Luke Taylor
51a53ddbaa
Minor refactoring of GAE code to use specific GrantedAuthority type.
2010-11-17 14:15:11 +00:00
Luke Taylor
60970dd9c4
Added some tests for web expression handling code.
2010-11-15 20:01:38 +00:00
Luke Taylor
2d9f98d535
SEC-1412: DefaultSavedRequest should ignore "If-Modified-Since" headers to prevent re-displaying the login form (the cached result of the original request).
2010-11-15 16:14:24 +00:00
Luke Taylor
fc00d7ef1d
Move the unix scripts for the tutorial sample into a subdirectory
2010-11-12 15:19:46 +00:00
Luke Taylor
37810a19c4
SEC-1619: Added check in GAE sample for change of Google user while still logged into the app.
...
Also updated GAE version and build script. Uploading to GAE now works when run from the gradle build file using the command 'gradle gaeDeploy'.
2010-11-10 15:37:42 +00:00
Luke Taylor
8b51c2c97d
SEC-1587: Add explicit call to removeAttribute() to remove the context from the session if the current context is empty or anonymous.
...
Allows for the situation where a user is logged out without invalidating the session.
2010-11-09 13:55:45 +00:00
Luke Taylor
7754882ba9
SEC-1550: Additional signature change (in AnonymousAuthenticationToken)
2010-11-09 13:48:57 +00:00
Rob Winch
ffccc5f446
SEC-1617: Added spring-security-taglibs as a runtime dependency to jaas.gradle
2010-11-08 19:27:44 -06:00
Luke Taylor
4b6a2168c7
SEC-1550: Additional signature change (in LdapUserDetailsManager.removeAuthorities())
2010-11-08 15:14:30 +00:00
Luke Taylor
6b691f6fc0
SEC-1613: Corrected preauth docs.
2010-11-04 14:32:06 +00:00
Rob Winch
4f51eb09c0
SEC-1606: Added a FirewalledRequestAwareRequestDispatcher that will call FirewalledRequest.reset() before a forward
2010-11-03 15:27:59 -05:00
Luke Taylor
b9a98613eb
SEC-1593: Added tests to try to reproduce issue.
2010-11-03 19:37:25 +00:00
Luke Taylor
1c8d28501c
SEC-1550: Convert signatures to use Collection<? extends GrantedAuthority> where appropriate.
2010-11-03 13:48:59 +00:00
Luke Taylor
8d867e8b67
Updated integration tests to detect case reported as SPR-7563.
2010-11-02 20:35:24 +00:00
Luke Taylor
265cdaf2a6
SEC-1595: Added extra constructor to OpenID4JavaConsumer which takes a ConsumerManager to allow a version compatible with GAE to be injected.
2010-11-02 20:19:16 +00:00
Luke Taylor
337477de6a
SEC-1604: Change log level to debug for "Validated configuration attributes" message.
2010-11-02 20:06:42 +00:00
Luke Taylor
54d0a263de
SEC-1590: Removed WebAuthenticatioDetails.doPopulateAdditionalInformation() method which is caled from superclass constructor.
2010-11-02 19:50:40 +00:00
Luke Taylor
43ec2beec0
SEC-1183: Modified Attributes2GrantedAuthoritiesMapper to return Collection<? extends GrantedAuthority>.
2010-11-02 14:02:55 +00:00
Luke Taylor
84efffb937
SEC-1542: Add a setter for the UserDetailsChecker in AbstractRememberMeServices.
2010-11-02 13:41:59 +00:00
Luke Taylor
2671e52d5a
Expand message on incorrect Spring version to suggest checking the classpath for unwanted jars.
2010-11-02 12:31:44 +00:00
Luke Taylor
0696bed78e
SEC-1608: Make sure FirewalledRequest.reset() is called when filter="none"
2010-11-02 12:08:39 +00:00
Luke Taylor
deef2706ef
SEC-1607: Report correct version for Spring Security (not Spring version).
2010-11-02 11:13:32 +00:00
Luke Taylor
f85baac943
Updated to Spring 3.0.5
2010-10-27 13:25:40 +01:00
Luke Taylor
21ed5feb8d
SEC-1600: Added Implementation-Version and Implementation-Title to manifest templates and checking of version numbers in namespace config module and core. Config checks the version of core it is running against and core checks the Spring version, reporting any mismatches or situations where the app is running with less than the recommended Spring version.
2010-10-27 13:25:40 +01:00
Luke Taylor
4de8b84b0d
SEC-1543: Change IpAddressMatcher to return false when comparing an Inet6Address with an Inet4Address rather than raising an exception.
