Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 07:37:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,852 Commits 34 Branches 337 Tags
Commit Graph

1587 Commits

Author SHA1 Message Date
Luke Taylor
59543af4fb SEC-826: Support for JPA PersistenceContext annotation broken 
http://jira.springframework.org/browse/SEC-826 Moved all injection post-processing to BeanPostProcessors (and deleted bean factory post-processor) to prevent early instantiation problems. Beas should now all be instantiated before the injection takes place.
 2008-05-14 16:41:52 +00:00
Luke Taylor
1fee538c7e Fixed typo in setter method (uses of). 2008-05-13 15:32:30 +00:00
Luke Taylor
ae2470127c Fixed typo in setter method "seAttributePrefix" 2008-05-13 13:51:49 +00:00
Luke Taylor
e1b226ee57 Added 2.0.2 namespace file 2008-05-10 17:16:46 +00:00
Luke Taylor
add2649397 Javadoc typo. 2008-05-09 18:09:56 +00:00
Luke Taylor
781d88bd30 OPEN - issue SEC-825: Query string isn't beig stripped from URLs when ant matcher is in use (regression issue) 
http://jira.springframework.org/browse/SEC-825. Make sure the property is set on DefaultFilterInvocationDefinitionSource when ant paths are in use.
 2008-05-09 18:08:32 +00:00
Luke Taylor
883b92e7bd SEC-822: Converted to long arithmetic to prevent integer overflowing with long token validity periods 2008-05-08 15:07:40 +00:00
Luke Taylor
301d021bf5 SEC-817: NPE in org.springframework.security.config.FilterChainProxyPostProcessor 
Reversed order of beanName.equals() call as suggested.
 2008-05-07 13:58:53 +00:00
Luke Taylor
8ad2d681ab SEC-818: Changed redirect URL validation to ignore potential property placeholders at parsing time and report a warning through the parser context rather than an error. Also validated the URLs in the beans themselves using Asserts, so an exception will occur later when the beans have been created rather than while assembling the bean definitions. 2008-05-07 13:49:20 +00:00
Luke Taylor
afc757e618 Removed reference to LdapDataAccessException since it isn't actually mentioned except in javadoc 2008-05-06 14:43:52 +00:00
Luke Taylor
c333070fe3 Javadoc tidying 2008-05-06 13:59:46 +00:00
Luke Taylor
fca3a2a709 SEC-812: Added missing TextUtils file 2008-05-05 19:09:09 +00:00
Luke Taylor
fa44c74993 SEC-812: Added entity-escaping of username stored under last username key, to prevent problems if it is rendered in a page without escaping the text. 2008-05-05 18:37:02 +00:00
Luke Taylor
06719053f1 Removed commons lang dependency. 2008-05-05 17:18:47 +00:00
Ben Alex
9961c7f867 Moved to correct build location. 2008-05-02 10:52:57 +00:00
Ben Alex
7a2e1e13d3 SEC-811: Provide a mechanism to allocate and rebuild cryptographically strong, randomised tokens. 2008-05-02 10:38:56 +00:00
Luke Taylor
a599ef5398 [maven-release-plugin] prepare for next development iteration 2008-05-01 20:09:03 +00:00
Luke Taylor
3e808335a4 [maven-release-plugin] prepare release spring-security-parent-2.0.1 2008-05-01 20:07:46 +00:00
Luke Taylor
6ecfa0541f SEC-806: Osgi-ified more modules 2008-05-01 17:11:31 +00:00
Luke Taylor
4984d4be65 OPEN - issue SEC-757: Add validation of redirect URLs on namespace 
http://jira.springframework.org/browse/SEC-757. Added validation method to ConfigUtils and calls to it for url attributes.
 2008-05-01 16:39:31 +00:00
Luke Taylor
0df9dee9dd SEC-806: Improved OSGi bundle version information support 2008-04-30 18:02:47 +00:00
Luke Taylor
81ebd094ff OPEN - issue SEC-808: Switch namespace schema version to 2.0.1 and update spring.schemas 
http://jira.springframework.org/browse/SEC-808. Replaced 2.0 text with that from the 2.0 release, rather than the website schema.
 2008-04-29 18:59:25 +00:00
Luke Taylor
473f6a32c6 OPEN - issue SEC-808: Switch namespace schema version to 2.0.1 and update spring.schemas 
http://jira.springframework.org/browse/SEC-808. Created new 2.0.1 schema files and updated tests to use them.
 2008-04-29 18:53:33 +00:00
Luke Taylor
8281aeb0da SEC-807: Allow mapping to a standard Ldap UserDetails through the namespace 
http://jira.springframework.org/browse/SEC-807. Added extra test for Ldap provider parser.
 2008-04-29 18:01:59 +00:00
Luke Taylor
e4b32b8d29 OPEN - issue SEC-807: Allow mapping to a standard Ldap UserDetails through the namespace 
http://jira.springframework.org/browse/SEC-807. Added support for user-details-class attribute to ldap-authentication-provider and ldap-user-service.
 2008-04-29 16:53:24 +00:00
Luke Taylor
104716fedb SEC-805: Add extra fields to InetOrgPerson 
http://jira.springframework.org/browse/SEC-805. Added a substantial number of new fields to the class.
