Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,590 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

4590 Commits

Author SHA1 Message Date
Rob Winch 254333ce82 SEC-1957: DefaultFilterChainValidator no longer casts to DefaultFilterInvocationSecurityMetadataSource 2012-04-29 15:59:24 -05:00
Rob Winch b626a63b85 Suppress warnings in AbstractAuthorizeTag and AuthorizeTagCustomGrantedAuthorityTests 2012-04-22 21:54:44 -05:00
Christian Hilmersson d57f1d56d5 SEC-1900: AbstractAuthorizeTag now compares using getAuthority() 
This avoids backwards compatibility issues with other GrantedAuthority
implementations.
 2012-04-22 21:54:43 -05:00
Rob Winch c446697de3 Cleaned up warnings in FilterChainProxyTests 2012-04-11 17:23:07 -05:00
Rob Winch bb8f3bae7c SEC-1950: Defensively invoke SecurityContextHolder.clearContext() in FilterChainProxy 2012-04-11 17:22:19 -05:00
Rob Winch ca741ab18f SEC-1943: Corrected namespace doc to state SecurityContextHolderAwareRequestFilter instead of SecurityContextHolderAwareFilter 2012-03-20 19:18:26 -05:00
Rob Winch 488efbc97e SEC-1901: Changed DebugFilter to no longer extend OncePerRequesetFilter so that the FilterChainProxy is invoked on forwards 2012-03-17 11:16:21 -05:00
Rob Winch a4322d70ba Merge pull request #5 from tburch/setUseSecureCookie-typo 
fix typo in AbstractRememberMeServices.setUseSecureCookie method documentation
 2012-03-13 17:02:43 -07:00
Rob Winch f78c11650f SEC-1893: Namespace now register PortMapper with custom mappings for all components that use a PortMapper 2012-03-11 20:52:17 -05:00
Rob Winch 84141c4c76 SEC-1927: Corrected debug log in SessionManagementFilter to have a space between ID and the session and added guard to log statement 2012-03-11 18:35:38 -05:00
Tristan Burch e7f47964ee fix typo in setUseSecureCookie method documentation 2012-03-09 17:01:17 -07:00
ltaylor 6bde4caa77 Merge pull request #4 from Abdull/master 
Correct role names in tutorial jsps
 2012-02-28 14:15:53 -08:00
Abdull dec44811fc Gave correct role name 2012-02-28 14:41:14 +01:00
Abdull 0e413cedcb Gave correct role name 2012-02-28 14:39:30 +01:00
Luke Taylor 3760d792ea SEC-1890: Add checks for validity of stored bcrypt hash 
When checking for a match, the BCryptPasswordEncoder validates
the stored hash against a pattern to check that it actually is
a bcrypt value.
 2012-02-22 14:36:13 +00:00
Luke Taylor 5d71d2a4fa SEC-1887: Add MethodSecurityOperations interface. 
This should cater for implementations which want to use
the full filtering capabilities while creating a custom
expression root object.

