02c3565e22
Fix compiling in Eclipse
2014-09-16 10:18:46 -05:00
a932d6ecf3
Removed unnecessary params from anyRequest()'s javadoc
2014-08-20 11:24:15 +02:00
b9df7ba01f
SEC-2179: Allow customize PathMatcher for SimpDestinationMessageMatcher
2014-08-18 11:04:04 -05:00
3f30529039
SEC-2179: Add Spring Security Messaging Support
2014-08-15 20:46:58 -05:00
8a2a1b7a5b
SEC-2595: Polish
2014-07-25 16:27:19 -05:00
b2d66e2a78
SEC-2595: @EnableGlobalMethodSecurity AspectJ fixes
2014-07-25 16:03:18 -05:00
ecb4296540
SEC-2588: Javadoc fix channelSecurity->requiresChannel
2014-07-21 14:23:40 -05:00
75df42cb7c
SEC-2656: Fix <frame-options> with whitelist strategy
2014-06-18 09:10:28 -05:00
c3d05bea62
SEC-2657: Test for multi dynamic ports for LDAP Java Config
2014-06-17 17:25:08 -05:00
a3fd706335
SEC-2660: Move config integration-test *.groovy to groovy source folder
2014-06-17 17:22:42 -05:00
b255478b14
SEC-2658: Java Config triggers usePasswordAttrCompare to be set
2014-06-17 17:10:16 -05:00
a2b53fabce
SEC-2657: LdapAuthenticationProviderConfigurer find available port
2014-06-17 16:54:42 -05:00
63d1b531a1
SEC-2618: LdapAuthenticationProviderConfigurer passwordAttribute null check
...
If LdapAuthenticationProviderConfigurer passwordAttribute is null, do not
set on the PasswordComparisonAuthenticator
2014-06-17 16:51:01 -05:00
e6e35932ed
SEC-2603: Fix config groovy integration tests
2014-05-20 23:15:39 -05:00
cbd06a4994
SEC-2472: Support LDAP crypto PasswordEncoder
2014-05-20 23:15:36 -05:00
d95640d3e5
SEC-2600: Remove unused import
2014-05-19 12:29:04 -05:00
f73b579ad9
SEC-2543: Logout with CSRF enabled requires POST by default
2014-05-02 11:24:02 -05:00
1d7402e0cd
SEC-2532: Add disclaimer about jdbcAuthentication() with persistent data stores
2014-04-28 15:06:52 -05:00
37bb350883
SEC-2549: Remove LazyBean marker interface
2014-04-24 14:34:35 -05:00
c411014c24
SEC-2533: Global AuthenticationManagerBuilder disables clearing child credentials
2014-03-25 13:05:44 -05:00
cb0549a609
SEC-2498: RequestCache allows POST when CSRF is disabled
2014-03-25 10:50:59 -05:00
d079044592
SEC-2531: AuthenticationConfiguration#lazyBean should use BeanClassLoader
2014-03-24 14:58:19 -05:00
e4a58375cc
SEC-2515: Detect object cycle for AuthenticationManager configuration
2014-03-10 14:33:35 -05:00
4cdeacc277
SEC-2499: Allow MethodSecurityExpressionHandler in parent context
...
Previously a NoSuchBeanDefintionException was thrown when the
MethodSecurityExpressionHandler was defined in the parent context. This
happened due to trying to work around ordering issues related to SEC-2136
This commit resolves this by not marking the
MethodSecurityExpressionHandler bean as lazy unless it exists.
2014-03-06 21:14:35 -06:00
04a527d4ec
SEC-2495: CSRF disables logout on GET
2014-02-20 09:40:00 -06:00
85305050c0
SEC-2455: Fix XML default login generation
2014-02-18 13:52:05 -06:00
8a3a7961cb
SEC-2492: ExpressionUrlAuthorizationConfigurer private interceptUrl to void
2014-02-15 14:41:26 -06:00
bf2df220ca
SEC-2490: LdapAuthenticationProviderConfigurer allows custom LdapAuthoritiesPopulator
2014-02-13 16:37:33 -06:00
7a3da28987
SEC-2479: Search parent context for AuthenticationManager
2014-02-12 08:11:26 -06:00
6c35c33abe
SEC-2447: Fix AuthenticationManagerBuilder ordering issues
2014-02-09 21:17:51 -06:00
c42e13c966
loginProcessing test
2014-02-07 17:01:11 -06:00
6b42a2eae1
SEC-2461: Multi WebSecurityConfiguration does not create null springSecurityFilterChain
2014-02-07 17:01:11 -06:00
8d8475deb1
SEC-2455: form-login@login-processing-url & logout@logout-url use matchers
...
