Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-21 22:05:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,943 Commits 33 Branches 337 Tags
Commit Graph

3943 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Luke Taylor
0551dd89ac SEC-1420: Add htmlEscape attribute to authentication JSP tag. 
This allows HTML escaping to be disabled if required.
 2010-03-04 00:47:22 +00:00
Luke Taylor
43f3568b16 SEC-1407: Removed original URL matching classes and updated Javadoc of new RequestMatcher versions. 2010-03-03 23:11:49 +00:00
Luke Taylor
90caf1bb37 Manual formatting. 2010-03-03 23:08:05 +00:00
Luke Taylor
ae8027fa47 SEC-1425: Replace use of Java 1.6 String.isEmpty(). 2010-03-01 13:49:42 +00:00
Luke Taylor
e5a875d752 SEC-1407: Correct logger category in MatcherType. 2010-03-01 02:03:32 +00:00
Luke Taylor
90a7f1f00e SEC-1383: Namespace support for MethodSecurityMetadataSource. Initial commit. 2010-03-01 01:45:43 +00:00
Luke Taylor
93438defff SEC-1407: Use RequestMatcher instances as the FilterInvocationSecurityMetadataSource keys and in the FilterChainMap use by FilterChainProxy. 
This greatly simplifies the code and opens up possibilities for other matching strategies (e.g. EL). This also means that matching is now completely strict - the order of the matchers is all that matters (not whether an HTTP method is included or not). The first matcher that returns true will be used.
 2010-03-01 01:21:06 +00:00
Luke Taylor
962a2d5272 Tone down Apache DS log level in itest-web 2010-03-01 01:20:11 +00:00
Luke Taylor
d39e93ec23 Add maven pom customization options to build.gradle 2010-03-01 01:17:57 +00:00
Luke Taylor
b147652193 Make hsqldb a testRuntime/runtime dependency. 2010-03-01 01:10:58 +00:00
Luke Taylor
cb0f3f677f SEC-1425: Add check for empty cookie in AbstractRememberMeServices. 
Prevents ArrayOutOfBoundsException later when processing the tokeniszed cookie.
 2010-02-28 14:08:27 +00:00
Luke Taylor
f0466b6488 SEC-1424: Added support for "stateless" option for create-session attribute, designed for applications which do not use sessions at all. 2010-02-27 00:22:21 +00:00
Luke Taylor
6a34807a07 SEC-1423: Cache PointcutExpression instances in ProtectPointcutPostProcessor for more efficient startup. 2010-02-26 17:21:25 +00:00
Luke Taylor
e2f9be9015 SEC-1307: Modify context saving logic in HttpSessionSecurityContextRepository to check the SecurityContext and its contents (the Authentication) against the respective values when the request first arrived at the SecurityContextPersistenceFilter. As explained in the issue, this allows a definite decision to be made about whether the current thread has modified the context information during the request, indicating that it should be saved. 
Also removed deprecated HttpSessionContextIntegrationFilter and tests.
 2010-02-26 16:01:40 +00:00
Luke Taylor
5aae545949 SEC-1232: Re-enable aspects module and aspectj sample in maven build. 2010-02-25 20:09:01 +00:00
Luke Taylor
4dd10cd266 Refactor overly large doFilter() method in DigestAuthenticationFilter. 2010-02-22 01:48:53 +00:00
Luke Taylor
2f1479785e Refactoring to remove remaining circular dependencies indicated by structure101. 2010-02-22 01:48:22 +00:00
Luke Taylor
f3f84da625 Increase upper bounds of Spring and Spring Security versions in bundlor templates to 3.2.0. 2010-02-21 23:25:36 +00:00
Luke Taylor
b0bea8356f Minor gradle 0.9 syntax change. 2010-02-21 20:42:32 +00:00
Luke Taylor
025ab4ce1a Tweaking of table size in namespace chapter and PDF page margins to try to reduce overlapping of text 2010-02-21 20:41:44 +00:00
Luke Taylor
26cf6f5528 SEC-1399: Remove MockAuthenticationManager in app context file for FilterChainProxy tests. 2010-02-20 21:59:44 +00:00
Luke Taylor
ea7ccc718d SEC-1399: Removed AbstractAuthenticationManager. 
MockAuthenticationManager was the only other subclass (apart from the main ProviderManager) and has been removed also.
 2010-02-20 21:35:39 +00:00
Luke Taylor
dacb8dd25a SEC-1382: Removed deprecated label-based voter and related classes. 2010-02-20 20:50:16 +00:00
Luke Taylor
68f6afd905 SEC-1383: Added namespace support for method-security-metadata-source 2010-02-20 19:05:25 +00:00
Luke Taylor
b7fc5bc455 Update schema version to 3.1 2010-02-20 18:58:00 +00:00
Luke Taylor
e2a8f81ae8 Update aspectj version in sample to 1.6.8 2010-02-20 18:50:36 +00:00
Luke Taylor
b37d2ed978 SEC-593: Added PermissionCacheOptimizer strategy interface and implementation in Acl module. 
