Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,530 Commits 29 Branches 320 Tags 104 MiB
Commit Graph

2141 Commits

Author SHA1 Message Date
Luke Taylor 2953f56b2b Remove ancient code formatter artifacts. 2011-09-25 21:17:21 +01:00
Luke Taylor 44364d0101 SEC-1826: Empty attribute list should be treated the same as null in DelegatingMethodSecurityMetadataSource. 2011-09-24 14:36:54 +01:00
Luke Taylor be8ee61f82 PreInvocationAuthorizationAdviceVoter was checking the wrong type in its "supports" method. 
This isn't actually used, but is still incorrect.
 2011-09-24 13:13:38 +01:00
Luke Taylor 359bd7c468 SEC-1804: Updated Javadoc wrt immutability of User class. 2011-08-25 10:50:50 +01:00
Luke Taylor 8ce6c73802 Add check for empty attributes list as well as null, in DelegatingMethodSecurityMetadataSource 2011-08-19 15:24:44 -07:00
Luke Taylor d6b7b52a79 Update to Spring 3.0.6. 2011-08-19 15:06:26 -07:00
Luke Taylor a4c05239e5 SEC-1719: Lithuanian messages translation. 2011-08-19 11:17:05 -07:00
Luke Taylor 59a07175a6 SEC-1744: Do not trust authorities contained in the authentication request in JaasAuthenticationProvider. 2011-08-12 19:44:27 +01:00
Luke Taylor 5fce0a58bd SEC-1750: Make sure RunAs replacement is constrained to the SecurityContext of the current thread. 2011-08-12 19:44:27 +01:00
Luke Taylor 249610c7ed SEC-1742: Remove deprecated "includeDetailsObject" field from DaoAuthenticationProvider. 2011-08-12 19:44:26 +01:00
Luke Taylor 1976cb1bf7 SEC-1742: Deprecate use of extraInformation field in AuthenticationException, making it transient and removing any sensitive data in UserDetails objects which are stored in it. 2011-08-12 19:44:26 +01:00
Luke Taylor 74daa68691 SEC-1796: Check for annotated annotations at class/interface level. Previously only the specific security annotation was checked for. By delegating to Spring's AnnotationUtils, custom annotations carrying the security annotation are also detected. 2011-08-12 14:29:55 +01:00
Rob Winch 7399c9a7a5 SEC-1792: Fixed NullPointerException in RunAsUserToken#toString() 2011-07-29 09:55:18 -05:00
Rob Winch dfd467f26e cleaned imports in RunAsUserToken 2011-07-29 09:39:02 -05:00
Luke Taylor 56e86dd36f Adding assertions on constructor arg values. 2011-07-06 20:50:25 +01:00
Luke Taylor 2d271666a4 Add constructors to facilitate constructor-based injection for required/shared bean properties. 2011-07-05 20:25:49 +01:00
Rob Winch c3a3a5bfbf Updated core.gradle to include crypto as referenced project in eclipse 2011-06-21 07:22:35 -05:00
Luke Taylor d253f5e109 SEC-1768: Use AopProxyUtils.ultimateTargetClass() to cater for the situation where the security interceptor is being applied to a proxy. 2011-06-18 14:35:56 +01:00
Luke Taylor 571bfc4869 Refactoring to use Utf8 encoder instead of String.getBytes("UTF-8"). 2011-06-14 18:47:50 +01:00
Luke Taylor 361b77685d Add crypto as an exported dependency of core in IDEA configuration. 2011-06-14 18:47:49 +01:00
Luke Taylor 2b8d4684a1 SEC-1764: Ensure password encoders use UTF-8 charset when creating strings from byte arrays. 2011-06-14 18:47:49 +01:00
Luke Taylor e27f655e9d SEC-1689: Re-instate crypto as separate library (for use in non-Spring Security apps), as well as packaging with core. 2011-06-10 00:01:25 +01:00
Luke Taylor 6d04670f87 SEC-1695: Allow customization of the session key under which the SecurityContext is stored. 2011-05-25 19:51:47 +01:00
Luke Taylor 42e0e158b4 Simplify Digester utility class. 2011-05-25 19:09:08 +01:00
Luke Taylor 21295a58e5 SEC-1751: Applied patch to use zero-IV for queryable text encryption. 2011-05-23 20:10:16 +01:00
