spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-27 14:22:47 +00:00

Author	SHA1	Message	Date
Luke Taylor	441aa25383	SEC-1615: Changed key generation for anonymous provider to only use SecureRandom on demand.	2010-12-01 20:52:37 +00:00
Luke Taylor	4ad0652787	Removed array of authorities constructor from TestingAuthenticationToken and RunAsUserToken.	2010-12-01 20:52:37 +00:00
Luke Taylor	ca679e1479	Reformatting.	2010-12-01 20:52:37 +00:00
Luke Taylor	9b29dcb8bf	SEC-1430: Removed username attribute from WebAttributes class.	2010-11-26 14:20:19 +00:00
Luke Taylor	43be9ea2a4	SEC-1430: Removed caching of username in session upon failed authentication. Improved Javadoc.	2010-11-26 13:58:49 +00:00
Luke Taylor	d64efe9747	SEC-1492: Added GrantedAuthoritiesMapper to provide mapping of loaded authorities to those which are eventually stored in the user Authentication object.	2010-11-25 15:19:37 +00:00
Luke Taylor	89f80659a1	Move docs on request matching to correct file and delete unused one	2010-11-24 00:30:37 +00:00
Luke Taylor	49242729e4	Added imgSrcPath parameter for use in docbookFopPdf task.	2010-11-24 00:28:59 +00:00
Luke Taylor	51a53ddbaa	Minor refactoring of GAE code to use specific GrantedAuthority type.	2010-11-17 14:15:11 +00:00
Luke Taylor	60970dd9c4	Added some tests for web expression handling code.	2010-11-15 20:01:38 +00:00
Luke Taylor	2d9f98d535	SEC-1412: DefaultSavedRequest should ignore "If-Modified-Since" headers to prevent re-displaying the login form (the cached result of the original request).	2010-11-15 16:14:24 +00:00
Luke Taylor	fc00d7ef1d	Move the unix scripts for the tutorial sample into a subdirectory	2010-11-12 15:19:46 +00:00
Luke Taylor	37810a19c4	SEC-1619: Added check in GAE sample for change of Google user while still logged into the app. Also updated GAE version and build script. Uploading to GAE now works when run from the gradle build file using the command 'gradle gaeDeploy'.	2010-11-10 15:37:42 +00:00
Luke Taylor	8b51c2c97d	SEC-1587: Add explicit call to removeAttribute() to remove the context from the session if the current context is empty or anonymous. Allows for the situation where a user is logged out without invalidating the session.	2010-11-09 13:55:45 +00:00
Luke Taylor	7754882ba9	SEC-1550: Additional signature change (in AnonymousAuthenticationToken)	2010-11-09 13:48:57 +00:00
Rob Winch	ffccc5f446	SEC-1617: Added spring-security-taglibs as a runtime dependency to jaas.gradle	2010-11-08 19:27:44 -06:00
Luke Taylor	4b6a2168c7	SEC-1550: Additional signature change (in LdapUserDetailsManager.removeAuthorities())	2010-11-08 15:14:30 +00:00
Luke Taylor	6b691f6fc0	SEC-1613: Corrected preauth docs.	2010-11-04 14:32:06 +00:00
Rob Winch	4f51eb09c0	SEC-1606: Added a FirewalledRequestAwareRequestDispatcher that will call FirewalledRequest.reset() before a forward	2010-11-03 15:27:59 -05:00
Luke Taylor	b9a98613eb	SEC-1593: Added tests to try to reproduce issue.	2010-11-03 19:37:25 +00:00
Luke Taylor	1c8d28501c	SEC-1550: Convert signatures to use Collection<? extends GrantedAuthority> where appropriate.	2010-11-03 13:48:59 +00:00
Luke Taylor	8d867e8b67	Updated integration tests to detect case reported as SPR-7563.	2010-11-02 20:35:24 +00:00
Luke Taylor	265cdaf2a6	SEC-1595: Added extra constructor to OpenID4JavaConsumer which takes a ConsumerManager to allow a version compatible with GAE to be injected.	2010-11-02 20:19:16 +00:00
Luke Taylor	337477de6a	SEC-1604: Change log level to debug for "Validated configuration attributes" message.	2010-11-02 20:06:42 +00:00
Luke Taylor	54d0a263de	SEC-1590: Removed WebAuthenticatioDetails.doPopulateAdditionalInformation() method which is caled from superclass constructor.	2010-11-02 19:50:40 +00:00
Luke Taylor	43ec2beec0	SEC-1183: Modified Attributes2GrantedAuthoritiesMapper to return Collection<? extends GrantedAuthority>.	2010-11-02 14:02:55 +00:00
Luke Taylor	84efffb937	SEC-1542: Add a setter for the UserDetailsChecker in AbstractRememberMeServices.	2010-11-02 13:41:59 +00:00
