Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-22 22:46:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,410 Commits 33 Branches 337 Tags
Commit Graph

272 Commits

Author SHA1 Message Date
Rob Winch
bd74185e41 SEC-1729: Updated openid module and sample to openid4java 0.9.6 and httpclient 4.1.1 2011-04-26 23:39:51 -05:00
Luke Taylor
c4a1ce9f1a SEC-1725: Update docs to remove references to filter-chain-map. 2011-04-25 23:38:44 +01:00
Luke Taylor
b5924db74d SEC-1725: Add option to filter-chain to use an explicit request-matcher-ref instead of a "path" attribute. 2011-04-25 23:20:15 +01:00
Luke Taylor
04dc65c8fe SEC-1657: Corresponding namespace updates to use SecurityFilterChain list in place of filterChainMap. 2011-04-25 13:48:47 +01:00
Luke Taylor
71ed6d7964 SEC-1720: Avoid bean-creation side-effects in ContextSourceSettingPostProcessor. 2011-04-20 11:58:00 +01:00
Luke Taylor
8d702a4f98 SEC-1699: Make sure a FilterInvocation is passed to the AccessDecisionManager when checking the login page access in DefaultFilterChainValidator. 2011-04-14 18:04:29 +01:00
Luke Taylor
160fed1bfe SEC-1713: Fix typo in schema RNC file. 2011-04-08 17:22:57 +01:00
Luke Taylor
3f1d8782c3 Minor fix to bundlor template for config module. 2011-04-06 14:02:01 +01:00
Luke Taylor
8d99918798 SEC-1491: Add support for an external priority SecurityMetadataSource to be referenced from global-method-security. 2011-04-05 15:07:43 +01:00
Luke Taylor
ddaf9eb64f SEC-1705: Make sure a single OpenIDAuthenticationFilter bean is created by the namespace. Likewise for UsernamePasswordAuthenticationFilter. 2011-03-31 21:09:54 +01:00
Luke Taylor
ccc548b9e4 Fixing bundlor warnings. 2011-03-08 16:20:37 +00:00
Luke Taylor
088042b3d0 Upgrade spock and groovy versions, and make sure apacheDS work directory is set for config integrationTest task. 2011-02-14 19:03:08 +00:00
Luke Taylor
bc2448419b SEC-1679: Make sure whitespace is trimmed from cookie names when specifying multiple cookies. 2011-02-14 19:02:28 +00:00
Luke Taylor
27be72a81c SEC-1677: Split out LDAP server tests from config module. 2011-02-14 19:01:27 +00:00
Luke Taylor
b0df1bd1b0 SEC-1673: Use a map to store the range values use in the bundlor templates. 2011-02-07 16:06:23 +00:00
Luke Taylor
866615ceaa SEC-1662: Cater for the case where a user uses two <http> elements without patterns and the RequestMatcher does not have two arguments. 2011-01-26 16:39:50 +00:00
Luke Taylor
2eefbf3a23 SEC-1657: Added support for 'name' attribute in <http> element to expose filter chain as a list bean. 2011-01-14 17:21:22 +00:00
Luke Taylor
6de2197c0f SEC-1653: Ensure UserDetailsServiceFactoryBean is registered using the tools API to prevent errors in STS. 2011-01-11 00:10:07 +00:00
Luke Taylor
6779822325 Remove GRADLE-1090 workarounds from config.gradle. 2011-01-07 18:28:21 +00:00
Luke Taylor
8d7830a1ee SEC-1603: Add support in namespace for use of AuthenticationSuccessHandler with remember-me. 2011-01-06 15:16:13 +00:00
Rob Winch
1ed5227d75 Removed @Override from HttpFirewallBeanDefinitionParser.parse since it does not override a method definition, it implements one. 
Fixed The method parse(Element, ParserContext) of type HttpFirewallBeanDefinitionParser must override a superclass method	HttpFirewallBeanDefinitionParser.java	/spring-security-config/src/main/java/org/springframework/security/config/http	line 23	Java Problem
 2010-12-16 22:20:20 -06:00
Luke Taylor
2be2660b13 SEC-1636: Add optimizations for simple pattern cases in AntPathRequestMatcher. "/**" and "**" are treated as universal matches and a trailing "/**" is now optimized using a substring match. 2010-12-11 21:56:35 +00:00
Luke Taylor
4a40d80da1 SEC-1418: Deprecate GrantedAuthorityImpl in favour of final SimpleGrantedAuthority. 
It should be noted that equality checks or lookups with Strings or other authority types will now fail where they would have succeeded before.
 2010-12-03 16:41:46 +00:00
Luke Taylor
441aa25383 SEC-1615: Changed key generation for anonymous provider to only use SecureRandom on demand. 2010-12-01 20:52:37 +00:00
Luke Taylor
b9a98613eb SEC-1593: Added tests to try to reproduce issue. 2010-11-03 19:37:25 +00:00
Luke Taylor
21ed5feb8d SEC-1600: Added Implementation-Version and Implementation-Title to manifest templates and checking of version numbers in namespace config module and core. Config checks the version of core it is running against and core checks the Spring version, reporting any mismatches or situations where the app is running with less than the recommended Spring version. 2010-10-27 13:25:40 +01:00
Luke Taylor
f70942c6f5 SEC-1589: Add support for property placeholder in intercept-methods access attribute. 2010-10-27 13:25:39 +01:00
Luke Taylor
173537f4f2 SEC-1584: Added namespace support for injecting custom HttpFirewall instance into FilterChainProxy. 2010-10-27 13:25:39 +01:00
Luke Taylor
0961671772 Reinstated missing 3.0.3 schema file 2010-10-27 13:25:39 +01:00
Luke Taylor
f455e9a5a4 SEC-1584: Documentation of request-checking and matching process. Logging of servletPath and and pathInfo in DebugFilter for comparison. 2010-10-27 13:25:39 +01:00
Luke Taylor
7d97adc687 SEC-1584: Addition of HttpFirewall strategy to FilterChainProxy to reject un-normalized requests and wrap the incoming request object before processing by the security filter chain to provide a more consistent representation of paths than is guaranteed by the servlet spec. The wrapper strips path parameters from pathInfo and servletPath to provide consistency of URL matching across servlet containers and protect against bypassing security constraints by the malicious addition of such parameters to the URL. The paths are canonicalized further by replacing of multiple sequences of "/" characters with a single "/". 2010-10-27 13:25:39 +01:00
Rob Winch
ee12d54bec SEC-1536: moved web.authentication.jaas to web.jaasapi 
Renamed org.springframework.security.web.authentication.jaas to org.springframework.security.web.jaasapi to be better aligned with org.springframework.security.web.servletapi, added package-info.java, and removed trailing whitespaces
 2010-10-05 22:28:42 -05:00
Luke Taylor
e69b981c72 Make method in MatcherType public for use in OAuth. 2010-09-25 20:09:12 +01:00
Luke Taylor
11a87d1fa0 Switch to using xsd:boolean in schema file. 2010-09-19 18:17:06 +01:00
Luke Taylor
1b2b371970 SEC-1544: Added CookieClearingLogoutHandler and 'delete-cookies' attribute to the 'logout' namespace element. 
When the user logs out, the handler will attempt to delete the named cookies (which it is constructor-injected with) by expiring them in the response.