Remove the deprecation warnings of using setFilterProcessingUrl by invoking
the matcher methods instead.
2014-01-29 15:35:18 -06:00
1f833b0d6b
Add ExpressionUrlAuthorizationCOnfigurer tests
...
- Demo custom expression root
- Demo @Bean in expression example
2014-01-23 11:21:21 -06:00
994117ad75
SEC-2436: Fix CsrfConfigurerNoWebMvcTests
2013-12-14 14:48:47 -06:00
b7041ed00e
SEC-2436: Add @EnableWebMvcSecurity
2013-12-14 14:40:01 -06:00
053c890a69
SEC-2450: WebSecurityConfigurerAdapter have default Order of 100
2013-12-14 13:00:48 -06:00
2df5541905
SEC-2448: Update to HSQL 2.3.1
2013-12-14 10:19:06 -06:00
04fac30d75
SEC-2449: <ldap-server> default port should fallback to dynamic value
2013-12-14 10:19:06 -06:00
aaa7cec32e
SEC-2326: CsrfRequestDataValueProcessor implements RequestDataValueProcessor
...
Previously there was unecessary complexity in CsrfRequestDataValueProcessor
due to the non-passive changes in RequestDataValueProcessor. Now it simply
implements the interface with the methods for both versions of the interface.
This works since linking happens at runtime.
2013-12-12 08:07:22 -06:00
7f714ebb23
SEC-2422: Session timeout detection with CSRF protection
2013-12-11 17:38:17 -06:00
00d668dc5c
SEC-2431: UrlAuthorizationConfigurer missing <HttpSecurity> in doc
2013-12-11 11:07:05 -06:00
8e8bdad8e6
SEC-2386: Remove stack for AuthenticationManagerBuilder with no authenticationProviders
2013-12-04 15:53:32 -06:00
f2fdc9d1f5
SEC-2425: Add Test for EnableGlobalMethodSecurity works on parent config
2013-12-04 14:54:56 -06:00
595b16d836
SEC-2377: Fix tests
2013-12-03 11:48:25 -06:00
2a632a061e
SEC-2377: Hhandle EnableWebSecurity in both child & parent ApplicationContext
2013-12-03 10:45:25 -06:00
0b996c669f
SEC-2424: Document ObjectPostProcessor
2013-12-02 10:17:08 -06:00
13c5af5b91
SEC-2407: Better error message for missing securityFilterChainBuilders
2013-11-26 10:12:55 -06:00
c7b93e6cee
SEC-2404: Fix CSRF config tests
2013-11-21 15:35:26 -06:00
9dbe30c81d
SEC-2165: remember-me@token-validity-seconds can be parameterized
2013-11-15 14:58:53 -06:00
afddb5eb39
SEC-2373: Update XSD doc to state security="none"
2013-11-15 13:50:49 -06:00
6382b6341a
SEC-2355: Add test to validate intercept-url PATCH works
2013-11-15 11:57:47 -06:00
85cd5627b6
SEC-2355: Add PATCH to intercept-url xsd
2013-11-15 11:46:34 -06:00
dc317b3602
WebSecurityConfigurerAdapter implements WebSecurityConfigurer
2013-11-01 12:26:32 -05:00
cda23443ac
XsdDocumentedTests now uses asciidoc instead of asciidoctor
2013-11-01 09:32:05 -05:00
26be54653b
SEC-2382: AutowireBeanFactoryObjectPostProcessor works w/ BeanNameAutoProxyCreator
2013-10-30 11:20:42 -05:00
9e7fbf8067
SEC-2321: Refine to use X-Requested-With: XMLHttpRequest
2013-10-28 14:00:56 -05:00
5f290ba10f
SEC-2371: Remove ObjectPostProcessor.QUIESENT_POSTPROCESSOR
2013-10-18 14:31:13 -05:00
604c26eb0d
Shis simplifies the class hieararchy significantly.EC-2366: Extract AbstractRequestMatcherRegistry from AbstractRequestMatcherConfigurer
...
