Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-22 06:17:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,195 Commits 33 Branches 337 Tags
Commit Graph

4195 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Luke Taylor
07b9ded126 SEC-1599: Corrected docbook source. 2010-10-27 13:25:40 +01:00
Luke Taylor
091a6d26f1 SEC-1548: Added extra logging to Dao-authentication classes to clarify reasons for authentication failure (missing user vs wrong password etc.). 2010-10-27 13:25:40 +01:00
Luke Taylor
883ca2a55d Import cleaning. 2010-10-27 13:25:40 +01:00
Luke Taylor
1724d1eac6 SEC-1561: HttpSessionSecurityContextRepository should check whether the session contains the context attribute in case a new session has been created during the request. If the attribute is empty, then the context should be stored regardless of whether a change is detected or not. 2010-10-27 13:25:39 +01:00
Luke Taylor
54694d5ab7 SEC-1583: Added hasAuthority and hasAnyAuthority imlementations to SecurityExpressionRoot. 2010-10-27 13:25:39 +01:00
Luke Taylor
f70942c6f5 SEC-1589: Add support for property placeholder in intercept-methods access attribute. 2010-10-27 13:25:39 +01:00
Luke Taylor
173537f4f2 SEC-1584: Added namespace support for injecting custom HttpFirewall instance into FilterChainProxy. 2010-10-27 13:25:39 +01:00
Luke Taylor
0961671772 Reinstated missing 3.0.3 schema file 2010-10-27 13:25:39 +01:00
Luke Taylor
a6d47203db FilterInvocation should set queryString on dummy request. 2010-10-27 13:25:39 +01:00
Luke Taylor
f455e9a5a4 SEC-1584: Documentation of request-checking and matching process. Logging of servletPath and and pathInfo in DebugFilter for comparison. 2010-10-27 13:25:39 +01:00
Luke Taylor
0fd2c48dfb SEC-1584: Additional integration tests. 2010-10-27 13:25:39 +01:00
Luke Taylor
7d97adc687 SEC-1584: Addition of HttpFirewall strategy to FilterChainProxy to reject un-normalized requests and wrap the incoming request object before processing by the security filter chain to provide a more consistent representation of paths than is guaranteed by the servlet spec. The wrapper strips path parameters from pathInfo and servletPath to provide consistency of URL matching across servlet containers and protect against bypassing security constraints by the malicious addition of such parameters to the URL. The paths are canonicalized further by replacing of multiple sequences of "/" characters with a single "/". 2010-10-27 13:25:39 +01:00
Luke Taylor
695c8f4ad6 Import cleaning and suppression of deprecation warnings. 2010-10-27 13:25:39 +01:00
Rossen Stoyanchev
bd84a2bfa1 SWC-1552 Update .tld in integration test to match change in taglib. 2010-10-26 14:00:45 +01:00
Rossen Stoyanchev
70600a0277 SEC-1552 Refactor AuthorizeTag and LegacyAuthorize tag to make them independent of JSP tag rendering. 2010-10-26 12:33:51 +01:00
Rob Winch
7258abbbf4 SEC-1585: changed spring-beans-3.1.xsd to spring-beans-3.0.xsd 2010-10-10 19:51:37 -05:00
Rob Winch
ee12d54bec SEC-1536: moved web.authentication.jaas to web.jaasapi 
Renamed org.springframework.security.web.authentication.jaas to org.springframework.security.web.jaasapi to be better aligned with org.springframework.security.web.servletapi, added package-info.java, and removed trailing whitespaces
 2010-10-05 22:28:42 -05:00
Rob Winch
8249492ce9 SEC-1578: Use ThreadLocal.remove() instead of ThreadLocal.set(null) 2010-10-04 17:07:04 -05:00
Luke Taylor
e69b981c72 Make method in MatcherType public for use in OAuth. 2010-09-25 20:09:12 +01:00
Luke Taylor
f978814bb1 Improve entry of username and password for scp upload. 2010-09-24 21:01:18 +01:00
Luke Taylor
685e0417a7 SEC-1544: Update the tutorial sample to attempt to delete the JSESSIONID cookie on logout. 2010-09-19 18:30:52 +01:00
Luke Taylor
11a87d1fa0 Switch to using xsd:boolean in schema file. 2010-09-19 18:17:06 +01:00
Luke Taylor
1b2b371970 SEC-1544: Added CookieClearingLogoutHandler and 'delete-cookies' attribute to the 'logout' namespace element. 
When the user logs out, the handler will attempt to delete the named cookies (which it is constructor-injected with) by expiring them in the response.

