9ce0270226
Fixed typo in test name
2008-05-23 22:57:30 +00:00
7603ce2f97
SEC-848: Remove all Spring LDAP dependecy loading from namespace parsers
...
http://jira.springframework.org/browse/SEC-848 . Replaced class references with class names.
2008-05-23 21:30:57 +00:00
859e99edf4
SEC-851: Fix port number in LDAP sample.
2008-05-23 21:24:48 +00:00
25ba269db0
SEC-835: use setContentType on response for J2EE 1.3 compatibility.
2008-05-23 20:55:10 +00:00
11b448c0e0
SEC-847: Updated the xsl file to inline openid-login and other elements
2008-05-23 16:29:44 +00:00
08c5fe8925
Fixed autoboxing issue
2008-05-22 12:19:00 +00:00
fbe3ca48f4
SEC-823, SEC-843: Allow setting of custom RememberMeServices and token validity periodon remember-me namespace element
2008-05-21 16:03:05 +00:00
3e33b8a880
Update InMemoryXmlApplicationContext to use 2.0.2 schema
2008-05-20 22:46:37 +00:00
b60c578b25
SEC-844: Support for SHA-256 hashing.
2008-05-20 22:45:02 +00:00
03981ab6a0
SEC-844: Added sec-256 to namespace schema
2008-05-20 22:32:03 +00:00
e9adbd4d62
SEC-844, SEC-843, SEC-823: Added support for sha-256, custom remember-me services and setting of remember me token validity period to namespace schema. Also added 2.0.2 XSD file
2008-05-20 19:48:32 +00:00
29d31b72d0
SEC-837: Add special character filtering to LDAP search filters
2008-05-20 19:25:37 +00:00
3fb1f59fde
SEC-837: Add special character filtering to LDAP search filterscore/src/test/java/org/springframework/security/ldap
2008-05-20 19:22:49 +00:00
219d2e8962
Corrected link
2008-05-20 10:57:17 +00:00
ff215e6750
Minor doc fixes
2008-05-20 10:54:29 +00:00
6ae81d553b
SEC-842: Minor doc fixes
2008-05-20 10:48:59 +00:00
5af53da106
Improved doc for'filters' attribute
2008-05-18 11:09:50 +00:00
2329dadf48
Removed jalopy parameter comments
2008-05-15 17:58:15 +00:00
fb5eefeea5
SEC-740: Finished preauth chapter
2008-05-15 17:00:45 +00:00
f269373442
IDE-791: Remove explicit Spring LDAP class dependencies from LdapServerBDP.
2008-05-15 14:33:42 +00:00
4f6b4e4bfd
Make sample login pages use c:out for data output
2008-05-15 12:48:13 +00:00
8b2c0468ff
OPEN - issue SEC-834: Session fixation attack protection will cause problems with URL rewriting
...
http://jira.springframework.org/browse/SEC-834 . Modified HttpSecurityBDP to add session-fixation parameters to openId and form-login filters. Also added sessionRegistry property to AbstractProcessingFilter so that it doesn't conflict with concurrent session control.
2008-05-15 01:34:14 +00:00
d17a2da9e0
SEC-834: Session fixation attack protection will cause problems with URL rewriting
...
http://jira.springframework.org/browse/SEC-834 . Changed position of SessionFixationProtectionFilter and modified it to make a decision about whether authentication has taken place prior to calling doFilter(). Previously it did this on the return through the filter chain, which caused the problem described in this issue.
2008-05-15 00:26:27 +00:00
7f38c656ca
SEC-820: Expand regular expression used in hierarchical roles.
2008-05-14 22:59:33 +00:00
6493df13f8
SEC-803: Removed use of websphere SubjectHelper class.
2008-05-14 22:51:39 +00:00
d4defb10fe
SEC-833: Fixed login-failure-url in contacts sample app.
2008-05-14 22:41:13 +00:00
59543af4fb
SEC-826: Support for JPA PersistenceContext annotation broken
...
http://jira.springframework.org/browse/SEC-826 Moved all injection post-processing to BeanPostProcessors (and deleted bean factory post-processor) to prevent early instantiation problems. Beas should now all be instantiated before the injection takes place.
2008-05-14 16:41:52 +00:00
332f8fe5a1
SEC-624: Minor updates to docs
2008-05-13 17:16:19 +00:00
7a8eec11da
SEC-765: Brief outline of preauth sample
2008-05-13 17:14:45 +00:00
ff61644219
SEC-740: More on preauth
2008-05-13 17:13:47 +00:00
1fee538c7e
Fixed typo in setter method (uses of).
2008-05-13 15:32:30 +00:00
ae2470127c
Fixed typo in setter method "seAttributePrefix"
2008-05-13 13:51:49 +00:00
2a4d859812
SEC-829: Minor doc fix
2008-05-13 10:18:09 +00:00
15b893f9ae
SEC-809: OpenIDProcessingFilter updated to set authentication details (to make compatible with concurrent session control).
2008-05-12 20:05:24 +00:00
de886e36fa
SEC-624: Expanded general info on obtaining samples and added pointers to ldap and cas versions
2008-05-10 17:21:18 +00:00
ad9a667b75
SEC-624: Inserted sub-sections for key class definitions so they appear in toc
2008-05-10 17:19:46 +00:00
f70701d55a
SEC-624: Added section on 'getting the source' for reference from samples chapter
2008-05-10 17:18:29 +00:00
e1b226ee57
Added 2.0.2 namespace file
2008-05-10 17:16:46 +00:00
af0153d833
Extended intro to Authentication part to include pointers to tech overview and namespace config
2008-05-10 17:10:49 +00:00
d78a021fe1
Added basic intro to preauth
2008-05-10 16:07:39 +00:00
e1c17450b3
Updated faqs to add infinite loop and access denied debug message
2008-05-10 12:31:14 +00:00
add2649397
Javadoc typo.
2008-05-09 18:09:56 +00:00
781d88bd30
OPEN - issue SEC-825: Query string isn't beig stripped from URLs when ant matcher is in use (regression issue)
...
http://jira.springframework.org/browse/SEC-825 . Make sure the property is set on DefaultFilterInvocationDefinitionSource when ant paths are in use.
2008-05-09 18:08:32 +00:00
1030dca353
SEC-786: Added information on the need ofor a UserDetailsService if using auto-config/remember-me
2008-05-09 15:01:39 +00:00
b99f9d343d
SEC-624: Added some info on use of role-prefix
2008-05-09 14:25:42 +00:00
c0e829a41d
SEC-700: Added info on new remember-me imlementation and namespace config examples
2008-05-08 15:59:01 +00:00
5a1258a4ca
Corrected references to parts and reading order
2008-05-08 15:54:27 +00:00
883b92e7bd
SEC-822: Converted to long arithmetic to prevent integer overflowing with long token validity periods
2008-05-08 15:07:40 +00:00
301d021bf5
SEC-817: NPE in org.springframework.security.config.FilterChainProxyPostProcessor
...
Reversed order of beanName.equals() call as suggested.
2008-05-07 13:58:53 +00:00
8ad2d681ab
SEC-818: Changed redirect URL validation to ignore potential property placeholders at parsing time and report a warning through the parser context rather than an error. Also validated the URLs in the beans themselves using Asserts, so an exception will occur later when the beans have been created rather than while assembling the bean definitions.
2008-05-07 13:49:20 +00:00
Luke Taylor