This simplifies the class hierarchy significantly.
2013-10-17 13:37:51 -05:00
348e3a22b6
SEC-2365: registerAuthentication->configure
2013-10-16 13:59:56 -05:00
0978c12c47
SEC-2361: Java Config Sampels use @Autowired AuthenticationManagerBuilder
2013-10-15 12:35:32 -05:00
0b0e7dbea9
SEC-2359: Merge DefaultLoginPageViewFilter w/ DefaultLoginPageGeneratingFilter
2013-10-14 15:00:24 -05:00
51171efa7a
SEC-2357: Move *RequestMatcher to .matcher package
2013-10-14 11:55:56 -05:00
14b9050616
SEC-2357: Move *RequestMatchers to .matchers package
2013-10-14 10:36:31 -05:00
f2b44e6beb
Fix javadoc whitespace issue in HttpBasicConfigurer
2013-10-11 14:53:11 -05:00
4ef0460ef6
SEC-2321: Improve Java Config defaults for JavaScript clients
2013-10-11 14:53:11 -05:00
5f10d84bf5
SEC-2303: WebSecurity sets the Bean resolver
2013-10-06 13:37:51 -05:00
dd1c2483b5
SEC-2349: Fix documentation tests
2013-10-03 17:03:17 -05:00
8087cde628
SEC-2331: Include Expires: 0 in xsd and appendix
2013-09-27 17:10:42 -05:00
17efd25717
SEC-2331: Include Expires: 0 in security headers documentation
2013-09-27 16:13:40 -05:00
614c94187e
SEC-2305: GlobalMethodSecurityConfiguration autowire PermissionEvaluator
...
If a single PermissionEvaluator bean is found the
DefaultMethodSecurityExpressionHandler is configured with the
PermissionEvaluator. If multiple PermissionEvaluator beans are found, the
beans are ignored.
2013-09-27 15:46:45 -05:00
a09756745f
SEC-2151: Support binding method arguments with Annotations
...
This allow utilizing method arguments for method access control on
interfaces prior to JDK 8.
2013-09-27 11:18:37 -05:00
cea0cf9260
SEC-2243: Remove additional Debug Filter
2013-09-26 11:38:16 -05:00
56ce7d284c
SEC-2336: WebSecurityConfigurerAdapter#registerAuthentication javadoc fixes
2013-09-26 09:08:25 -05:00
a888ddf8b3
SEC-2307: JavaConfig RequestCache ignores favicon.ico
2013-09-24 11:30:37 -05:00
ddc0ef7ab3
SEC-2339: Added Logical (Or, And, Negated) RequestMatchers
2013-09-23 20:55:49 -05:00
28fb6ba14b
SEC-2328: Add hasAnyRole to ExpressionUrlAuthorizationConfiguration
2013-09-23 10:51:08 -05:00
b16c17f70b
SEC-2301: Remove invalid import
2013-09-20 16:09:23 -05:00
a3d112979f
SEC-2301: GlobalMethodSecurityConfiguration sets DefaultWebSecurityExpressionHandler BeanResolver
2013-09-20 15:53:58 -05:00
f294480e6b
SEC-2329: JC @Autowire(required=false) AuthenticationTrustResolver
...
Java Configuration now allows optional @Autowire of
AuthenticationTrustResolver. In the WebSecurityConfigurerAdapter this is
done by populating AuthenticationTrustResolver as a sharedObject.
2013-09-20 15:28:50 -05:00
7537dfc33a
SEC-2304: rm duplicate MethodExpressionHandler from GlobalMethodSecurityConfiguration
2013-09-20 15:13:02 -05:00
5082a04626
SEC-2311: LogoutConfigurer allows other HTTP methods if CSRF is disabled
2013-09-19 16:05:26 -05:00
8f8c6169e8
SEC-2331: Cache Control now includes Expires: 0
2013-09-19 14:06:37 -05:00
c5c1419521
SEC-2332: GlobalMethodSecurityConfiguration includes proper voters
...
Previously GlobalMethodSecurityConfiguration did not include the correct
voters. This updates the code and the tests to ensure that the proper
voters are added. Note this got past testing previously due to all the
voters abstaining, so tests were added for ensuring that methods could also
be invoked sucessfully using the configured annotation.