Also cleaning whitespace.
 2012-02-01 15:49:56 +00:00
Luke Taylor 2434564d6c SEC-1904: Fixed LDAP object class name in docs. 2012-02-01 14:37:32 +00:00
Luke Taylor 538e75ce1b SEC-1903: Use a static CRLF Pattern in FirewalledResponse 
The Pattern was being recompiled for every request
when a single instance could be shared for performance
reasons.
 2012-02-01 13:21:16 +00:00
Andrei Stefan 0f9ee81df1 SEC-1887: Improve extensibility of expression-based security classes 
Introduces a new SecurityExpressionOperations interface which is
implemented by SecurityExpressionRoot
 2012-01-31 19:06:43 +00:00
Luke Taylor b493afa18c SEC-1888: Improving the doc on (not) using multiple annotation types in the same class. 2012-01-31 19:05:43 +00:00
Luke Taylor f97463cdb5 Minor comment fixes 2012-01-16 14:49:59 +00:00
Rob Winch 2d556c7b4f SEC-1885: Change SecurityDebugBeanFactoryPostProcessor to only interact with BeanDefinitions rather than instances to prevent premature instatiation of FilterChainProxy and its dependencies 
This issue occurred because the AutowiredAnnotationBeanPostProcessor had not been registered when the SecurityDebugBeanFactoryPostProcessor tried to obtain the FilterChainProxy. This caused
all of the FilterChainProxy's dependant beans to be resolved and if they used @Autowired they would not get processed properly.
 2012-01-07 13:52:50 -06:00
Rob Winch 22225effcc Call SecurityContextHolder.clearContext() in tear down of HttpSessionSecurityContextRepositoryTests 2011-12-30 16:05:35 -06:00
Rob Winch 5d94cd5e13 SEC-1735: Do not remove SecurityContext from HttpSession when anonymous Authentication is saved if original SecurityContext was anonymous 2011-12-30 16:04:02 -06:00
Rob Winch 1f835fec43 SEC-1867: Perform null check on Authentication.getCredentials() prior to calling toString() 2011-12-30 14:00:13 -06:00
Rob Winch 448a42916d SEC-1880: Corrected error message when using both logout-success-url and success-handler-ref 2011-12-30 11:31:24 -06:00
Rob Winch ea56a98883 SEC-1868: Remove error level logs from SecurityNamespaceHandler when the web classes are not available and not required 
To get the detailed errors the FilterChainProxy is loaded again in reportMissingWebClasses
and included in the readerContext fatal log.
 2011-12-30 10:51:17 -06:00
Rob Winch 6fe6e18939 SEC-1870: Updated HttpSessionDestroyedEvent to properly look for SecurityContexts as session attribute values instead of session attribute names 2011-12-29 15:44:49 -06:00
Rob Winch 044861eb20 Renamed **/*Spec.groovy to **/*Tests.groovy to better follow conventions 2011-12-29 12:59:24 -06:00
Rob Winch 8ca2927761 Renamed **/Test.java to **/Tests.java to better follow conventions 2011-12-28 17:39:29 -06:00
Rob Winch aabb16912f SEC-1878: DefaultFilterChainValidator properly handles AccessDecisionManager throwing exceptions other than AccessDeniedException 2011-12-28 16:43:19 -06:00
Luke Taylor 00936c6b49 Switch to post release snapshot version. 2011-12-05 23:44:55 +00:00
Luke Taylor 9b423a7726 Set 3.1.0 release version. 2011-12-05 23:42:39 +00:00
Luke Taylor 9fa6e78770 SEC-1857: Use Principal.getName() in ContextPropagatingRemoteInvocation 
This is a better option than using the toString() method 
where the latter doesn't return the username. e.g when the
principal is a UserDetails.
 2011-12-05 21:23:42 +00:00
Steffen Ryll 0de067ae63 SEC-1793: Added convenience constructor to DefaultSpringSecuritySontextSource 
This makes it easier to configure more than one
LDAP URL (fail-over scenario).
 2011-12-05 19:24:00 +00:00
Rob Winch 999adbc6ee SEC-1827: If use-secure-cookie is set to false explicitly set useSecureCookie to false on AbstractRememberMeServices 2011-11-21 09:11:17 -06:00
Rob Winch 53483df1f5 SEC-1678: Added What's new section to reference 2011-11-18 13:52:37 -06:00
Rob Winch 041cb1dcc3 SEC-1858: Included the updates for logout-success-url documentation 2011-11-18 11:22:22 -06:00
Rob Winch 3dca70403d Suppress compiler warnings and minor javadoc fix for ProviderManager 2011-11-11 11:45:02 -06:00
Rob Winch ff495b698e SEC-1858: Removed methods for generating docbook for xsd 
Not squashing so this is around if needed again
 2011-11-11 11:45:02 -06:00
Rob Winch c8b847f1ed SEC-1858: Added integration tests to validate that the xsd is documented in the reference 2011-11-11 11:44:55 -06:00
Rob Winch f88b6f75ff SEC-1858: Overhall the namespace appendix of the reference to include missing elements and attributes 2011-11-11 09:00:53 -05:00
Rob Winch de397bc0ce SEC-1858: Updated xsd documentation to have documentation for all elements/attributes and added documentation of default values where appropriate 2011-11-11 09:00:53 -05:00
Dave Syer 8565116f20 SEC-1472: Add crypto wrappers for BCrypt 2011-11-02 18:10:19 +00:00
Dave Syer 944d762da9 Add eclipse generated meta-inf to ignores 2011-11-02 17:47:44 +00:00
Luke Taylor 3b13a3fb25 SEC-1812: Replace assertion with warning message when overriding the global AuthenticationManager. 2011-11-02 14:23:59 +00:00
Luke Taylor 8e1d407e3e SEC-1848: LDAP encode name when using user DN patterns in AbstractLdapAuthenticator. 2011-11-01 13:28:56 +00:00
Luke Taylor 8fd2963e6b Deprecate storage of Authentication object in AuthenticationException. 2011-11-01 13:05:53 +00:00
Luke Taylor b60367e30c Upgrade to validater 4.2 2011-11-01 00:20:45 +00:00
Luke Taylor 0bccbbfc18 SEC-1779: Make new getters protected rather than public. 2011-11-01 00:20:34 +00:00