Directory Classes/Security/Aspect/

Lines of Code

Developers

Most Recent Commits

k-fish 2010-08-24 10:42 Rev.: 5057

Removed everything in trunk after move to git.

0 lines of code changed in 7 files:

• Classes/Security/Aspect: F3_FLOW3_Security_Aspect_InterceptorInvocation.php (del), F3_FLOW3_Security_Aspect_PolicyEnforcementAspect.php (del), F3_FLOW3_Security_Aspect_RequestDispatchingAspect.php (del), LoggingAspect.php (del), PersistenceQueryRewritingAspect.php (del), PolicyEnforcementAspect.php (del), RequestDispatchingAspect.php (del)

k-fish 2010-08-13 16:21 Rev.: 4969

[-TASK] FLOW3: Removed @version keyword from files, resolves #8835.

0 lines of code changed in 4 files:

• Classes/Security/Aspect: LoggingAspect.php (-1), PersistenceQueryRewritingAspect.php (-1), PolicyEnforcementAspect.php (-1), RequestDispatchingAspect.php (-1)

k-fish 2010-06-24 15:34 Rev.: 4628

[~TASK] TYPO3: Adjusted Policy.yaml to new expected format.
[~TASK] FLOW3: Some small fixes to doc comments and code.
[~TASK] Fluid (Parser): Got rid of the constructor in Parser\Configuration.

8 lines of code changed in 1 file:

• Classes/Security/Aspect: PersistenceQueryRewritingAspect.php (+8 -8)

k-fish 2010-06-24 11:27 Rev.: 4621

[~TASK] FLOW3 (Persistence): Renamed QOM to Qom to follow coding guidelines, part 1 of 2.

8 lines of code changed in 1 file:

• Classes/Security/Aspect: PersistenceQueryRewritingAspect.php (+8 -8)

andi 2010-06-23 13:31 Rev.: 4613

* [+TASK] FLOW3 (Object): Added session scope related methods to the object manager and interface.
* [+FEATURE] FLOW3 (AOP): Added a matches operator as a new possibility for runtime evaluations.
* [+FEATURE] FLOW3 (AOP): Global objects available in runtime evaluations can now be configured in the settings. Resolves #6598.
* [+FEATURE] FLOW3 (Security): Implemented query rewriting according to the security policy. Relates to #5659, Resolves #6604.

459 lines of code changed in 1 file:

• Classes/Security/Aspect: PersistenceQueryRewritingAspect.php (new 459)

k-fish 2010-03-04 11:06 Rev.: 3903

[+FEATURE] FLOW3 (Core): The flow3 hell script now uses the PHP binary specified in the PHP environment variable, resolves #6681.
[~TASK] FLOW3: Some SVN property maintenance.

1 lines of code changed in 1 file:

• Classes/Security/Aspect: LoggingAspect.php (+1 -1)

andi 2010-03-01 23:13 Rev.: 3895

[~TASK] FLOW3 (Security): Removed the security context holder session with its interface. The whole functionality is now available directly through the security context itself. Resolves #5851

7 lines of code changed in 1 file:

• Classes/Security/Aspect: RequestDispatchingAspect.php (+7 -7)

robert 2010-02-27 15:43 Rev.: 3877

[~TASK] FLOW3 (Security): Updated the security logging aspect which should now log all interesting debug information from an authentication provider.

2 lines of code changed in 1 file:

• Classes/Security/Aspect: LoggingAspect.php (+2 -2)

robert 2010-02-26 15:34 Rev.: 3867

[~API] FLOW3 (Utility): Renamed detectBaseUri() to getBaseUri().
[~TASK] FLOW3 (MVC): Recomitted my previous change in getRequestPath and reworked the path rendering in the Request object (now is called "route path"). Relates to #6596
[~BUGFIX] FLOW3 (Security): The WebRedirect entry point now takes the Base URI into account. That means you'll have to specify a _relative_ URI in your settings for defining a web entry point (i.e. no leading slash!).

0 lines of code changed in 1 file:

• Classes/Security/Aspect: RequestDispatchingAspect.php (-16)

andi 2010-02-14 15:07 Rev.: 3826

[~TASK] FLOW3(Security): Replaced all occurrences of ACL by Policy. Resolves #6462

1 lines of code changed in 1 file:

• Classes/Security/Aspect: PolicyEnforcementAspect.php (+1 -1)

robert 2010-02-02 10:41 Rev.: 3802

[#BUGFIX] FLOW3 (Documentation): Replaced the occurrences of "UsernamePasswordCR" with "PersistedUsernamePasswordProvider" to match the class name changes in FLOW3 1.0.0 alpha 7.