Also added documentation on the feature and a suggestion for deleting JSESSIONID through an Apache proxy server, if the servlet container doesn't allow clearing the session cookie.
 2010-09-16 16:03:24 +01:00
Luke Taylor
383211561c Moved LDAP placeholder config test into LDAP tests to prevent issues with parallel tests. Converted LdapProviderBDP tests to groovy/spock. Other misc tidying of config tests. 2010-09-16 12:31:23 +01:00
Luke Taylor
7dd8cd2fb9 Make sure ApacheDS work directory is set correctly for separate LDAP test task in config module. 2010-09-16 10:50:12 +01:00
rwinch
a128e3b4fe http://forum.springsource.org/showthread.php?p=318755 Added PlaceHolderAndELConfigTests.ldapAuthenticationProviderWorksWithPlaceholders 2010-09-13 13:44:12 -05:00
rwinch
de819378fc SEC-1536: added JAAS API Integration, updated doc, updated jaas sample 2010-09-13 13:12:45 -05:00
Luke Taylor
0217e98bdb Added an AppListener to collect events for use in tests 2010-09-13 14:20:21 +01:00
Luke Taylor
f4d57ab5e8 SEC-1456: Remove maven poms as we are now using gradle for the build. 2010-08-30 19:02:19 +01:00
Luke Taylor
20988c8cf6 Minor refactoring of debug filter and tidying up tests. 2010-08-27 01:49:30 +01:00
Luke Taylor
bdb906e588 Enable parameterization for log levels in logback files to allow the use of command-line options for controlling log output. 2010-08-24 18:25:39 +01:00
Luke Taylor
1db83fc81e Minor BD parser tidying. 2010-08-20 21:14:00 +01:00
Luke Taylor
c37ca1c2a9 Sample app build adjustments to remove unwanted deps such as jsp-api, tidy up use of JSTL, make sure all are using servlet 2.5 etc. 2010-08-19 22:41:51 +01:00
Luke Taylor
5f6bcc0e1e SEC-1540: Fix to add HTTP-method specific support for namespace requires-channel attribute. 2010-08-18 13:01:16 +01:00
Luke Taylor
3c02989d67 Removal of jmock test dependency and upgrading of mockito version to 1.8.5. Minor adjustments to other build deps and configurations (e.g. prevent groovy from being used as a transitive dep, since we only use it for tests). 2010-08-18 02:32:43 +01:00
Luke Taylor
aafc5f9038 File rename to correct case. 2010-08-17 02:27:36 +01:00
Luke Taylor
1f520b691f SEC-1469: Initial support for debugging filter. 2010-08-17 02:23:34 +01:00
Luke Taylor
591bd532bd Polishing FilterChainProxy and its tests. 2010-08-17 02:20:34 +01:00