Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,532 Commits 29 Branches 320 Tags 104 MiB
Commit Graph

4532 Commits

Author SHA1 Message Date
Luke Taylor 44e2543015 Minor changes to make filter chain validation more robust with custom request matchers. 2011-10-24 21:21:10 +01:00
Luke Taylor f2786805e6 SEC-1841: Added request-matcher-ref attribute to namespace for defining a filter chain. 2011-10-21 20:04:35 +01:00
Luke Taylor 58f7d3acc6 SEC-1835: Changed xsd:ID to xsd:token. 2011-10-21 18:35:06 +01:00
Luke Taylor f1e63f3008 SEC-1802: Add digits to valid URL scheme regex. 2011-10-21 17:25:50 +01:00
Rob Winch 2fd0a65049 SEC-1839: Updated preauth example to use </security:authentication-manager> instead of </security-authentication-manager> 2011-10-18 19:18:56 -05:00
Luke Taylor ac6ed671a1 SEC-1830: Use constructor injection in namespace parsing code for creation of ProviderManager 2011-09-26 18:24:36 +01:00
Luke Taylor 9d66e1fac3 Exclude static resources from filter chain in tutorial sample. 2011-09-25 22:30:14 +01:00
Luke Taylor 2953f56b2b Remove ancient code formatter artifacts. 2011-09-25 21:17:21 +01:00
Luke Taylor 869c6a7c18 SEC-1800: Set input size to 30 for OpenID login. 2011-09-25 21:13:37 +01:00
Luke Taylor 44364d0101 SEC-1826: Empty attribute list should be treated the same as null in DelegatingMethodSecurityMetadataSource. 2011-09-24 14:36:54 +01:00
Luke Taylor be8ee61f82 PreInvocationAuthorizationAdviceVoter was checking the wrong type in its "supports" method. 
This isn't actually used, but is still incorrect.
 2011-09-24 13:13:38 +01:00
Luke Taylor a573e7b395 SEC-1820: Added null check for attributesToFetch in OpenID4JavaConsumer. 2011-09-20 21:46:21 +01:00
Rob Winch 4a000d040c SEC-1815: Downgrade openid to use HttpClient 4.1.1 to avoid bug in openid4java's usage of HttpClient 2011-09-18 18:52:27 -05:00
Luke Taylor 359bd7c468 SEC-1804: Updated Javadoc wrt immutability of User class. 2011-08-25 10:50:50 +01:00
Luke Taylor 7bde24af6c Reset version to 3.1.0.CI-SNAPSHOT. 2011-08-19 15:24:45 -07:00
Luke Taylor 9e619611ae Set release version to 3.1.0.RC3 2011-08-19 15:24:44 -07:00
Luke Taylor 8ce6c73802 Add check for empty attributes list as well as null, in DelegatingMethodSecurityMetadataSource 2011-08-19 15:24:44 -07:00
Luke Taylor d6b7b52a79 Update to Spring 3.0.6. 2011-08-19 15:06:26 -07:00
Luke Taylor 3e4fc0b948 SEC-1795: Fix possible NPEs in AclImpl.equals() 2011-08-19 11:45:34 -07:00
Luke Taylor a4c05239e5 SEC-1719: Lithuanian messages translation. 2011-08-19 11:17:05 -07:00
Luke Taylor 503ac9ae7c SEC-1798: Remove internal evaluation of EL in JSP tag implementations. 2011-08-12 19:44:27 +01:00
Luke Taylor 45d938566c Some tests for Base64 encoding. 2011-08-12 19:44:27 +01:00
Luke Taylor 59a07175a6 SEC-1744: Do not trust authorities contained in the authentication request in JaasAuthenticationProvider. 2011-08-12 19:44:27 +01:00
Luke Taylor c618f4ab52 Add missing package to remoting bundlor template. 2011-08-12 19:44:27 +01:00
Luke Taylor 5fce0a58bd SEC-1750: Make sure RunAs replacement is constrained to the SecurityContext of the current thread. 2011-08-12 19:44:27 +01:00
Luke Taylor b48fc53fa2 SEC-1741: Modify ContextPropagatingRemoteInvocation to pass a simple combination of principal/credentials as Strings, rather than serializing the whole SecurityContext object from the client. 2011-08-12 19:44:27 +01:00
Luke Taylor 249610c7ed SEC-1742: Remove deprecated "includeDetailsObject" field from DaoAuthenticationProvider. 2011-08-12 19:44:26 +01:00
