Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-22 22:46:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,845 Commits 33 Branches 337 Tags
Commit Graph

145 Commits

Author SHA1 Message Date
Luke Taylor
2023ca283e SEC-1358: Support empty context path in DefaultWebInvocationPrivilegeEvaluator 
This class was failing when an application was deployed at the root context because of an assertion which checked that the contexPath was not empty. An empty context path doesn't actually cause problems for the class so I've removed the assertion.
 2010-01-12 00:30:27 +00:00
Luke Taylor
b323098167 Added gradle build files for taglibs, tutorial, contacts and openid. 
Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).
 2010-01-10 23:31:23 +00:00
Luke Taylor
e211f9b35f SEC-1349: Allow configuration of OpenID with parameters which should be transferred to the return_to URL. 
The OpenIDAuthenticationFilter now has a returnToUrlParameters property (a Set). If this is set, the named parameters will be copied from the incoming submitted request to the return_to URL. If not set, it defaults to the "parameter" property of the AbstractRememberMeServices of the parent class. If remember-me is not in use, it defaults to the empty set.

Enabled remember-me in the OpenID sample.
 2010-01-09 01:04:13 +00:00
Luke Taylor
bc02fc2de1 Corrected "incorrect numer of tokens" error message in TokenBasedRememberMeServices. 2010-01-08 23:57:27 +00:00
Luke Taylor
052537c8b0 Removing $Id$ markers and stripping trailing whitespace from the codebase. 2010-01-08 21:05:13 +00:00
Luke Taylor
f5d36aef65 SEC-1350: Improved Javadoc for AbstractPreAuthenticatedProcessingFilter 
Added clarification that the credentials returned
by the subclass should not be null or they will
typically be rejected by the provider. Also added
some general overview.
 2010-01-05 16:01:55 +00:00
Luke Taylor
c6b8fe5e55 SEC-1346: Added missing 'return' statements after redirects. 
ConcurrentSessionFilter and SessionManagementFilter now return immediately after redirecting to the expired URL and invalid session URLs respectively. Extra tests added to check.
 2010-01-03 19:06:58 +00:00
Luke Taylor
893f212fa5 Tidying 2010-01-02 19:53:19 +00:00
Luke Taylor
115d5b84ff [maven-release-plugin] prepare for next development iteration 2009-12-22 22:20:01 +00:00
Luke Taylor
6c6ef08353 [maven-release-plugin] prepare release spring-security-3.0.0.RELEASE 2009-12-22 22:19:38 +00:00
Luke Taylor
e64866ae6a Updated bundlor templates and introduced spring.version variable 2009-12-22 01:10:04 +00:00
Luke Taylor
3418aab46e SEC-1327: Javadoc additions to clarify some behaviour 2009-12-21 17:32:54 +00:00
Luke Taylor
fcce29f8df SEC-1326: Updating dependencies to match Spring versions. Removing unused deps. 2009-12-21 17:32:38 +00:00
Luke Taylor
97a31cae04 SEC-1333: Added error message for invalid redirect URL assertion 2009-12-18 19:29:36 +00:00
Luke Taylor
aeed49393c Switching StringBuffer to StringBuilder throughout the codebase (APIs permitting). 2009-12-18 18:44:42 +00:00
Luke Taylor
76731254c0 SEC-1328: Fixed issue with redirect to context relative URLs where the context name is part of the domain name. 2009-12-18 18:04:03 +00:00
Luke Taylor
06e092d46a Midor Javadoc correction. 2009-12-15 15:39:01 +00:00
Luke Taylor
6805761d85 Extra test to confirm http-method specific matching behaviour. 2009-12-14 13:55:48 +00:00
Luke Taylor
cad32ffe39 SEC-1325: Tighten up Authentication interface contract to disallow null authorities. Modified internals of AbstractAuthenticationToken to use an empty list instead of null. Clarified Javadoc. removed unnecessary null checks in classes which use the interface. 2009-12-13 17:37:24 +00:00
Luke Taylor
520e733cb2 [maven-release-plugin] prepare for next development iteration 2009-12-08 21:19:41 +00:00
Luke Taylor
f2cf17bd49 [maven-release-plugin] prepare release spring-security-3.0.0.RC2 2009-12-08 21:19:20 +00:00
