56fad169db
request.setMethod("POST")
2015-12-21 14:53:13 -06:00
7d5af63510
Merge pull request #243 from panchenko/SEC-3158
...
SEC-3158 findRequiredWebApplicationContext() compatibility with spring framework 4.1
2015-12-03 22:14:58 -06:00
81db6abbe0
SEC-3164: JDK6 compatability
2015-12-02 14:16:57 -06:00
cfa23b152e
SEC-3164 Optimization in DefaultRequiresCsrfMatcher
2015-12-01 13:19:13 +06:00
3af4140742
SEC-3158 findRequiredWebApplicationContext() compatibility with spring framework 4.1.x
2015-12-01 12:54:08 +06:00
4144de9376
SEC-3082: make SavedRequest parameters case sensitive
2015-10-29 16:46:11 -05:00
8f13beccb7
SEC-2190: Fix Javadoc
2015-10-29 11:41:39 -05:00
8b641e5f79
SEC-2190: Support WebApplicationContext in ServletContext attribute
2015-10-28 15:12:35 -05:00
5c73816a1a
SEC-3108: DigestAuthenticationFilter should use SecurityContextHolder.createEmptyContext()
2015-10-27 13:56:51 -05:00
a88ac0fcc1
SEC-3109: Fix web tests
2015-10-26 21:31:07 -05:00
cda6532c43
SEC-3070: Logout invalidate-session=false and Spring Session doesn't
...
work
2015-10-20 14:58:57 -05:00
3925ed90c4
SEC-3124: Fix broken Javadoc related to `<` and `>`
2015-10-13 13:33:28 -05:00
29f2cc0ab1
snasphot -> snapshot
2015-09-25 15:28:39 -05:00
97969ea9d2
SEC-2059: Ignore Query String for Resolving Path Variables
2015-09-01 09:53:29 -05:00
6b05b298ff
SEC-2059: Support Path Variables in Web Expressions
2015-08-20 17:11:01 -05:00
969f3a7d1b
Update pom.xml to latest snapshots
2015-08-03 09:46:01 -05:00
ad1d858e2b
SEC-3056 - Fix JavaDoc errors.
...
Fixed JavaDoc errors accross multiple modules in order to make javadoc happy with Java 8.
2015-08-03 08:02:24 -05:00
117f892c91
SEC-3031: DelegatingSecurityContext(Runnable|Callable) only modify SecurityContext on new Thread
...
Modifying the SecurityContext on the same Thread can cause issues. For example, with a
RejectedExecutionHandler the SecurityContext may be cleared out on the original Thread.
This change modifies both the DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable to,
by default, only modify the SecurityContext if they are invoked on a new Thread. The behavior can be changed
by setting the property enableOnOrigionalThread to true.
2015-07-22 16:07:21 -05:00
e8c9f75f9c
Update pom.xml to latest versions
2015-07-22 12:51:04 -05:00
432123daa2
SEC-2964: Fix CsrfTokenArgumentResolver Javadoc
2015-07-22 11:32:36 -05:00
92ae45a04d
SEC-3051: Add AbstractPreAuthenticatedProcessingFilter#principalChanged
2015-07-22 08:41:33 -05:00
7c725a60e2
SEC-3047: SecurityContextHolderAwareRequestFactory update RequestFactory
2015-07-20 14:06:44 -05:00
76a2fb9488
SEC-3020: SecurityContextHolderAwareRequestWrapper conditional rolePrefix
...
Previously SecurityContextHolderAwareRequestWrapper always prefixed with
rolePrefix. This meant the defaults would never return true for a role
that started with the prefix (i.e. ROLE_).
We no longer apply the rolePrefix if the value passed in already starts
with rolePrefix.
2015-07-16 14:49:32 -05:00
08b1b56e2c
SEC-2973: Add OnCommittedResponseWrapper
...
This ensures that Spring Session & Security's logic for performing
a save on the response being committed can easily be kept in synch.
Further this ensures that the SecurityContext is now persisted when
the response body meets the content length.
