Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 09:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,882 Commits 38 Branches 345 Tags
Commit Graph

426 Commits

Author SHA1 Message Date
Rob Winch
22225effcc Call SecurityContextHolder.clearContext() in tear down of HttpSessionSecurityContextRepositoryTests 2011-12-30 16:05:35 -06:00
Rob Winch
5d94cd5e13 SEC-1735: Do not remove SecurityContext from HttpSession when anonymous Authentication is saved if original SecurityContext was anonymous 2011-12-30 16:04:02 -06:00
Rob Winch
6fe6e18939 SEC-1870: Updated HttpSessionDestroyedEvent to properly look for SecurityContexts as session attribute values instead of session attribute names 2011-12-29 15:44:49 -06:00
Rob Winch
8ca2927761 Renamed **/Test.java to **/Tests.java to better follow conventions 2011-12-28 17:39:29 -06:00
Luke Taylor
0bccbbfc18 SEC-1779: Make new getters protected rather than public. 2011-11-01 00:20:34 +00:00
Luke Taylor
f456db267f SEC-1779: Added getters for success and failure handlers to AbstractAuthenticationProcessingFilter. 2011-11-01 00:06:23 +00:00
Luke Taylor
09ac4bd8f9 SEC-1833: Remove unused securityContextClass from HttpSessionSecurityContextRepository. 2011-10-31 23:44:43 +00:00
Luke Taylor
44e2543015 Minor changes to make filter chain validation more robust with custom request matchers. 2011-10-24 21:21:10 +01:00
Luke Taylor
f1e63f3008 SEC-1802: Add digits to valid URL scheme regex. 2011-10-21 17:25:50 +01:00
Luke Taylor
869c6a7c18 SEC-1800: Set input size to 30 for OpenID login. 2011-09-25 21:13:37 +01:00
Luke Taylor
824464516c SEC-1790: Reject redirect locations containing CR or LF. 2011-08-12 19:44:26 +01:00
Luke Taylor
6333909107 SEC-1797: Create a new session in AbstractPreAuthenticatedProcessingFilter when the existing session is invalidated on detecting a principal change. 2011-08-12 19:07:17 +01:00
Luke Taylor
0c2a950fa0 SEC-1788: Avoid unnecessary call to getPreAuthenticatedPrincipal() in AbstractPreAuthenticatedProcessingFilter when not checking for principal changes is not enabled. 2011-08-10 17:07:09 +01:00
Luke Taylor
8740efc0f5 Added constructor injection options to ConcurrentSessionFilter 2011-07-18 15:09:31 +01:00
Luke Taylor
a1c714cff4 SEC-1754: Added an InvalidSessionStrategy to allow SessionManagementFilter to delegate out the behaviour when an invalid session identifier is submitted. 2011-07-14 16:43:02 +01:00
Luke Taylor
8440743108 Remove Sql query objects from JdbcTokenRepositoryImpl in favour of direct JdbcTemplate use. 2011-07-13 23:28:41 +01:00
Luke Taylor
700fa9e0b6 SEC-1772: remote URL decoding of targetUrlParameter in AbstractAuthenticationTargetUrlRequestHandler. 2011-07-13 22:13:52 +01:00
Luke Taylor
de97bac85b SEC-1763: Prevent nested switches in SwitchUserFilter by calling attemptExitUser() before doing the switch. 2011-07-13 21:59:11 +01:00
Luke Taylor
a504cfae1a SEC-1770: Call refreshLastRequest on the session registry rather than the SessionInformation object to make sure it works with alternative SessionRegistry implementations. 2011-07-13 20:56:47 +01:00
Rob Winch
330f82f562 SEC-1777: Corrected log in HttpSessionSecurityContextRepository to reference itself instead of HttpSessionContextIntegrationFilter 2011-07-09 19:24:12 -05:00
Rob Winch
825f0061fb SEC-1761: Support HttpOnly Flag for Cookies when using Servlet 3.0 2011-07-09 19:23:51 -05:00
Luke Taylor
56e86dd36f Adding assertions on constructor arg values. 2011-07-06 20:50:25 +01:00
Luke Taylor
f92589f051 Extract a SecurityFilterChain interface and create a default implementation to facilitate other configuration options. 2011-07-06 00:12:48 +01:00
Luke Taylor
