Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-13 15:42:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,925 Commits 44 Branches 345 Tags
Commit Graph

3925 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Luke Taylor
4c8b0faa88 Upgrade aws-maven to 3.0.0.RELEASE (mvn 2.2.x compatible) 2010-03-05 18:03:59 +00:00
Luke Taylor
5a5b62e2cb SEC-1429: Removed cached authentication from session after successful authentication.(cherry picked from commit 43f0e111067dec72f2a496ad7d9df9fc10de43dc) 2010-03-05 00:11:08 +00:00
Luke Taylor
6ac8588144 Fix to Javadoc for AbstractAuthenticationProcessingFilter.(cherry picked from commit a3263753d93bba781471135448c4de5564fe464a) 2010-03-04 22:07:30 +00:00
Luke Taylor
5690f1c581 SEC-1428: Check if response has been committed before redirecting to target URL in AbstractAuthenticationTargetUrlRequestHandler. 2010-03-04 22:00:37 +00:00
Luke Taylor
87cf27ab7c SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect. 2010-03-04 21:49:38 +00:00
Luke Taylor
41e06152b3 SEC-1420: JSP for itest of authentication tags with and without escaping. 2010-03-04 01:44:54 +00:00
Luke Taylor
a7e21318bf SEC-1425: Replace use of Java 1.6 String.isEmpty(). 2010-03-04 00:52:54 +00:00
Luke Taylor
bc6aae132b SEC-1420: Add htmlEscape attribute to authentication JSP tag. 
This allows HTML escaping to be disabled if required.
 2010-03-04 00:47:59 +00:00
Luke Taylor
b46ae6ac62 SEC-1425: Add check for empty cookie in AbstractRememberMeServices. 
Prevents ArrayOutOfBoundsException later when processing the tokeniszed cookie.
 2010-02-28 14:00:43 +00:00
Luke Taylor
317da55cd0 SEC-1423: Cache PointcutExpression instances in ProtectPointcutPostProcessor for more efficient startup. 2010-02-26 17:50:45 +00:00
Luke Taylor
9e751e22c8 Refactoring to remove remaining circular dependencies indicated by structure101. 2010-02-26 17:50:14 +00:00
Luke Taylor
4d65b35827 Minor gradle 0.9 syntax change. 2010-02-26 17:49:32 +00:00
Luke Taylor
9831980bc2 Update versions to 3.0.3.CI-SNAPSHOT. 2010-02-26 15:04:43 +00:00
Luke Taylor
44f45d21f0 3.0.2 release. Update version in build files. 3.0.2.RELEASE 2010-02-19 01:22:21 +00:00
Luke Taylor
d2b2ca3bc6 SEC-1387: Use a transient object as the advice monitor, rather than a Serializable. 
No need for an anonymous inner class.
 2010-02-19 01:02:22 +00:00
Luke Taylor
97d04b73c1 Upgrade to Spring 3.0.1. 2010-02-19 00:53:38 +00:00
Luke Taylor
10dc72b017 SEC-1387: Support serialization of security advised beans. 
MethodSecurityMetadataSourceAdvisor now takes the SecurityMetadataSource bean name as an extra constructor argument and re-obtains the bean from the BeanFactory in its readObject method. Beans that are advised using <global-method-security> should therefore now be serializable.
 2010-02-19 00:53:14 +00:00
Luke Taylor
14ae36ac3b SEC-1412: Modify DefaultSavedRequest to ignore If-Not-Matched header. 
The browser (or at least Firefox) does not send it after a redirect, and it causes problems with Spring's ShallowEtagHeaderFilter if it is stored and returned by the saved request.
 2010-02-18 00:32:49 +00:00
Luke Taylor
9bdc012c69 Minor corrections to Session Management chapter of ref manual. 2010-02-18 00:32:48 +00:00
Luke Taylor
c0579230b2 Correct package names in ref manual docbook. Minor change to namespace appendix. 2010-02-18 00:32:48 +00:00
Luke Taylor
5b5934144a Avoid infinite loop in InterceptMethodsBeanDefinitionDecoratorTests when upgrading to Spring 3.0.1. 
Converted test target to implement ApplicationListener<SessionCreatedEvent> so that it doesn't receive events from its own interceptor (which are in turn intercepted).
 2010-02-16 00:03:15 +00:00
Luke Taylor
bd635edc31 SEC-1410: Makes sure usernames which are OpenID https identities are detected as well as http ones. 
Using ":" as the token delimiter means we accidentally mistake the URL for two tokens. This had previously been fixed for http URLs but not https ones.