2015-07-14 14:48:41 -05:00
316886affc
SEC-2931: Fix CsrfFilter Javadoc
2015-07-14 13:40:59 -05:00
aed288da05
Fix Spring IO Tests
2015-07-08 11:48:43 -05:00
1f74ac811e
Fix Spring IO Tests
2015-07-08 11:09:29 -05:00
197ddb3cd1
SEC-3029: Fix Compatibility with Spring 4.2.x
2015-07-07 22:46:31 -05:00
0a118336d4
SEC-2955: Convert to "static" for inner classes
2015-04-30 12:54:52 -05:00
a67ef1c3a2
SEC-2944: Polish
2015-04-30 10:00:04 -05:00
3099f92154
SEC-2944 Add HttpStatusReturningLogoutSuccessHandler
...
* Add HttpStatusReturningLogoutSuccessHandler to provide better logout capabilities for RESTful APIs
2015-04-30 09:56:02 -05:00
e08e9cda00
SEC-2851: Remove DataAccessException import from Persistent RememberMe
2015-04-21 14:57:32 -05:00
09acc2b7a5
SEC-2962: SecurityContextHolderAwareRequestFilter default rolePrefix
2015-04-21 11:42:48 -05:00
d5dfeeca49
SEC-2927: Update chat-jc pom so Maven Builds
...
Previously there were some incorrect dependency versions. This commit fixes
that.
We added dependencyManagement for Spring Framework and corrected
Thymeleaf and embedded redis versions.
2015-04-20 15:53:26 -05:00
0bfbd2923a
SEC-2915: Fix defaut login page tests with tabs
2015-04-17 12:13:44 -05:00
4fdfb8caba
SEC-2915: More Tabs -> Spaces
2015-04-17 11:34:34 -05:00
db531d9100
SEC-2917: Update to Spring 4.1.6
2015-03-25 15:18:59 -05:00
ae6af5d73c
SEC-2915: Updated Java Code Formatting
2015-03-25 13:09:18 -05:00
0a2e496a84
SEC-2915: groovy/gradle spaces->tabs
2015-03-25 13:08:59 -05:00
cf9f58a4ac
SEC-2915: XML spaces->tabs
2015-03-25 13:08:52 -05:00
b85ad33aef
SEC-2888: Polish
2015-03-13 16:10:39 -05:00
85955015f7
SEC-2888 AntPathRequestMatcher ignores variables in pattern when pattern
...
finishes with /**
2015-03-13 16:03:08 -05:00
e776a1fd35
SEC-2803: Add HttpStatusEntryPoint
2015-03-11 14:45:59 -05:00
9d0085bb64
SEC-2882: DefaultLoginPageGeneratingFilter match on /login
...
Previously DefaultLoginPageGeneratingFilter would match on /**/login
which was not ideal since other parts of the application may want to
match on the URL.
Now it matches on /login.
2015-03-10 11:52:26 -05:00
217152c8fd
Polish Http403ForbiddenEntryPoint whitespace
2015-03-10 10:58:58 -05:00
b04388ad62
SEC-2805: Remove unnecessary cast in Http403ForbiddenEntryPoint
2015-03-10 10:58:21 -05:00
62d74aef3d
Merge pull request #103 from bcecchinato/fix-logs
...
Trivial logging fix in saveContext method in HttpSessionSecurityContextRepository
2015-02-25 00:02:44 -06:00
6fd45df1e4
SEC-2879: Add Test
2015-02-24 23:19:04 -06:00
8c0b16820b
SEC-2879: JdbcTokenRepositoryImpl updateToken should use lastUsed arg
2015-02-24 23:18:38 -06:00
9ea7372405
SEC-2878: Clean imports in UsernamePasswordAuthenticationFilter
2015-02-24 22:53:44 -06:00
5f57e5b0c3
SEC-2873: Remember Me XML Configuration Defaults Should Match Java Config
2015-02-24 20:49:56 -06:00
76d9ef4ec3
SEC-2872: CsrfAuthenticationStrategy Delay Saving CsrfToken
2015-02-24 17:30:57 -06:00
98ae03fc40
SEC-2832: Add Tests
2015-02-24 17:30:56 -06:00
310e5bb285
SEC-2832: Update request attributes with new CsrfToken
2015-02-24 17:30:19 -06:00
d973f5f80c
SEC-2078: AbstractPreAuthenticatedProcessingFilter requriesAuthentication support for non-String Principals
...
Previously, if the Principal returned by getPreAuthenticatedPrincipal was not a String,
it prevented requiresAuthentication from detecting when the Principal was the same.
This caused the need to authenticate the user for every request even when the Principal
did not change.
