Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,928 Commits 32 Branches 333 Tags 111 MiB
Commit Graph

3928 Commits

Author SHA1 Message Date
Luke Taylor 4dd10cd266 Refactor overly large doFilter() method in DigestAuthenticationFilter. 2010-02-22 01:48:53 +00:00
Luke Taylor 2f1479785e Refactoring to remove remaining circular dependencies indicated by structure101. 2010-02-22 01:48:22 +00:00
Luke Taylor f3f84da625 Increase upper bounds of Spring and Spring Security versions in bundlor templates to 3.2.0. 2010-02-21 23:25:36 +00:00
Luke Taylor b0bea8356f Minor gradle 0.9 syntax change. 2010-02-21 20:42:32 +00:00
Luke Taylor 025ab4ce1a Tweaking of table size in namespace chapter and PDF page margins to try to reduce overlapping of text 2010-02-21 20:41:44 +00:00
Luke Taylor 26cf6f5528 SEC-1399: Remove MockAuthenticationManager in app context file for FilterChainProxy tests. 2010-02-20 21:59:44 +00:00
Luke Taylor ea7ccc718d SEC-1399: Removed AbstractAuthenticationManager. 
MockAuthenticationManager was the only other subclass (apart from the main ProviderManager) and has been removed also.
 2010-02-20 21:35:39 +00:00
Luke Taylor dacb8dd25a SEC-1382: Removed deprecated label-based voter and related classes. 2010-02-20 20:50:16 +00:00
Luke Taylor 68f6afd905 SEC-1383: Added namespace support for method-security-metadata-source 2010-02-20 19:05:25 +00:00
Luke Taylor b7fc5bc455 Update schema version to 3.1 2010-02-20 18:58:00 +00:00
Luke Taylor e2a8f81ae8 Update aspectj version in sample to 1.6.8 2010-02-20 18:50:36 +00:00
Luke Taylor b37d2ed978 SEC-593: Added PermissionCacheOptimizer strategy interface and implementation in Acl module. 
This is used by DefaultMethodSecurityExpressionHandler to allow permissions to be cached before repeatedly evaluating an expression for a collection of domain objects.
 2010-02-20 18:02:12 +00:00
Luke Taylor 1474e73b11 SEC-1166: Added new interface PermissionGrantingStrategy to allow customization of ACL permission granting logic. 
The DefaultPermissionGrantingStrategy contains the standard behaviour that was previously in AclImpl.
 2010-02-20 18:02:11 +00:00
Luke Taylor 7c99361c26 Reduce length of long lines in the reference manual. 
Some are too long for the PDF version.
 2010-02-20 01:00:14 +00:00
Luke Taylor 40d3f726d6 Update manual version to 3.0.2.RELEASE 2010-02-19 19:00:06 +00:00
Luke Taylor 2ee7696bf4 Update version number to 3.1.0.CI-SNAPSHOT. 2010-02-19 17:35:19 +00:00
Luke Taylor 44f45d21f0 3.0.2 release. Update version in build files. 2010-02-19 01:22:21 +00:00
Luke Taylor d2b2ca3bc6 SEC-1387: Use a transient object as the advice monitor, rather than a Serializable. 
No need for an anonymous inner class.
 2010-02-19 01:02:22 +00:00
Luke Taylor 97d04b73c1 Upgrade to Spring 3.0.1. 2010-02-19 00:53:38 +00:00
Luke Taylor 10dc72b017 SEC-1387: Support serialization of security advised beans. 
MethodSecurityMetadataSourceAdvisor now takes the SecurityMetadataSource bean name as an extra constructor argument and re-obtains the bean from the BeanFactory in its readObject method. Beans that are advised using <global-method-security> should therefore now be serializable.
 2010-02-19 00:53:14 +00:00
Luke Taylor 14ae36ac3b SEC-1412: Modify DefaultSavedRequest to ignore If-Not-Matched header. 
The browser (or at least Firefox) does not send it after a redirect, and it causes problems with Spring's ShallowEtagHeaderFilter if it is stored and returned by the saved request.
 2010-02-18 00:32:49 +00:00
Luke Taylor 9bdc012c69 Minor corrections to Session Management chapter of ref manual. 2010-02-18 00:32:48 +00:00
Luke Taylor c0579230b2 Correct package names in ref manual docbook. Minor change to namespace appendix. 2010-02-18 00:32:48 +00:00
Luke Taylor 5b5934144a Avoid infinite loop in InterceptMethodsBeanDefinitionDecoratorTests when upgrading to Spring 3.0.1. 