2010-10-27 13:25:40 +01:00
Luke Taylor
cf0289bc02
SEC-1598: Removed invalid properties from SessionFixationProtectionStrategy bean declaration in Session Management chapter docbook.
2010-10-27 13:25:40 +01:00
Luke Taylor
fabadff5f1
SEC-1597: Corrected bean class name for RememberMeAuthenticationProvider in docbook source.
2010-10-27 13:25:40 +01:00
Luke Taylor
31afb9c76d
Deleted superseded dao-auth-provider.xml chapter.
2010-10-27 13:25:40 +01:00
Luke Taylor
07b9ded126
SEC-1599: Corrected docbook source.
2010-10-27 13:25:40 +01:00
Luke Taylor
091a6d26f1
SEC-1548: Added extra logging to Dao-authentication classes to clarify reasons for authentication failure (missing user vs wrong password etc.).
2010-10-27 13:25:40 +01:00
Luke Taylor
883ca2a55d
Import cleaning.
2010-10-27 13:25:40 +01:00
Luke Taylor
1724d1eac6
SEC-1561: HttpSessionSecurityContextRepository should check whether the session contains the context attribute in case a new session has been created during the request. If the attribute is empty, then the context should be stored regardless of whether a change is detected or not.
2010-10-27 13:25:39 +01:00
Luke Taylor
54694d5ab7
SEC-1583: Added hasAuthority and hasAnyAuthority imlementations to SecurityExpressionRoot.
2010-10-27 13:25:39 +01:00
Luke Taylor
f70942c6f5
SEC-1589: Add support for property placeholder in intercept-methods access attribute.
2010-10-27 13:25:39 +01:00
Luke Taylor
173537f4f2
SEC-1584: Added namespace support for injecting custom HttpFirewall instance into FilterChainProxy.
2010-10-27 13:25:39 +01:00
Luke Taylor
0961671772
Reinstated missing 3.0.3 schema file
2010-10-27 13:25:39 +01:00
Luke Taylor
a6d47203db
FilterInvocation should set queryString on dummy request.
2010-10-27 13:25:39 +01:00
Luke Taylor
f455e9a5a4
SEC-1584: Documentation of request-checking and matching process. Logging of servletPath and and pathInfo in DebugFilter for comparison.
2010-10-27 13:25:39 +01:00
Luke Taylor
0fd2c48dfb
SEC-1584: Additional integration tests.
2010-10-27 13:25:39 +01:00
Luke Taylor
7d97adc687
SEC-1584: Addition of HttpFirewall strategy to FilterChainProxy to reject un-normalized requests and wrap the incoming request object before processing by the security filter chain to provide a more consistent representation of paths than is guaranteed by the servlet spec. The wrapper strips path parameters from pathInfo and servletPath to provide consistency of URL matching across servlet containers and protect against bypassing security constraints by the malicious addition of such parameters to the URL. The paths are canonicalized further by replacing of multiple sequences of "/" characters with a single "/".
2010-10-27 13:25:39 +01:00
Luke Taylor
695c8f4ad6
Import cleaning and suppression of deprecation warnings.
2010-10-27 13:25:39 +01:00
Rossen Stoyanchev
bd84a2bfa1
SWC-1552 Update .tld in integration test to match change in taglib.
2010-10-26 14:00:45 +01:00
Rossen Stoyanchev
70600a0277
SEC-1552 Refactor AuthorizeTag and LegacyAuthorize tag to make them independent of JSP tag rendering.
2010-10-26 12:33:51 +01:00
Rob Winch
7258abbbf4
SEC-1585: changed spring-beans-3.1.xsd to spring-beans-3.0.xsd
2010-10-10 19:51:37 -05:00
Rob Winch
ee12d54bec
SEC-1536: moved web.authentication.jaas to web.jaasapi
...
Renamed org.springframework.security.web.authentication.jaas to org.springframework.security.web.jaasapi to be better aligned with org.springframework.security.web.servletapi, added package-info.java, and removed trailing whitespaces
2010-10-05 22:28:42 -05:00
Rob Winch
8249492ce9
SEC-1578: Use ThreadLocal.remove() instead of ThreadLocal.set(null)
2010-10-04 17:07:04 -05:00
Luke Taylor
e69b981c72
Make method in MatcherType public for use in OAuth.
2010-09-25 20:09:12 +01:00
Luke Taylor
f978814bb1
Improve entry of username and password for scp upload.
2010-09-24 21:01:18 +01:00
Luke Taylor
685e0417a7
SEC-1544: Update the tutorial sample to attempt to delete the JSESSIONID cookie on logout.
2010-09-19 18:30:52 +01:00
Luke Taylor
11a87d1fa0
Switch to using xsd:boolean in schema file.
2010-09-19 18:17:06 +01:00