Now requiresAuthentication will check to see if the result of
getPreAuthenticatedPrincipal is equal to the current Authentication.getPrincipal().
2015-02-24 16:37:55 -06:00
706e7fd7a2
SEC-2863: Update to Spring 4.1.5
2015-02-20 11:43:04 -06:00
6a8475adbb
SEC-2830: Provide Same Origin support for SockJS
2015-02-18 11:21:02 -06:00
a27c33754c
SEC-2859: Add CsrfTokenArgumentResolver
2015-02-18 10:51:30 -06:00
1a35292750
SEC-2791: AbstractRememberMeServices sets the version
...
If the maxAge < 1 then the version must be 1 otherwise browsers ignore
the value.
2015-02-04 15:57:45 -06:00
1a00c397a4
SEC-2835: Polish
2015-02-04 15:50:24 -06:00
07c54e5d0e
SEC-2831: Regex/AntPath RequestMatcher handle invalid HTTP method
2015-02-04 11:57:46 -06:00
31234ecef9
SEC-2835: Add DelegatingAuthenticationFailureHandler
...
Add the DelegatingAuthenticationFailureHandler class to support
map each exception to AuthenticationFailureHandler. This class gives
more powerful options to customize default behavior for users.
2015-02-04 10:49:13 -06:00
1d0eee1d0b
SEC-2840: Modify typo in DelegatingAccessDeniedHandler
2015-02-04 10:49:41 +09:00
6627f76df7
SEC-2758: Make ROLE_ consistent
2015-01-29 17:08:43 -06:00
8f0001f59a
Next Development Version
2014-12-11 20:39:26 -06:00
49b69196de
Release version 4.0.0.RC1
2014-12-11 20:36:55 -06:00
11116c2b80
SEC-2787: Update Versions
2014-12-10 16:37:19 -06:00
c67ff42b8a
SEC-2783: XML Configuration Defaults Should Match JavaConfig
...
* j_username -> username
* j_password -> password
* j_spring_security_check -> login
* j_spring_cas_security_check -> login/cas
* j_spring_cas_security_proxyreceptor -> login/cas/proxyreceptor
* j_spring_openid_security_login -> login/openid
* j_spring_security_switch_user -> login/impersonate
* j_spring_security_exit_user -> logout/impersonate
* login_error -> error
* use-expressions=true by default
2014-12-08 15:09:15 -06:00
b56e5edbbd
SEC-2784: Fix build plugins
2014-12-08 14:24:34 -06:00
6e204fff72
SEC-2781: Remove deprecations
2014-12-04 15:28:40 -06:00
eedbf44235
SEC-2348: Security HTTP Response Headers enabled by default w/ XML
2014-11-21 16:06:29 -06:00
2e1e9885ec
SEC-2054: Polish
...
Fix the tests to use .getName() for assertions
2014-11-21 11:08:30 -06:00
e2f7b38b87
SEC-2054: BasicAuthenticationFilter not invoked on ERROR dispatch
2014-11-21 10:47:45 -06:00
dfa17bdb98
SEC-2747: Remove spring-core dependency from spring-security-crypto
2014-11-20 16:16:22 -06:00
fa9e7999da
SEC-2569: SavedRequestAwareWrapper no longer overrides getCookies()
...
Previously SavedRequestAwareWrapper overrode the getCookies() method. This
meant that the cookies from the original request were used instead of the
new request. In general, this does not make sense since cookies are
automatically submitted in every request by a client. Additionally, this
caused problems with using a locale cookie that was specified after the
secured page was requested.
Now SavedRequestAwareWrapper uses the new incoming request for determining
the cookies.
2014-11-18 13:17:27 -06:00
5ba8f000a7
SEC-2714: Add AuthenticationPrincipal resolver for messaging support
2014-09-23 16:28:48 -05:00
3187ee8bf3
SEC-2700: Register WithSecurityContextTestExecutionListener by default
2014-08-15 16:41:33 -05:00
b72c1ad314
SEC-2686: Create SecurityMockMvcConfigurer
2014-07-22 15:11:37 -05:00
e14e5b42fc
SEC-2599: HttpSessionEventPublisher get required ApplicationContext
...
In order to get better error messages (avoid NullPointerException) the
HttpSessionEventPublisher now gets the required ApplicationContext which
throws an IllegalStateException with a good error message.
