Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-04 20:39:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,813 Commits 36 Branches 337 Tags
Commit Graph

4813 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
42b72bcbc4 SEC-1980: Prevent parser warning when URL's in configuration start with # 
Previously a warning would be logged to the parser when a URL was
configured with a SpEL expression. These changes prevent warnings from
being logged when using SpEL for URL configuration.
 2012-07-10 14:24:42 -05:00
Rob Winch
b28e3a0b2f SEC-1976: include *.aj files in sourceJar 2012-07-09 18:37:05 -05:00
Rob Winch
262ee099df SEC-1994: explicit sourceCompatibility and targetCompatibility of 1.5 in Gradle build 2012-07-08 15:55:48 -05:00
Rob Winch
3e4da4f60f Updated to next snapshot version 2012-07-06 11:28:21 -05:00
Rob Winch
f46a5bab40 Set to 3.1.1 Release 3.1.1.RELEASE 2012-07-06 10:32:55 -05:00
Rob Winch
638e92a3f7 SEC-1992: Updated Spring version to 3.0.7 2012-07-06 10:32:45 -05:00
Rob Winch
d14150c2e1 SEC-1906: Fix EmmaPlugin for Gradle 1.0 2012-07-05 22:57:16 -05:00
Rob Winch
a6bded86c2 SEC-1990: Polishing code cleanup on BCrypt 
- Formatting
 - Renamed test to be BCryptTests to better align with Spring Security's naming conventions
 2012-07-05 14:12:14 -05:00
Joseph Walton
14a5135ac3 SEC-1990: Clean up jBCrypt and include its tests. 
Merge in changes from jBCrypt.
- Use a ByteArrayOutputStream to cache bytes.
- Pass a StringBuilder into encode_base64.
- Refactor string comparison into its own method.
- General clean up.
 2012-07-05 14:04:39 -05:00
Rob Winch
fde9142d8d SEC-1907: Exclude crypto dependency in core module since classes are bundled in core 2012-07-05 13:56:47 -05:00
Rob Winch
f2345fcb21 SEC-1981: Remove dependency on Locale for the build 2012-07-05 13:30:41 -05:00
Rob Winch
a2452ab514 SEC-1906: Update to Gradle 1.0 2012-07-05 12:41:56 -05:00
Rob Winch
2fba10ab61 Use powermock for testing servlet 3.0 functionality instead of distinct classpaths 2012-07-01 12:37:01 -05:00
Rob Winch
18230259b8 SEC-1985: Removed WebSecurityExpessionHandler from reference 2012-06-28 11:35:07 -05:00
Rob Winch
f6902471fb SEC-1965: DefaultWebSecurityExpressionHandler is now passive from 3.0.x releases 
There were two issues that needed resolved

 - Since DefaultWebSecurityExpressionHandler no longer implemented WebSecurityExpressionHandler a bean lookup by
   type would not work. This caused failures in the JSF support.

 - The method createEvaluationContext needed to be explicitly defined on WebSecurityExpressionHandler since the
   parameterized type from the super interface is not preserved at compile time. Without explicitly defining the
   method any class compiled against a previous version would cause a NoSuchMethodException.
 2012-06-28 10:54:01 -05:00
Rob Winch
b6ec700640 SEC-1968: AbstractPreAuthenticatedProcessingFilter clears SecurityContext on null principal change with invalidateSessionOnPrincipalChange = true 2012-06-27 15:49:18 -05:00
Rob Winch
e1068b84ea .gitignore src/*/java/META-INF/ 2012-06-26 16:36:41 -05:00
Rob Winch
de3dfb5b3f SEC-1875: ConcurrentSessionControlStrategy no longer adds/removes the session to the SessionRegistry twice 
This fixes two issues introduced by SEC-1229

