Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-21 05:44:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,965 Commits 33 Branches 337 Tags
Commit Graph

2017 Commits

Author SHA1 Message Date
Luke Taylor
472c1fac84 SEC-1450: Replace use of ClassUtils.getMostSpecificMethod() in AbstractFallbackMethodDefinitionSource with AopUtils.getMostSpecificMethod() equivalent. 
Ensures protect-pointcut expressions match methods with generic parameters.
 2010-03-24 20:57:03 +00:00
Luke Taylor
e60108ca8c SEC-1443: Modify Jsr250Voter to handle multiple "RolesAllowed" roles. 
It now votes to abstain if there are no Jsr250 attributes present. If any are found, it will either deny or grant access. For multiple "RoleAllowed" attributes, access will be granted if any user authority matches or denied if no match is found.
 2010-03-22 16:26:04 +00:00
Luke Taylor
9e049dfef4 SEC-1438: Removed JoinPoint support from AbstractMethodSecurityMetadataSource 2010-03-11 21:51:19 +00:00
Luke Taylor
c09cd3a9cb Remove unused inner class in MethodSecurityMetadataSourceAdvisor 2010-03-11 01:52:07 +00:00
Luke Taylor
55de2cfcb1 SEC-1262: Added new (replacement) AspectJ interceptor which wraps the JoinPoint in a MethodInvocation adapter to provide compatibility with classes which only support MethodInvocation instances. 
Also deprecated the existing AspectJ interceptors. This will also allow future simplification of the AbstractMethodSecurityMetadataSource, as it no longer needs to support JoinPoints.
 2010-03-11 01:51:59 +00:00
Luke Taylor
f3264ba9ab Addition of commons-logging exclusions and adjustments to pom generation. 2010-03-07 21:58:25 +00:00
Luke Taylor
b38b8e55ac SEC-1432: Convert map keys to lower-case in UserMap.setUsers(). 
Otherwise the lookup on mixed-case fails, since the lookup is performed with a lower-case key.
 2010-03-05 17:55:29 +00:00
Luke Taylor
530ab3ae30 SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect. 2010-03-04 21:21:07 +00:00
Luke Taylor
0551dd89ac SEC-1420: Add htmlEscape attribute to authentication JSP tag. 
This allows HTML escaping to be disabled if required.
 2010-03-04 00:47:22 +00:00
Luke Taylor
b147652193 Make hsqldb a testRuntime/runtime dependency. 2010-03-01 01:10:58 +00:00
Luke Taylor
f3f84da625 Increase upper bounds of Spring and Spring Security versions in bundlor templates to 3.2.0. 2010-02-21 23:25:36 +00:00
Luke Taylor
ea7ccc718d SEC-1399: Removed AbstractAuthenticationManager. 
MockAuthenticationManager was the only other subclass (apart from the main ProviderManager) and has been removed also.
 2010-02-20 21:35:39 +00:00
Luke Taylor
dacb8dd25a SEC-1382: Removed deprecated label-based voter and related classes. 2010-02-20 20:50:16 +00:00
Luke Taylor
b37d2ed978 SEC-593: Added PermissionCacheOptimizer strategy interface and implementation in Acl module. 
This is used by DefaultMethodSecurityExpressionHandler to allow permissions to be cached before repeatedly evaluating an expression for a collection of domain objects.
 2010-02-20 18:02:12 +00:00
Luke Taylor
2ee7696bf4 Update version number to 3.1.0.CI-SNAPSHOT. 2010-02-19 17:35:19 +00:00
Luke Taylor
44f45d21f0 3.0.2 release. Update version in build files. 2010-02-19 01:22:21 +00:00
Luke Taylor
d2b2ca3bc6 SEC-1387: Use a transient object as the advice monitor, rather than a Serializable. 
No need for an anonymous inner class.
 2010-02-19 01:02:22 +00:00
Luke Taylor
10dc72b017 SEC-1387: Support serialization of security advised beans. 
MethodSecurityMetadataSourceAdvisor now takes the SecurityMetadataSource bean name as an extra constructor argument and re-obtains the bean from the BeanFactory in its readObject method. Beans that are advised using <global-method-security> should therefore now be serializable.
