) method to allow subclasses to dynamically configure the redirectUrl if desired. Default implementation returns getRedirectUrl() to retain current behavior.
new c229244 Altered logic to allow the redirect url to be based on the current request or subject (before logout), falling back to a static url if necessary. Subclasses can override the template method to perform request-specific redirect URL acquisition.
new 0b8ea9c SHIRO-307: Patch applied, with modifications. To be discussed further.
new 84dfd47 SHIRO-279: Minor alterations. Needs to be updated to support a Modular Crypt Format (http://packages.python.org/passlib/modular_crypt_format.html, http://docstore.mik.ua/orelly/other/puis3rd/0596003234_puis3-chp-4-sect-3.html)
new b6a51db SHIRO-266: initial implementation complete. Introduced new concepts (all in the org.apache.shiro.mgt package): - SubjectDAO interface and default DefaultSubjectDAO implementation. - The DefaultSubjectDAO implementation uses a SessionStateEvaluator (an interface) that allows control of session usage on a per-subject basis. - The DefaultSessionStateEvaluator allows session control for all Subjects at a global level. Custom per-session logic may be performed by end-users i [...]
new 508aa5b JavaDoc and license header updates.
new 5d0d241 Made session mode resolution more explicit - it will guarantee the default ServletContainerSessionManager in all case except when the native one is explicitly configured.
new 0eeff86 JavaDoc updates
new e68e6c6 Ignore infinitest.filters configuration file
new 5289ef2 Ignore infinitest.filters configuration file
new 601a88d Finally! Able to remove direct call to ThreadContext as Thread state management is no longer directly coupled to Subject implementations.
new 97d8cd1 Updated log message to be a little more readable.
new 43ff01d SHIRO-266: Added web-specific support. Now most apps can simply define the 'noSession' filter at the beginning of their filter chain to ensure Sessions aren't used (by Shiro or the application developer).
new 569eee4 SHIRO-266:
new dfb22a4 SHIRO-23 - Integrating Jsecurity with Guice: - apply Jared Bunting's guice-final.patch with no other changes but added license info - rat run passes
new 2281291 minor JavaDoc fix
new 6b9a4a1 Updated Release Notes to indicate ServletContainerSessionManager change
new 871e3a7 SHIRO-312: applied patch w/ minor adjustments.
new dff631c SHIRO-312: adjusted WebSecurityManager check for isServletContainerSessions
new 36a848b SHIRO-277: applied patch
new 30d3b66 Adding self to developer list.
new bdc5721 Correcting formatting of last commit.
new 2a9fad8 SHIRO-318: Adding type mappings for BeanTypeListener in shiro-guice and adding a mapping for ServletContext.
new 79b1a13 SHIRO-319: applied check for request.isSecure()
new b7b2247 SHIRO-313: Changing default SessionManager in Guice modules to be consistent with the rest of Shiro. (from DefaultWebSessionManager to ServletContainerSessionManager)
new d035211 SHIRO-283: adding ability to specify "permissive" for authc and authcBasic filters. This will cause unauthenticated users to not be blocked, but will perform appropriate login request (redirect or challenge response) when an UnauthenticatedException is thrown.
new c020adf SHIRO-217:
new 0207340 SHIRO-217: Added ASF 2.0 license header
new 5ea1669 SHIRO-325: applied 'transient' additions
new cd0efd9 SHIRO-213, SHIRO-279, SHIRO-280, SHIRO-302: Added PasswordService and supporting implementations, HashService (renamed from Hasher to avoid confusion/conflict w/ the command-line Hasher) and supporting implementations, a new HashFormat interface and supporting implementations. More tests and documentation to follow today and later this week.
new 08f3b0a SHIRO-328: implemented change and updated RELEASE-NOTES to capture any potential breaking changes impacting applications.
new 5ad7473 SHIRO-279: added tests to bring the org.apache.shiro.crypto.hash.format package to 100% class and line coverage. Also added 'ProvidedHashFormat' enum to represent all out-of-the-box HashFormat implementations.