 * SessionRegistry.registerNewSession is invoked twice

 * SessionRegistry.removeSession is invoked twice (once by the
ConcurrentSessionControlStrategy#onSessionChange and once by
SessionRegistryImpl#onApplicationEvent). This is not nearly
as problematic since the interface states that implementations
should be handle removing the session twice. However, as removing
twice requires an unnecessary database hit we should only remove
sessions once.
 2012-06-26 16:36:41 -05:00
Rob Winch
954ba57cf2 SEC-1970: Cleanup of pre authentication documentation 
* Removed custom-authentication-provider from documentation
* Rephrased to make the pre authentication documentation a little more concise
* Removed nested () within text (not code)
* Removed user which should have been use
 2012-06-15 14:44:16 -05:00
Rob Winch
8b05d23832 SEC-1971: Allow injection of ExpressionParser in AbstractSecurityExpressionHandler 2012-06-15 08:21:52 -05:00
Rob Winch
6584b65489 SEC-1898: Added test to demonstrate JdbcAclService#readAclById throws NotFoundException when the Acl is missing 2012-06-11 16:29:50 -05:00
Rob Winch
520b65e2e3 SEC-1865: Remove invalid OWASP link in TextEscapeUtils 2012-06-11 14:49:28 -05:00
Rob Winch
a8b30ed6d9 .gitignore */src/*/java/META-INF 2012-06-11 14:48:24 -05:00
Rob Winch
254333ce82 SEC-1957: DefaultFilterChainValidator no longer casts to DefaultFilterInvocationSecurityMetadataSource 2012-04-29 15:59:24 -05:00
Rob Winch
b626a63b85 Suppress warnings in AbstractAuthorizeTag and AuthorizeTagCustomGrantedAuthorityTests 2012-04-22 21:54:44 -05:00
Christian Hilmersson
d57f1d56d5 SEC-1900: AbstractAuthorizeTag now compares using getAuthority() 
This avoids backwards compatibility issues with other GrantedAuthority
implementations.
 2012-04-22 21:54:43 -05:00
Rob Winch
c446697de3 Cleaned up warnings in FilterChainProxyTests 2012-04-11 17:23:07 -05:00
Rob Winch
bb8f3bae7c SEC-1950: Defensively invoke SecurityContextHolder.clearContext() in FilterChainProxy 2012-04-11 17:22:19 -05:00
Rob Winch
ca741ab18f SEC-1943: Corrected namespace doc to state SecurityContextHolderAwareRequestFilter instead of SecurityContextHolderAwareFilter 2012-03-20 19:18:26 -05:00
Rob Winch
488efbc97e SEC-1901: Changed DebugFilter to no longer extend OncePerRequesetFilter so that the FilterChainProxy is invoked on forwards 2012-03-17 11:16:21 -05:00
Rob Winch
a4322d70ba Merge pull request #5 from tburch/setUseSecureCookie-typo 
fix typo in AbstractRememberMeServices.setUseSecureCookie method documentation
 2012-03-13 17:02:43 -07:00
Rob Winch
f78c11650f SEC-1893: Namespace now register PortMapper with custom mappings for all components that use a PortMapper 2012-03-11 20:52:17 -05:00
Rob Winch
84141c4c76 SEC-1927: Corrected debug log in SessionManagementFilter to have a space between ID and the session and added guard to log statement 2012-03-11 18:35:38 -05:00
Tristan Burch
e7f47964ee fix typo in setUseSecureCookie method documentation 2012-03-09 17:01:17 -07:00
ltaylor
6bde4caa77 Merge pull request #4 from Abdull/master 
Correct role names in tutorial jsps
 2012-02-28 14:15:53 -08:00
Abdull
dec44811fc Gave correct role name 2012-02-28 14:41:14 +01:00
Abdull
0e413cedcb Gave correct role name 2012-02-28 14:39:30 +01:00
Luke Taylor
3760d792ea SEC-1890: Add checks for validity of stored bcrypt hash 
When checking for a match, the BCryptPasswordEncoder validates
the stored hash against a pattern to check that it actually is
a bcrypt value.
 2012-02-22 14:36:13 +00:00
Luke Taylor
5d71d2a4fa SEC-1887: Add MethodSecurityOperations interface. 
This should cater for implementations which want to use
the full filtering capabilities while creating a custom
expression root object.

Also cleaning whitespace.
 2012-02-01 15:49:56 +00:00
Luke Taylor
2434564d6c SEC-1904: Fixed LDAP object class name in docs. 2012-02-01 14:37:32 +00:00
Luke Taylor
538e75ce1b SEC-1903: Use a static CRLF Pattern in FirewalledResponse 
The Pattern was being recompiled for every request
when a single instance could be shared for performance
reasons.
 2012-02-01 13:21:16 +00:00
Andrei Stefan
0f9ee81df1 SEC-1887: Improve extensibility of expression-based security classes 
Introduces a new SecurityExpressionOperations interface which is
implemented by SecurityExpressionRoot
 2012-01-31 19:06:43 +00:00
Luke Taylor
b493afa18c SEC-1888: Improving the doc on (not) using multiple annotation types in the same class. 2012-01-31 19:05:43 +00:00
Luke Taylor
f97463cdb5 Minor comment fixes 2012-01-16 14:49:59 +00:00
Rob Winch
2d556c7b4f SEC-1885: Change SecurityDebugBeanFactoryPostProcessor to only interact with BeanDefinitions rather than instances to prevent premature instatiation of FilterChainProxy and its dependencies 
This issue occurred because the AutowiredAnnotationBeanPostProcessor had not been registered when the SecurityDebugBeanFactoryPostProcessor tried to obtain the FilterChainProxy. This caused
all of the FilterChainProxy's dependant beans to be resolved and if they used @Autowired they would not get processed properly.
 2012-01-07 13:52:50 -06:00
Rob Winch
22225effcc Call SecurityContextHolder.clearContext() in tear down of HttpSessionSecurityContextRepositoryTests 2011-12-30 16:05:35 -06:00
Rob Winch
5d94cd5e13 SEC-1735: Do not remove SecurityContext from HttpSession when anonymous Authentication is saved if original SecurityContext was anonymous 2011-12-30 16:04:02 -06:00
Rob Winch
1f835fec43 SEC-1867: Perform null check on Authentication.getCredentials() prior to calling toString() 2011-12-30 14:00:13 -06:00
Rob Winch
448a42916d SEC-1880: Corrected error message when using both logout-success-url and success-handler-ref 2011-12-30 11:31:24 -06:00
Rob Winch
ea56a98883 SEC-1868: Remove error level logs from SecurityNamespaceHandler when the web classes are not available and not required 
To get the detailed errors the FilterChainProxy is loaded again in reportMissingWebClasses
and included in the readerContext fatal log.
 2011-12-30 10:51:17 -06:00