Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,236 Commits 32 Branches 333 Tags 111 MiB
Commit Graph

4236 Commits

Author SHA1 Message Date
Luke Taylor 2be2660b13 SEC-1636: Add optimizations for simple pattern cases in AntPathRequestMatcher. "/**" and "**" are treated as universal matches and a trailing "/**" is now optimized using a substring match. 2010-12-11 21:56:35 +00:00
Luke Taylor 523f6add60 Javadoc fix 2010-12-09 12:39:05 +00:00
Luke Taylor 4a40d80da1 SEC-1418: Deprecate GrantedAuthorityImpl in favour of final SimpleGrantedAuthority. 
It should be noted that equality checks or lookups with Strings or other authority types will now fail where they would have succeeded before.
 2010-12-03 16:41:46 +00:00
Luke Taylor 978b7d4707 SEC-1631: Reduced use of reflection in DefaultAuthenticationEventPublisher and added tests. 2010-12-02 18:19:27 +00:00
Luke Taylor bfb723feac SEC-1557: Added getter to DelegatingMethodSecurityMetadataSource. Also added some optimizations of cache lookup key equals method. A class type check is unnecessary since the key class is a private inner class. 2010-12-01 21:55:33 +00:00
Luke Taylor 441aa25383 SEC-1615: Changed key generation for anonymous provider to only use SecureRandom on demand. 2010-12-01 20:52:37 +00:00
Luke Taylor 4ad0652787 Removed array of authorities constructor from TestingAuthenticationToken and RunAsUserToken. 2010-12-01 20:52:37 +00:00
Luke Taylor ca679e1479 Reformatting. 2010-12-01 20:52:37 +00:00
Luke Taylor 9b29dcb8bf SEC-1430: Removed username attribute from WebAttributes class. 2010-11-26 14:20:19 +00:00
Luke Taylor 43be9ea2a4 SEC-1430: Removed caching of username in session upon failed authentication. Improved Javadoc. 2010-11-26 13:58:49 +00:00
Luke Taylor d64efe9747 SEC-1492: Added GrantedAuthoritiesMapper to provide mapping of loaded authorities to those which are eventually stored in the user Authentication object. 2010-11-25 15:19:37 +00:00
Luke Taylor 89f80659a1 Move docs on request matching to correct file and delete unused one 2010-11-24 00:30:37 +00:00
Luke Taylor 49242729e4 Added imgSrcPath parameter for use in docbookFopPdf task. 2010-11-24 00:28:59 +00:00
Luke Taylor 51a53ddbaa Minor refactoring of GAE code to use specific GrantedAuthority type. 2010-11-17 14:15:11 +00:00
Luke Taylor 60970dd9c4 Added some tests for web expression handling code. 2010-11-15 20:01:38 +00:00
Luke Taylor 2d9f98d535 SEC-1412: DefaultSavedRequest should ignore "If-Modified-Since" headers to prevent re-displaying the login form (the cached result of the original request). 2010-11-15 16:14:24 +00:00
Luke Taylor fc00d7ef1d Move the unix scripts for the tutorial sample into a subdirectory 2010-11-12 15:19:46 +00:00
Luke Taylor 37810a19c4 SEC-1619: Added check in GAE sample for change of Google user while still logged into the app. 
Also updated GAE version and build script. Uploading to GAE now works when run from the gradle build file using the command 'gradle gaeDeploy'.
 2010-11-10 15:37:42 +00:00
Luke Taylor 8b51c2c97d SEC-1587: Add explicit call to removeAttribute() to remove the context from the session if the current context is empty or anonymous. 
Allows for the situation where a user is logged out without invalidating the session.