2014-07-22 09:19:50 -05:00
3289c1c92a
SEC-2683: Correct spelling of assignamble in AuthenticationPrincipalResolver Exception
2014-07-18 13:57:13 -05:00
bb1762d4c3
Adding httpSession in logging for the saveContext method
2014-07-02 13:07:32 +02:00
2082d3747a
SEC-2578: HttpSessionSecurityContextRepository traverses HttpServletResponseWrapper
2014-05-02 15:06:50 -05:00
2b3becf666
SEC-2573: RequestHeaderRequestMatcher constructor argument name has typo
2014-04-23 09:28:00 -05:00
8baf82532c
SEC-2015: Add spring-security-test
2014-04-22 16:47:48 -05:00
ccf96a4d69
SEC-2542: Polish dependency exclusions
...
This cleans up exclusions so the pom.xml are not as cluttered.
2014-04-02 09:47:29 -05:00
3118e39de8
SEC-2542: Use exclusions to remove duplicate dependencies
...
A number of projects had duplicate dependencies on their classpaths
as a result of the same classes being available in more than one
artifact, each with different Maven coordinates. Typically this only
affected the tests, but meant that the actual classes that were
loaded was somewhat unpredictable and had the potential to vary
between an IDE and the command line depending on the order in which
the aritfacts appeared on the classpath. This commit adds a number of
exclusions to remove such duplicates.
In addition to the new exclusions, notable other changes are:
- Spring Data JPA has been updated to 1.4.1. This brings its
transitive dependency upon spring-data-commons into line with
Spring LDAP's and prevents both spring-data-commons-core and
spring-data-commons from being on the classpath
- All Servlet API dependencies have been updated to use the official
artifact with all transitive dependencies on unofficial servlet API
artifacts being excluded.
- In places, groovy has been replaced with groovy-all. This removes
some duplicates caused by groovy's transitive dependencies.
- JUnit has been updated to 4.11 which brings its transitive Hamcrest
dependency into line with other components.
There appears to be a bug in Gradle which means that some exclusions
applied to an artifact do not work reliably. To work around this
problem it has been necessary to apply some exclusions at the
configuration level
Conflicts:
samples/messages-jc/pom.xml
2014-04-02 09:47:26 -05:00
c0590e614a
SEC-2177: Polish
2014-03-18 15:48:54 -05:00
7cf37856c0
SEC-2177: Striping off all leading schemes
...
Striping off all leading schemes in the DefaultRedirectStrategy, so it
will be less vulnerable to open redirect phishing attacks. More info can
be found at SEC-2177 JIRA issue.
2014-03-18 15:45:41 -05:00
7325b97c76
SEC-2519: RememberMeAuthenticationException supports root cause
...
Added a constructor which keeps the root cause of the exception, and
added some documentation
2014-03-11 16:11:52 -05:00
91a074c744
Merge pull request #62 from dalbertom/typo
...
Correct typo in AbstractRememberMeServices assertion
2014-03-11 15:40:23 -05:00
ea902e5829
SEC-2507: WebExpressionVoter.supports support subclasses of FilterInvocation
2014-03-10 14:33:37 -05:00
e15cee62f4
SEC-2511: Remove double ALLOW-FROM in X-Frame-Options header
2014-03-06 22:01:25 -06:00
6de138c2f2
SEC-2511: Remove double ALLOW-FROM from X-Frame-Options header.
...
The interface documentation for getAllowFromValue states: Gets the value for ALLOW-FROM excluding the ALLOW-FROM.
2014-03-06 22:01:23 -06:00
9988fa141c
Update Spring Security version in pom.xml
2014-03-06 08:13:52 -06:00
6be4e3a9fc
SEC-2506: Remove Bundlor Support
2014-03-05 13:32:16 -06:00
7f99a2dfbb
SEC-2487: Update to Spring 3.2.8.RELEASE
2014-02-19 09:30:40 -06:00
ec8b48150d
SEC-2474: Update poms
2014-02-07 17:01:11 -06:00
8d8475deb1
SEC-2455: form-login@login-processing-url & logout@logout-url use matchers
...
Remove the deprecation warnings of using setFilterProcessingUrl by invoking
the matcher methods instead.