new 15ac57e SHIRO-333: Made recommended change.
new 0f58e83 SHIRO-280: added unit tests for DefaultPasswordService, PasswordMatcher, and HashRequest.Builder
new 3fa3f65 Minor JavaDoc fix
new d5da608 Command-line Hasher cleanup and enabled PasswordMatcher to have an internal DefaultPasswordService instance.
new 4b8eb6e Minor JavaDoc updates
new b709e63 Minor spelling fix
new 5df45d1 SHIRO-334 - added initial implementation per issue description.
new 7340f9d SHIRO-225: implementation complete w/ test cases. Functionality was needed for the SHIRO-285 CAS module ('securityManager.rememberMeManager = null' support was desired for CAS environments)
new 87c494b SHIRO-306: Fix implemented and accompanied with test cases
new ed6ad2d SHIRO-285: Initial CAS support implementations.
new cd2c50f SHIRO-285: removed unnecessary class
new e494036 SHIRO-285: added init behavior
new 126c584 SHIRO-223: added 'processDefinitions' to onInit per patch
new 2203acf SHIRO-298: implemented fix: try/catch w/ debug statement
new a8752ec SHIRO-217: Added unit test for JndiObjectFactory
new 271d3c0 SHIRO-335: Fixing maven 3 warnings in pom file.
new 53e27b9 SHIRO-285: added CAS runtime dependency. Upgraded other dependencies to latest stable versions where possible/prudent.
new 462404c SHIRO-285: updated SAML-based dependencies to be optional (they are not required by shiro-cas at runtime - only if the end-user configures 'saml'. Also updated the OSGi import statement to be org.jasig.cas.client* as the main org.jasig.cas* namespace is not required.
new b13e326 SHIRO-305: INI config now supports setting map/array referenced values, e.g. bean.aMapProperty[mapKey] = mapValue
new 9c19b03 SHIRO-305: expanded pn one test case
new 8ae85b3 SHIRO-323: removed Serializable from the implements clause (DelegatingSubjects are not really intended to be used across vm boundaries)
new dbd5770 SHIRO-205: Filter bracketed config with nested commas now no longer needs to be quoted. E.g. the following is now a valid chain definition: foo, bar[a, b], baz[d, e, f] (it was previously required to be: foo, bar["a, b"], baz["d, e, f"] ). Backwards compatibility is retained by stripping quoted config if it exists. Test cases added.
new ae5ff0f SHIRO-338: Modified AbstractContainerTest to attempt to select an unused port for the container to listen on.
new ff8059f SHIRO-298: removed null assignment to guarantee local instance removal even in the event of a SessionException
new 00733f8 SHIRO-322: Ensured IniSecurityManagerFactory does not initialize the implicit iniRealm instance before configured properties have the chance to be injected. Added new test case in IniSecurityManagerFactoryTest to reflect this. IniRealm now retains an 'ini' property, but constructors have not been changed to ensure backwards compatibility.
new 6746a98 SHIRO-339: preparing for 1.2 release. Added license headers per RAT plugin.
new 0aa34db SHIRO-339: Adding another license header.
