6ae81d553b
SEC-842: Minor doc fixes
2008-05-20 10:48:59 +00:00
5af53da106
Improved doc for'filters' attribute
2008-05-18 11:09:50 +00:00
2329dadf48
Removed jalopy parameter comments
2008-05-15 17:58:15 +00:00
fb5eefeea5
SEC-740: Finished preauth chapter
2008-05-15 17:00:45 +00:00
f269373442
IDE-791: Remove explicit Spring LDAP class dependencies from LdapServerBDP.
2008-05-15 14:33:42 +00:00
4f6b4e4bfd
Make sample login pages use c:out for data output
2008-05-15 12:48:13 +00:00
8b2c0468ff
OPEN - issue SEC-834: Session fixation attack protection will cause problems with URL rewriting
...
http://jira.springframework.org/browse/SEC-834 . Modified HttpSecurityBDP to add session-fixation parameters to openId and form-login filters. Also added sessionRegistry property to AbstractProcessingFilter so that it doesn't conflict with concurrent session control.
2008-05-15 01:34:14 +00:00
d17a2da9e0
SEC-834: Session fixation attack protection will cause problems with URL rewriting
...
http://jira.springframework.org/browse/SEC-834 . Changed position of SessionFixationProtectionFilter and modified it to make a decision about whether authentication has taken place prior to calling doFilter(). Previously it did this on the return through the filter chain, which caused the problem described in this issue.
2008-05-15 00:26:27 +00:00
7f38c656ca
SEC-820: Expand regular expression used in hierarchical roles.
2008-05-14 22:59:33 +00:00
6493df13f8
SEC-803: Removed use of websphere SubjectHelper class.
2008-05-14 22:51:39 +00:00
d4defb10fe
SEC-833: Fixed login-failure-url in contacts sample app.
2008-05-14 22:41:13 +00:00
59543af4fb
SEC-826: Support for JPA PersistenceContext annotation broken
...
http://jira.springframework.org/browse/SEC-826 Moved all injection post-processing to BeanPostProcessors (and deleted bean factory post-processor) to prevent early instantiation problems. Beas should now all be instantiated before the injection takes place.
2008-05-14 16:41:52 +00:00
332f8fe5a1
SEC-624: Minor updates to docs
2008-05-13 17:16:19 +00:00
7a8eec11da
SEC-765: Brief outline of preauth sample
2008-05-13 17:14:45 +00:00
ff61644219
SEC-740: More on preauth
2008-05-13 17:13:47 +00:00
1fee538c7e
Fixed typo in setter method (uses of).
2008-05-13 15:32:30 +00:00
ae2470127c
Fixed typo in setter method "seAttributePrefix"
2008-05-13 13:51:49 +00:00
2a4d859812
SEC-829: Minor doc fix
2008-05-13 10:18:09 +00:00
15b893f9ae
SEC-809: OpenIDProcessingFilter updated to set authentication details (to make compatible with concurrent session control).
2008-05-12 20:05:24 +00:00
de886e36fa
SEC-624: Expanded general info on obtaining samples and added pointers to ldap and cas versions
2008-05-10 17:21:18 +00:00
ad9a667b75
SEC-624: Inserted sub-sections for key class definitions so they appear in toc
2008-05-10 17:19:46 +00:00
f70701d55a
SEC-624: Added section on 'getting the source' for reference from samples chapter
2008-05-10 17:18:29 +00:00
e1b226ee57
Added 2.0.2 namespace file
2008-05-10 17:16:46 +00:00
af0153d833
Extended intro to Authentication part to include pointers to tech overview and namespace config
2008-05-10 17:10:49 +00:00
d78a021fe1
Added basic intro to preauth
2008-05-10 16:07:39 +00:00
e1c17450b3
Updated faqs to add infinite loop and access denied debug message
2008-05-10 12:31:14 +00:00
add2649397
Javadoc typo.
2008-05-09 18:09:56 +00:00
781d88bd30
OPEN - issue SEC-825: Query string isn't beig stripped from URLs when ant matcher is in use (regression issue)
...
http://jira.springframework.org/browse/SEC-825 . Make sure the property is set on DefaultFilterInvocationDefinitionSource when ant paths are in use.
2008-05-09 18:08:32 +00:00
1030dca353
SEC-786: Added information on the need ofor a UserDetailsService if using auto-config/remember-me
2008-05-09 15:01:39 +00:00
b99f9d343d
SEC-624: Added some info on use of role-prefix
2008-05-09 14:25:42 +00:00
c0e829a41d
SEC-700: Added info on new remember-me imlementation and namespace config examples
2008-05-08 15:59:01 +00:00
5a1258a4ca
Corrected references to parts and reading order
2008-05-08 15:54:27 +00:00
883b92e7bd
SEC-822: Converted to long arithmetic to prevent integer overflowing with long token validity periods
2008-05-08 15:07:40 +00:00
301d021bf5
SEC-817: NPE in org.springframework.security.config.FilterChainProxyPostProcessor
...
Reversed order of beanName.equals() call as suggested.
2008-05-07 13:58:53 +00:00
8ad2d681ab
SEC-818: Changed redirect URL validation to ignore potential property placeholders at parsing time and report a warning through the parser context rather than an error. Also validated the URLs in the beans themselves using Asserts, so an exception will occur later when the beans have been created rather than while assembling the bean definitions.
2008-05-07 13:49:20 +00:00
5cf0c84e2f
SEC-814: Added standard bean config to ldap example and updated doc to provide some pointers to DefaultLdapAuthoritiesPopulator
2008-05-06 14:50:14 +00:00
afc757e618
Removed reference to LdapDataAccessException since it isn't actually mentioned except in javadoc
2008-05-06 14:43:52 +00:00
c333070fe3
Javadoc tidying
2008-05-06 13:59:46 +00:00
fca3a2a709
SEC-812: Added missing TextUtils file
2008-05-05 19:09:09 +00:00
fa44c74993
SEC-812: Added entity-escaping of username stored under last username key, to prevent problems if it is rendered in a page without escaping the text.
2008-05-05 18:37:02 +00:00
06719053f1
Removed commons lang dependency.
2008-05-05 17:18:47 +00:00
e7b6fe09e1
Corrected css for 'poweredBy'
2008-05-03 16:18:19 +00:00
9961c7f867
Moved to correct build location.
2008-05-02 10:52:57 +00:00
7a2e1e13d3
SEC-811: Provide a mechanism to allocate and rebuild cryptographically strong, randomised tokens.
2008-05-02 10:38:56 +00:00
a599ef5398
[maven-release-plugin] prepare for next development iteration
2008-05-01 20:09:03 +00:00
3e808335a4
[maven-release-plugin] prepare release spring-security-parent-2.0.1
2008-05-01 20:07:46 +00:00
054e2f6c38
SEC-624: Start of preauth document
2008-05-01 19:51:35 +00:00
79ca0d1612
Set correct 'test' scope on core-tests dependency
2008-05-01 19:47:47 +00:00
18a9965b80
Moved dummy file out of default package for easy exclusion from javadoc
2008-05-01 19:45:36 +00:00
de179c3e46
Fixed javadoc links
2008-05-01 19:44:34 +00:00
Luke Taylor
Ben Alex