Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,872 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

3872 Commits

Author SHA1 Message Date
Luke Taylor 10d787ede2 Javadoc corrections to SessionRegistryImpl 2010-02-03 23:49:36 +00:00
Luke Taylor c4d2f59eec SEC-1381: Update source repo information in docs to point to git rather than subversion. 2010-01-27 01:37:45 +00:00
Luke Taylor 912e7976da Added doc upload capability to build. 2010-01-23 02:12:31 +00:00
Luke Taylor dcf9ea25a6 Updated access-decision and after-invocation diagrams in manual. 2010-01-23 02:12:30 +00:00
Luke Taylor 0974e21fb6 SEC-1379: Added creation of a session if session timeout is detected (requested session ID is invalid). 
This prevents problems with repeated detection of the same invalid session when the redirected request comes in.
 2010-01-23 02:12:30 +00:00
Luke Taylor d931495c8a SEC-1380: Trim whitespace from config attributes when building a list in SecurityConfig. 2010-01-23 02:12:30 +00:00
Luke Taylor 04447bdbf0 SEC-1377: Extended HTML escaping functionality to take account of control characters, whitespace and to handle Unicode supplementary characters (surrogate pairs). 2010-01-22 01:55:13 +00:00
Luke Taylor dbf673ec37 Build updates to include uploading of distro and docs, plus addition of admon graphics path to docbook plugin. 2010-01-21 20:12:12 +00:00
Luke Taylor 9734e4c82f Added generation of sha1 of distro archive to build. 2010-01-21 20:00:17 +00:00
Luke Taylor 56849dc41e Added tasks for apidocs, doc and distro archive generation to the build file. 2010-01-21 19:59:48 +00:00
Luke Taylor 10cd080090 SEC-1356: Update createUser method in LdapUserDetailsManager to create the LDAP entry before adding authorities. Prevents removal of authorities for an existing user. 2010-01-20 18:51:29 +00:00
Luke Taylor 0c10efbbf8 Revert SEC-1356. 
Checking the path of a submitted cookie will never work as the path is not sent by the browser, so will be null.
 2010-01-19 22:26:21 +00:00
Luke Taylor 1a7f71fc0f SEC-1372: Return an empty list rather than null from SessionRegistryImpl.getAllSessions() 
If the principal has no sessions, null is returned which contradicts the interface contract. In practice it didn't matter as the null was checked for, but it is cleaner to disallow a null value.
 2010-01-19 01:07:33 +00:00
Luke Taylor 8137a8bcd0 Enabled detection of release builds and s3 maven deployment capability to gradle build. 
The s3 deployment requires an updated snapshot of the spring aws-maven dependency, as the old one was incompatible with changes in the latest version (1.0-beta6) of the Maven "wagon" api.
 2010-01-18 02:02:28 +00:00
Luke Taylor a5dde8b28f Updated doc on invalid session detection. 
Invalid session URL must typically be omitted from the filter chain to prevent an infinite loop.
 2010-01-17 14:41:24 +00:00
Luke Taylor 51dfc0fb39 Set versions to 3.0.2-CI-SNAPSHOT, post release. 2010-01-15 18:15:19 +00:00
Luke Taylor 05634f97dc Updated version numbers for 3.0.1 release. 2010-01-15 18:04:28 +00:00
Luke Taylor e1d41177bb Update docbook plugin use to new gradle 0.9+ syntax. 2010-01-14 15:49:05 +00:00
Luke Taylor 81f91d28eb Add docbook note and tip images. 2010-01-14 15:48:36 +00:00
Luke Taylor 670297c55d SEC-1369: Make sure beans aren't registered twice in case allowBeanDefinitionOverriding=false in the app context. 
The use of registerBeanComponent() also registers the bean definition, which causes an error if overriding is disallowed and the bean has already been registered using registerBeanDefinition(). I've also set the allowBeanDefinitionOverriding to 'false' on InMemoryXmlApplicationContext to detect future mistakes of this kind in testing.
 2010-01-14 15:48:14 +00:00
Luke Taylor 0f90e69004 SEC-1362: Updated French messages translation. 2010-01-13 15:37:18 +00:00
Luke Taylor a9567a58d8 SEC-1359,SEC-1360,SEC-1361,SEC-1363,SEC-1364,SEC-1365,SEC-1366,SEC-1367: Minor doc and Javadoc typos. 2010-01-13 15:36:58 +00:00
Luke Taylor 3a8daa1bf4 Gradle build improvements. 
Added generation of source archives and trial support for maven deployment and pom generation, with "provided" configuration mapped to "provided" scope.
 2010-01-13 00:44:05 +00:00
Luke Taylor f62d97b092 SEC-1356: Fix broken tests. 
Test cookies now require that the path be set in order for them to be recognised for auto-login purposes..
 2010-01-12 01:32:02 +00:00
Luke Taylor 6eff4d90b7 SEC-1356: Modify AbstractRememberMeService to check the cookie path as well as the name when extracting it from the incoming request. 
This makes things consistent with the cookie setting methods. If someone wants to share a cookie between multiple applications then they should modify the cookie extraction and setting methods to use a less-specific path.
 2010-01-12 00:49:53 +00:00
Luke Taylor d900829921 Added bundlor and maven support to gradle build 2010-01-12 00:35:20 +00:00
Luke Taylor fa42d9d5ec Fix taglibs template.mf 
Was missing sub-packages of org.sfw.security.acls.
 2010-01-12 00:33:20 +00:00
Luke Taylor 2023ca283e SEC-1358: Support empty context path in DefaultWebInvocationPrivilegeEvaluator 
This class was failing when an application was deployed at the root context because of an assertion which checked that the contexPath was not empty. An empty context path doesn't actually cause problems for the class so I've removed the assertion.
 2010-01-12 00:30:27 +00:00
Luke Taylor b323098167 Added gradle build files for taglibs, tutorial, contacts and openid. 
Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).
 2010-01-10 23:31:23 +00:00
Luke Taylor e211f9b35f SEC-1349: Allow configuration of OpenID with parameters which should be transferred to the return_to URL. 
The OpenIDAuthenticationFilter now has a returnToUrlParameters property (a Set). If this is set, the named parameters will be copied from the incoming submitted request to the return_to URL. If not set, it defaults to the "parameter" property of the AbstractRememberMeServices of the parent class. If remember-me is not in use, it defaults to the empty set.