new 454e596 Fix license errors reported by apache-rat
new 0febced SHIRO-339: cleaning up svn ignore patterns for release prep
new ee99d23 SHIRO-339 Maven:prepare branch 1.2.x
new cf4ff45 SHIRO-339 Maven:prepare release 1.2.x
new e83520e SHIRO-339: Reverting to 1.2.0-SNAPSHOT to fix build problem for release
new c0db110 SHIRO-339 Maven:prepare branch 1.2.x
new f297eb8 SHIRO-339 Maven:prepare release 1.2.x
new 433f78e SHIRO-339: Trunk to 1.3.0-SNAPSHOT
new c600918 SHIRO-339: Updated maven-site-plugin to 3.0 due to deployment problems w/ Maven 3
new d19cb1e SHIRO-341, fixing log message format
new c59f5c5 Update gmaven plugin to 1.4, ignore from m2e build since the latest version doesn't support the bindings either
new 3a9207f Incomplete - SHIRO-21: Add OpenId as an authentication mechanism - change RelyingPartyRealm to extend AuthenticatingRealm only, openid isn't an authorization protocol
new 8dd6a13 Updated logging statement per dev list patch
new e612589 bumping buildnumber-maven-plugin to 1.0 (which allows the build to work with the apache git mirror) NOTE: the buildnumber plugin does not work with maven 3, opened MNG-5257 with links to the shiro 1.2 release, which was effected by this problem
new 9ef55a8 SHIRO-358: added <revisionOnScmFailure>${project.version}</revisionOnScmFailure> to the plugin config
new 8bdf23f SHIRO-206: Added initial implementation based on patch
new bb8c652 minor pom cleanup
new ad31290 Changed old Katasoft references to Stormpath where appropriate
new 8903b71 SHIRO-363: merged fix from the 1.2.x branch into trunk
new a67dea3 SHIRO-320: creating samples-guice as a port of samples-web, modified for guice integtaion
new 5705ef2 SHIRO-320: creating quickstart-guice - a modification of quickstart that uses guice
new ed0471f SHIRO-320: adding a native sessions example to samples-guice
new 7bf1f98 SHIRO-364: Adding initial implementation of bean listeners
new 4fa9a67 SHIRO-375: merging colon in password fix and test to trunk
new cb23be1 SHIRO-376: merging shiro-cas karaf fix from 1.2.x
new 604933f SHIRO-368: merging DomainPermission fix to trunk
new de5cefd SHIRO-344: pulling in 1.2.1 fixes into trunk
new 7abcba5 Integrate apache-rat into release process, update plugin version to 2.3.2
new fa34a92 Merged from 1.2.x SHIRO-350: Prevented session storage when the subject is a non-web subject and the session manager is a web-only session manager. [from revision 1365167]
new f91ddd7 Merge from 1.2.x
new 817c925 Merged from 1.2.x
new e53e5b4 svn ignore target directory
new 0657cb7 Updated release plugin's arguments
new 7456a6a Merged from 1.2.x SHIRO-354: provided integration test verifying correct functionality [from revision 1365275]
new f5a8bc9 Merged from 1.2.x SHIRO-354: provided integration test verifying correct functionality [from revision 1365275]
new c4ded84 merged from 1.2.x
new 0c48445 Merged from 1.2.x SHIRO-374: session id name sanity checking [from revision 1365297]
new 48a0d25 Merged from 1.2.x SHIRO-377: fixed erroneous null check [from revision 1365311]
new 767d378 Minor plugin version upgrades before merging in from the 1.2.x branch.
new 43ab65e Merge from 1.2.x branch
new 2ca0f29 Updated to reflect the 1.2.0 and 1.2.1 releases.
new 1c107a1 Fixed DOAP erroneous version name for 1.2.1
new 27544e9 SHIRO-380: added unit tests for DelegatingSubject-specific logic
new e95dea4 SHIRO-395: added initial implementation - all org.apache.shiro.event.** additions are at 100% test coverage.
new 0e1b5e5 SHIRO-395: minor JavaDoc update to indicate version introduced
new 3d6e074 SHIRO-397: applied patch
new acbf5f6 fixe ASF license headers
new 3356bc8 SHIRO-403: applied patch.
new 5d4a439 SHIRO-332: increased visibility from private to protected for two methods per issue and comment.
new dc6378e SHIRO-395: Consolidated Publisher and SubscriberRegistry interfaces into a single EventBus interface. The separate interfaces were causing a lot of unnecessary complexity if you had a component that need to both publish and subscribe. The new EventBus interface more easily/cleanly satisfies 3 usage scenarios in a single component (publish, subscribe and publish+subscribe). All related test cases have 100% class, method and line coverage.
new c00a827 SHIRO-395: Removed unused packages.