 2010-02-15 22:46:18 +00:00
Luke Taylor
1719bdebeb Changed classes output dir names in core modules for better display in structure diagram 2010-02-15 02:23:40 +00:00
Luke Taylor
c1133d1ef3 Removed unused import in DelegatingAuthenticationEntryPoint and corrected test class name. 2010-02-14 23:31:31 +00:00
Luke Taylor
d30e31d816 Remove unnecessary @SuppressWarnings and inline dependency from ELRequestMatcher (util package) to core ExpressionUtils. 2010-02-14 23:29:27 +00:00
Luke Taylor
dbee91002e Deprecate EncryptionUtils. 2010-02-14 23:27:29 +00:00
Luke Taylor
c12c43da9e Javadoc fixes. 2010-02-14 23:27:09 +00:00
Luke Taylor
36612377e2 Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents. 2010-02-14 23:23:23 +00:00
Luke Taylor
e729819ce0 Updated incorrect package names in docbook 2010-02-12 15:18:01 +00:00
Luke Taylor
1e4f451352 Moved DelegatingAuthenticationEntryPointTest-context.xml to test/resources 2010-02-11 18:08:06 +00:00
Luke Taylor
dcbdfc2026 SEC-1396: Implement eager saving of SecurityContext in SessionManagementFilter on authentication. 
The user is then seen as being authenticated to further (re-entrant) requests which occur before the existing request has completed. The saving logic is contained with the SecurityContextRepository implementation.
 2010-02-11 17:47:22 +00:00
Luke Taylor
403f8da79a Added missing jettyVersion variable to build.gradle. 2010-02-11 17:36:45 +00:00
Mike Wiesner
90d6ff1fde SEC-1406: Create a DelegatingAuthenticationEntryPoint 2010-02-11 13:19:16 +01:00
Mike Wiesner
d32b078a8c SEC-1406: Create a DelegatingAuthenticationEntryPoint 2010-02-11 09:05:28 +01:00
Luke Taylor
e678ba7283 Improvements to itest-web subproject. 
Added to gradle build. Updated deps (testng and jwebunit). New test added for persistent remember-me.
 2010-02-11 01:48:21 +00:00
Luke Taylor
70ef0d8b3e Added extra test to itest/context as POC of using extra interceptor with http ns. 2010-02-11 01:48:00 +00:00
Luke Taylor
23511c930f Standardising slf4j versions. 2010-02-11 01:33:31 +00:00
Luke Taylor
017dad8f5d Added support for fop extensions in PDF generation. 2010-02-11 00:19:18 +00:00
Luke Taylor
2173029216 SEC-1404: Use a factory method to convert the path to lower case for use in the filter-chain map. 
Delays the conversion till after palceholders have been substituted, preventing the placeholder from being converted (or the value not being converted).
 2010-02-10 23:49:26 +00:00
Mike Wiesner
d2413cf237 SEC-1406: Create a DelegatingAuthenticationEntryPoint 2010-02-10 21:25:23 +01:00
Luke Taylor
5753d69465 SEC-1404: Updated test for placeholders in intercept-url elements to check they work for filter='none' elements 2010-02-10 16:49:53 +00:00
Luke Taylor
81657d0efc SEC-1403: Corrected interface name. 2010-02-10 15:24:46 +00:00
Luke Taylor
08c7155ab5 SEC-1404: Refactored IP subnet matching into IpAddressMatcher class to allow it to be used outside expressions. 2010-02-10 15:06:01 +00:00
Luke Taylor
1ecd3e228b SEC-1405: added RequestMatcher interface. 2010-02-10 14:34:14 +00:00
Luke Taylor
2f40088fe7 Change spring-aop dep to compile scope in contacts sample 2010-02-08 12:34:19 +00:00
Luke Taylor
15c309a2ed Add spring-aop to acl and contacts compile dependencies following changes for SEC-1390. 
AopInfrastructureBean interface is now required.
 2010-02-06 21:22:12 +00:00
Luke Taylor
f54831f2b5 SEC-1398: Minor changes to method security annotation information in namespace chapter. 
Added some explanation of the different annotation types and their suitability.
 2010-02-06 18:03:05 +00:00
Luke Taylor
67c9a0b78d SEC-1389: Added "iterations" property to BaseDigestpasswordEncoder to support "stretching" of passwords. 2010-02-06 17:34:07 +00:00
Luke Taylor
bd2fd3448b SEC-1392: Mark PermissionEvaluator and MethodSecurityExpressionHandler as AopInfrastructure beans to prevent them being advised and causing premature use of MethodSecurityMetadataSource before it is initialized properly. 2010-02-06 15:42:01 +00:00
Luke Taylor
984604b026 SEC-1384: Removed check for empty authority list from DefaultWebInvocationPrivilegeEvaluator. 
The class previously rejected access if the user had no authorities. It will now allow the AccessDecisionManager to make the decision.
 2010-02-06 14:38:44 +00:00