Enabled remember-me in the OpenID sample.
 2010-01-09 01:04:13 +00:00
Luke Taylor bc02fc2de1 Corrected "incorrect numer of tokens" error message in TokenBasedRememberMeServices. 2010-01-08 23:57:27 +00:00
Luke Taylor 51abedcbef Parameterize getFilter() method in HttpSecurityBeanDefinitionParserTests. 
Removes the need for casting to specific filter type.
 2010-01-08 23:20:16 +00:00
Luke Taylor f40a1fda34 SEC-1357: Use getClass().getClassLoader() in SecurityNamespaceHandler to check for web classes. 
This is used in preference to ClassUtils.getDefaultClassLoader() which fails to find the web classes in some situations.
 2010-01-08 21:12:36 +00:00
Luke Taylor 052537c8b0 Removing $Id$ markers and stripping trailing whitespace from the codebase. 2010-01-08 21:05:13 +00:00
Luke Taylor 9a323f15bc Bring versions in itext module up-to-date 2010-01-07 17:56:32 +00:00
Luke Taylor 68ae49ebe1 SEC-1355: Update manual code snippet to cast to OpenIDAuthenticationToken. 2010-01-07 17:22:45 +00:00
Luke Taylor 4e4242d010 SEC-1354: Added integration tests for combinations of @PreAuthorize and @Secured annotations. 2010-01-06 22:23:01 +00:00
Luke Taylor 846aa40a7b Updated "heavyduty" sample version information. 2010-01-06 22:21:59 +00:00
Luke Taylor be72ed1350 Remove commented out beans from contacts sample app context. 
These were left when the app was updated to use Spring MVC @Controller syntax and scanning.
 2010-01-06 22:21:34 +00:00
Luke Taylor 9730600777 Revert bundlor version update. 
Config was wrong, but even with the correct config
the maven jar plugin generates its own manifest
file and ignores the one generated by bundlor.
 2010-01-05 23:47:27 +00:00
Luke Taylor 3c97d68346 Upgrade to bundlor RC1 2010-01-05 22:34:27 +00:00
Luke Taylor dc5417f1d5 SEC-1352: Added support for placeholders in <user-service> 
The username, password and authorities attributes can now be placeholders.
 2010-01-05 22:34:10 +00:00
Luke Taylor f5d36aef65 SEC-1350: Improved Javadoc for AbstractPreAuthenticatedProcessingFilter 
Added clarification that the credentials returned
by the subclass should not be null or they will
typically be rejected by the provider. Also added
some general overview.
 2010-01-05 16:01:55 +00:00
Luke Taylor 93973a4b75 SEC-1304: Removed compareTo method from GrantedAuthorityImpl 
This method had been left by mistake when the Comparable 
interface was removed. See also SEC-1347.
 2010-01-04 19:13:49 +00:00
Luke Taylor c6b8fe5e55 SEC-1346: Added missing 'return' statements after redirects. 
ConcurrentSessionFilter and SessionManagementFilter now return immediately after redirecting to the expired URL and invalid session URLs respectively. Extra tests added to check.
 2010-01-03 19:06:58 +00:00
Luke Taylor 80aacf447f Refactored JaasAuthenticationProvider 
The toUrl() method on File gives a deprecation warning with Java 6, so I reimplemented
the logic for building the Jaas config URL.
 2010-01-03 16:28:44 +00:00
Luke Taylor 893f212fa5 Tidying 2010-01-02 19:53:19 +00:00
Luke Taylor b737fa451d SEC-1344: Minor CAS doc updates 2009-12-29 14:45:29 +00:00
Luke Taylor 0aab19ed4b Added additional info on concurrent session usage 2009-12-28 14:32:54 +00:00
Luke Taylor 744ed95b51 SEC-1343: ref manual typos 2009-12-28 13:59:21 +00:00