 2010-02-19 00:53:14 +00:00
Luke Taylor
dbee91002e Deprecate EncryptionUtils. 2010-02-14 23:27:29 +00:00
Luke Taylor
c12c43da9e Javadoc fixes. 2010-02-14 23:27:09 +00:00
Luke Taylor
36612377e2 Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents. 2010-02-14 23:23:23 +00:00
Luke Taylor
67c9a0b78d SEC-1389: Added "iterations" property to BaseDigestpasswordEncoder to support "stretching" of passwords. 2010-02-06 17:34:07 +00:00
Luke Taylor
bd2fd3448b SEC-1392: Mark PermissionEvaluator and MethodSecurityExpressionHandler as AopInfrastructure beans to prevent them being advised and causing premature use of MethodSecurityMetadataSource before it is initialized properly. 2010-02-06 15:42:01 +00:00
Luke Taylor
10d787ede2 Javadoc corrections to SessionRegistryImpl 2010-02-03 23:49:36 +00:00
Luke Taylor
d931495c8a SEC-1380: Trim whitespace from config attributes when building a list in SecurityConfig. 2010-01-23 02:12:30 +00:00
Luke Taylor
1a7f71fc0f SEC-1372: Return an empty list rather than null from SessionRegistryImpl.getAllSessions() 
If the principal has no sessions, null is returned which contradicts the interface contract. In practice it didn't matter as the null was checked for, but it is cleaner to disallow a null value.
 2010-01-19 01:07:33 +00:00
Luke Taylor
51dfc0fb39 Set versions to 3.0.2-CI-SNAPSHOT, post release. 2010-01-15 18:15:19 +00:00
Luke Taylor
05634f97dc Updated version numbers for 3.0.1 release. 2010-01-15 18:04:28 +00:00
Luke Taylor
0f90e69004 SEC-1362: Updated French messages translation. 2010-01-13 15:37:18 +00:00
Luke Taylor
b323098167 Added gradle build files for taglibs, tutorial, contacts and openid. 
Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).
 2010-01-10 23:31:23 +00:00
Luke Taylor
052537c8b0 Removing $Id$ markers and stripping trailing whitespace from the codebase. 2010-01-08 21:05:13 +00:00
Luke Taylor
93973a4b75 SEC-1304: Removed compareTo method from GrantedAuthorityImpl 
This method had been left by mistake when the Comparable 
interface was removed. See also SEC-1347.
 2010-01-04 19:13:49 +00:00
Luke Taylor
80aacf447f Refactored JaasAuthenticationProvider 
The toUrl() method on File gives a deprecation warning with Java 6, so I reimplemented
the logic for building the Jaas config URL.
 2010-01-03 16:28:44 +00:00
Luke Taylor
893f212fa5 Tidying 2010-01-02 19:53:19 +00:00
Luke Taylor
bcb1ff8921 SEC-1342: Introduced extra factory method in SecurityConfig to get round problem with Spring converting a string with commas to an array 2009-12-23 14:12:59 +00:00
Luke Taylor
115d5b84ff [maven-release-plugin] prepare for next development iteration 2009-12-22 22:20:01 +00:00
Luke Taylor
6c6ef08353 [maven-release-plugin] prepare release spring-security-3.0.0.RELEASE 2009-12-22 22:19:38 +00:00
Luke Taylor
e64866ae6a Updated bundlor templates and introduced spring.version variable 2009-12-22 01:10:04 +00:00
Luke Taylor
fcce29f8df SEC-1326: Updating dependencies to match Spring versions. Removing unused deps. 2009-12-21 17:32:38 +00:00
Luke Taylor
aeed49393c Switching StringBuffer to StringBuilder throughout the codebase (APIs permitting). 2009-12-18 18:44:42 +00:00
Luke Taylor
354b043fd1 SEC-1337: Add Serializable interface to internal comparator 2009-12-18 14:12:32 +00:00
Luke Taylor
55679971f0 SEC-1337: Make User serializable by moving anonymous comparator class 2009-12-18 13:49:02 +00:00
Luke Taylor
cad32ffe39 SEC-1325: Tighten up Authentication interface contract to disallow null authorities. Modified internals of AbstractAuthenticationToken to use an empty list instead of null. Clarified Javadoc. removed unnecessary null checks in classes which use the interface. 2009-12-13 17:37:24 +00:00
Luke Taylor
ef3d9c7877 Tidying Javadoc. 2009-12-13 16:20:28 +00:00
Luke Taylor
1e8ea55030 SEC-1320: JaasAuthenticationProvider can not find jaas realm defined inside service archive. Added flag to control refresh of configuration on startup. 2009-12-13 16:19:53 +00:00
Luke Taylor
520e733cb2 [maven-release-plugin] prepare for next development iteration 2009-12-08 21:19:41 +00:00
Luke Taylor
f2cf17bd49 [maven-release-plugin] prepare release spring-security-3.0.0.RC2 2009-12-08 21:19:20 +00:00
Luke Taylor
adfac7e718 Added gradle file for cas and standardised ehcache version 2009-12-08 01:54:15 +00:00
Luke Taylor
33b109f0b3 Made session maps final in SessionRegistryImpl. 2009-12-08 01:33:01 +00:00
Luke Taylor
558737363f Added some extra tracing to SessionRegistryImpl. 2009-12-08 01:28:47 +00:00