Luke Taylor
075e7a15ad Corrected package name in Javadoc. 2009-12-07 21:44:02 +00:00
Luke Taylor
444d93b13f SEC-1316: Remove 'removeAfterRequest' property from AnonymousAuthenticationFilter 2009-12-07 13:54:39 +00:00
Luke Taylor
b27d7afd24 SEC-1315: Modify HttpSessionSecurityContextRepository to check for anonymous token before creating a session. Moved the anonymity check to be before the session creation. 2009-12-06 15:28:03 +00:00
Luke Taylor
aee6b8f3f9 SEC-1314: Deprecate cloneFromHttpSession and securityContextClass in HttpSessionSecurityContextRepository. Both deprecated. 2009-12-06 15:09:33 +00:00
Luke Taylor
dab76249db Added gradle build files (experimental) 2009-12-04 21:33:17 +00:00
Luke Taylor
69699431b1 SEC-1303: Added internal Hex and Base64 classes, and moved commons-codec dependency to test scope 2009-11-24 09:31:03 +00:00
Luke Taylor
4d8956a227 SEC-1288: Changed claimedIdentityFieldName in OpenIDAuthenticationFilter to "openid_identifier", as recommended by the 2.0 spec. 2009-11-17 22:05:38 +00:00
Luke Taylor
d84542cf88 SEC-1285: minor vulnerability in BasicProcessingFilter. Changed logging of Basic authentication information. 2009-11-17 15:29:07 +00:00
Luke Taylor
617e517e5e SEC-1280: NullPointerException in PersistentTokenBasedRememberMeServices when logging out twice. Added check for null authentication in logout method. 2009-11-04 17:20:13 +00:00
Luke Taylor
930c1b6b53 Coverted to Junit 4 test. 2009-10-14 21:48:30 +00:00
Luke Taylor
11e476c486 Added issue numbers in comment. 2009-10-14 14:23:34 +00:00
Luke Taylor
d4d45e1311 Make getHeader() methods check case-insensitive matching on header name. 2009-10-14 14:12:27 +00:00
Luke Taylor
7282eed197 Import cleaning. 2009-10-14 00:30:55 +00:00
Luke Taylor
799b96520b SEC-1269: Combining <form-login> and <open-id> fails to find entry point. Fixed entry point choice conditions when using openID and/or form-login 2009-10-14 00:30:28 +00:00
Luke Taylor
3f963ef8ca Restore versions and svn URLs in trunk (release plugin fail) 2009-10-11 21:59:38 +00:00
Luke Taylor
af563e826c [maven-release-plugin] prepare release spring-security-3.0.0.RC1 2009-10-11 21:43:42 +00:00
Luke Taylor
881632cc08 SEC-1250: Removed duplicate property. 2009-10-11 15:20:24 +00:00
Luke Taylor
0da99171da SEC-1250: RequestHeaderPreAuthenticatedProcessingFilter cannot be use to fail back to another authentication type. Added exceptionIfHeaderMissing property. 2009-10-08 16:37:53 +00:00
Luke Taylor
3f72983a1e SEC-1257: Some additional API changes to use Collection instead of List... 2009-10-07 21:08:41 +00:00
Luke Taylor
1286741c7c SEC-1259: Improve consistency of authentication filter names. 2009-10-07 14:43:55 +00:00
Luke Taylor
f213cc5d9e SEC-1257: APIs using List<ConfigAttribute> should use a Collection instead. Converted. 2009-10-06 19:46:44 +00:00
Luke Taylor
caff3ee9ba SEC-1231: Authentication.getAuthorities should be of type Collection<GrantedAuthority> and not List<GrantedAuthority>. Refactored the interface and related classes to match (UserDetails etc). 2009-10-05 19:28:53 +00:00
Luke Taylor
07d7c0ddae Renamed form and openID filters to shorten names 2009-10-05 17:33:34 +00:00
Luke Taylor
1042305cfe Renamed web.wrapper to web.servletapi. Added some package.html files. 2009-10-05 16:59:37 +00:00
Luke Taylor
673cf300fb SEC-1229: Refactoring to remove package cycles. 2009-10-05 16:40:32 +00:00
Luke Taylor
acf13c74ca SEC-1229: Refactored authentication.concurrent in core, moving classes into core.session 2009-10-05 15:51:00 +00:00
Luke Taylor
2b89ebdfbb SEC-1229: Further doc and mods to namespace config/naming to make it more consistent 2009-10-03 16:08:51 +00:00
Luke Taylor
073198886d SEC-1255: Modified UrlUtils. Full request URL for redirects uses the requestURI (which is encoded). The URL for path comparsions is built using the servletpath, as before. 2009-10-02 17:29:43 +00:00
Luke Taylor
abba569282 Tidying. 2009-09-30 15:53:46 +00:00