2014-01-29 15:35:18 -06:00
2df5541905
SEC-2448: Update to HSQL 2.3.1
2013-12-14 10:19:06 -06:00
ca1080fb96
SEC-2439: HttpSessionCsrfTokenRepository setHeaderName sets header instead of parameter
2013-12-13 15:47:28 -06:00
a34178bc40
SEC-2434: Update to Spring 3.2.6 and Spring 4.0 GA
2013-12-12 08:16:59 -06:00
aaa7cec32e
SEC-2326: CsrfRequestDataValueProcessor implements RequestDataValueProcessor
...
Previously there was unecessary complexity in CsrfRequestDataValueProcessor
due to the non-passive changes in RequestDataValueProcessor. Now it simply
implements the interface with the methods for both versions of the interface.
This works since linking happens at runtime.
2013-12-12 08:07:22 -06:00
7f714ebb23
SEC-2422: Session timeout detection with CSRF protection
2013-12-11 17:38:17 -06:00
4460e84b29
Updates to pom.xml author and repo
2013-12-09 08:57:30 -06:00
f9998d582a
Correct typo in AbstractRememberMeServices assertion
2013-11-26 18:06:55 -05:00
59e13e7bbb
SEC-2404: CsrfAuthenticationStrategy creates new valid CsrfToken
2013-11-21 15:12:08 -06:00
2c8946c406
Next development version
2013-11-01 14:20:55 -05:00
9c703a3051
Release version 3.2.0.RC2
2013-11-01 14:20:49 -05:00
1a1f577a8b
SEC-2358: Add RequestHEaderRequestMatcher#toString()
2013-10-28 14:41:10 -05:00
e638f0a547
SEC-2357: old RequestMatcher interface extends new RequestMatcher
2013-10-23 17:09:33 -05:00
04b091c385
SEC-2369: PreAuthenticatedGrantedAuthoritiesUserDetailsService fix case to createUserDetails method
2013-10-17 16:18:43 -05:00
15a63c58a7
SEC-2368: DebugFilter outputs headers and HTTP method
2013-10-17 14:49:45 -05:00
1351c8bada
SEC-2362: Clarify AbstractRememberMeServices loginSuccess javadoc
2013-10-15 13:53:23 -05:00
e50b587d60
SEC-2360: AbstractRememberMeServices provide message for Assert on key fieldd
2013-10-14 15:06:11 -05:00
0b0e7dbea9
SEC-2359: Merge DefaultLoginPageViewFilter w/ DefaultLoginPageGeneratingFilter
2013-10-14 15:00:24 -05:00
51171efa7a
SEC-2357: Move *RequestMatcher to .matcher package
2013-10-14 11:55:56 -05:00
45ad74a0bd
SEC-2357: Fix package cycles
2013-10-14 11:15:16 -05:00
14b9050616
SEC-2357: Move *RequestMatchers to .matchers package
2013-10-14 10:36:31 -05:00
7d99436740
SEC-2358: Add RequestHeaderRequestMatcher
2013-10-11 14:53:11 -05:00
0ac1176152
Polish RequestMatcher logging and toString
2013-10-07 15:45:42 -05:00
cffbefadd1
SEC-2306: Fix Session Fixation logging race condition
...
Previously session fixation protection could output an incorrect warning
that session fixation protection did not work.
The code now synchronizes on WebUtils.getSessionMutex(..).
2013-10-06 17:13:40 -05:00
611a97023d
SEC-2352: HttpSessionCsrfTokenRepository lazy session creation
2013-10-06 16:44:18 -05:00
17efd25717
SEC-2331: Include Expires: 0 in security headers documentation
2013-09-27 16:13:40 -05:00
cea0cf9260
SEC-2243: Remove additional Debug Filter
2013-09-26 11:38:16 -05:00
b591881e95
SEC-2302: Provide beforeSpringSecurityFilterChain hook
...
This allows inserting filters before the springSecurityFilterChain.
2013-09-25 14:52:40 -05:00
88f41cdf62
SEC-2341: Update to Gradle 1.8
...
Some dependencies were necessary to update due to issues with JUnit
integration.
2013-09-24 15:35:51 -05:00
ddc0ef7ab3
SEC-2339: Added Logical (Or, And, Negated) RequestMatchers
2013-09-23 20:55:49 -05:00
788ba9a1fa
SEC-2329: Allow injecting of AuthenticationTrustResolver
2013-09-20 15:26:52 -05:00
9133c33f1d
SEC-2246: HttpSessionRequestCache.getRequest casts to RequestCache
...