new 91f17c2 SHIRO-389: fixed erroneous Export-Package statement
new 3f88460 SHIRO-395: Refactored BeanEvent mechanisms to work with the EventBus concepts. Updated ReflectionBuilder to have first-class Class representations of configuration concepts. Event ordering discussion TBD on the dev mailing list.
new ccdf4c3 SHIRO-391 -- ThreadContext.bind(Subject) also binds the subject's primary principal to slf4j's MDC
new cefe57b SHIRO-412: I got tired referencing Hazelcast-based examples I created outside of Shiro, so I'm bringing it into the project properly. Works great. Hazelcast is Apache-licensed as well and probably should be our default caching recommendation (Ehcache is I think still LGPL and a touchy issue - we can't extend any of its code - just invoke it).
new a302519 SHIRO-415: updated isLoginAttempt(String authzHeader) to use English Locale.
new 94a320d SHIRO-412: fixed static method import order (PowerMock replay methods were being trumped by EasyMock's)
new 56cb554 SHIRO-395: event bus + event + infrastructure changes. 100% class/line coverage for all new events + event bus and supporting components.
new 958a8de SHIRO-413: applied patch fix from 1.2.x branch
new 79e596d SHIRO-351: applied fix from 1.2.x branch
new 2862357 fixed license headers
new b7aa036 SHIRO-431: added .gitignore. Thanks for the pull request!
new bbf8768 SHIRO-373: applied patch. Thanks!
new ab8f37a SHIRO-418: fixed typo
new d602e8b SHIRO-390: marked OSGi imports of JSP optional
new 7fe46e2 SHIRO-399: applied patch. Thanks *very* much for the test case!
new dffd00d SHIRO-399: added minor test execution delay to ensure session timeout.
new 10dc203 SHIRO-316: applied patch. Due to patch's age, I did not use the patch's AspectJ version 1.6.7 since the project is already using a later stable version (1.6.12)
new 8143b74 SHIRO-316: applied patch. Due to patch's age, I did not use the patch's AspectJ version 1.6.7 since the project is already using a later stable version (1.6.12). Also upgraded the aspectj-maven-plugin from 1.3 to 1.4
new 5ef5d6a SHIRO-379: patch applied but with improvements (using concurrent read/write locks)
new 400d8dc SHIRO-388: added test to verify correct functionality.
new d5d73f1 SHIRO-394: applied fix per Jira issue
new d5f7e77 SHIRO-387: applied recommended servletContext attribute-based suggestion
new d221874 SHIRO-423: implemented fix w/ accompanying tests
new efcaa81 Fixed license header
new 3bc0183 SHIRO-429: applied bug fix and added tests for regression
new 8032f00 Moving current trunk to 1.x branch so 2.x development can be done on the trunk
new fcb0125 Re-creating a new trunk directory for 2.x development. The previous trunk dir is now located at branches/1.x
new 2fe01ee Copying the new 1.x branch into the new trunk as a starting point for work towards 2.x
new 399b72a Updated version to 2.alpha.0-SNAPSHOT. 1.3.0-SNAPSHOT now resides in branches/1.x.
new 0089825 Started cleaning up modules - introduced a 'lang' module for shared functionality. This might even make its way back into core - just flushing out things at the moment.
new 5a62aff Started cleaning up modules - introduced a 'lang' module for shared functionality. This might even make its way back into core - just flushing out things at the moment.
new b134b34 Updating to reflect a successful 1.2.2 release.
new c8a8080 Moved crypto code (ciphers, hashes, hash formats and hash service related classes) to their own module(s).
new b26291f Removed empty unused directories after move to new crypto module(s)
new db452d6 Moved event bus related code to its own module
new fd04b5e Removing empty directories
new 321b54a Updated aggregate (uber) jar with the project's updated dependency list.
new 8180fb8 Moved configuration-related code to a new module. This decouples configuration issues from Shiro's core API since config is largely environment specific (Ini, Tapestry, Spring, Guice, etc). This also (finally) removes shiro-core's dependency on Apache Commons BeanUtils.
