Clone Tools
  • last updated a few seconds ago
Constraints: committers
Constraints: files
Constraints: dates
ISIS-2156 hotfix: disable HttpSessions creation when basic-auth strategy

- several principal and related objects have been improved to procude

less stress on the heap

- smoketests added that also test for the absence of a HttpSession when

using basic-auth strategy against a rest endpoint

- also moves the new restclient introduced with v2 from applib to a new

extension module 'restclient'

- improvements to the restclient to also handle scalar value types

  1. … 31 more files in changeset.
ISIS-2156 bump shiro version 1.3.2 -> 1.4.1

- despite the unresolved shiro issue [1], however the mentioned

workaround appears to work:

filterChainResolver =



  1. … 4 more files in changeset.
ISIS-2156 enables smoketest for stress-testing the restful endpoint

- we now have the infrastructure to reproduce the memory leak issue

- also adds an optimization to the IsisModuleSecurityRealm, to not

authenticate a user twice per request

findings so far, PrincipalForApplicationUser indeed does not get garbage


  1. … 2 more files in changeset.
batch update source format:

- Add missing '@Override' annotations

- Correct indentation

- Add file header (JAutodoc)

  1. … 1061 more files in changeset.
batch update source format: organize imports and reorder









  1. … 797 more files in changeset.
ISIS-2156 allow for ShiroWebModule to be primed with a custom ini file

- also renames module 'smoketest' -> 'smoketests'

  1. … 87 more files in changeset.
ISIS-2157 minor: code cleanup and deduplication

ISIS-2157 fixes auto-create user related vulnerability

When using delegated authentication, desired behavior is to auto-create

user accounts in the DB only if these do successfully authenticate with

the delegated authentication mechanism, while the newly created user

will be disabled by default.

ISIS-2157 adds a FIXME[2157] marker to the problematic code

ISIS-2156 adds smoketest for Secman using delegated LDAP authentication

- testing for proper user auto-creation (initial state disabled)

- testing proper login/logout for existing user

  1. … 8 more files in changeset.
ISIS-2156 adds smoketests for shiro

- testing the simple ini realm

- testing the module security (secman) realm (just a stub)

- also adds an embedded LDAP server for testing

  1. … 9 more files in changeset.
ISIS-2125 batch-update license headers for *.java files

  1. … 324 more files in changeset.
ISIS-2151 working on provisioning by Spring

- updates the demo-app to use the security manager extension

- yet sub menu entries are not placed correctly

- some services still need to be recognized by Spring for provisioning

but at least the demo does launch

  1. … 19 more files in changeset.
ISIS-2151 restructure module hierarchy, also splitting out encryption

  1. … 212 more files in changeset.