Rob Winch
254333ce82
SEC-1957: DefaultFilterChainValidator no longer casts to DefaultFilterInvocationSecurityMetadataSource
2012-04-29 15:59:24 -05:00
Rob Winch
b626a63b85
Suppress warnings in AbstractAuthorizeTag and AuthorizeTagCustomGrantedAuthorityTests
2012-04-22 21:54:44 -05:00
Christian Hilmersson
d57f1d56d5
SEC-1900: AbstractAuthorizeTag now compares using getAuthority()
...
This avoids backwards compatibility issues with other GrantedAuthority
implementations.
2012-04-22 21:54:43 -05:00
Rob Winch
c446697de3
Cleaned up warnings in FilterChainProxyTests
2012-04-11 17:23:07 -05:00
Rob Winch
bb8f3bae7c
SEC-1950: Defensively invoke SecurityContextHolder.clearContext() in FilterChainProxy
2012-04-11 17:22:19 -05:00
Rob Winch
ca741ab18f
SEC-1943: Corrected namespace doc to state SecurityContextHolderAwareRequestFilter instead of SecurityContextHolderAwareFilter
2012-03-20 19:18:26 -05:00
Rob Winch
488efbc97e
SEC-1901: Changed DebugFilter to no longer extend OncePerRequesetFilter so that the FilterChainProxy is invoked on forwards
2012-03-17 11:16:21 -05:00
Rob Winch
a4322d70ba
Merge pull request #5 from tburch/setUseSecureCookie-typo
...
fix typo in AbstractRememberMeServices.setUseSecureCookie method documentation
2012-03-13 17:02:43 -07:00
Rob Winch
f78c11650f
SEC-1893: Namespace now register PortMapper with custom mappings for all components that use a PortMapper
2012-03-11 20:52:17 -05:00
Rob Winch
84141c4c76
SEC-1927: Corrected debug log in SessionManagementFilter to have a space between ID and the session and added guard to log statement
2012-03-11 18:35:38 -05:00
Tristan Burch
e7f47964ee
fix typo in setUseSecureCookie method documentation
2012-03-09 17:01:17 -07:00
ltaylor
6bde4caa77
Merge pull request #4 from Abdull/master
...
Correct role names in tutorial jsps
2012-02-28 14:15:53 -08:00
Abdull
dec44811fc
Gave correct role name
2012-02-28 14:41:14 +01:00
Abdull
0e413cedcb
Gave correct role name
2012-02-28 14:39:30 +01:00
Luke Taylor
3760d792ea
SEC-1890: Add checks for validity of stored bcrypt hash
...
When checking for a match, the BCryptPasswordEncoder validates
the stored hash against a pattern to check that it actually is
a bcrypt value.
2012-02-22 14:36:13 +00:00
Luke Taylor
5d71d2a4fa
SEC-1887: Add MethodSecurityOperations interface.
...
This should cater for implementations which want to use
the full filtering capabilities while creating a custom
expression root object.
Also cleaning whitespace.
2012-02-01 15:49:56 +00:00
Luke Taylor
2434564d6c
SEC-1904: Fixed LDAP object class name in docs.
2012-02-01 14:37:32 +00:00
Luke Taylor
538e75ce1b
SEC-1903: Use a static CRLF Pattern in FirewalledResponse
...
The Pattern was being recompiled for every request
when a single instance could be shared for performance
reasons.
2012-02-01 13:21:16 +00:00
Andrei Stefan
0f9ee81df1
SEC-1887: Improve extensibility of expression-based security classes
...
Introduces a new SecurityExpressionOperations interface which is
implemented by SecurityExpressionRoot
2012-01-31 19:06:43 +00:00
Luke Taylor
b493afa18c
SEC-1888: Improving the doc on (not) using multiple annotation types in the same class.
2012-01-31 19:05:43 +00:00
Luke Taylor
f97463cdb5
Minor comment fixes
2012-01-16 14:49:59 +00:00
Rob Winch
2d556c7b4f
SEC-1885: Change SecurityDebugBeanFactoryPostProcessor to only interact with BeanDefinitions rather than instances to prevent premature instatiation of FilterChainProxy and its dependencies
...
This issue occurred because the AutowiredAnnotationBeanPostProcessor had not been registered when the SecurityDebugBeanFactoryPostProcessor tried to obtain the FilterChainProxy. This caused
all of the FilterChainProxy's dependant beans to be resolved and if they used @Autowired they would not get processed properly.