new 6def106 Added config modules to the shiro-all .jar
new de6f107 Moved config-related tests to the config module(s)
new 19b36fe Removing empty directories
new ea91793 Removing OSGI bundle packaging type in some poms - they're causing classes from other modules to be included in the resulting .jar. We need to better analyze how to support OSGi effectively and then update the poms accordingly.
new 0140fab Extracted cache API to its own Maven module. No package names or public APIs have changed.
new 9137e6c Updating JndiLdapContextFactory to conform to spec rfc4513 section-5.1.2
new 96caaa1 adding release 1.2.3 to shire.doap.rdf
new aaf49d2 SHIRO-498: applied patch
new b74c1a7 enabling core test jar to fix broken builds
new 116d2f0 Updating pom with git info
new 5a06be7 Correcting scm connection info
new 12b599d Adding a CONTRIBUTING.md doc to the root
new ab90259 SHIRO-562: Avoid calling trim() twice
new 5b03bf3 Replace 'ACS' with 'Apache Shiro' in CONTRIBUTING.md
new 2537d08 SHIRO-443: Added DCL around creation of session validation scheduler.
new 78e9245 Changing swallowed exceptions to log.warn instead of log.debug
new e21e986 SHIRO-462: imporving logging of exceptions
new 549ec9d SHIRO-467: improving exception logging
new 5df7af5 SHIRO-516: Avoid build warning due to version differences between aspectj and the maven plugin
new 5b603d1 Update aspectj to the latest version
new 1460419 Update the webstart-maven-plugin to the latest release
new 64d9f83 Force RememberMe cipher to be set to survive JVM restart.
new e109f81 Adding cipherKey doc string to web sample
new f47ced3 SHIRO-518 Updating cas-client-core version to 3.2.2 Submitted by: Jérôme Leleu
new 73fb973 Removing log spam when no cache manager is enabled.
new fba5bd4 FIXED - SHIRO-496: Update shior.guice dependency - apply Kevin Sweeney's patch to remove Guava with changes. The original patch has a bug in ShiroWebModule.setupFilterChainConfig, add a rudimentary fix
new 23afbb6 Add java 1.8 to JavaEnvironment
new eae601b Disabled javadoc lint when using java 1.8
new 235209e Make the apache-rat-plugin ONLY run against the root project.
new ddbafc4 SHIRO-515 [1/2] Mark the ExecutorServiceSessionValidationScheduler "enabled" even with a 0 interval
new cc77f33 SHIRO-515 [2/2] 'synchronized' #disableSessionValidation()
new da4c167 SHIRO-566 Use Collections wrappers to save memory and cpu.
new dbd1d62 SHIRO-564 lower-case wildcard string before building subparts so that the subparts list is not created twice for case-insensitive strings.
new a862620 SHIRO-300 Add protected setParts(list) method to WildcardPermission so subclasses can create their own parts/subparts list.
new 50393a2 SHIRO-435: Fix the double SecurityManager singleton. Also prevent the same issue on Environment. Update test cases of ShiroWebModule accordingly. (Patch from https://issues.apache.org/jira/browse/SHIRO-435)
new 01b3562 Fix the calculation for the hash iterations
new 49c14ff Added basic README.md for display on social coding sites.
new fbae5e9 Add README.md to apache-rat-plugin excludes
new 08a860f Correct OSGI import version for com.google.inject
new 3ca513f SHIRO-473 Fix NPE thrown from DefaultAnnotationResolver.getAnnotation
new 7d6f53c SHIRO-547 Use MessageDigest.isEqual when comparing digests
new 1900623 SHIRO-437 Corrected WildcardPermissions toString when permission contained a comma.
new 5be8e71 Updating shirt.doap.rdf with missing releases 1.2.4, 1.2.5, 1.2.6
new 9a4de3b SHIRO-480: Remove the wrong assignment to this.targets
new 96aa7f1 SHIRO-421 Corrected integer overflow when calling HttpServletSession.getTimeout()
new 206dae9 Added missing license to HttpServletSessionTest cause by previous commit
new 48980e1 SHIRO-570: Only accept a cookie value when the request uses the proper path.