Converted test target to implement ApplicationListener<SessionCreatedEvent> so that it doesn't receive events from its own interceptor (which are in turn intercepted).
 2010-02-16 00:03:15 +00:00
Luke Taylor bd635edc31 SEC-1410: Makes sure usernames which are OpenID https identities are detected as well as http ones. 
Using ":" as the token delimiter means we accidentally mistake the URL for two tokens. This had previously been fixed for http URLs but not https ones.
 2010-02-15 22:46:18 +00:00
Luke Taylor 1719bdebeb Changed classes output dir names in core modules for better display in structure diagram 2010-02-15 02:23:40 +00:00
Luke Taylor c1133d1ef3 Removed unused import in DelegatingAuthenticationEntryPoint and corrected test class name. 2010-02-14 23:31:31 +00:00
Luke Taylor d30e31d816 Remove unnecessary @SuppressWarnings and inline dependency from ELRequestMatcher (util package) to core ExpressionUtils. 2010-02-14 23:29:27 +00:00
Luke Taylor dbee91002e Deprecate EncryptionUtils. 2010-02-14 23:27:29 +00:00
Luke Taylor c12c43da9e Javadoc fixes. 2010-02-14 23:27:09 +00:00
Luke Taylor 36612377e2 Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents. 2010-02-14 23:23:23 +00:00
Luke Taylor e729819ce0 Updated incorrect package names in docbook 2010-02-12 15:18:01 +00:00
Luke Taylor 1e4f451352 Moved DelegatingAuthenticationEntryPointTest-context.xml to test/resources 2010-02-11 18:08:06 +00:00
Luke Taylor dcbdfc2026 SEC-1396: Implement eager saving of SecurityContext in SessionManagementFilter on authentication. 
The user is then seen as being authenticated to further (re-entrant) requests which occur before the existing request has completed. The saving logic is contained with the SecurityContextRepository implementation.
 2010-02-11 17:47:22 +00:00
Luke Taylor 403f8da79a Added missing jettyVersion variable to build.gradle. 2010-02-11 17:36:45 +00:00
Mike Wiesner 90d6ff1fde SEC-1406: Create a DelegatingAuthenticationEntryPoint 2010-02-11 13:19:16 +01:00
Mike Wiesner d32b078a8c SEC-1406: Create a DelegatingAuthenticationEntryPoint 2010-02-11 09:05:28 +01:00
Luke Taylor e678ba7283 Improvements to itest-web subproject. 
Added to gradle build. Updated deps (testng and jwebunit). New test added for persistent remember-me.
 2010-02-11 01:48:21 +00:00
Luke Taylor 70ef0d8b3e Added extra test to itest/context as POC of using extra interceptor with http ns. 2010-02-11 01:48:00 +00:00
Luke Taylor 23511c930f Standardising slf4j versions. 2010-02-11 01:33:31 +00:00
Luke Taylor 017dad8f5d Added support for fop extensions in PDF generation. 2010-02-11 00:19:18 +00:00
Luke Taylor 2173029216 SEC-1404: Use a factory method to convert the path to lower case for use in the filter-chain map. 
Delays the conversion till after palceholders have been substituted, preventing the placeholder from being converted (or the value not being converted).
 2010-02-10 23:49:26 +00:00
Mike Wiesner d2413cf237 SEC-1406: Create a DelegatingAuthenticationEntryPoint 2010-02-10 21:25:23 +01:00
Luke Taylor 5753d69465 SEC-1404: Updated test for placeholders in intercept-url elements to check they work for filter='none' elements 2010-02-10 16:49:53 +00:00
Luke Taylor 81657d0efc SEC-1403: Corrected interface name. 2010-02-10 15:24:46 +00:00
Luke Taylor 08c7155ab5 SEC-1404: Refactored IP subnet matching into IpAddressMatcher class to allow it to be used outside expressions. 2010-02-10 15:06:01 +00:00
Luke Taylor 1ecd3e228b SEC-1405: added RequestMatcher interface. 2010-02-10 14:34:14 +00:00
Luke Taylor 2f40088fe7 Change spring-aop dep to compile scope in contacts sample 2010-02-08 12:34:19 +00:00
Luke Taylor 15c309a2ed Add spring-aop to acl and contacts compile dependencies following changes for SEC-1390. 
AopInfrastructureBean interface is now required.
 2010-02-06 21:22:12 +00:00
Luke Taylor f54831f2b5 SEC-1398: Minor changes to method security annotation information in namespace chapter. 
Added some explanation of the different annotation types and their suitability.
 2010-02-06 18:03:05 +00:00