48ea0a6249
SEC-1638: Added paragraph to docs explaining that for complete security, an app should not switch out of HTTPS at all.
2010-12-17 17:34:08 +00:00
7cf9740fd4
SEC-1638: Added an example configuration to the Javadoc for ChannelProcessingFilter and a pointer from the reference manual.
2010-12-17 17:09:20 +00:00
ce421f22bf
SEC-1635: Stop security interceptors from calling AfterInvocationManager if exception occurs during invocation
2010-12-14 16:24:51 +00:00
4a40d80da1
SEC-1418: Deprecate GrantedAuthorityImpl in favour of final SimpleGrantedAuthority.
...
It should be noted that equality checks or lookups with Strings or other authority types will now fail where they would have succeeded before.
2010-12-03 16:41:46 +00:00
89f80659a1
Move docs on request matching to correct file and delete unused one
2010-11-24 00:30:37 +00:00
6b691f6fc0
SEC-1613: Corrected preauth docs.
2010-11-04 14:32:06 +00:00
cf0289bc02
SEC-1598: Removed invalid properties from SessionFixationProtectionStrategy bean declaration in Session Management chapter docbook.
2010-10-27 13:25:40 +01:00
fabadff5f1
SEC-1597: Corrected bean class name for RememberMeAuthenticationProvider in docbook source.
2010-10-27 13:25:40 +01:00
31afb9c76d
Deleted superseded dao-auth-provider.xml chapter.
2010-10-27 13:25:40 +01:00
07b9ded126
SEC-1599: Corrected docbook source.
2010-10-27 13:25:40 +01:00
173537f4f2
SEC-1584: Added namespace support for injecting custom HttpFirewall instance into FilterChainProxy.
2010-10-27 13:25:39 +01:00
f455e9a5a4
SEC-1584: Documentation of request-checking and matching process. Logging of servletPath and and pathInfo in DebugFilter for comparison.
2010-10-27 13:25:39 +01:00
7258abbbf4
SEC-1585: changed spring-beans-3.1.xsd to spring-beans-3.0.xsd
2010-10-10 19:51:37 -05:00
1b2b371970
SEC-1544: Added CookieClearingLogoutHandler and 'delete-cookies' attribute to the 'logout' namespace element.
...
When the user logs out, the handler will attempt to delete the named cookies (which it is constructor-injected with) by expiring them in the response.
Also added documentation on the feature and a suggestion for deleting JSESSIONID through an Apache proxy server, if the servlet container doesn't allow clearing the session cookie.
2010-09-16 16:03:24 +01:00
de819378fc
SEC-1536: added JAAS API Integration, updated doc, updated jaas sample
2010-09-13 13:12:45 -05:00
c5231fc213
SEC-1538: Deprecate PreAuthenticatedGrantedAuthoritiesAuthenticationDetails (forgot originally) and update documentation to remove reference to AbstractPreAuthenticationAuthenticationDetailsSource.
2010-09-13 12:19:21 +01:00
58d9903ebc
SEC-1564: JAAS Configuration can now be injected into DefaultJaasAuthenticationProvider
2010-09-10 20:17:22 -05:00
c1418c7536
Minor change in doc information about samples since these are no longer in maven repo.
2010-08-23 14:58:27 +01:00
35335e84b3
Reset post-release build version.
2010-08-23 00:13:20 +01:00
23c4d1ec28
Set version to 3.1.0.M1.
2010-08-22 23:54:33 +01:00
d04e37c0c4
Minor changes to doc on version numbering. It's not true that minor versions are source/binary compatible.
2010-08-19 23:24:12 +01:00
992566b6cb
SEC-1527: Internationalization of contacts sample (Adding message resource bundle and RequestContextFilter). Re-working of L12n section of manual to mention existing localized message files and use of RequestContextFilter.
2010-08-14 01:07:51 +01:00
4935aa07c7
SEC-1535: Added suggested doc fixes.
