Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-07 04:32:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,116 Commits 51 Branches 345 Tags
Commit Graph

3116 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
c4bcce1ac3 Next development version 2012-10-08 22:24:06 -05:00
Rob Winch
23bdc7d766 Release 2.0.8.RELEASE 2.0.8.RELEASE 2012-10-08 21:18:15 -05:00
Rob Winch
d07d97838a Update for javadoc execute with package 2012-10-08 21:09:58 -05:00
Rob Winch
f5fc94e1be SEC-2056: DaoAuthenticationProvider performs isPasswordValid when user not found 
Previously authenticating a user could take significantly longer than
determining that a user does not exist. This was due to the fact that only
users that were found would use the password encoder and comparing a
password can take a significant amount of time. The difference in the
time required could allow a side channel attack that reveals if a user
exists.

The code has been updated to do comparison against a dummy password
even when the the user was not found.
 2012-10-08 15:52:40 -05:00
Rob Winch
a4f13a9ae0 Added SCM information to pom for OSS requirements 2012-10-08 07:41:26 -05:00
Rob Winch
5c308c0215 Further maven 3 cleanup 2012-10-07 18:56:51 -05:00
Rob Winch
a0f91b2dd2 Update maven-resources-plugin to 2.6 to work with m2e 2012-10-07 18:21:16 -05:00
Rob Winch
6cf44b9de0 Update maven-dependency-plugin to 2.5.1 to support m2e 2012-10-07 18:09:46 -05:00
Luke Taylor
55e501711d Set version to 2.0.8.CI-SNAPSHOT 2011-08-19 13:23:04 -07:00
Luke Taylor
d5e6f0b575 Set release version to 2.0.7.RELEASE 2.0.7.RELEASE 2011-08-19 13:18:45 -07:00
Luke Taylor
76dc21469e SEC-1750: Make sure RunAs replacement is constrained to the SecurityContext of the current thread. 2011-08-19 13:18:45 -07:00
Luke Taylor
22b7c9b905 SEC-1742: Make extraInformation in AuthenticationException transient. 2011-08-19 13:18:45 -07:00
Luke Taylor
0cdf202b10 SEC-1744: Do not trust authorities contained in the authentication request in JaasAuthenticationProvider. 2011-08-19 13:18:45 -07:00
Luke Taylor
a507e3612a SEC-1741: Modify ContextPropagatingRemoteInvocation to pass a simple combination of principal/credentials as Strings, rather than serializing the whole SecurityContext object from the client. 2011-08-19 13:18:45 -07:00
Luke Taylor
f5fbda42e5 SEC-1790: Reject redirect locations containing CR or LF. 2011-08-19 13:18:35 -07:00
Rob Winch
d5b72275e5 SEC-1639: FirewalledRequest is now called on the specific FirewalledRequest instance rather that looping through ServletRequestWrappers. 
VirtualFilterChain now accepts the FirewalledRequest in the constructor. The reset method is called directly on the instance passed in instead of looping through the ServletRequestWrappers.
