Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-07 20:52:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,117 Commits 51 Branches 345 Tags
Commit Graph

4117 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Luke Taylor
9b0c21dfef 3.0.3 release. Update version in build files. 3.0.3.RELEASE 2010-07-01 00:37:29 +01:00
Luke Taylor
8301bd6276 Added that config jar is required to use the namespace. 2010-06-30 20:47:35 +01:00
Luke Taylor
1872d94aa1 Porting gradle changes from master 2010-06-30 20:45:03 +01:00
Luke Taylor
46611872db Updated version in manual for 3.0.3 release 2010-06-30 15:59:34 +01:00
Luke Taylor
b6cbdde0cb Minor doc xref link corrections. 2010-06-26 13:14:15 +01:00
Luke Taylor
71e1702224 SEC-1493: Documentation of support for erasing credentials. 2010-06-26 12:34:20 +01:00
Luke Taylor
80ccd2b285 SEC-1501: Fix bean classname in Javadoc for SwitchUserFilter. 2010-06-25 13:36:52 +01:00
Luke Taylor
02c1f02f2a SEC-1493: Fix broken tests in 3.0.x branch 2010-06-25 13:36:08 +01:00
Luke Taylor
21a664b2eb Deprecation warning suppression for UserMap. 2010-06-25 12:50:58 +01:00
Luke Taylor
9a2d0c2cb5 SEC-1493: Added namespace support. 2010-06-20 21:11:49 +01:00
Luke Taylor
73b62497a3 SEC-1493: Added CredentialsContainer interface and implemented it in User, AbstractAuthenticationToken and UsernamePasswordAuthenticationToken. ProviderManager makes use of this to erase the credentials of the returned Authentication object (and its contents) if configured to do so by setting the 'eraseCredentialsAfterAuthentication' property. 2010-06-20 21:11:40 +01:00
Luke Taylor
09aba3906c SEC-1496: Added support for use of any non-standard URL schemes in DefaultRedirectStrategy. 2010-06-18 03:34:13 +01:00
Luke Taylor
57cfff6f5c SEC-1500: Convert AbstractRetryEntryPoint to use requestURI to correctly encode URLs. 2010-06-18 01:33:38 +01:00
Luke Taylor
b7b6b2bac7 Update to Spring 3.0.3.RELEASE 2010-06-18 01:27:32 +01:00
Luke Taylor
8602ae3863 Upgrade maven build to Spring 3.0.3.BUILD-SNAPSHOT 2010-06-15 00:16:41 +01:00
Luke Taylor
8737fe3acb SEC-1495: Convert User class equals and hashcode methods to only use the "username" property. 
This prevents situations where other data may have changed when a User object is reloaded (during a subsequent authentication attempt, in which case and Set.contains()/Map.containsKey() will return false even though the collection in question contains a principal representing the same user.
 2010-06-10 22:28:12 +01:00
Luke Taylor
27faad3402 SEC-1488: Remove commons-logging dependencies from maven poms and use slf4j in all samples. 2010-05-28 13:10:08 +01:00
Luke Taylor
aaa7bd90b2 SEC-1481: Updated constructors of Authentication types to use a generic wildcard for authorities collection. 2010-05-21 16:02:25 +01:00
Luke Taylor
295e0ded18 SEC-1483: Change User constructor to use a generic wildcard for authorities collection. 2010-05-21 16:02:07 +01:00
Luke Taylor
304f12fb63 SEC-1455: Load namespace parsers when required, rather than on init() call, to avoid classloaded issue with dmServer failing to resolve web classes when the namespace handler is first used. 2010-05-21 15:42:11 +01:00
Luke Taylor
8cbe232fbf SEC-1480: Add simple equals and hashcode methods based on DN value to LdapUserDetailsImpl to allow its use as a map key (in SessionRegistry, for example). 2010-05-15 02:29:56 +01:00
Luke Taylor
5ac106808e Remove outdated scm information from pom.xml. 2010-04-28 20:16:40 +01:00
Luke Taylor
8c605516b3 SEC-1463: Change namespace user-service parser to store username in lower-case when building map for in-memory UserDetailsService. Lookups are supposed to be case-insensitive with this class. 2010-04-24 16:42:00 +01:00
Luke Taylor
e6e168f127 SEC-1456: Set rtexprvalue=true for "url" attribute in access tag to allow dynamic values (such as URL of current page). 2010-04-21 17:29:27 +01:00
Luke Taylor
6d6c2d31ef SEC-1462: Only apply session fixation protection strategy if request.isRequestedSessionIdValid() returns true. We don't need to create a new session if the current one already has a different Id from the client. 2010-04-20 18:04:56 +01:00
Luke Taylor
8f6aecac9b Clarify that multiple authentication-provider elements can be used in combination. 2010-04-17 15:25:37 +01:00
Luke Taylor
0760bb947b SEC-1458: Remove logger field in HttpSessionEventPublisher in favour of direct lookup. Prevents early initialization of logging system when listener is initialized. 2010-04-16 16:13:41 +01:00
Luke Taylor
9d2e2ca11d SEC-1232: Add config dependency to maven build for aspectj sample. 2010-03-31 19:59:19 +01:00
Luke Taylor
6354c7e052 SEC-1232: GlobalMethodSecurityBeanDefinitionParser support for mode='aspectj' 
AspectJ sample application context also updated to use this syntax.