This is used by DefaultMethodSecurityExpressionHandler to allow permissions to be cached before repeatedly evaluating an expression for a collection of domain objects.
 2010-02-20 18:02:12 +00:00
Luke Taylor
1474e73b11 SEC-1166: Added new interface PermissionGrantingStrategy to allow customization of ACL permission granting logic. 
The DefaultPermissionGrantingStrategy contains the standard behaviour that was previously in AclImpl.
 2010-02-20 18:02:11 +00:00
Luke Taylor
7c99361c26 Reduce length of long lines in the reference manual. 
Some are too long for the PDF version.
 2010-02-20 01:00:14 +00:00
Luke Taylor
40d3f726d6 Update manual version to 3.0.2.RELEASE 2010-02-19 19:00:06 +00:00
Luke Taylor
2ee7696bf4 Update version number to 3.1.0.CI-SNAPSHOT. 2010-02-19 17:35:19 +00:00
Luke Taylor
44f45d21f0 3.0.2 release. Update version in build files. 3.0.2.RELEASE 2010-02-19 01:22:21 +00:00
Luke Taylor
d2b2ca3bc6 SEC-1387: Use a transient object as the advice monitor, rather than a Serializable. 
No need for an anonymous inner class.
 2010-02-19 01:02:22 +00:00
Luke Taylor
97d04b73c1 Upgrade to Spring 3.0.1. 2010-02-19 00:53:38 +00:00
Luke Taylor
10dc72b017 SEC-1387: Support serialization of security advised beans. 
MethodSecurityMetadataSourceAdvisor now takes the SecurityMetadataSource bean name as an extra constructor argument and re-obtains the bean from the BeanFactory in its readObject method. Beans that are advised using <global-method-security> should therefore now be serializable.
 2010-02-19 00:53:14 +00:00
Luke Taylor
14ae36ac3b SEC-1412: Modify DefaultSavedRequest to ignore If-Not-Matched header. 
The browser (or at least Firefox) does not send it after a redirect, and it causes problems with Spring's ShallowEtagHeaderFilter if it is stored and returned by the saved request.
 2010-02-18 00:32:49 +00:00
Luke Taylor
9bdc012c69 Minor corrections to Session Management chapter of ref manual. 2010-02-18 00:32:48 +00:00
Luke Taylor
c0579230b2 Correct package names in ref manual docbook. Minor change to namespace appendix. 2010-02-18 00:32:48 +00:00
Luke Taylor
5b5934144a Avoid infinite loop in InterceptMethodsBeanDefinitionDecoratorTests when upgrading to Spring 3.0.1. 
Converted test target to implement ApplicationListener<SessionCreatedEvent> so that it doesn't receive events from its own interceptor (which are in turn intercepted).
 2010-02-16 00:03:15 +00:00
Luke Taylor
bd635edc31 SEC-1410: Makes sure usernames which are OpenID https identities are detected as well as http ones. 
Using ":" as the token delimiter means we accidentally mistake the URL for two tokens. This had previously been fixed for http URLs but not https ones.
 2010-02-15 22:46:18 +00:00
Luke Taylor
1719bdebeb Changed classes output dir names in core modules for better display in structure diagram 2010-02-15 02:23:40 +00:00
Luke Taylor
c1133d1ef3 Removed unused import in DelegatingAuthenticationEntryPoint and corrected test class name. 2010-02-14 23:31:31 +00:00
Luke Taylor
d30e31d816 Remove unnecessary @SuppressWarnings and inline dependency from ELRequestMatcher (util package) to core ExpressionUtils. 2010-02-14 23:29:27 +00:00
Luke Taylor
dbee91002e Deprecate EncryptionUtils. 2010-02-14 23:27:29 +00:00
Luke Taylor
c12c43da9e Javadoc fixes. 2010-02-14 23:27:09 +00:00
Luke Taylor
36612377e2 Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents. 2010-02-14 23:23:23 +00:00
Luke Taylor
e729819ce0 Updated incorrect package names in docbook 2010-02-12 15:18:01 +00:00
Luke Taylor
1e4f451352 Moved DelegatingAuthenticationEntryPointTest-context.xml to test/resources 2010-02-11 18:08:06 +00:00
Luke Taylor
dcbdfc2026 SEC-1396: Implement eager saving of SecurityContext in SessionManagementFilter on authentication. 
The user is then seen as being authenticated to further (re-entrant) requests which occur before the existing request has completed. The saving logic is contained with the SecurityContextRepository implementation.
 2010-02-11 17:47:22 +00:00
Luke Taylor
403f8da79a Added missing jettyVersion variable to build.gradle. 2010-02-11 17:36:45 +00:00