2 lines of code changed in 1 file:

• Classes/Security/Aspect: LoggingAspect.php (+2 -2)

robert 2010-01-15 15:38 Rev.: 3643

[~TASK] FLOW3 (Documentation): Updated the Coding Guidelines: removed inconsistent exceptions from the general class naming rules. Also added the rule that names of aspect classes must end with "Aspect". Relates to #5658
[~TASK] Global: Renamed many classes and interfaces in order to be consistent with FLOW3's naming rules. A migration script to update third-party applications will follow soon. Resolves #5658

7 lines of code changed in 2 files:

• Classes/Security/Aspect: LoggingAspect.php (+6 -6), RequestDispatchingAspect.php (+1 -1)

robert 2009-11-24 10:20 Rev.: 3487

[+API] FLOW3 (AOP): Added the JoinPoint class to the supported API. Also added a new method "hasException()" to the JoinPoint implementation. Resolves #5480
[~TASK] FLOW3 (Cache): Set the log level of flushCachesByTag to DEBUG
[~FEATURE] FLOW3 (Security): Implemented a logging aspect which currently logs all relevant actions of the authentication mechanism. The advices are currently active regardless of the configured logging threshold. Addresses #5481
[~TASK] FLOW3 (Security): Removed getSecurityContext() from the Authentication Manager Interface ? it was not used anywhere.
[~CONFIGURATION] FLOW3 (Security): Removed the requestPatterns configuration from the default security configuration. This configuration was only an example and got in the way if one wanted to reuse the DefaultProvider configuration for other login controllers.
[~TASK] Fluid (ViewHelpers): Corrected some inline documentation in the FormViewHelper

112 lines of code changed in 1 file:

• Classes/Security/Aspect: LoggingAspect.php (new 112)

sebastian 2009-10-13 08:17 Rev.: 3316

[+BUGFIX] FLOW3 (Security): Fixed two issues with Request Hashing. Changed hash implementation from normal SHA1 to a real HMAC. Thanks to Markus Krause for pointing this out. Relates to #4960.

1 lines of code changed in 1 file:

• Classes/Security/Aspect: RequestDispatchingAspect.php (+1 -1)

sebastian 2009-10-09 14:18 Rev.: 3311

[BUGFIX] FLOW3 (Security): Bugfix to automatic request hashing in context with CLI. Relates to #4960.

3 lines of code changed in 1 file:

• Classes/Security/Aspect: RequestDispatchingAspect.php (+3 -1)

sebastian 2009-10-09 13:59 Rev.: 3309

[!!!][+FEATURE] FLOW3 (Security): Added a HMAC generator and checker to prevent unauthorized access on objects where no edit fields were generated for. It is mandatory in case objects are modified on the server side. See the issue for a more in-depth explanation. This feature does NOT break backwards-compatibility as long as you use only Fluid for form-generation. In case of custom fields, it WILL break backwards compatibility, and you might need the @dontverifyrequesthash annotation. Resolves #4960.
[+FEATURE] Fluid (ViewHelpers): Added a request hash to all form fields. It is mandatory in case objects are modified on the server side. Relates to #4960.

22 lines of code changed in 1 file:

• Classes/Security/Aspect: RequestDispatchingAspect.php (+22 -1)

andi 2009-07-21 12:04 Rev.: 2840

* [~TASK] FLOW3 (Security): The security framework now uses the new session scope for its session data.
* [~TASK] FLOW3 (Security): Fixed some doc comments.

7 lines of code changed in 1 file:

• Classes/Security/Aspect: RequestDispatchingAspect.php (+7 -7)

k-fish 2009-07-16 15:02 Rev.: 2813

[+TASK] FLOW3: Removed file level docblocks and @package/@subpackage annotations.
[+TASK] Fluid: Removed file level docblocks and @package/@subpackage annotations.
[+TASK] Kickstart: Removed file level docblocks and @package/@subpackage annotations.
[+TASK] PHP6: Removed file level docblocks and @package/@subpackage annotations.
[+TASK] PHPUnit: Removed file level docblocks and @package/@subpackage annotations.
[+TASK] Testing: Removed file level docblocks and @package/@subpackage annotations.
[+TASK] Welcome: Removed file level docblocks and @package/@subpackage annotations.
[+TASK] YAML: Removed file level docblocks and @package/@subpackage annotations.

0 lines of code changed in 2 files:

• Classes/Security/Aspect: PolicyEnforcementAspect.php (-8), RequestDispatchingAspect.php (-8)

k-fish 2009-07-15 12:28 Rev.: 2794

[TASK] FLOW3: moved from @internal to @api, resolves #3883

0 lines of code changed in 2 files:

• Classes/Security/Aspect: PolicyEnforcementAspect.php (-2), RequestDispatchingAspect.php (-4)

robert 2009-05-20 19:14 Rev.: 2293

* FLOW3: Marked all methods as @internal except those which are considered part of the official API. Resolves #1280
* TYPO3CR: Fixed two tests of the Storage\PDO\Search testcase.