2013-09-18 18:27:12 -05:00
0114b457c0
SEC-2330: CacheControlHeadersWriter use a single header
2013-09-18 16:12:34 -05:00
be8aad8306
SEC-2196: Demonstrate Method Security works on Generic methods
2013-09-13 16:20:43 -07:00
662bb24370
SEC-1937: Added test to demonstrate SEC-1937 was invalid
2013-09-11 15:10:42 -07:00
3c82e63ded
Formatting cleanup
2013-09-11 15:10:20 -07:00
6e9fb7930b
SEC-2298: Add AuthenticationPrincipalArgumentResolver
2013-08-30 17:06:40 -05:00
ae368829f4
Tweak PermGen for tests
2013-08-28 13:30:25 -05:00
d89cf6db29
SEC-2283: Update headers documentation and tests
2013-08-28 12:35:40 -05:00
4761614c9f
SEC-2291: Fix internal links within reference
...
Instead of using xlink:href="# use linkend="
2013-08-28 09:12:27 -05:00
26166ef6e8
SEC-2272: CsrfRequestDataValueProcessor support Spring 4 and Spring 3
2013-08-27 16:26:16 -05:00
18bd82e7d4
SEC-2131: Update doc to state session authentication sends 401 if no page
2013-08-25 11:37:23 -05:00
f29505d657
SEC-2280: Fix SessionFixationConfigurer#changeSessionId Javadoc
...
The Javadoc for SessionFixationConfigurer#changeSessionId() was copied and pasted from
SessionFixationConfigurer#none() and never updated. It is incorrect. This commit fixes that.
2013-08-24 23:31:05 -05:00
48283ec004
SEC-2276: Delay saving CsrfToken until token is accessed
...
This also removed the CsrfToken from the response headers to prevent the
token from being saved. If user's wish to return the CsrfToken in the
response headers, they should use the CsrfToken found on the request.
2013-08-24 23:31:01 -05:00
c131fb6379
SEC-2139: named-security-filter are all defined and ordered correctly
2013-08-24 15:18:22 -05:00
379cbd2a8b
SEC-2274: Add ApplicationContext as HttpSecurity shared object
2013-08-21 16:50:09 -05:00
0247dd124f
SEC-2271: LogoutConfigurer#logoutUrl explains about CSRF
2013-08-21 06:58:09 -05:00
110e769bd4
SEC-2257: Remove HttpSecurityBuilder#getAuthenticationManager()
...
Removed in favor of using shared object.
2013-08-19 15:22:04 -05:00
5fe32bb3c8
SEC-2216: Add withObjectPostProcessor
2013-08-16 15:38:58 -05:00
d62c2e0835
SEC-2244: Defaults based on loginPage are now updated when loginPage changes
2013-08-16 14:48:45 -05:00
e0cad0d684
SEC-2230: Fix Header tests
2013-08-15 16:52:58 -05:00
2e852f4613
SEC-2230: Remove stray import
2013-08-15 16:34:31 -05:00
a469f26b10
SEC-2230: Polish Headers JavaConfig
2013-08-15 16:31:43 -05:00
e9bb9e766e
SEC-1574: Add CSRF Support
2013-08-15 14:49:21 -05:00
797df51264
SEC-2135: Support HttpServletRequest#changeSessionId()
2013-08-15 13:59:16 -05:00
13da42ca1b
SEC-2137: Allow disabling session fixation and enable concurrency control
2013-08-15 12:50:40 -05:00
b13b87a1e7
Remove @Override from methods that override interfaces
...
Ensure JDK5 compatibility
2013-08-05 16:49:33 -05:00
2266f0ca3f
SEC-2238: Polish
2013-08-01 11:57:32 -05:00
2fef79f3d2
SEC-2238: WebAsyncManagerIntegrationFilter Java Config
2013-08-01 11:40:34 -05:00
94a73fee37
SEC-2230: Polish scoping and finals
2013-07-31 11:34:35 -05:00
a1bf28a697
SEC-2239: Remove duplicate SessionCreationPolicy
2013-07-31 10:44:22 -05:00
606bddf598
SEC-2230: Add Header JavaConfig
...
Added JavaConfig for Headers. In the process, more HeaderWriter instances
were added so that we can reuse logic between the XML and JavaConfig. This
also prompted repackaging the writers.