new 00beeef SHIRO-514 ExecutorServiceSessionValidationScheduler creates threads with a configurable name
new 791867f Replaced cobertura with jacoco and added an aggregated coverage report
new 2d0db71 Dressed up the generated site a little bit with the fluid skin and header images
new 5b59da3 SHIRO-483 always use English locale in ProvidedHashFormat
new 4c1a4cf SHIRO-436 Added EnvironmentLoader.finalizeEnvironment() method
new d388381 Corrected license header in previous commit
new f4df381 SHIRO-278: Renamed JndiLdapRealm to DefaultLdapRealm
new 3432f6a Small bug fix and test for handling classnames in LoggingBeanEventListener
new ff84432 SHIRO-200: Added ability to configure basic authentication for specific HTTP methods
new ba1cffd Corrected shiro-faces javadoc @since tag to be 2.0
new 4ddc3d0 Removed call to requireExplicitBindings() in ShiroModule, this is not backwards compatible.
new eb71da4 fix up logging dependencies in quickstart samples
new fcc6613 SHIRO-571: Removed shiro-cas classes module
new 5c3fea0 SHIRO-361 Added property to support disabling of JSESSIONID in URL
new 6495534 Adding 1.3.0 release to shirt.doap.rdf
new 63f2891 SHIRO-577 Fixes bug allow enabling of SessionValidationScheduler when set via setSessionValidationScheduler
new 6e152b1 Improved log message and level when AbstractRememberMeManager fails to parse.
new ef5450b Updated shiro.doap.rdf with 1.3.1 release
new baaf4f5 Updated shiro.doap.rdf with 1.3.2 release
new 9caeeab Added fix to adjust how the servlet context path is handled
new 3e9f058 Add missing license header test class.
new f4855e5 SHIRO-586 - Change getRoleNamesForUser from private to protected so that it can be used in sub-classes
new 03927e2 SHIRO-576 Updated dependency beanutils to version 1.9.3 in order to get rid of CVE-2014-0114
new 28c95ee SHIRO-587 - Expose searchFilter as a property that can be set in the ini
new d9715bc Revert "SHIRO-462 - Changing swallowed exceptions to log.warn instead of log.debug"
new aa2cd4f SHIRO-590 - Added Spring Boot starters and programatic Spring support.
new c39a367 SHIRO-589 - Update Servlet Dependency to 3.1
new 4140e56 fix: servlet 3.1
new 2fbf623 SHIRO-589 - Adding servlet-fragment and sample
new 57b2ae2 Fixed and enabled web sample test
new 68d1d93 SHIRO-301 - Call permissionResolver directly in AuthorizingRealm
new f9fb8b9 SHIRO-296 - Typo fixes in javadoc and exceptions.