6 lines of code changed in 2 files:

• Classes/Security/Aspect: PolicyEnforcementAspect.php (+2), RequestDispatchingAspect.php (+4)

andi 2009-03-17 16:25 Rev.: 2004

FLOW3 (Security):
* made parallel authentication mechanisms possible. Now you can login to typo3 with a different mechanism than to flow3
* credentials are no longer stored in the session.
* the RSA keys are now stored in a cache with a TTL of 30.
* reinjectDependencies is now used when authentication tokens are retrieved from the session.
* Exception/Handler is not needed.
* the authentication tokens hold an authentication status now. Look at the TokenInterface for possible values.
* added a getTokensOfType() method to the security context.
* authentication entry points work now.
* Adjusted the security configuration in FLOW3.yaml (you have to enable security to test the new features)
* Access is now denied if no policy entry is found.
TYPO3 (Backend):
* renamed the property $viewObjectName to $defaultViewObjectName, according to latest changes.

30 lines of code changed in 1 file:

• Classes/Security/Aspect: RequestDispatchingAspect.php (+30 -13)

andi 2009-03-10 18:24 Rev.: 1982

FLOW3 (Security):
* changed the security aspects to use the new AOP setting filter format

3 lines of code changed in 2 files:

• Classes/Security/Aspect: PolicyEnforcementAspect.php (+1 -1), RequestDispatchingAspect.php (+2 -2)

robert 2009-01-28 13:04 Rev.: 1811

!!! Globally renamed all class files to the new shorter version. Resolves #2524
FLOW3: (Resource) Adapted the class loader and other related parts of FLOW3 to the new class filename convention
FLOW3: Moved the FLOW3 bootstrap into the F3\FLOW3 namepace

22 lines of code changed in 2 files:

• Classes/Security/Aspect: PolicyEnforcementAspect.php (new 9), RequestDispatchingAspect.php (new 13)

robert 2009-01-26 15:37 Rev.: 1792

* FLOW3: (Security) Renamed the aspect InterceptorInvocation to PolicyEnforcementAspect
* FLOW3: (Security) Completely removed the security code from the MVC dispatcher. Instead it is now woven in by advices in the new RequestDispatchingAspect. Resolves #2118
* FLOW3: (Security) The old and the new aspect are now only active if security is enabled. That means: No security related proxies are generated if security is turned off. Addresses #2118
* FLOW3: (Security) Security is now (again) enabled by default. But that doesn't mean that everything is secure yet ...
* FLOW3: (AOP) Fixed the "Setting" poinctut designator by adding the class to the Objects configuration.

194 lines of code changed in 2 files:

• Classes/Security/Aspect: F3_FLOW3_Security_Aspect_PolicyEnforcementAspect.php (new 90), F3_FLOW3_Security_Aspect_RequestDispatchingAspect.php (new 104)

k-fish 2009-01-15 16:06 Rev.: 1749

FLOW3:
* fixed license name in @license annotation, fixes #2454

1 lines of code changed in 1 file:

• Classes/Security/Aspect: F3_FLOW3_Security_Aspect_InterceptorInvocation.php (+1 -1)

k-fish 2009-01-07 11:37 Rev.: 1707

FLOW3:
* changed license to LGPL v3 or later

14 lines of code changed in 1 file:

• Classes/Security/Aspect: F3_FLOW3_Security_Aspect_InterceptorInvocation.php (+14 -7)

k-fish 2008-12-10 15:39 Rev.: 1599

!!! 5.3.0alpha3 namespaces refactoring:
* changed namespace delimiter from :: to \
* all class references in namespaced code prepended by \

PHPUnit:
* adapted mock object handling to the new namespaces syntax

FLOW3:
* PropertyReflection now uses setAccessible() instead of array cast to access protected properties

PHPCR:
* added a missing interface already used for type hints

9 lines of code changed in 1 file:

• Classes/Security/Aspect: F3_FLOW3_Security_Aspect_InterceptorInvocation.php (+9 -9)

robert 2008-09-30 19:34 Rev.: 1292

* FLOW3 (Security): Fixed the Interceptor Invocation Aspect / After Invocation Interceptor: the invoke() method did not return the result of the target method, therefore all proxied methods returned NULL.

1 lines of code changed in 1 file:

• Classes/Security/Aspect: F3_FLOW3_Security_Aspect_InterceptorInvocation.php (+1 -1)

andi 2008-09-24 18:43 Rev.: 1282

The biggest part of the security framework ist finished now:

FLOW3 (Security):
* Implemented the central security aspect
* Refactored the authentication manager
* Implemented the policy enforcement interceptor
* Implemented the access decision voter manager

38 lines of code changed in 1 file:

• Classes/Security/Aspect: F3_FLOW3_Security_Aspect_InterceptorInvocation.php (+38 -7)

andi 2008-09-23 15:21 Rev.: 1277

* FLOW3 (AOP): removed the cunstructor from the joinpoint interface, to be able to mock it.
* FLOW3 (Security): Implemented the policy expression parser and policy service
* FLOW3 (Security): Some pending changes in the authorization subpackage, more to follow soon

52 lines of code changed in 1 file:

• Classes/Security/Aspect: F3_FLOW3_Security_Aspect_InterceptorInvocation.php (new 52)