2013-07-31 10:39:52 -05:00
bc8ff9590c
SEC-2230: Defaults when using only <headers/>
...
Previously an error occurred when no child elements were specified with
<headers/>.
Now all the explicitly supported header elements are added with their
default settings.
2013-07-31 10:39:52 -05:00
c85328c5d1
SEC-2230: HTTP Strict Transport Security (HSTS)Add support for Strict
...
This is a distinct filter as apposed to reusing StaticHeaderWriter
since the specification specifies that the "Strict-Transport-Security"
header should only be set on secure requests. It would not make sense to
require DelegatingRequestMatcherHeaderWriter since this requirement is
in the specification.
2013-07-31 10:39:52 -05:00
8013cd54d6
SEC-2230: Added Cache Control support
2013-07-31 10:39:45 -05:00
7b164bb5e1
SEC-2230: Polish pull request
2013-07-26 14:19:53 -05:00
8acd205486
SEC-2232: HeaderFactory to HeaderWriter
2013-07-26 09:01:12 -05:00
fd754c5cab
SEC-2098, SEC-2099: Fix build
...
- hf.doFilter is missing FilterChain argument
- response.headers does not contain the exact values for the headers so
should not be used for comparison (note it is a private member so this
is acceptable)
- hf does not need non-null check when hf.doFilter is invoked
- some of the configurations are no longer valid (i.e. ALLOW-FROM
requires strategy)
- Some error messages needed updated (some could still use improvement)
- No validation for missing header name or value
- rebased off master / merged
- nsa=frame-options-strategy id should use - not =
- FramewOptionsHeaderFactory did not produce "ALLOW-FROM " prefix of origin
- remove @Override on interface overrides to work with JDK5
2013-07-25 16:23:25 -05:00
d0b40cd2ae
- Created HeaderFactory abstraction
...
- Implemented different ALLOW-FROM strategies as specified in the proposal.
Conflicts:
config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy
2013-07-25 16:22:43 -05:00
a63baa8391
SEC-2098, SEC-2099: Polishing
2013-07-25 16:22:43 -05:00
0adf5aea91
SEC-2098, SEC-2099: Created HeadersFilter
...
Created HeadersFilter for setting security headers added including a
bean definition parser for easy configuration of the headers. Enables
easy configuration for the X-Frame-Options, X-XSS-Protection and
X-Content-Type-Options headers. Also allows for additional headers to
be added.
2013-07-25 16:22:43 -05:00
f5a30e55a3
SEC-2042: AbstractAuthenticationProcessingFilter supports RequestMatcher
2013-07-23 13:06:51 -05:00
f34b459c80
SEC-2205: Create UserDetailsServiceDelegator
...
Ensure that the UserDetailsService is created lazily.
2013-07-22 16:38:09 -05:00
a39ff1b041
SEC-2202: http.authorizeUrls() to http.authorizeRequests()
...
This change is more meaningful since the requests can be matched on
anything not just the URL
2013-07-22 11:54:10 -05:00
e1d8db4e95
SEC-2197: Allow multiple invocations on HttpSecurity
...
Previously invoking methods like HttpSecurity#authorizeUrls() multiple
times would override one another. This has now changed to be more
intuitive. Initially this was required for the way that defaults were
provided so that they could be overriden, but this is no longer the case.
2013-07-21 22:56:23 -05:00
cf0fdc2d66
SEC-2222: Use auth parameter name instead of registry
2013-07-20 07:49:07 -05:00
90bd241ce2
SEC-2199: Support multiple AuthenticationEntryPoint defaults
2013-07-19 17:09:58 -05:00
87c9a14bff
SEC-2198: http.httpBasic() defaults AuthenticationEntryPoint
2013-07-19 17:09:58 -05:00
0f281f9575
SEC-2215: ServletApiConfigurer populates properties on SecurityContextHolderAwareRequestFilter
...
Previously ServletApiConfigurer left the following properties null:
authenticationManager, logoutHandlers, and authenticationEntryPoint
2013-07-16 22:43:53 -05:00
fb45db11e9
SEC-2191: Remove AuthenticationManagerBuilder default constructor
...
This ensures that users must choose what ObjectPostProcessor is being used
with AuthenticationManagerBuilder. To make things easier for users, we now
automatically add an AuthenticationManagerBuilder object that can be used
for creating an AuthenticationManager with @Autowired.