 2010-11-09 13:55:45 +00:00
Luke Taylor 7754882ba9 SEC-1550: Additional signature change (in AnonymousAuthenticationToken) 2010-11-09 13:48:57 +00:00
Rob Winch ffccc5f446 SEC-1617: Added spring-security-taglibs as a runtime dependency to jaas.gradle 2010-11-08 19:27:44 -06:00
Luke Taylor 4b6a2168c7 SEC-1550: Additional signature change (in LdapUserDetailsManager.removeAuthorities()) 2010-11-08 15:14:30 +00:00
Luke Taylor 6b691f6fc0 SEC-1613: Corrected preauth docs. 2010-11-04 14:32:06 +00:00
Rob Winch 4f51eb09c0 SEC-1606: Added a FirewalledRequestAwareRequestDispatcher that will call FirewalledRequest.reset() before a forward 2010-11-03 15:27:59 -05:00
Luke Taylor b9a98613eb SEC-1593: Added tests to try to reproduce issue. 2010-11-03 19:37:25 +00:00
Luke Taylor 1c8d28501c SEC-1550: Convert signatures to use Collection<? extends GrantedAuthority> where appropriate. 2010-11-03 13:48:59 +00:00
Luke Taylor 8d867e8b67 Updated integration tests to detect case reported as SPR-7563. 2010-11-02 20:35:24 +00:00
Luke Taylor 265cdaf2a6 SEC-1595: Added extra constructor to OpenID4JavaConsumer which takes a ConsumerManager to allow a version compatible with GAE to be injected. 2010-11-02 20:19:16 +00:00
Luke Taylor 337477de6a SEC-1604: Change log level to debug for "Validated configuration attributes" message. 2010-11-02 20:06:42 +00:00
Luke Taylor 54d0a263de SEC-1590: Removed WebAuthenticatioDetails.doPopulateAdditionalInformation() method which is caled from superclass constructor. 2010-11-02 19:50:40 +00:00
Luke Taylor 43ec2beec0 SEC-1183: Modified Attributes2GrantedAuthoritiesMapper to return Collection<? extends GrantedAuthority>. 2010-11-02 14:02:55 +00:00
Luke Taylor 84efffb937 SEC-1542: Add a setter for the UserDetailsChecker in AbstractRememberMeServices. 2010-11-02 13:41:59 +00:00
Luke Taylor 2671e52d5a Expand message on incorrect Spring version to suggest checking the classpath for unwanted jars. 2010-11-02 12:31:44 +00:00
Luke Taylor 0696bed78e SEC-1608: Make sure FirewalledRequest.reset() is called when filter="none" 2010-11-02 12:08:39 +00:00
Luke Taylor deef2706ef SEC-1607: Report correct version for Spring Security (not Spring version). 2010-11-02 11:13:32 +00:00
Luke Taylor f85baac943 Updated to Spring 3.0.5 2010-10-27 13:25:40 +01:00
Luke Taylor 21ed5feb8d SEC-1600: Added Implementation-Version and Implementation-Title to manifest templates and checking of version numbers in namespace config module and core. Config checks the version of core it is running against and core checks the Spring version, reporting any mismatches or situations where the app is running with less than the recommended Spring version. 2010-10-27 13:25:40 +01:00
Luke Taylor 4de8b84b0d SEC-1543: Change IpAddressMatcher to return false when comparing an Inet6Address with an Inet4Address rather than raising an exception. 2010-10-27 13:25:40 +01:00
Luke Taylor cf0289bc02 SEC-1598: Removed invalid properties from SessionFixationProtectionStrategy bean declaration in Session Management chapter docbook. 2010-10-27 13:25:40 +01:00
Luke Taylor fabadff5f1 SEC-1597: Corrected bean class name for RememberMeAuthenticationProvider in docbook source. 2010-10-27 13:25:40 +01:00
Luke Taylor 31afb9c76d Deleted superseded dao-auth-provider.xml chapter. 2010-10-27 13:25:40 +01:00
Luke Taylor 07b9ded126 SEC-1599: Corrected docbook source. 2010-10-27 13:25:40 +01:00
Luke Taylor 091a6d26f1 SEC-1548: Added extra logging to Dao-authentication classes to clarify reasons for authentication failure (missing user vs wrong password etc.). 2010-10-27 13:25:40 +01:00
Luke Taylor 883ca2a55d Import cleaning. 2010-10-27 13:25:40 +01:00
Luke Taylor 1724d1eac6 SEC-1561: HttpSessionSecurityContextRepository should check whether the session contains the context attribute in case a new session has been created during the request. If the attribute is empty, then the context should be stored regardless of whether a change is detected or not. 2010-10-27 13:25:39 +01:00
Luke Taylor 54694d5ab7 SEC-1583: Added hasAuthority and hasAnyAuthority imlementations to SecurityExpressionRoot. 2010-10-27 13:25:39 +01:00
Luke Taylor f70942c6f5 SEC-1589: Add support for property placeholder in intercept-methods access attribute. 2010-10-27 13:25:39 +01:00
Luke Taylor 173537f4f2 SEC-1584: Added namespace support for injecting custom HttpFirewall instance into FilterChainProxy. 2010-10-27 13:25:39 +01:00
Luke Taylor 0961671772 Reinstated missing 3.0.3 schema file 2010-10-27 13:25:39 +01:00
Luke Taylor a6d47203db FilterInvocation should set queryString on dummy request. 2010-10-27 13:25:39 +01:00