Also added documentation on the feature and a suggestion for deleting JSESSIONID through an Apache proxy server, if the servlet container doesn't allow clearing the session cookie.
 2010-09-16 16:03:24 +01:00
Luke Taylor
383211561c Moved LDAP placeholder config test into LDAP tests to prevent issues with parallel tests. Converted LdapProviderBDP tests to groovy/spock. Other misc tidying of config tests. 2010-09-16 12:31:23 +01:00
Luke Taylor
7dd8cd2fb9 Make sure ApacheDS work directory is set correctly for separate LDAP test task in config module. 2010-09-16 10:50:12 +01:00
Luke Taylor
551166a577 ApacheDS workDir property should be passed to the test process, not set as a system property in the main build process. 2010-09-14 14:43:21 +01:00
rwinch
a128e3b4fe http://forum.springsource.org/showthread.php?p=318755 Added PlaceHolderAndELConfigTests.ldapAuthenticationProviderWorksWithPlaceholders 2010-09-13 13:44:12 -05:00
rwinch
de819378fc SEC-1536: added JAAS API Integration, updated doc, updated jaas sample 2010-09-13 13:12:45 -05:00
Luke Taylor
0217e98bdb Added an AppListener to collect events for use in tests 2010-09-13 14:20:21 +01:00
Luke Taylor
62cbd51d54 SEC-1562: Made SecurityExpressionRootPropertyAccessor a package private class as it is no longer referenced from multiple packages. 2010-09-13 13:52:24 +01:00
Luke Taylor
c5231fc213 SEC-1538: Deprecate PreAuthenticatedGrantedAuthoritiesAuthenticationDetails (forgot originally) and update documentation to remove reference to AbstractPreAuthenticationAuthenticationDetailsSource. 2010-09-13 12:19:21 +01:00
Luke Taylor
829444d59b SEC-1564: testCompile configurations should include jcl-over-slf4j rather than logback. 2010-09-11 11:01:12 +01:00
rwinch
58d9903ebc SEC-1564: JAAS Configuration can now be injected into DefaultJaasAuthenticationProvider 2010-09-10 20:17:22 -05:00
Luke Taylor
8bf1b8420a SEC-1563: Move PermissionEvaluator and related methods to SecurityExpressionRoot 2010-09-08 15:06:00 +01:00
Luke Taylor
ca44ebd3cc SEC-1338: Applied submitted patch, making use of java.util.concurrent classes in place of traditional synchronization. 2010-09-08 12:59:49 +01:00
Luke Taylor
af56f4844d SEC-1562: Created SecurityExpressionHandler interface and AbstractSecurityExpressionHandler. 2010-09-07 19:46:45 +01:00
Luke Taylor
b0998c01bc SEC-1553: Make WebAuthenticationDetails serializable 2010-09-01 18:43:07 +01:00
Luke Taylor
577ec27507 Polishing. 2010-08-30 19:03:47 +01:00
Luke Taylor
7a3892556c Added a "docs" convenience task 2010-08-30 19:03:15 +01:00
Luke Taylor
f4d57ab5e8 SEC-1456: Remove maven poms as we are now using gradle for the build. 2010-08-30 19:02:19 +01:00
Luke Taylor
696150f3c3 Remove unused import. 2010-08-30 11:52:52 +01:00
Luke Taylor
1a1372ab84 Removed deprecated AspectJInterceptor classes since these cannot be used with the existing MethodSecurityMetadataSource implementations (which no longer support JoinPoin as a secured object). Added some more tests. 2010-08-28 21:41:19 +01:00
Luke Taylor
65712f5cbc SEC-1549: AclPermissionCacheOptimizer now does nothing if passed an empty collection of domain objects. 2010-08-28 14:39:43 +01:00
Luke Taylor
20988c8cf6 Minor refactoring of debug filter and tidying up tests. 2010-08-27 01:49:30 +01:00
Luke Taylor
566328fea4 Minor tweaking of IDEA deps. 2010-08-24 22:36:42 +01:00
Luke Taylor
ba890cf7e5 Removed invalid test method. 2010-08-24 21:03:33 +01:00
Luke Taylor
d1e8b8e29d More tests. Minor refactoring. 2010-08-24 20:57:45 +01:00
Luke Taylor
bf9d4a9747 Remove unnecessary local variable. 2010-08-24 20:29:25 +01:00
Luke Taylor
5902c6b262 Adjustments to coverage generation (enable debug logging when coverage on). 2010-08-24 18:27:44 +01:00
Luke Taylor
f71d9df7fe Deprecate unnecessary method in SecurityConfig 2010-08-24 18:26:38 +01:00