Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,750 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

4750 Commits

Author SHA1 Message Date
Rob Winch c8b847f1ed SEC-1858: Added integration tests to validate that the xsd is documented in the reference 2011-11-11 11:44:55 -06:00
Rob Winch f88b6f75ff SEC-1858: Overhall the namespace appendix of the reference to include missing elements and attributes 2011-11-11 09:00:53 -05:00
Rob Winch de397bc0ce SEC-1858: Updated xsd documentation to have documentation for all elements/attributes and added documentation of default values where appropriate 2011-11-11 09:00:53 -05:00
Dave Syer 8565116f20 SEC-1472: Add crypto wrappers for BCrypt 2011-11-02 18:10:19 +00:00
Dave Syer 944d762da9 Add eclipse generated meta-inf to ignores 2011-11-02 17:47:44 +00:00
Luke Taylor 3b13a3fb25 SEC-1812: Replace assertion with warning message when overriding the global AuthenticationManager. 2011-11-02 14:23:59 +00:00
Luke Taylor 8e1d407e3e SEC-1848: LDAP encode name when using user DN patterns in AbstractLdapAuthenticator. 2011-11-01 13:28:56 +00:00
Luke Taylor 8fd2963e6b Deprecate storage of Authentication object in AuthenticationException. 2011-11-01 13:05:53 +00:00
Luke Taylor b60367e30c Upgrade to validater 4.2 2011-11-01 00:20:45 +00:00
Luke Taylor 0bccbbfc18 SEC-1779: Make new getters protected rather than public. 2011-11-01 00:20:34 +00:00
Luke Taylor 178765cf83 SEC-1836: Forgot taglib comment update. 2011-11-01 00:19:37 +00:00
Luke Taylor f456db267f SEC-1779: Added getters for success and failure handlers to AbstractAuthenticationProcessingFilter. 2011-11-01 00:06:23 +00:00
Luke Taylor 30088f19ae SEC-1806: Log that bean definition is being created rather than bean in LdapServerBDP. 2011-10-31 23:50:06 +00:00
Luke Taylor 09ac4bd8f9 SEC-1833: Remove unused securityContextClass from HttpSessionSecurityContextRepository. 2011-10-31 23:44:43 +00:00
Luke Taylor fc399af136 SEC-1836: use GET as the default method with authorize tag. 2011-10-31 23:23:37 +00:00
Luke Taylor 2f67bb3032 SEC-1847: Add authentication-manager-ref attribute to http and global-method-security namespace elements. 2011-10-30 21:51:02 +00:00
Luke Taylor bce4d81142 Mark overriding "extraInformation" methods in account status exceptions as deprecated. 2011-10-30 21:47:04 +00:00
Luke Taylor c0c283029a Upgrade Jetty version. 2011-10-30 21:45:58 +00:00
Luke Taylor 44e2543015 Minor changes to make filter chain validation more robust with custom request matchers. 2011-10-24 21:21:10 +01:00
Luke Taylor f2786805e6 SEC-1841: Added request-matcher-ref attribute to namespace for defining a filter chain. 2011-10-21 20:04:35 +01:00
Luke Taylor 58f7d3acc6 SEC-1835: Changed xsd:ID to xsd:token. 2011-10-21 18:35:06 +01:00
Luke Taylor f1e63f3008 SEC-1802: Add digits to valid URL scheme regex. 2011-10-21 17:25:50 +01:00
Rob Winch 2fd0a65049 SEC-1839: Updated preauth example to use </security:authentication-manager> instead of </security-authentication-manager> 2011-10-18 19:18:56 -05:00
Luke Taylor ac6ed671a1 SEC-1830: Use constructor injection in namespace parsing code for creation of ProviderManager 2011-09-26 18:24:36 +01:00
Luke Taylor 9d66e1fac3 Exclude static resources from filter chain in tutorial sample. 2011-09-25 22:30:14 +01:00
Luke Taylor 2953f56b2b Remove ancient code formatter artifacts. 2011-09-25 21:17:21 +01:00
Luke Taylor 869c6a7c18 SEC-1800: Set input size to 30 for OpenID login. 2011-09-25 21:13:37 +01:00
Luke Taylor 44364d0101 SEC-1826: Empty attribute list should be treated the same as null in DelegatingMethodSecurityMetadataSource. 2011-09-24 14:36:54 +01:00
Luke Taylor be8ee61f82 PreInvocationAuthorizationAdviceVoter was checking the wrong type in its "supports" method. 