Luke Taylor	2671e52d5a	Expand message on incorrect Spring version to suggest checking the classpath for unwanted jars.	2010-11-02 12:31:44 +00:00
Luke Taylor	0696bed78e	SEC-1608: Make sure FirewalledRequest.reset() is called when filter="none"	2010-11-02 12:08:39 +00:00
Luke Taylor	deef2706ef	SEC-1607: Report correct version for Spring Security (not Spring version).	2010-11-02 11:13:32 +00:00
Luke Taylor	f85baac943	Updated to Spring 3.0.5	2010-10-27 13:25:40 +01:00
Luke Taylor	21ed5feb8d	SEC-1600: Added Implementation-Version and Implementation-Title to manifest templates and checking of version numbers in namespace config module and core. Config checks the version of core it is running against and core checks the Spring version, reporting any mismatches or situations where the app is running with less than the recommended Spring version.	2010-10-27 13:25:40 +01:00
Luke Taylor	4de8b84b0d	SEC-1543: Change IpAddressMatcher to return false when comparing an Inet6Address with an Inet4Address rather than raising an exception.	2010-10-27 13:25:40 +01:00
Luke Taylor	cf0289bc02	SEC-1598: Removed invalid properties from SessionFixationProtectionStrategy bean declaration in Session Management chapter docbook.	2010-10-27 13:25:40 +01:00
Luke Taylor	fabadff5f1	SEC-1597: Corrected bean class name for RememberMeAuthenticationProvider in docbook source.	2010-10-27 13:25:40 +01:00
Luke Taylor	31afb9c76d	Deleted superseded dao-auth-provider.xml chapter.	2010-10-27 13:25:40 +01:00
Luke Taylor	07b9ded126	SEC-1599: Corrected docbook source.	2010-10-27 13:25:40 +01:00
Luke Taylor	091a6d26f1	SEC-1548: Added extra logging to Dao-authentication classes to clarify reasons for authentication failure (missing user vs wrong password etc.).	2010-10-27 13:25:40 +01:00
Luke Taylor	883ca2a55d	Import cleaning.	2010-10-27 13:25:40 +01:00
Luke Taylor	1724d1eac6	SEC-1561: HttpSessionSecurityContextRepository should check whether the session contains the context attribute in case a new session has been created during the request. If the attribute is empty, then the context should be stored regardless of whether a change is detected or not.	2010-10-27 13:25:39 +01:00
Luke Taylor	54694d5ab7	SEC-1583: Added hasAuthority and hasAnyAuthority imlementations to SecurityExpressionRoot.	2010-10-27 13:25:39 +01:00
Luke Taylor	f70942c6f5	SEC-1589: Add support for property placeholder in intercept-methods access attribute.	2010-10-27 13:25:39 +01:00
Luke Taylor	173537f4f2	SEC-1584: Added namespace support for injecting custom HttpFirewall instance into FilterChainProxy.	2010-10-27 13:25:39 +01:00
Luke Taylor	0961671772	Reinstated missing 3.0.3 schema file	2010-10-27 13:25:39 +01:00
Luke Taylor	a6d47203db	FilterInvocation should set queryString on dummy request.	2010-10-27 13:25:39 +01:00
Luke Taylor	f455e9a5a4	SEC-1584: Documentation of request-checking and matching process. Logging of servletPath and and pathInfo in DebugFilter for comparison.	2010-10-27 13:25:39 +01:00
Luke Taylor	0fd2c48dfb	SEC-1584: Additional integration tests.	2010-10-27 13:25:39 +01:00
Luke Taylor	7d97adc687	SEC-1584: Addition of HttpFirewall strategy to FilterChainProxy to reject un-normalized requests and wrap the incoming request object before processing by the security filter chain to provide a more consistent representation of paths than is guaranteed by the servlet spec. The wrapper strips path parameters from pathInfo and servletPath to provide consistency of URL matching across servlet containers and protect against bypassing security constraints by the malicious addition of such parameters to the URL. The paths are canonicalized further by replacing of multiple sequences of "/" characters with a single "/".	2010-10-27 13:25:39 +01:00
Luke Taylor	695c8f4ad6	Import cleaning and suppression of deprecation warnings.	2010-10-27 13:25:39 +01:00
Rossen Stoyanchev	bd84a2bfa1	SWC-1552 Update .tld in integration test to match change in taglib.	2010-10-26 14:00:45 +01:00

1 2 3 4 5 ...

4231 Commits