92face623a
SEC-1738: removed accidental commit of writeNewPom task
2011-05-10 23:23:13 -05:00
3d24d6f672
SEC-1738: Changed openid4java to be testCompile dependency of spring security config
2011-05-10 23:17:36 -05:00
6e91786f92
SEC-1734: AbstractRememberMeServices will now default to using a secure cookie if the connection is secure. The behaviour can be overridden by setting the useSecureCookie property in which case the cookie will either always be secure (true) or never (false).
2011-05-09 13:36:23 +01:00
25ebc5e5f4
Fix openid dep in config.gradle. Should be a testCompile dep.
2011-04-29 14:04:32 +01:00
bd74185e41
SEC-1729: Updated openid module and sample to openid4java 0.9.6 and httpclient 4.1.1
2011-04-26 23:39:51 -05:00
c4a1ce9f1a
SEC-1725: Update docs to remove references to filter-chain-map.
2011-04-25 23:38:44 +01:00
b5924db74d
SEC-1725: Add option to filter-chain to use an explicit request-matcher-ref instead of a "path" attribute.
2011-04-25 23:20:15 +01:00
04dc65c8fe
SEC-1657: Corresponding namespace updates to use SecurityFilterChain list in place of filterChainMap.
2011-04-25 13:48:47 +01:00
71ed6d7964
SEC-1720: Avoid bean-creation side-effects in ContextSourceSettingPostProcessor.
2011-04-20 11:58:00 +01:00
8d702a4f98
SEC-1699: Make sure a FilterInvocation is passed to the AccessDecisionManager when checking the login page access in DefaultFilterChainValidator.
2011-04-14 18:04:29 +01:00
160fed1bfe
SEC-1713: Fix typo in schema RNC file.
2011-04-08 17:22:57 +01:00
3f1d8782c3
Minor fix to bundlor template for config module.
2011-04-06 14:02:01 +01:00
8d99918798
SEC-1491: Add support for an external priority SecurityMetadataSource to be referenced from global-method-security.
2011-04-05 15:07:43 +01:00
ddaf9eb64f
SEC-1705: Make sure a single OpenIDAuthenticationFilter bean is created by the namespace. Likewise for UsernamePasswordAuthenticationFilter.
2011-03-31 21:09:54 +01:00
ccc548b9e4
Fixing bundlor warnings.
2011-03-08 16:20:37 +00:00
088042b3d0
Upgrade spock and groovy versions, and make sure apacheDS work directory is set for config integrationTest task.
2011-02-14 19:03:08 +00:00
bc2448419b
SEC-1679: Make sure whitespace is trimmed from cookie names when specifying multiple cookies.
2011-02-14 19:02:28 +00:00
27be72a81c
SEC-1677: Split out LDAP server tests from config module.
2011-02-14 19:01:27 +00:00
b0df1bd1b0
SEC-1673: Use a map to store the range values use in the bundlor templates.
2011-02-07 16:06:23 +00:00
866615ceaa
SEC-1662: Cater for the case where a user uses two <http> elements without patterns and the RequestMatcher does not have two arguments.
2011-01-26 16:39:50 +00:00
2eefbf3a23
SEC-1657: Added support for 'name' attribute in <http> element to expose filter chain as a list bean.
2011-01-14 17:21:22 +00:00
6de2197c0f
SEC-1653: Ensure UserDetailsServiceFactoryBean is registered using the tools API to prevent errors in STS.
2011-01-11 00:10:07 +00:00
6779822325
Remove GRADLE-1090 workarounds from config.gradle.
2011-01-07 18:28:21 +00:00
8d7830a1ee
SEC-1603: Add support in namespace for use of AuthenticationSuccessHandler with remember-me.
2011-01-06 15:16:13 +00:00
1ed5227d75
Removed @Override from HttpFirewallBeanDefinitionParser.parse since it does not override a method definition, it implements one.
...
Fixed The method parse(Element, ParserContext) of type HttpFirewallBeanDefinitionParser must override a superclass method HttpFirewallBeanDefinitionParser.java /spring-security-config/src/main/java/org/springframework/security/config/http line 23 Java Problem
2010-12-16 22:20:20 -06:00
2be2660b13
SEC-1636: Add optimizations for simple pattern cases in AntPathRequestMatcher. "/**" and "**" are treated as universal matches and a trailing "/**" is now optimized using a substring match.
2010-12-11 21:56:35 +00:00
4a40d80da1
SEC-1418: Deprecate GrantedAuthorityImpl in favour of final SimpleGrantedAuthority.
...
It should be noted that equality checks or lookups with Strings or other authority types will now fail where they would have succeeded before.