 2010-03-31 17:41:23 +01:00
Luke Taylor
42cdaa0ce2 Latest gradle syntax updates. 2010-03-31 17:12:00 +01:00
Luke Taylor
eda60b72b1 SEC-1448: Fixed failure to resolve generic method argument names in MethodSecurityEvaluationContext. 
Changed to use AopUtils.getMostSpecificMethod() when obtaining the method on which the parameter resolution should be performed. Also added better error handling and log warning when parameter names cannot be resolved. The exception will then be a SpEL one, rather than a NPE.
 2010-03-27 17:22:38 +00:00
Luke Taylor
0d198d42ae SEC-1444: Fix JNDI escaping problems in LDAP authentication. 
CompositeName adds quotes to names which contain a forward slash ("/") character. These are automatically removed by Spring LDAP's DistinguishedName, but only if they are at the ends of the String. Since we were preprending the base to the (quoted) DN, resulting in something like ["cn=joe/b",ou=people], this was causing problems with the DN value returned from the search. Additionally, the bind succeeds when a DN is used with a slash, but the subsequent call to getAttributes() fails. This call now passes in a DistinguishedName for the user DN instance instead of a String.
 2010-03-27 15:30:45 +00:00
Luke Taylor
f000aaa7e8 SEC-1440: Implement support for separate entry-point-ref on htt-basic namespace element. Changes ported from master branch. 2010-03-26 14:06:12 +00:00
Luke Taylor
634e340d80 Update schema version to 3.0.3 2010-03-26 13:53:56 +00:00
Luke Taylor
4c8e9e2d7e SEC-1450: Replace use of ClassUtils.getMostSpecificMethod() in AbstractFallbackMethodDefinitionSource with AopUtils.getMostSpecificMethod() equivalent. 
Ensures protect-pointcut expressions match methods with generic parameters.
 2010-03-24 21:03:45 +00:00
Luke Taylor
e518adbef1 SEC-1443: Modify Jsr250Voter to handle multiple "RolesAllowed" roles. 
It now votes to abstain if there are no Jsr250 attributes present. If any are found, it will either deny or grant access. For multiple "RoleAllowed" attributes, access will be granted if any user authority matches or denied if no match is found.
 2010-03-22 16:26:49 +00:00
Luke Taylor
59b69f6f48 SEC-1434: Remove use of BeanDefinition of type java.lang.String which causes problems in Google App Engine. 
This results in the method BeanUtils.findEditorByConvention attempting to get hold of the system classloader which isn't allowed by the security manager in GAE.
 2010-03-16 02:22:36 +00:00
Luke Taylor
b8e50c0933 SEC-1439: Make getters and setters public on HttpRequestResponseHolder. 
Necessary to allow use of custom SecurityContextRepository.(cherry picked from commit d5df53f1dbfcbe274656cce4e7a2e064f8db1597)
 2010-03-12 15:54:12 +00:00
Luke Taylor
677576ea8b SEC-1429: Fix test. Wasn't setting allowSessionCreation=false on failure handler. 2010-03-11 02:30:37 +00:00
Luke Taylor
91153df78d SEC-1262: Added new (replacement) AspectJ interceptor which wraps the JoinPoint in a MethodInvocation adapter to provide compatibility with classes which only support MethodInvocation instances. 
Also deprecated the existing AspectJ interceptors. This will also allow future simplification of the AbstractMethodSecurityMetadataSource, as it no longer needs to support JoinPoints.
 2010-03-11 02:15:35 +00:00
Luke Taylor
1b0ac9c785 Porting of gradle changes from master. 2010-03-11 02:15:02 +00:00
Luke Taylor
8c9159f273 Added repo for aws-maen 3.0.0 dep 2010-03-06 01:41:38 +00:00
Luke Taylor
4c8b0faa88 Upgrade aws-maven to 3.0.0.RELEASE (mvn 2.2.x compatible) 2010-03-05 18:03:59 +00:00
Luke Taylor
5a5b62e2cb SEC-1429: Removed cached authentication from session after successful authentication.(cherry picked from commit 43f0e111067dec72f2a496ad7d9df9fc10de43dc) 2010-03-05 00:11:08 +00:00
Luke Taylor
6ac8588144 Fix to Javadoc for AbstractAuthenticationProcessingFilter.(cherry picked from commit a3263753d93bba781471135448c4de5564fe464a) 2010-03-04 22:07:30 +00:00
Luke Taylor
5690f1c581 SEC-1428: Check if response has been committed before redirecting to target URL in AbstractAuthenticationTargetUrlRequestHandler. 2010-03-04 22:00:37 +00:00
Luke Taylor
87cf27ab7c SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect. 2010-03-04 21:49:38 +00:00
Luke Taylor
41e06152b3 SEC-1420: JSP for itest of authentication tags with and without escaping. 2010-03-04 01:44:54 +00:00
Luke Taylor
a7e21318bf SEC-1425: Replace use of Java 1.6 String.isEmpty(). 2010-03-04 00:52:54 +00:00
Luke Taylor
bc6aae132b SEC-1420: Add htmlEscape attribute to authentication JSP tag. 
This allows HTML escaping to be disabled if required.
 2010-03-04 00:47:59 +00:00