Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-30 16:52:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,134 Commits 38 Branches 345 Tags
Commit Graph

4134 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Luke Taylor
9dd6a5eb8f SEC-1499: Added some Javadoc and doc on the problems of using session-fixation protection with attributes that implement HttpSessionBindingListener. 2010-07-23 16:27:57 +01:00
Luke Taylor
d7d8448120 SEC-1521: Add check for null SecurityContextRepository and clarify related docs on use of null implementation (NullSecurityContextRepository). 2010-07-23 15:59:53 +01:00
Luke Taylor
e659e15f90 Tidying. 2010-07-23 01:57:45 +01:00
Luke Taylor
2afccfc633 Remove commons-logging dependency properly and switch tutorial sample to logback/slf4j. 2010-07-23 01:57:31 +01:00
Luke Taylor
118af45b8e SEC-1520: Close NamingEnumeration in LDAP compare implementation. 2010-07-21 16:54:44 +01:00
Luke Taylor
36e0fb6d91 SEC-1518: Fix element ordering in security.tld 2010-07-21 16:16:15 +01:00
Luke Taylor
7ce29d3e3d Don't set GAE location unless property available 2010-07-21 15:40:29 +01:00
Luke Taylor
a681dee0e1 Minor sample build changes. JSTL dependency update. 2010-07-20 23:45:20 +01:00
Luke Taylor
e5a302b5c4 SEC-1490: Correct loggedout URL. 2010-07-20 23:43:43 +01:00
Luke Taylor
5d35919ca3 SEC-1490: Code for GAE Sample webapp 2010-07-20 23:41:31 +01:00
Luke Taylor
c1c8fd1874 SEC-1171: Changed attribute name/value from secured="false" to security="none" to allow future extension by adding extra options (e.g. contextOnly to provide security context information during the request). 2010-07-20 19:46:47 +01:00
Luke Taylor
a4fd191499 Added check for use of "ref" with other attributes in <authentication-provider>. 2010-07-20 14:31:52 +01:00
Luke Taylor
ea5f2088b5 Comment out OpenLDAP tests to allow running in IDEA, and reduce default load configuration of performance test class. 2010-07-12 12:40:19 +01:00
Luke Taylor
4683273c2c Correct message in namespace handler when web classes are missing. 2010-07-12 12:40:06 +01:00
Luke Taylor
69a10c48ae Switch to using slf4j/logback for logging. 
We still compile modules against commons-logging but all runtime logging and samples will use logback
 2010-07-12 12:39:52 +01:00
Luke Taylor
ed447f63f6 Added intellij plugin to gradle build. 2010-07-07 22:42:27 +01:00
Luke Taylor
6894544122 Fixed serialization issue with gradle TarUpload task 2010-07-07 22:42:27 +01:00
Luke Taylor
ae7fbf69e1 Added intellij files to .gitignore 2010-07-07 22:42:27 +01:00
Luke Taylor
d704a3bb4a Prevent source jars from being included in the gradle 'default' configuration and thus being included as dependencies in war files etc. 2010-07-07 22:42:27 +01:00
Luke Taylor
443ac0487a SEC-1093: Namespace support for jee element. 
Adds a J2eePreAuthenticatedProcessingFilter to the stack, using a SimpleAttributes2GrantedAuthoritiesMapper to process the role attributes defined in the "mappable-roles" attribute. Provider uses a PreAuthenticatedGrantedAuthoritiesUserDetailsService by default.
 2010-07-07 22:42:26 +01:00
Scott Battaglia
565ef7383d SEC-1513 
upgraded to latest version of cas client
 2010-07-06 22:09:24 -04:00
Luke Taylor
080710e023 Minor doc updates on default filters created by namespace. 2010-07-06 13:29:11 +01:00
Luke Taylor
06368f956a Minor doc/javadoc updates to clarify use of UserDetailsContextapper. 2010-07-04 15:13:27 +01:00
Luke Taylor
d6159e884a Some minor doc fixes. 2010-07-03 13:11:39 +01:00
Luke Taylor
8ad6cbbe85 SEC-1508: Update docbook processing to use Docbook 5 namespaces. 2010-07-03 13:10:48 +01:00
Luke Taylor
6093dbce7e Converted test to use namespace to set method securityMetadataSource property. 2010-07-02 20:00:01 +01:00
Luke Taylor
03fa8fce4d SEC-1507: Applied patch to return empty authority list rather than null from RoleHierarchyImpl. 2010-07-02 19:51:00 +01:00
Luke Taylor
8615369697 Added information on config jar to instructions on getting started using namespace. 2010-06-30 13:45:13 +01:00
Luke Taylor
8df356de29 SEC-1471: Allow use of a RequestMatcher with HttpSessionRequestCache to configure which requests should be cached by calls to saveRequest. 