2012-01-07 13:52:50 -06:00
Rob Winch
22225effcc
Call SecurityContextHolder.clearContext() in tear down of HttpSessionSecurityContextRepositoryTests
2011-12-30 16:05:35 -06:00
Rob Winch
5d94cd5e13
SEC-1735: Do not remove SecurityContext from HttpSession when anonymous Authentication is saved if original SecurityContext was anonymous
2011-12-30 16:04:02 -06:00
Rob Winch
1f835fec43
SEC-1867: Perform null check on Authentication.getCredentials() prior to calling toString()
2011-12-30 14:00:13 -06:00
Rob Winch
448a42916d
SEC-1880: Corrected error message when using both logout-success-url and success-handler-ref
2011-12-30 11:31:24 -06:00
Rob Winch
ea56a98883
SEC-1868: Remove error level logs from SecurityNamespaceHandler when the web classes are not available and not required
...
To get the detailed errors the FilterChainProxy is loaded again in reportMissingWebClasses
and included in the readerContext fatal log.
2011-12-30 10:51:17 -06:00
Rob Winch
6fe6e18939
SEC-1870: Updated HttpSessionDestroyedEvent to properly look for SecurityContexts as session attribute values instead of session attribute names
2011-12-29 15:44:49 -06:00
Rob Winch
044861eb20
Renamed **/*Spec.groovy to **/*Tests.groovy to better follow conventions
2011-12-29 12:59:24 -06:00
Rob Winch
8ca2927761
Renamed **/Test.java to **/Tests.java to better follow conventions
2011-12-28 17:39:29 -06:00
Rob Winch
aabb16912f
SEC-1878: DefaultFilterChainValidator properly handles AccessDecisionManager throwing exceptions other than AccessDeniedException
2011-12-28 16:43:19 -06:00
Luke Taylor
00936c6b49
Switch to post release snapshot version.
2011-12-05 23:44:55 +00:00
Luke Taylor
9b423a7726
Set 3.1.0 release version.
2011-12-05 23:42:39 +00:00
Luke Taylor
9fa6e78770
SEC-1857: Use Principal.getName() in ContextPropagatingRemoteInvocation
...
This is a better option than using the toString() method
where the latter doesn't return the username. e.g when the
principal is a UserDetails.
2011-12-05 21:23:42 +00:00
Steffen Ryll
0de067ae63
SEC-1793: Added convenience constructor to DefaultSpringSecuritySontextSource
...
This makes it easier to configure more than one
LDAP URL (fail-over scenario).
2011-12-05 19:24:00 +00:00
Rob Winch
999adbc6ee
SEC-1827: If use-secure-cookie is set to false explicitly set useSecureCookie to false on AbstractRememberMeServices
2011-11-21 09:11:17 -06:00
Rob Winch
53483df1f5
SEC-1678: Added What's new section to reference
2011-11-18 13:52:37 -06:00
Rob Winch
041cb1dcc3
SEC-1858: Included the updates for logout-success-url documentation
2011-11-18 11:22:22 -06:00
Rob Winch
3dca70403d
Suppress compiler warnings and minor javadoc fix for ProviderManager
2011-11-11 11:45:02 -06:00
Rob Winch
ff495b698e
SEC-1858: Removed methods for generating docbook for xsd
...
Not squashing so this is around if needed again
2011-11-11 11:45:02 -06:00
Rob Winch
c8b847f1ed
SEC-1858: Added integration tests to validate that the xsd is documented in the reference
2011-11-11 11:44:55 -06:00
Rob Winch
f88b6f75ff
SEC-1858: Overhall the namespace appendix of the reference to include missing elements and attributes
2011-11-11 09:00:53 -05:00
Rob Winch
de397bc0ce
SEC-1858: Updated xsd documentation to have documentation for all elements/attributes and added documentation of default values where appropriate
2011-11-11 09:00:53 -05:00
Dave Syer
8565116f20
SEC-1472: Add crypto wrappers for BCrypt
2011-11-02 18:10:19 +00:00
Dave Syer
944d762da9
Add eclipse generated meta-inf to ignores
2011-11-02 17:47:44 +00:00
Luke Taylor
3b13a3fb25
SEC-1812: Replace assertion with warning message when overriding the global AuthenticationManager.
2011-11-02 14:23:59 +00:00
Luke Taylor
8e1d407e3e
SEC-1848: LDAP encode name when using user DN patterns in AbstractLdapAuthenticator.
2011-11-01 13:28:56 +00:00
Luke Taylor
8fd2963e6b
Deprecate storage of Authentication object in AuthenticationException.
2011-11-01 13:05:53 +00:00
Luke Taylor
b60367e30c
Upgrade to validater 4.2
2011-11-01 00:20:45 +00:00
Luke Taylor
0bccbbfc18
SEC-1779: Make new getters protected rather than public.
2011-11-01 00:20:34 +00:00