new af75fb5 SHIRO-501 - Add support for String interpolation
new 4af5e18 SHIRO-593 - Moved 'defaultBeans' to IniFactorySupport
new 6e9a20a SHIRO-593 - Added getFrameworkIni() method to IniWebEnvironment
new 86d951e SHIRO-593 - Allow defaults added to the IniWebEnvironment to be passed into the SecurityManager and FilterChainResolver factories
new b2f5db9 SHIRO-445 - Expose get/set methods from IniWebEnvironment to ReflectionBuilder to allow configuring custom interpolation
new e0cfce9 Cleaning up jetty dependencies in tests
new 3942307 SHIRO-591 - Allow BasicHttpAuthenticationFilter to be configured in permissive mode
new 62dd1ef SHIRO-392 Added JAX-RS support module
new f5acaa0 Update commons, ehcache, and aspects dependency versions
new f2dfa7f SHIRO-493 - Adding new methods and deprecating old to ShiroWebModule to support Guice 4
new 6c5701a correct parent pom issues with new submodules
new 311041d replaced project.version with actual version in root pom
new 31492ea SHIRO-594 - Hazelcast version bumped-up to 3.7.2
new e6db45c Cleaned up duplicated integration test code
new 4e8feab Update groovy dependency version to 2.4.7
new 67d340e Updated Spring hibernate example to use hibernate 4
new d000550 SHIRO-576 Added OWASP dependency check plugin
new 2f4d635 SHIRO-595 - Allow for POST method only logouts via the LogoutFilter
new 0aabcfa Minor pom correct after the last few cherry-picks from the 1.4 branch
new 888163f Adding missing license headers
new 579f7d9 Add Maven Central badge to README.md
new e351669 SHIRO-599 - updating parent pom to match 1.4 branch
new 6eb070f Adding back in removed UnailableSecurityManagerException constructor
new 53f1f6d Moving master back to 1.4 version
new 3fccc75 SHIRO-206 - Removing shiro-faces from master (for now)
new 056d7cc Adding shiro-cas back to master
new 3a23929 removing shiro-openid4j from master until work is complete
new d44204a Moved CollectionUtils back to shiro-core
new 42e3b51 Updated parent pom dependencies and plugin versions
new e8ba5cb added newer modules to test-coverage pom
new 5e35941 Corrected and excluded sample project packages from coverage
new 03c676e Added missing projects to overall coverage repor
new 77c5962 tweaking jacoco settings to help report _more accurate_ sonar data
new 2606a38 Removing dead code from samples
new 3c6afaf Revert "SHIRO-391 -- ThreadContext.bind(Subject) also binds the subject's primary principal to slf4j's MDC"
new d8ef0c0 [maven-release-plugin] prepare release shiro-root-1.4.0-RC2
new 0c49ef7 [maven-release-plugin] prepare for next development iteration
new 64d61b1 Updating shiro.doap.rdf with current release
new 6d738af SHIRO-603 - fix for endless recursion in ShiroSecurityContext.getUserPrincipal()
new 9cc88cb Added private salt option to password Hasher
new 46bcb3b Updated Spring examples
new 4344076 Removed incorrect import (auto complete issue)
new 03cad01 Add more Spring examples
new 2fed5d1 SHIRO-605: Use LinkedHashMap to maintain order of filter chain
new 505b0d5 Add heroku buttons for spring-boot-web, spring-hibernate, web, and guice examples
new 59ffa69 Fixed spring-hibernate example issue where optional jars would not resolve correctly when packaging
new 71282d6 fixed spring-mvc war packaging issue (now runs as a proper war with `mvn jetty:run-war`
new 213d7ff Minor changes to make all of the web samples work via a war. (mvn jetty:run-war)
new 9475c99 Disable session URL rewriting on web examples
new dae4016 Fix Guice IT that expects RememberMe to persist across restarts
new 85edb74 Generate the shiro.daop.rdf file as part of the site build
new 98810db unit test against AuthorizationAttributeSourceAdvisor.matches
new 0aec373 SHIRO-607: find the annotations on the types as well
new 5300143 DefaultShiroFilterChainDefinition updated to use LinkedHashMap to preserve order
new eb7f6f5 Add missing license header
new 3436fe6 SHIRO-611: Use DefaultWebSessionStorageEvaluator in Spring web module
new ea7eb00 clean up logging in BasicHttpAuthenticationFilter
new 09ebb5c SHIRO-608: use a ServiceLoader to discover WebEnvironments
new 8acc82a SHIRO-619: use private instance of BeanUtilsBean
new 3ebfd95 SHIRO-618 - Autoconfiguration for Realm and ShiroFilterChainDefinition
new 66e6b96 SHIRO-618 Remove Spring duplicate auto config classes
new b12d70e SHIRO-559 Remove checked exception on @PreDestroy in ShiroModule
new 7a064fd add missing license headers
new 64480fc JDK 1.8u121 requires the --allow-script-in-comments flag to be set
new f326fd3 Updating versions on master to 1.4.1-SNAPSHOT
new c1c094b [SHIRO-662] Changed the name of a private internal constant of the AuthenticationRealm class to match it's purpose.
The 1721 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.