Also removed the justUseSavedRequestOnGet property, as this behaviour can be controlled by the RequestMatcher.
 2010-06-28 19:51:30 +01:00
Luke Taylor
c8ceca35b4 Extra files to gitignore 2010-06-26 16:55:09 +01:00
Luke Taylor
026517f674 Removal of deprecated methods and classes. 2010-06-26 16:23:42 +01:00
Luke Taylor
6a79cf7be2 SEC-1383: Make MethodSecurityMetadataSourceBeanDefinitionParser extend AbstractBeanDefinitionParser for automatic support of ID attribute. 2010-06-26 16:07:23 +01:00
Luke Taylor
4da4734750 Minor doc link updates and tidying. 2010-06-26 13:20:48 +01:00
Luke Taylor
ad82e6a575 SEC-1493: Documentation of support for erasing credentials. 2010-06-26 12:27:49 +01:00
Luke Taylor
09176b0af4 SEC-1501: Fix bean classname in Javadoc for SwitchUserFilter. 2010-06-25 19:45:34 +01:00
Luke Taylor
cd946c4e23 SEC-1493: Added namespace support. 2010-06-20 21:09:38 +01:00
Luke Taylor
db913f6857 SEC-1493: Added CredentialsContainer interface and implemented it in User, AbstractAuthenticationToken and UsernamePasswordAuthenticationToken. ProviderManager makes use of this to erase the credentials of the returned Authentication object (and its contents) if configured to do so by setting the 'eraseCredentialsAfterAuthentication' property. 2010-06-20 21:09:33 +01:00
Luke Taylor
ea8d37892c SEC-1496: Added support for use of any non-standard URL schemes in DefaultRedirectStrategy. 2010-06-18 03:33:49 +01:00
Luke Taylor
48016969ee Upgrade build to Spring 3.0.3.RELEASE 2010-06-18 02:07:12 +01:00
Luke Taylor
4d10d4b67f SEC-1500: Convert AbstractRetryEntryPoint to use requestURI to correctly encode URLs. 2010-06-18 01:34:07 +01:00
Luke Taylor
c673a78103 Upgrade maven build to Spring 3.0.3.BUILD_SNAPSHOT. 2010-06-15 00:17:19 +01:00
Luke Taylor
d56adb8ffb SEC-1495: Convert User class equals and hashcode methods to only use the "username" property. 
This prevents situations where other data may have changed when a User object is reloaded (during a subsequent authentication attempt, in which case and Set.contains()/Map.containsKey() will return false even though the collection in question contains a principal representing the same user.
 2010-06-10 22:27:50 +01:00
Luke Taylor
1dd4787194 Added note in namespace chapter clarifying that method security only applies to Spring beans, plus aspectj mode info to appendix. 2010-06-10 22:17:58 +01:00
Luke Taylor
5939f17708 Fix openid sample configuration. 2010-06-09 22:52:43 +01:00
Luke Taylor
76ebb759f3 Removed unnecessary casts. 2010-06-08 22:56:59 +01:00
Luke Taylor
8bddc8f820 SEC-1484: Documentation for some namespace attributes. 2010-06-05 17:35:24 +01:00
Luke Taylor
0d94e75a93 SEC-1171: Documentation of changes related to use of multiple <http> elements. 2010-06-05 17:12:33 +01:00
Luke Taylor
6a37e4be86 Fix OpenID sample to use new syntax for excluding requests. 2010-06-05 16:53:01 +01:00
Luke Taylor
2e865752ff Upgraded groovy to 1.7.2 to avoid jansi dependency issue 2010-06-03 23:13:28 +01:00
Luke Taylor
efb600166a SEC-1488: Remove commons-logging dependencies from maven poms. 2010-05-28 13:10:59 +01:00