This isn't actually used, but is still incorrect.
 2011-09-24 13:13:38 +01:00
Luke Taylor a573e7b395 SEC-1820: Added null check for attributesToFetch in OpenID4JavaConsumer. 2011-09-20 21:46:21 +01:00
Rob Winch 4a000d040c SEC-1815: Downgrade openid to use HttpClient 4.1.1 to avoid bug in openid4java's usage of HttpClient 2011-09-18 18:52:27 -05:00
Luke Taylor 359bd7c468 SEC-1804: Updated Javadoc wrt immutability of User class. 2011-08-25 10:50:50 +01:00
Luke Taylor 7bde24af6c Reset version to 3.1.0.CI-SNAPSHOT. 2011-08-19 15:24:45 -07:00
Luke Taylor 9e619611ae Set release version to 3.1.0.RC3 2011-08-19 15:24:44 -07:00
Luke Taylor 8ce6c73802 Add check for empty attributes list as well as null, in DelegatingMethodSecurityMetadataSource 2011-08-19 15:24:44 -07:00
Luke Taylor d6b7b52a79 Update to Spring 3.0.6. 2011-08-19 15:06:26 -07:00
Luke Taylor 3e4fc0b948 SEC-1795: Fix possible NPEs in AclImpl.equals() 2011-08-19 11:45:34 -07:00
Luke Taylor a4c05239e5 SEC-1719: Lithuanian messages translation. 2011-08-19 11:17:05 -07:00
Luke Taylor 503ac9ae7c SEC-1798: Remove internal evaluation of EL in JSP tag implementations. 2011-08-12 19:44:27 +01:00
Luke Taylor 45d938566c Some tests for Base64 encoding. 2011-08-12 19:44:27 +01:00
Luke Taylor 59a07175a6 SEC-1744: Do not trust authorities contained in the authentication request in JaasAuthenticationProvider. 2011-08-12 19:44:27 +01:00
Luke Taylor c618f4ab52 Add missing package to remoting bundlor template. 2011-08-12 19:44:27 +01:00
Luke Taylor 5fce0a58bd SEC-1750: Make sure RunAs replacement is constrained to the SecurityContext of the current thread. 2011-08-12 19:44:27 +01:00
Luke Taylor b48fc53fa2 SEC-1741: Modify ContextPropagatingRemoteInvocation to pass a simple combination of principal/credentials as Strings, rather than serializing the whole SecurityContext object from the client. 2011-08-12 19:44:27 +01:00
Luke Taylor 249610c7ed SEC-1742: Remove deprecated "includeDetailsObject" field from DaoAuthenticationProvider. 2011-08-12 19:44:26 +01:00
Luke Taylor 1976cb1bf7 SEC-1742: Deprecate use of extraInformation field in AuthenticationException, making it transient and removing any sensitive data in UserDetails objects which are stored in it. 2011-08-12 19:44:26 +01:00
Luke Taylor 824464516c SEC-1790: Reject redirect locations containing CR or LF. 2011-08-12 19:44:26 +01:00
Luke Taylor 6333909107 SEC-1797: Create a new session in AbstractPreAuthenticatedProcessingFilter when the existing session is invalidated on detecting a principal change. 2011-08-12 19:07:17 +01:00
Luke Taylor 74daa68691 SEC-1796: Check for annotated annotations at class/interface level. Previously only the specific security annotation was checked for. By delegating to Spring's AnnotationUtils, custom annotations carrying the security annotation are also detected. 2011-08-12 14:29:55 +01:00
Luke Taylor 8ce4d326f5 Update HttpClient to 4.1.2 and removed incorrect bundlor references to commons version. 2011-08-12 00:23:29 +01:00