Luke Taylor 5a4aed238c SEC-1752: Fixed Utf8 codec to take account of the limit of the ByteBuffer returned by CharsetEncoder.encode(). 2011-05-23 18:55:25 +01:00
Luke Taylor 63f160dc72 SEC-1749: Add support for PageContext lookup of objects and use of PermissionEvaluator when using web access expressions. 2011-05-19 15:27:35 +01:00
Luke Taylor c758f36629 Forgot to add version information test previously 2011-05-17 23:54:43 +01:00
Luke Taylor 295ea27526 SEC-1743: Separate remoting from core into separate module. 2011-05-16 00:19:30 +01:00
Luke Taylor 396eced291 Add test to check version information. 2011-05-07 17:15:02 +01:00
Luke Taylor 6a2a636fd7 Update Javadoc for UserDetailsManager to reflect that the new password doesn't need to be stored in the security context (and probably shouldn't be). 2011-05-07 16:20:12 +01:00
Luke Taylor a2858240f1 SEC-1728: Remove references to SUN provider and incorrect seeding of SecureRandom in SecureRandomBytesKeyGenerator. 2011-04-27 22:10:17 +01:00
Luke Taylor 73fb1764b8 SEC-1730: Fix broken KeyGenerators method. 2011-04-26 19:06:45 +01:00
Luke Taylor 614d8c0321 SEC-1723: Use standard SpEL syntax for accessing beans in the app context by name. 2011-04-22 13:47:59 +01:00
Luke Taylor 8178371927 SEC-1700: Add fixed serializationVersionUID values to security context, authentication tokens and related classes 2011-04-21 19:55:32 +01:00
Luke Taylor 5a9aa6d1aa SEC-1700: Allow for case where JAAS config is not a simple file, but may be a jar resource, for example. 2011-04-20 14:35:09 +01:00
Luke Taylor 6db7472928 SEC-1181: Added extra I18N messages for LDAP locked, disabled etc. 2011-04-15 20:10:48 +01:00
Luke Taylor 59ac4c8b96 SEC-1181: Added option to parse AD sub-error codes. 2011-04-15 20:10:48 +01:00
Luke Taylor 01c9c4e4db SEC-1697: Don't publish authorization success events in AbstractSecurityInterceptor by default. 2011-04-06 13:58:58 +01:00
Luke Taylor 8d99918798 SEC-1491: Add support for an external priority SecurityMetadataSource to be referenced from global-method-security. 2011-04-05 15:07:43 +01:00
Luke Taylor 3084ad878f SEC-1491: Added AnnotationMetadataExtractor to SecuredAnnotationSecurityMetadataSource to allow a custom security annotation to be used. 2011-04-04 19:48:27 +01:00
Luke Taylor 244047ffe9 Delete unused test entities. 2011-04-04 18:39:57 +01:00
Luke Taylor ead669f10c Move single-use annotation test classes into SecuredAnnotationSecurityMetadataDefinitionSourceTests. 2011-04-04 18:25:25 +01:00
Luke Taylor e470eaa41d SEC-1689: Moved core codec code into crypto package and removed existing duplication (Hex encoding etc). Refactoring of crypto code to use CharSequence for where possible instead of String. 2011-03-17 01:43:31 +00:00
Luke Taylor 50828cdd43 SEC-1689: Move crypto module code to core for simplicity. 2011-03-10 18:58:47 +00:00
Luke Taylor 5a6afbff95 SEC-1688: Allow injection of a PasswordEncoder from the crypto module into DaoAuthenticationProvider. 2011-03-08 16:20:26 +00:00
Luke Taylor 885f0270dc Some adjustments to the core build to make sure crypto classes are correctly exported to other tasks. 2011-03-08 16:19:51 +00:00
Luke Taylor 9d45828cb0 SEC-1689: Package crypto module classes with core. 2011-03-07 17:44:38 +00:00
Luke Taylor fd1a70edc2 SEC-1665: Add extra check of non-public declared methods in MethodInvocationAdapter, if public method cannot be found. 2011-03-04 17:45:37 +00:00
Luke Taylor 131c80f444 SEC-1690: Refactor expression PropertyAccessor for dealing with properties as beans in the ApplicationContext. 2011-03-02 16:33:25 +00:00