2010-08-12 20:41:29 +01:00
bb7165ac6e
SEC-1530: Added information on calling getAllPrincipals() on SessionRegistry for direct use in an application to provide currently logged in users.
2010-08-07 15:43:55 +01:00
e2ba500c3c
SEC-1529: More user-friendly expressions on method annotations in EL chapter.
2010-08-05 18:14:11 +01:00
5de68cb18f
SEC-1499: Additional doc paragraph that escaped the commit.
2010-07-23 23:03:54 +01:00
9dd6a5eb8f
SEC-1499: Added some Javadoc and doc on the problems of using session-fixation protection with attributes that implement HttpSessionBindingListener.
2010-07-23 16:27:57 +01:00
d7d8448120
SEC-1521: Add check for null SecurityContextRepository and clarify related docs on use of null implementation (NullSecurityContextRepository).
2010-07-23 15:59:53 +01:00
c1c8fd1874
SEC-1171: Changed attribute name/value from secured="false" to security="none" to allow future extension by adding extra options (e.g. contextOnly to provide security context information during the request).
2010-07-20 19:46:47 +01:00
080710e023
Minor doc updates on default filters created by namespace.
2010-07-06 13:29:11 +01:00
06368f956a
Minor doc/javadoc updates to clarify use of UserDetailsContextapper.
2010-07-04 15:13:27 +01:00
d6159e884a
Some minor doc fixes.
2010-07-03 13:11:39 +01:00
8ad6cbbe85
SEC-1508: Update docbook processing to use Docbook 5 namespaces.
2010-07-03 13:10:48 +01:00
8615369697
Added information on config jar to instructions on getting started using namespace.
2010-06-30 13:45:13 +01:00
4da4734750
Minor doc link updates and tidying.
2010-06-26 13:20:48 +01:00
ad82e6a575
SEC-1493: Documentation of support for erasing credentials.
2010-06-26 12:27:49 +01:00
1dd4787194
Added note in namespace chapter clarifying that method security only applies to Spring beans, plus aspectj mode info to appendix.
2010-06-10 22:17:58 +01:00
8bddc8f820
SEC-1484: Documentation for some namespace attributes.
2010-06-05 17:35:24 +01:00
0d94e75a93
SEC-1171: Documentation of changes related to use of multiple <http> elements.
2010-06-05 17:12:33 +01:00
ca91b9abc5
Corrected section layout in DB schema appendix of ref manual.
2010-05-23 00:05:29 +01:00
5aab06775e
SEC-1106: Added section on hierarchical roles to manual.
2010-05-18 16:43:55 +01:00
e0d06b2b53
Added documentation on RequestCache functionality.
2010-05-16 15:18:03 +01:00
f0c4cccb0d
SEC-1479: Clarify that matching is against servletPath + pathInfo for ant pattern matching. Added some extra pointers to request-matching info in namespace doc.
2010-05-16 14:14:13 +01:00
705f896209
SEC-1478: Added 'use-expressions' attribute to namespace appendix.
2010-05-11 02:25:45 +01:00
2c44461264
SEC-1473: Remove references to ContactSecurityVoter.
...
Replaced with reference to Oleg's blog article as an example of custom voter use
2010-05-03 14:53:06 +01:00
c95fe8af28
Adjust section in namespace chapter and increase section depth in manual TOC for easier reference.
2010-04-28 20:14:08 +01:00
bca6c1aeac
SEC-1468: Doc and Javadoc updates.
2010-04-26 23:26:07 +01:00
82bbd09b71
SEC-1460: Documentation of changes.
2010-04-24 15:49:47 +01:00
def5f88c8c
SEC-1431: Added openid-selector to openid sample, plus AX configuration for myopenid.com.
2010-04-21 17:16:03 +01:00
3af75afec1
Clarify that multiple authentication-provider elements can be used in combination.
2010-04-20 23:47:48 +01:00
Luke Taylor
Rob Winch
Luke Taylor