Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-21 22:05:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,005 Commits 33 Branches 337 Tags
Commit Graph

442 Commits

Author SHA1 Message Date
Luke Taylor
7d97adc687 SEC-1584: Addition of HttpFirewall strategy to FilterChainProxy to reject un-normalized requests and wrap the incoming request object before processing by the security filter chain to provide a more consistent representation of paths than is guaranteed by the servlet spec. The wrapper strips path parameters from pathInfo and servletPath to provide consistency of URL matching across servlet containers and protect against bypassing security constraints by the malicious addition of such parameters to the URL. The paths are canonicalized further by replacing of multiple sequences of "/" characters with a single "/". 2010-10-27 13:25:39 +01:00
Rob Winch
ee12d54bec SEC-1536: moved web.authentication.jaas to web.jaasapi 
Renamed org.springframework.security.web.authentication.jaas to org.springframework.security.web.jaasapi to be better aligned with org.springframework.security.web.servletapi, added package-info.java, and removed trailing whitespaces
 2010-10-05 22:28:42 -05:00
Luke Taylor
e69b981c72 Make method in MatcherType public for use in OAuth. 2010-09-25 20:09:12 +01:00
Luke Taylor
11a87d1fa0 Switch to using xsd:boolean in schema file. 2010-09-19 18:17:06 +01:00
Luke Taylor
1b2b371970 SEC-1544: Added CookieClearingLogoutHandler and 'delete-cookies' attribute to the 'logout' namespace element. 
When the user logs out, the handler will attempt to delete the named cookies (which it is constructor-injected with) by expiring them in the response.

