Luke Taylor
|
58f7d3acc6
|
SEC-1835: Changed xsd:ID to xsd:token.
|
2011-10-21 18:35:06 +01:00 |
Luke Taylor
|
f1e63f3008
|
SEC-1802: Add digits to valid URL scheme regex.
|
2011-10-21 17:25:50 +01:00 |
Rob Winch
|
2fd0a65049
|
SEC-1839: Updated preauth example to use </security:authentication-manager> instead of </security-authentication-manager>
|
2011-10-18 19:18:56 -05:00 |
Luke Taylor
|
ac6ed671a1
|
SEC-1830: Use constructor injection in namespace parsing code for creation of ProviderManager
|
2011-09-26 18:24:36 +01:00 |
Luke Taylor
|
9d66e1fac3
|
Exclude static resources from filter chain in tutorial sample.
|
2011-09-25 22:30:14 +01:00 |
Luke Taylor
|
2953f56b2b
|
Remove ancient code formatter artifacts.
|
2011-09-25 21:17:21 +01:00 |
Luke Taylor
|
869c6a7c18
|
SEC-1800: Set input size to 30 for OpenID login.
|
2011-09-25 21:13:37 +01:00 |
Luke Taylor
|
44364d0101
|
SEC-1826: Empty attribute list should be treated the same as null in DelegatingMethodSecurityMetadataSource.
|
2011-09-24 14:36:54 +01:00 |
Luke Taylor
|
be8ee61f82
|
PreInvocationAuthorizationAdviceVoter was checking the wrong type in its "supports" method.
This isn't actually used, but is still incorrect.
|
2011-09-24 13:13:38 +01:00 |
Luke Taylor
|
a573e7b395
|
SEC-1820: Added null check for attributesToFetch in OpenID4JavaConsumer.
|
2011-09-20 21:46:21 +01:00 |
Rob Winch
|
4a000d040c
|
SEC-1815: Downgrade openid to use HttpClient 4.1.1 to avoid bug in openid4java's usage of HttpClient
|
2011-09-18 18:52:27 -05:00 |
Luke Taylor
|
359bd7c468
|
SEC-1804: Updated Javadoc wrt immutability of User class.
|
2011-08-25 10:50:50 +01:00 |
Luke Taylor
|
7bde24af6c
|
Reset version to 3.1.0.CI-SNAPSHOT.
|
2011-08-19 15:24:45 -07:00 |
Luke Taylor
|
9e619611ae
|
Set release version to 3.1.0.RC3
|
2011-08-19 15:24:44 -07:00 |
Luke Taylor
|
8ce6c73802
|
Add check for empty attributes list as well as null, in DelegatingMethodSecurityMetadataSource
|
2011-08-19 15:24:44 -07:00 |
Luke Taylor
|
d6b7b52a79
|
Update to Spring 3.0.6.
|
2011-08-19 15:06:26 -07:00 |
Luke Taylor
|
3e4fc0b948
|
SEC-1795: Fix possible NPEs in AclImpl.equals()
|
2011-08-19 11:45:34 -07:00 |
Luke Taylor
|
a4c05239e5
|
SEC-1719: Lithuanian messages translation.
|
2011-08-19 11:17:05 -07:00 |
Luke Taylor
|
503ac9ae7c
|
SEC-1798: Remove internal evaluation of EL in JSP tag implementations.
|
2011-08-12 19:44:27 +01:00 |
Luke Taylor
|
45d938566c
|
Some tests for Base64 encoding.
|
2011-08-12 19:44:27 +01:00 |
Luke Taylor
|
59a07175a6
|
SEC-1744: Do not trust authorities contained in the authentication request in JaasAuthenticationProvider.
|
2011-08-12 19:44:27 +01:00 |
Luke Taylor
|
c618f4ab52
|
Add missing package to remoting bundlor template.
|
2011-08-12 19:44:27 +01:00 |
Luke Taylor
|
5fce0a58bd
|
SEC-1750: Make sure RunAs replacement is constrained to the SecurityContext of the current thread.
|
2011-08-12 19:44:27 +01:00 |
Luke Taylor
|
b48fc53fa2
|
SEC-1741: Modify ContextPropagatingRemoteInvocation to pass a simple combination of principal/credentials as Strings, rather than serializing the whole SecurityContext object from the client.
|
2011-08-12 19:44:27 +01:00 |
Luke Taylor
|
249610c7ed
|
SEC-1742: Remove deprecated "includeDetailsObject" field from DaoAuthenticationProvider.
|
2011-08-12 19:44:26 +01:00 |
Luke Taylor
|
1976cb1bf7
|
SEC-1742: Deprecate use of extraInformation field in AuthenticationException, making it transient and removing any sensitive data in UserDetails objects which are stored in it.