 2008-04-29 14:39:58 +00:00
Luke Taylor
ef112f7967 Fixed autoboxing problem. 2008-04-28 15:26:20 +00:00
Luke Taylor
341455cde4 SEC-799: Import cleaning following other changes. 2008-04-28 15:19:25 +00:00
Luke Taylor
2d692718e0 SEC-799: Add better detection of missing server-ref element for <ldap-user-service> and <ldap-authentication-provider /> 
http://jira.springframework.org/browse/SEC-799. Updated ContextSourceSettingPostProcessor to set the standard ContextSource as an alias if it is needed by a bean but has not been set (because the user specified their own server id on <ldap-server />).
 2008-04-28 15:01:20 +00:00
Luke Taylor
270fa92780 Improved Javadoc comment 2008-04-28 09:20:37 +00:00
Luke Taylor
d3a0f05de9 SEC-783: GlobalMethodSecurityBeanDefinitionParser should support AfterInvocationProviders 
http://jira.springframework.org/browse/SEC-783. Added support for custom-after-invocation-provider
 2008-04-25 12:28:30 +00:00
Luke Taylor
348d211b8c SEC-797: Minor javadoc correction. 2008-04-24 23:12:55 +00:00
Luke Taylor
d1e23b3d2c SEC-783: Added custom-after-invocation-provider element to namespace. 2008-04-24 02:02:23 +00:00
Luke Taylor
1090072fff SEC-795: Add check for protected login page when using namespace 
http://jira.springframework.org/browse/SEC-795. I've added checks for the various scenarios which will result in a protected login page and suitable warning messages.
 2008-04-24 01:59:19 +00:00
Luke Taylor
5d51b35cfa SEC-792: Filters should only be added to the default stack if they are labelled using custom-filter. 
http://jira.springframework.org/browse/SEC-792. Updated FilterChainProxyPostProcessor to raise an exception if two filters have the same order, and also to unwrap wrapped filters once the sorting by order has been performed.
 2008-04-23 23:19:44 +00:00
Luke Taylor
38774ec94f SEC-792: Filters should only be added to the default stack if they are labelled using custom-filter. 
http://jira.springframework.org/browse/SEC-792. The filters are now maintained as a list in the context and have to be stored there explicitly on registration.
 2008-04-23 16:06:54 +00:00
Luke Taylor
01185475a1 OPEN - issue SEC-793: ldap-authentication-provider element parser ignores hash attribute. 
http://jira.springframework.org/browse/SEC-793. Added support for hash attribute. password-encoder still takes precendence with a warning if both are present.
 2008-04-23 12:50:09 +00:00
Luke Taylor
7e63fe7357 SEC-790: DefaultLoginPageGeneratingFilter should be a better HTTP citizen 
http://jira.springframework.org/browse/SEC-790. Applied submitted patch.
 2008-04-23 00:41:52 +00:00
Luke Taylor
8ea7487ec3 Removed unused method. 2008-04-22 23:20:49 +00:00
Luke Taylor
ec81e780b2 Import cleaning. 2008-04-22 22:27:51 +00:00
Luke Taylor
599d9fea04 Minor improvements to toString() methods for logging. 2008-04-22 22:21:20 +00:00
Luke Taylor
b2e9e82727 Fixed typo in message. 2008-04-22 21:54:54 +00:00
Luke Taylor
63decfeb93 SEC-761: HttpSessionContextIntegrationFilter.contextObject should be created in afterPropertiesSet(), not the constructor 
http://jira.springframework.org/browse/SEC-761. Added call to generateNewContext() in the afterPropertiesSet() method to take account of custom security context classes.
 2008-04-22 21:51:12 +00:00
Luke Taylor
1ae167434a SEC-756: Add checks for duplicate use of namespace elements such as global-method-security 
http://jira.springframework.org/browse/SEC-756. Refactored HttpSecurityBDP and added check for duplicate usage of the element.
 2008-04-22 21:25:35 +00:00
Luke Taylor
083644f2fe SEC-756: Refactored GlobalMethodSecurityDefinitionParser and added check for duplicate registration. 2008-04-22 18:25:35 +00:00
Luke Taylor
1258fa854e SEC-788: x509 authentication does not work properly 
http://jira.springframework.org/browse/SEC-788. Added check for X509 element when choosing entry point, if nothing else is available.
 2008-04-22 14:53:11 +00:00
Luke Taylor
e12b6afefa SEC-776: Http Session created for Anonymous request 
http://jira.springframework.org/browse/SEC-776. Added AuthenticationtrustResolver to HttpSCIF to check for anonymous authentication.
 2008-04-22 13:22:38 +00:00
Luke Taylor
88ea87642a SEC-791: RequestKey.equals throws NPE if method is null 
http://jira.springframework.org/browse/SEC-791. Fixed handling of equals when one http method is null.
 2008-04-22 12:32:33 +00:00
Luke Taylor
9eaa1cbbdd OPEN - issue SEC-789: Add support for optional role-prefix attribute to namespace 
http://jira.springframework.org/browse/SEC-789. Added role-prefix attribute to ldap provider and jdbc/ldap user-service elements.
 2008-04-21 18:29:54 +00:00
Luke Taylor
aba5a22b6c SEC-789: Add support for optional role-prefix attribute to namespace 
http://jira.springframework.org/browse/SEC-789. Added support for role-prefix to jdbc-user-service element.
 2008-04-21 17:44:32 +00:00