2013-07-05 12:10:03 -05:00
cf80cc88b5
SEC-2192: Create DEFAULT_FILTER_NAME
2013-07-05 09:41:53 -05:00
70b3a330ef
#137 WebSecurityConfigurerAdapter no longer uses getClass() for logger
...
Previously it was difficult to change log levels due to CGLIB proxying of
the class which impacted the logger name.
2013-07-01 10:07:38 -05:00
17bef05c3c
#138 WebInvocationPrivilegeEvaluator has default value
2013-07-01 08:46:57 -05:00
d8ed429370
#138 Tests for WebSecurityExpressionHandler bean existing
2013-07-01 08:37:12 -05:00
4d282cbe0d
SEC-1953: Polish
2013-06-30 21:51:25 -05:00
d0c4e6ca72
SEC-1953: Spring Security Java Config support
...
This is the initial migration of Spring Security Java Config from the
external project at
https://github.com/SpringSource/spring-security-javaconfig
2013-06-30 17:28:33 -05:00
fba4fec84b
SEC-2175: Correct XSD docs on auto-config.
2013-06-09 14:51:58 +01:00
ebba8ac514
SEC-2122: Update namespace to support bcrypt.
...
password-encoder now supports hash='bcrypt'.
2013-05-17 19:17:18 +01:00
f594ed76db
SEC-2087: GlobalMethodSecurityBeanDefinitionParser uses AuthenticationManager to create AuthenticationManagerDelegator
2013-04-25 08:56:46 -05:00
66357a2077
SEC-2143: Update XSD version mismatch error message
2013-03-06 10:57:41 -06:00
5eb5c91d86
SEC-2119: Rename rememberme-parameter to remember-me-parameter
...
This change extends pull request https://github.com/SpringSource/spring-security/pull/26
and its subsequent changes by renaming the attribute name 'rememberme-parameter' to
'remember-me-parameter'.
The spelling including the additional hyphen in 'remember-me-parameter' is more consistent
with the default spelling of the 'remember-me' functionality.
2013-03-05 14:47:25 -06:00
b014020955
SEC-2119: Polish remember-me@rememberme-parameter
...
- Change form-parameter to rememerme-parameter
- Use rnc file for generating the xsd
- Add test for deafult value of rememberme parameter
2013-03-01 17:03:09 -06:00
9eb34fe51c
SEC-2119: Add a 'form-parameter' attribute to <remember-me>
...
This change extends the namespace configuration of <remember-me>
with a 'form-parameter' attribute. The introduced attribute sets
the 'parameter' property of AbstractRememberMeServices.
This enables overriding the default value of
'_spring_security_remember_me' using the namespace configuration.
2013-03-01 17:03:02 -06:00
e8661913d1
SEC-2119: Update to 3.2 schema and use default schema version when available
2013-03-01 16:29:27 -06:00
f8ed3791f9
SEC-2142: Schema documentation states anonymous and remember-me ke defaults to SecureRandom
2013-03-01 12:23:36 -06:00
2a86c72436
Update XsdDocumentedTests to make easier to understand problems
2013-02-28 17:08:51 -06:00
914ec45e43
SEC-2136: Lazy load MethodSecurityExpressionHandler & MethodSecurityExpressionHandler.expressionParser
...
Previously wiring dependencies created with a FactoryBean into
MethodSecurityExpressionHandler &
MethodSecurityExpressionHandler.expressionParser and would cause
NoSuchBeanDefinitionException's to occur. These changes make it easier
(but not impossible) to avoid such errors.
The following changes were made:
- ExpressionBasedAnnotationAttributeFactory delays the invocation of
MethodSecurityExpressionHandler.getExpressionParser()
- MethodSecurityExpressionHandler is automatically wrapped in a
LazyInitTargetSource and marked as lazyInit=true
2013-02-28 10:26:12 -06:00
89c63fd752
Add spring-security-3.2.rnc
2013-01-03 18:32:33 -06:00
Rob Winch
Nándor István Krácser
Mirko Zeibig
Andy Wilkinson
Rob Winch
Collin Peters
Nick Williams
Marten Deinum
Keesun Baik
Luke Taylor
Oliver Becker
Mike Noordermeer