2d271666a4 Add constructors to facilitate constructor-based injection for required/shared bean properties. 2011-07-05 20:25:49 +01:00
Luke Taylor
73442125de SEC-1775: Removed internal use of UserAttribute class in AnonymousAuthenticationFilter. 2011-07-04 21:09:48 +01:00
Luke Taylor
b15475ab3d SEC-1771: Change TokenBasedRememberMeServices to obtain password from UserDetailsService if necessary. 2011-07-02 20:36:42 +01:00
Luke Taylor
737a9d1825 Improved toString methods on request wrappers. 2011-07-02 20:36:41 +01:00
Luke Taylor
571bfc4869 Refactoring to use Utf8 encoder instead of String.getBytes("UTF-8"). 2011-06-14 18:47:50 +01:00
Luke Taylor
685f12c5a0 SEC-1733: Support explicit zero netmask correctly. 2011-06-07 12:15:07 +01:00
Luke Taylor
f5f410ae3b Clean unused imports. 2011-05-25 20:39:16 +01:00
Luke Taylor
ec97b70df9 SEC-1668: Allow customization of username parameter in SwitchUserFilter. 2011-05-25 20:03:02 +01:00
Luke Taylor
6d04670f87 SEC-1695: Allow customization of the session key under which the SecurityContext is stored. 2011-05-25 19:51:47 +01:00
Luke Taylor
84902ebb50 Javadoc correction. 2011-05-24 12:01:04 +01:00
Luke Taylor
63f160dc72 SEC-1749: Add support for PageContext lookup of objects and use of PermissionEvaluator when using web access expressions. 2011-05-19 15:27:35 +01:00
Luke Taylor
6e91786f92 SEC-1734: AbstractRememberMeServices will now default to using a secure cookie if the connection is secure. The behaviour can be overridden by setting the useSecureCookie property in which case the cookie will either always be secure (true) or never (false). 2011-05-09 13:36:23 +01:00
Luke Taylor
04dc65c8fe SEC-1657: Corresponding namespace updates to use SecurityFilterChain list in place of filterChainMap. 2011-04-25 13:48:47 +01:00
Luke Taylor
37d0454fd7 SEC-1657: Create SecurityFilterChain class for use in configuring FilterChinProxy. Encapsulates a RequestMatcher and List<Filter>. 2011-04-23 22:15:35 +01:00
Luke Taylor
614d8c0321 SEC-1723: Use standard SpEL syntax for accessing beans in the app context by name. 2011-04-22 13:47:59 +01:00
Luke Taylor
dd108041a0 SEC-1722: Correct javadoc 2011-04-22 11:49:48 +01:00
Luke Taylor
8178371927 SEC-1700: Add fixed serializationVersionUID values to security context, authentication tokens and related classes 2011-04-21 19:55:32 +01:00
Rob Winch
a76a947b12 SEC-965: Added support for CAS proxy ticket authentication on any URL 2011-04-17 18:00:35 -05:00
Luke Taylor
acf4b91a89 SEC-1674: Test to check that absolute URLs work in SimpleUrlLogoutSuccessHandler. 2011-04-14 15:06:05 +01:00
Luke Taylor
ef72dd1986 SEC-1714: RegexRequestMatcher should prepend question mark to query string. 2011-04-11 14:02:54 +01:00
Luke Taylor
49dd928faa SEC-1712: Javadoc typo fix. 2011-04-08 17:24:12 +01:00
Luke Taylor
01c9c4e4db SEC-1697: Don't publish authorization success events in AbstractSecurityInterceptor by default. 2011-04-06 13:58:58 +01:00
Luke Taylor
78d5495945 SEC-1702: Add Burt's patch implementing hashcode method in AntPathRequestMatcher 2011-03-25 20:44:18 +00:00
Luke Taylor
e470eaa41d SEC-1689: Moved core codec code into crypto package and removed existing duplication (Hex encoding etc). Refactoring of crypto code to use CharSequence for where possible instead of String. 2011-03-17 01:43:31 +00:00
Luke Taylor
44252207db SEC-1683: Corrected typo 2011-02-28 15:43:25 +00:00
Luke Taylor
b0df1bd1b0 SEC-1673: Use a map to store the range values use in the bundlor templates. 2011-02-07 16:06:23 +00:00
Luke Taylor
eb9482b33b Removal of some unused internal methods, plus additional tests for some areas lacking coverage. 2011-02-07 00:24:20 +00:00