 2010-12-17 09:42:25 -06:00
Luke Taylor
08a933f930 SEC-1608: Ensure request wrapper is reset for empty filter chains. 2010-12-08 13:56:08 +00:00
Rob Winch
54ffc98bb4 SEC-1606: Added a FirewalledRequestAwareRequestDispatcher that will call FirewalledRequest.reset() before a forward 2010-11-03 15:01:39 -05:00
Luke Taylor
1c3d530b60 Switch versions to 2.0.7.CI-SNAPSHOT 2010-10-25 17:20:25 +01:00
Luke Taylor
beb0ec4ba9 Version 2.0.6.RELEASE 2.0.6.RELEASE 2010-10-25 17:18:16 +01:00
Luke Taylor
dec2e59fba SEC-1584: Backport of namespace support for injecting custom HttpFirewall instance into FilterChainProxy. 2010-10-14 20:32:01 +01:00
Luke Taylor
ed7f589998 SEC-1584: Additional integration tests. 2010-10-13 00:05:38 +01:00
Luke Taylor
8f6ddb0f17 SEC-1584: Backport to 2.0.x branch of request firewalling (normalization checks and path-parameter stripping from servletPath and pathInfo). 2010-10-13 00:04:44 +01:00
Luke Taylor
62a8aca853 .gitignore updates 2010-10-03 23:39:33 +01:00
Luke Taylor
9c6a5135a3 SEC-1532: Patch applied to 2.0.x branch 2010-08-26 14:13:01 +01:00
Luke Taylor
0acf262546 SEC-1462: Added suggested patch (effectively the same as changes in 3.0.x and master branches). 2010-04-20 18:16:45 +01:00
Luke Taylor
6ad652ae97 Update 2.0 branch pom versions. 2010-04-20 18:15:51 +01:00
Luke Taylor
068b3d48ec Add .gitignore to 2.0.x branch 2010-04-16 15:15:54 +01:00
Luke Taylor
d6f6a54455 SEC-1444: Backport of changes to 2.0.x 2010-04-16 15:14:01 +01:00
Luke Taylor
4361211c21 Change release from milestone to release 2.0.5.RELEASE 2009-07-14 12:29:51 +00:00
Luke Taylor
71adc26b0f [maven-release-plugin] prepare release spring-security-2.0.5.RELEASE 2009-07-14 00:29:53 +00:00
Luke Taylor
eb3288ca34 Removing unnecessary repository declarations 2009-07-13 23:53:12 +00:00
Luke Taylor
f3f4cfe804 Minor changes to readme 2009-07-13 23:48:55 +00:00
Luke Taylor
40fa884860 Updated release plugin version 2009-07-13 23:47:53 +00:00
Luke Taylor
3e393c9df6 Tidying test class 2009-07-13 23:47:33 +00:00
Luke Taylor
a61aca1abf Update to bundlor M5 2009-07-13 13:07:44 +00:00
Luke Taylor
52d2c904f9 Disable adapters build 2009-07-09 12:38:59 +00:00
Luke Taylor
149fd5d8de Add bundlor templates 2009-07-09 12:26:11 +00:00
Luke Taylor
f3f02d8aed Update sec-2.0.x branch to use bundlor 2009-07-09 11:51:26 +00:00
Luke Taylor
781c99f257 SEC-1145: Updated LDAP code to make sure pooling flag is removed when binding as a specific user (for real this time) 2009-06-03 16:57:33 +00:00
Luke Taylor
b77f780993 SEC-1145: Updated LDAP code to make sure pooling flag is removed when binding as a specific user 2009-06-03 16:12:54 +00:00
Scott Battaglia
22964837e9 SEC-1066 
upgraded to CAS Client for Java 3.1.5
 2008-12-22 19:37:50 +00:00
Scott Battaglia
7566802a08 SEC-1046 
upgrade to CAS Client for Java 3.1.4
 2008-12-16 14:50:04 +00:00
Luke Taylor
4c3867718e SEC-1031: Ported change from trunk. 2008-11-11 23:36:47 +00:00
Luke Taylor
ad4b5c487f Temporarily store webflow test sample in sandbox 2008-10-02 23:24:58 +00:00
Luke Taylor
48013b2c93 typo 2008-10-02 15:26:20 +00:00
Luke Taylor
03b21494bc Corrected typo 2008-10-02 14:53:24 +00:00
Luke Taylor
ac54976f9e Added appendices to end of doc 2008-10-02 14:50:58 +00:00
Scott Battaglia
7594e1ae2f SEC-984 
added template method to allow to override the default of retrieving user by username.
 2008-10-01 18:49:52 +00:00
Luke Taylor
97381fb448 SEC-974: Made getExceptionMappings() protected. 2008-10-01 16:25:20 +00:00