2010-12-03 16:41:46 +00:00
441aa25383
SEC-1615: Changed key generation for anonymous provider to only use SecureRandom on demand.
2010-12-01 20:52:37 +00:00
b9a98613eb
SEC-1593: Added tests to try to reproduce issue.
2010-11-03 19:37:25 +00:00
21ed5feb8d
SEC-1600: Added Implementation-Version and Implementation-Title to manifest templates and checking of version numbers in namespace config module and core. Config checks the version of core it is running against and core checks the Spring version, reporting any mismatches or situations where the app is running with less than the recommended Spring version.
2010-10-27 13:25:40 +01:00
f70942c6f5
SEC-1589: Add support for property placeholder in intercept-methods access attribute.
2010-10-27 13:25:39 +01:00
173537f4f2
SEC-1584: Added namespace support for injecting custom HttpFirewall instance into FilterChainProxy.
2010-10-27 13:25:39 +01:00
0961671772
Reinstated missing 3.0.3 schema file
2010-10-27 13:25:39 +01:00
f455e9a5a4
SEC-1584: Documentation of request-checking and matching process. Logging of servletPath and and pathInfo in DebugFilter for comparison.
2010-10-27 13:25:39 +01:00
7d97adc687
SEC-1584: Addition of HttpFirewall strategy to FilterChainProxy to reject un-normalized requests and wrap the incoming request object before processing by the security filter chain to provide a more consistent representation of paths than is guaranteed by the servlet spec. The wrapper strips path parameters from pathInfo and servletPath to provide consistency of URL matching across servlet containers and protect against bypassing security constraints by the malicious addition of such parameters to the URL. The paths are canonicalized further by replacing of multiple sequences of "/" characters with a single "/".
2010-10-27 13:25:39 +01:00
ee12d54bec
SEC-1536: moved web.authentication.jaas to web.jaasapi
...
Renamed org.springframework.security.web.authentication.jaas to org.springframework.security.web.jaasapi to be better aligned with org.springframework.security.web.servletapi, added package-info.java, and removed trailing whitespaces
2010-10-05 22:28:42 -05:00
e69b981c72
Make method in MatcherType public for use in OAuth.
2010-09-25 20:09:12 +01:00
11a87d1fa0
Switch to using xsd:boolean in schema file.
2010-09-19 18:17:06 +01:00
1b2b371970
SEC-1544: Added CookieClearingLogoutHandler and 'delete-cookies' attribute to the 'logout' namespace element.
...
When the user logs out, the handler will attempt to delete the named cookies (which it is constructor-injected with) by expiring them in the response.
Also added documentation on the feature and a suggestion for deleting JSESSIONID through an Apache proxy server, if the servlet container doesn't allow clearing the session cookie.
2010-09-16 16:03:24 +01:00
383211561c
Moved LDAP placeholder config test into LDAP tests to prevent issues with parallel tests. Converted LdapProviderBDP tests to groovy/spock. Other misc tidying of config tests.
2010-09-16 12:31:23 +01:00
7dd8cd2fb9
Make sure ApacheDS work directory is set correctly for separate LDAP test task in config module.
2010-09-16 10:50:12 +01:00
a128e3b4fe
http://forum.springsource.org/showthread.php?p=318755 Added PlaceHolderAndELConfigTests.ldapAuthenticationProviderWorksWithPlaceholders
2010-09-13 13:44:12 -05:00
de819378fc
SEC-1536: added JAAS API Integration, updated doc, updated jaas sample
2010-09-13 13:12:45 -05:00
0217e98bdb
Added an AppListener to collect events for use in tests
2010-09-13 14:20:21 +01:00
f4d57ab5e8
SEC-1456: Remove maven poms as we are now using gradle for the build.
2010-08-30 19:02:19 +01:00
20988c8cf6
Minor refactoring of debug filter and tidying up tests.
2010-08-27 01:49:30 +01:00
bdb906e588
Enable parameterization for log levels in logback files to allow the use of command-line options for controlling log output.
2010-08-24 18:25:39 +01:00
1db83fc81e
Minor BD parser tidying.
2010-08-20 21:14:00 +01:00
c37ca1c2a9
Sample app build adjustments to remove unwanted deps such as jsp-api, tidy up use of JSTL, make sure all are using servlet 2.5 etc.
2010-08-19 22:41:51 +01:00
5f6bcc0e1e
SEC-1540: Fix to add HTTP-method specific support for namespace requires-channel attribute.
2010-08-18 13:01:16 +01:00
Rob Winch
Luke Taylor
Rob Winch