|
2011-08-12 19:44:26 +01:00 |
Luke Taylor
|
824464516c
|
SEC-1790: Reject redirect locations containing CR or LF.
|
2011-08-12 19:44:26 +01:00 |
Luke Taylor
|
6333909107
|
SEC-1797: Create a new session in AbstractPreAuthenticatedProcessingFilter when the existing session is invalidated on detecting a principal change.
|
2011-08-12 19:07:17 +01:00 |
Luke Taylor
|
74daa68691
|
SEC-1796: Check for annotated annotations at class/interface level. Previously only the specific security annotation was checked for. By delegating to Spring's AnnotationUtils, custom annotations carrying the security annotation are also detected.
|
2011-08-12 14:29:55 +01:00 |
Luke Taylor
|
8ce4d326f5
|
Update HttpClient to 4.1.2 and removed incorrect bundlor references to commons version.
|
2011-08-12 00:23:29 +01:00 |
Luke Taylor
|
0120643721
|
SEC-1794: Convert OpenIDAuthenticationStatus to an enum.
|
2011-08-10 17:09:33 +01:00 |
Luke Taylor
|
0c2a950fa0
|
SEC-1788: Avoid unnecessary call to getPreAuthenticatedPrincipal() in AbstractPreAuthenticatedProcessingFilter when not checking for principal changes is not enabled.
|
2011-08-10 17:07:09 +01:00 |
Rob Winch
|
7399c9a7a5
|
SEC-1792: Fixed NullPointerException in RunAsUserToken#toString()
|
2011-07-29 09:55:18 -05:00 |
Rob Winch
|
dfd467f26e
|
cleaned imports in RunAsUserToken
|
2011-07-29 09:39:02 -05:00 |
Luke Taylor
|
7e44580c75
|
Minor refactoring of aspects tests.
|
2011-07-20 17:42:05 +01:00 |
Luke Taylor
|
8740efc0f5
|
Added constructor injection options to ConcurrentSessionFilter
|
2011-07-18 15:09:31 +01:00 |
Luke Taylor
|
a1c714cff4
|
SEC-1754: Added an InvalidSessionStrategy to allow SessionManagementFilter to delegate out the behaviour when an invalid session identifier is submitted.
|
2011-07-14 16:43:02 +01:00 |
Luke Taylor
|
ac3d8b25f2
|
Expand LDAP authentication FAQ with information about bind authentication and unreadable password attributes.
|
2011-07-14 13:13:39 +01:00 |
Luke Taylor
|
8440743108
|
Remove Sql query objects from JdbcTokenRepositoryImpl in favour of direct JdbcTemplate use.
|
2011-07-13 23:28:41 +01:00 |
Luke Taylor
|
89fa771093
|
SEC-1753: Cater for missing DiscoveryInformation object in OpenID4JavaConsumer.endConsumption.
|
2011-07-13 22:29:47 +01:00 |
Luke Taylor
|
700fa9e0b6
|
SEC-1772: remote URL decoding of targetUrlParameter in AbstractAuthenticationTargetUrlRequestHandler.
|
2011-07-13 22:13:52 +01:00 |
Luke Taylor
|
de97bac85b
|
SEC-1763: Prevent nested switches in SwitchUserFilter by calling attemptExitUser() before doing the switch.
|
2011-07-13 21:59:11 +01:00 |
Luke Taylor
|
a504cfae1a
|
SEC-1770: Call refreshLastRequest on the session registry rather than the SessionInformation object to make sure it works with alternative SessionRegistry implementations.
|
2011-07-13 20:56:47 +01:00 |
Luke Taylor
|
d5946b81b4
|
Added FAQ on how to add ApacheDS entries to pom.
|
2011-07-13 17:50:29 +01:00 |
Luke Taylor
|
c117c643df
|
SEC-1782: Javadoc correction for LdapAuthenticationProvider.
|
2011-07-12 01:50:24 +01:00 |
Rob Winch
|
330f82f562
|
SEC-1777: Corrected log in HttpSessionSecurityContextRepository to reference itself instead of HttpSessionContextIntegrationFilter
|
2011-07-09 19:24:12 -05:00 |
Florian Fankhauser
|
2e83d98c8f
|
SEC-1776: Corrected typo in manual
|
2011-07-09 19:24:12 -05:00 |
Rob Winch
|
825f0061fb
|
SEC-1761: Support HttpOnly Flag for Cookies when using Servlet 3.0
|
2011-07-09 19:23:51 -05:00 |
Luke Taylor
|
56e86dd36f
|
Adding assertions on constructor arg values.
|
2011-07-06 20:50:25 +01:00 |
Luke Taylor
|
f92589f051
|
Extract a SecurityFilterChain interface and create a default implementation to facilitate other configuration options.
|
2011-07-06 00:12:48 +01:00 |