Also added documentation on the feature and a suggestion for deleting JSESSIONID through an Apache proxy server, if the servlet container doesn't allow clearing the session cookie.
 2010-09-16 16:03:24 +01:00
Luke Taylor
383211561c Moved LDAP placeholder config test into LDAP tests to prevent issues with parallel tests. Converted LdapProviderBDP tests to groovy/spock. Other misc tidying of config tests. 2010-09-16 12:31:23 +01:00
Luke Taylor
7dd8cd2fb9 Make sure ApacheDS work directory is set correctly for separate LDAP test task in config module. 2010-09-16 10:50:12 +01:00
rwinch
a128e3b4fe http://forum.springsource.org/showthread.php?p=318755 Added PlaceHolderAndELConfigTests.ldapAuthenticationProviderWorksWithPlaceholders 2010-09-13 13:44:12 -05:00
rwinch
de819378fc SEC-1536: added JAAS API Integration, updated doc, updated jaas sample 2010-09-13 13:12:45 -05:00
Luke Taylor
0217e98bdb Added an AppListener to collect events for use in tests 2010-09-13 14:20:21 +01:00
Luke Taylor
f4d57ab5e8 SEC-1456: Remove maven poms as we are now using gradle for the build. 2010-08-30 19:02:19 +01:00
Luke Taylor
20988c8cf6 Minor refactoring of debug filter and tidying up tests. 2010-08-27 01:49:30 +01:00
Luke Taylor
bdb906e588 Enable parameterization for log levels in logback files to allow the use of command-line options for controlling log output. 2010-08-24 18:25:39 +01:00
Luke Taylor
1db83fc81e Minor BD parser tidying. 2010-08-20 21:14:00 +01:00
Luke Taylor
c37ca1c2a9 Sample app build adjustments to remove unwanted deps such as jsp-api, tidy up use of JSTL, make sure all are using servlet 2.5 etc. 2010-08-19 22:41:51 +01:00
Luke Taylor
5f6bcc0e1e SEC-1540: Fix to add HTTP-method specific support for namespace requires-channel attribute. 2010-08-18 13:01:16 +01:00
Luke Taylor
3c02989d67 Removal of jmock test dependency and upgrading of mockito version to 1.8.5. Minor adjustments to other build deps and configurations (e.g. prevent groovy from being used as a transitive dep, since we only use it for tests). 2010-08-18 02:32:43 +01:00
Luke Taylor
aafc5f9038 File rename to correct case. 2010-08-17 02:27:36 +01:00
Luke Taylor
1f520b691f SEC-1469: Initial support for debugging filter. 2010-08-17 02:23:34 +01:00
Luke Taylor
591bd532bd Polishing FilterChainProxy and its tests. 2010-08-17 02:20:34 +01:00
Luke Taylor
6abfa2e887 Update minimum required schema to 3.1. 2010-08-17 02:19:55 +01:00
Luke Taylor
4bd41cbf72 SEC-1133: Support for setting of authenticationDetailsSource property for form-login, openid-login, http-basic and x509 namespace elements. These elements now support an additional 'authentication-details-source-ref' attribute. 2010-08-14 15:10:03 +01:00
Luke Taylor
4935aa07c7 SEC-1535: Added suggested doc fixes. 2010-08-12 20:41:29 +01:00
Luke Taylor
2222a7be07 Use Integer.valueOf() in preference to new Integer() 2010-08-11 18:17:23 +01:00
Luke Taylor
dca0fd871c SEC-1532: Add cache of previously matched beans to ProtectPointcutPostProcessor to ensure that it doesn't perform pointcut matching every time a new prototype bean is created. 2010-08-09 17:16:43 +01:00
Luke Taylor
85c4c91e0e IDEA inspection refactorings. 2010-08-05 23:28:07 +01:00
Luke Taylor
413b2a06e3 Improvements in up-to-date checking and use of parallel tests where possible. 2010-08-05 02:11:00 +01:00
Luke Taylor
64375484a1 More build and logging tuning. 2010-08-04 22:55:17 +01:00
Luke Taylor
2d9a848265 Added missing gradle build files for remaining samples. Some related reordering, dependency fixing etc. CAS sample no longer requires two separate subprojects as both client and server app can be run from a single gradle build. 2010-07-27 02:20:36 +01:00
Luke Taylor
c1c8fd1874 SEC-1171: Changed attribute name/value from secured="false" to security="none" to allow future extension by adding extra options (e.g. contextOnly to provide security context information during the request). 2010-07-20 19:46:47 +01:00
Luke Taylor
a4fd191499 Added check for use of "ref" with other attributes in <authentication-provider>. 2010-07-20 14:31:52 +01:00
Luke Taylor
4683273c2c Correct message in namespace handler when web classes are missing. 2010-07-12 12:40:06 +01:00
Luke Taylor
69a10c48ae Switch to using slf4j/logback for logging. 
We still compile modules against commons-logging but all runtime logging and samples will use logback
 2010-07-12 12:39:52 +01:00
Luke Taylor
443ac0487a SEC-1093: Namespace support for jee element. 
Adds a J2eePreAuthenticatedProcessingFilter to the stack, using a SimpleAttributes2GrantedAuthoritiesMapper to process the role attributes defined in the "mappable-roles" attribute. Provider uses a PreAuthenticatedGrantedAuthoritiesUserDetailsService by default.
 2010-07-07 22:42:26 +01:00
Luke Taylor
026517f674 Removal of deprecated methods and classes. 2010-06-26 16:23:42 +01:00
Luke Taylor
6a79cf7be2 SEC-1383: Make MethodSecurityMetadataSourceBeanDefinitionParser extend AbstractBeanDefinitionParser for automatic support of ID attribute. 2010-06-26 16:07:23 +01:00
Luke Taylor
cd946c4e23 SEC-1493: Added namespace support. 2010-06-20 21:09:38 +01:00
Luke Taylor
8bddc8f820 SEC-1484: Documentation for some namespace attributes. 2010-06-05 17:35:24 +01:00
Luke Taylor
2e865752ff Upgraded groovy to 1.7.2 to avoid jansi dependency issue 2010-06-03 23:13:28 +01:00
Luke Taylor
efb600166a SEC-1488: Remove commons-logging dependencies from maven poms. 2010-05-28 13:10:59 +01:00
Luke Taylor
f7405cef82 Removed original Java version of refactored http namespace tests. 2010-05-27 18:06:26 +01:00
Luke Taylor
34401416b0 SEC-1171: Implement parsing of empty filter chain patters via http 'secured' attribute and remove filters='none' support. 2010-05-27 15:54:15 +01:00
Luke Taylor
05c7abe191 SEC-1445: Tests for setting of username and password parameter names through the form-login element. 2010-05-27 15:54:15 +01:00
Luke Taylor
7d74b7c87e SEC-1171: Allow multiple http elements and add pattern attribute to specify filter chain mapping. 2010-05-27 15:54:15 +01:00
Luke Taylor
b0758dd8de Refactoring HTTP config tests to use spock and groovy MarkupBuilder 2010-05-27 15:53:52 +01:00
Luke Taylor
b0308e41cb SEC-1455: Load namespace parsers when required, rather than on init() call, to avoid classloaded issue with dmServer failing to resolve web classes when the namespace handler is first used. 2010-05-21 15:36:37 +01:00
Luke Taylor
a4ce14f604 Add "provisioning" package to config bundlor template. 2010-05-16 14:14:13 +01:00
Luke Taylor
d5ffdd9c27 Import cleaning 2010-05-03 18:46:06 +01:00
Luke Taylor
dccb30ad63 Remove use of wrong DOMUtils class (from com.sun package). 2010-05-01 15:06:48 +01:00
Luke Taylor
863ccecf55 SEC-1466: Report error if authentication-provider element has child elements when used with "ref" attribute. 2010-04-30 20:22:20 +01:00