Luke Taylor 1976cb1bf7 SEC-1742: Deprecate use of extraInformation field in AuthenticationException, making it transient and removing any sensitive data in UserDetails objects which are stored in it. 2011-08-12 19:44:26 +01:00
Luke Taylor 824464516c SEC-1790: Reject redirect locations containing CR or LF. 2011-08-12 19:44:26 +01:00
Luke Taylor 6333909107 SEC-1797: Create a new session in AbstractPreAuthenticatedProcessingFilter when the existing session is invalidated on detecting a principal change. 2011-08-12 19:07:17 +01:00
Luke Taylor 74daa68691 SEC-1796: Check for annotated annotations at class/interface level. Previously only the specific security annotation was checked for. By delegating to Spring's AnnotationUtils, custom annotations carrying the security annotation are also detected. 2011-08-12 14:29:55 +01:00
Luke Taylor 8ce4d326f5 Update HttpClient to 4.1.2 and removed incorrect bundlor references to commons version. 2011-08-12 00:23:29 +01:00
Luke Taylor 0120643721 SEC-1794: Convert OpenIDAuthenticationStatus to an enum. 2011-08-10 17:09:33 +01:00
Luke Taylor 0c2a950fa0 SEC-1788: Avoid unnecessary call to getPreAuthenticatedPrincipal() in AbstractPreAuthenticatedProcessingFilter when not checking for principal changes is not enabled. 2011-08-10 17:07:09 +01:00
Rob Winch 7399c9a7a5 SEC-1792: Fixed NullPointerException in RunAsUserToken#toString() 2011-07-29 09:55:18 -05:00
Rob Winch dfd467f26e cleaned imports in RunAsUserToken 2011-07-29 09:39:02 -05:00
Luke Taylor 7e44580c75 Minor refactoring of aspects tests. 2011-07-20 17:42:05 +01:00
Luke Taylor 8740efc0f5 Added constructor injection options to ConcurrentSessionFilter 2011-07-18 15:09:31 +01:00
Luke Taylor a1c714cff4 SEC-1754: Added an InvalidSessionStrategy to allow SessionManagementFilter to delegate out the behaviour when an invalid session identifier is submitted. 2011-07-14 16:43:02 +01:00
Luke Taylor ac3d8b25f2 Expand LDAP authentication FAQ with information about bind authentication and unreadable password attributes. 2011-07-14 13:13:39 +01:00
Luke Taylor 8440743108 Remove Sql query objects from JdbcTokenRepositoryImpl in favour of direct JdbcTemplate use. 2011-07-13 23:28:41 +01:00
Luke Taylor 89fa771093 SEC-1753: Cater for missing DiscoveryInformation object in OpenID4JavaConsumer.endConsumption. 2011-07-13 22:29:47 +01:00
Luke Taylor 700fa9e0b6 SEC-1772: remote URL decoding of targetUrlParameter in AbstractAuthenticationTargetUrlRequestHandler. 2011-07-13 22:13:52 +01:00
Luke Taylor de97bac85b SEC-1763: Prevent nested switches in SwitchUserFilter by calling attemptExitUser() before doing the switch. 2011-07-13 21:59:11 +01:00
Luke Taylor a504cfae1a SEC-1770: Call refreshLastRequest on the session registry rather than the SessionInformation object to make sure it works with alternative SessionRegistry implementations. 2011-07-13 20:56:47 +01:00
Luke Taylor d5946b81b4 Added FAQ on how to add ApacheDS entries to pom. 2011-07-13 17:50:29 +01:00
Luke Taylor c117c643df SEC-1782: Javadoc correction for LdapAuthenticationProvider. 2011-07-12 01:50:24 +01:00
Rob Winch 330f82f562 SEC-1777: Corrected log in HttpSessionSecurityContextRepository to reference itself instead of HttpSessionContextIntegrationFilter 2011-07-09 19:24:12 -05:00
Florian Fankhauser 2e83d98c8f SEC-1776: Corrected typo in manual 2011-07-09 19:24:12 -05:00
Rob Winch 825f0061fb SEC-1761: Support HttpOnly Flag for Cookies when using Servlet 3.0 2011-07-09 19:23:51 -05:00