The method getRequest use to cast to DefaultRequestCache, but this
is not necessary.
Now the cast is to SavedRequest.
2013-09-19 15:08:32 -05:00
8f8c6169e8
SEC-2331: Cache Control now includes Expires: 0
2013-09-19 14:06:37 -05:00
0114b457c0
SEC-2330: CacheControlHeadersWriter use a single header
2013-09-18 16:12:34 -05:00
32e9239fd2
SEC-2320: AuthenticationPrincipal can be null on invalid type
...
Previously a ClassCastException was thrown if the type was invalid. Now
a flag exists on AuthenticationPrincipal which indicates if a
ClassCastException should be thrown or not with the default being no error.
2013-09-13 15:21:13 -07:00
b22acd0768
SEC-2314: AbstractSecurityWebApplicationInitializer.getSessionTrackingModes() uses EnumSet
2013-09-13 14:44:44 -07:00
8e74407381
SEC-2296: HttpServletRequest.login should throw ServletException if already authenticated
...
See throws documentation at
http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login%28java.lang.String,%20java.lang.String%29
2013-08-31 11:55:24 -05:00
e8ac11641b
SEC-2297: Add DispatchType.ASYNC as default for AbstractSecurityWebApplicationInitializer
2013-08-31 11:39:57 -05:00
3d2f23602f
SEC-2294: Update Spring Version to 3.2.4.RELEASE
2013-08-31 11:26:43 -05:00
43f4d01cf3
SEC-2292: Add test to assert CSRF bypass of methods is case sensitive
...
HTTP methods should be case sensitive, so add test to ensure that this is
the case http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.1
2013-08-31 10:40:49 -05:00
6e9fb7930b
SEC-2298: Add AuthenticationPrincipalArgumentResolver
2013-08-30 17:06:40 -05:00
086056f191
SEC-2289: Make compatible with Spring 4 as well
...
There are a few subtle changes in Spring 4 that this commit addresses
2013-08-27 16:43:10 -05:00
26166ef6e8
SEC-2272: CsrfRequestDataValueProcessor support Spring 4 and Spring 3
2013-08-27 16:26:16 -05:00
3f69847a4e
SEC-2286: Log invalid CSRF tokens at debug level
2013-08-25 22:35:20 -05:00
d60108eaf6
SEC-2229: Add optional dependencies to spring-security-config
...
spring-tx and spring-jdbc aren't pulled in transitively from
spring-security-web now, so we must include them as optional dependencies.
2013-08-25 19:47:57 -05:00
33db440961
SEC-2129: AntPathRequestMatcher also supports case sensitive comparisions
2013-08-25 16:26:18 -05:00
7d1d856729
SEC-2229: spring-security-web dependency polish
...
- remove direct dependency on spring-aop
- spring-tx and spring-jdbc optional
2013-08-25 15:52:17 -05:00
534989c8ea
SEC-2103: Fix tests to verify debug logging instead of info
2013-08-25 10:05:22 -05:00
acb2b680d0
SEC-2103: Change log of no results to debug
2013-08-24 23:39:56 -05:00
48283ec004
SEC-2276: Delay saving CsrfToken until token is accessed
...
This also removed the CsrfToken from the response headers to prevent the
token from being saved. If user's wish to return the CsrfToken in the
response headers, they should use the CsrfToken found on the request.
2013-08-24 23:31:01 -05:00
e9bb9e766e
SEC-1574: Add CSRF Support
2013-08-15 14:49:21 -05:00
797df51264
SEC-2135: Support HttpServletRequest#changeSessionId()
2013-08-15 13:59:16 -05:00
75fb971d23
SEC-2221: Fix the ignored media types to use includes instead of equals
2013-08-15 13:59:15 -05:00
Rob Winch
Rob Winch
Alex Panchenko
izeye
zhanhb
Thomas Darimont
Gunnar Hillert
Pascal Gehl
Michael Cramer
Marcin Mielnicki
Stillglade
Rob Winch
Kazuki Shimizu
Spring Buildmaster
bcecchinato
Mattias Severson
Maciej Zasada
Julien Dubois
getvictor
David Alberto
Adrien be
kazuki43zoo