Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-26 05:42:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,077 Commits 55 Branches 348 Tags
Commit Graph

4077 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
7cb472f105 SEC-1880: Corrected error message when using both logout-success-url and success-handler-ref 2011-12-30 11:35:48 -06:00
Rob Winch
863b36962b SEC-1878: Added test to ensure that DefaultFilterChainValidator can handle web expressions 2011-12-28 16:24:48 -06:00
Rob Winch
bbfb3da9c7 Updated to maven-resources-plugin 2.4 
This is to fix an error when using the latest m2e plugin that states: 'maven-resources-plugin prior to 2.4 is not supported by m2e'
 2011-12-28 15:20:06 -06:00
Luke Taylor
b1af3d00ee SEC-1857: Use Principal.getName() in ContextPropagatingRemoteInvocation 
This is a better option than using the toString() method
where the latter doesn't return the username. e.g when the
principal is a UserDetails.
 2011-12-05 21:24:28 +00:00
Luke Taylor
daa7f3f64e SEC-1848: LDAP encode name when using user DN patterns in AbstractLdapAuthenticator. 2011-11-01 13:30:44 +00:00
Rob Winch
7a3135f0f9 SEC-1839: Updated preauth example to use </security:authentication-manager> instead of </security-authentication-manager> 2011-10-18 19:19:27 -05:00
Luke Taylor
82163e2546 Remove ancient code formatter artifacts. 2011-09-25 21:20:02 +01:00
Luke Taylor
2d27b28199 Set version to 3.0.8.CI-SNAPSHOT. 2011-09-05 23:04:06 +01:00
Luke Taylor
714ee3e960 Set version to 3.0.7.RELEASE. 3.0.7.RELEASE 2011-09-05 23:03:17 +01:00
Luke Taylor
ee74c4ced2 SEC-1803: Add check in AbstractAuthenticationTargetUrlRequestHandler for null targetUrlParameter before attempting to read it from the request. Prevents NPE when targetUrlParameter is not set. 2011-08-29 13:47:31 +01:00
Luke Taylor
102027a44c SEC-1804: Updated Javadoc wrt immutability of User class. 2011-08-25 11:10:41 +01:00
Luke Taylor
799a43d72e SEC-1804: Update InMemoryDaoImpl to use User class directly and create a copy. Otherwise credentials are cleared on cached user instances. 2011-08-25 11:09:02 +01:00
Luke Taylor
3dc4158f7d Set version to 3.0.7.CI-SNAPSHOT 2011-08-19 12:52:39 -07:00
Luke Taylor
62f70f17ff Set project release version to 3.0.6.RELEASE 3.0.6.RELEASE 2011-08-19 12:47:55 -07:00
Luke Taylor
4b0fbe1606 Remove session timeout check in tutorial sample. 2011-08-19 12:47:06 -07:00
Luke Taylor
a8bce41876 SEC-1795: Fix possible NPEs in AclImpl.equals() 2011-08-19 12:03:04 -07:00
Luke Taylor
cea1f4499f SEC-1686: Upgrade to Spring 3.0.6 2011-08-19 10:15:48 -07:00
Luke Taylor
c19a5ffd73 SEC-1796: Check for annotated annotations at class/interface level. Previously only the specific security annotation was checked for. By delegating to Spring's AnnotationUtils, custom annotations carrying the security annotation are also detected. 2011-08-12 14:36:42 +01:00
Luke Taylor
594ee9515e Taglib test fixes to take latest SFW changes into account. 2011-08-11 23:44:01 +01:00
Luke Taylor
a087e828a6 SEC-1790: Disable use of spring-security-redirect by default for SimpleUrlLogoutSuccesshandler. 2011-08-05 16:54:35 +01:00
Luke Taylor
5238ba0e26 SEC-1790: Reject redirect locations containing CR or LF. 2011-07-29 16:34:48 +01:00
Luke Taylor
887e3361d2 SEC-1750: Make sure RunAs replacement is constrained to the SecurityContext of the current thread. 2011-07-29 16:32:40 +01:00
Luke Taylor
a24570ae06 SEC-1744: Do not trust authorities contained in the authentication request in JaasAuthenticationProvider. 2011-07-29 16:32:40 +01:00
Luke Taylor
ba719dc0e1 SEC-1741: Modify ContextPropagatingRemoteInvocation to pass a simple combination of principal/credentials as Strings, rather than serializing the whole SecurityContext object from the client. 2011-07-29 16:32:40 +01:00
Luke Taylor
28e70db8f2 SEC-1742: Deprecate use of extraInformation field in AuthenticationException, making it transient and removing any sensitive data in UserDetails objects which are stored in it. 2011-07-29 16:32:40 +01:00
Rob Winch
84031c6001 SEC-1792: Fixed NullPointerException in RunAsUserToken#toString() 2011-07-29 10:00:37 -05:00
Luke Taylor
ca2af8bc59 SEC-1770: Call refreshLastRequest on the session registry rather than the SessionInformation object to make sure it works with alternative SessionRegistry implementations. 2011-07-13 20:57:18 +01:00
Luke Taylor
6f59805ef3 SEC-1782: Javadoc correction for LdapAuthenticationProvider. 2011-07-12 01:51:42 +01:00
Rob Winch
f359bed596 SEC-1777: Corrected log in HttpSessionSecurityContextRepository to reference itself instead of HttpSessionContextIntegrationFilter 2011-07-09 19:27:59 -05:00
Florian Fankhauser
0f1ae574ab SEC-1776: Corrected typo in manual 2011-07-09 19:26:29 -05:00
Luke Taylor
cb7a94af88 SEC-1768: Use AopProxyUtils.ultimateTargetClass to cater for situation where security interceptor is applied to a proxy. 2011-06-18 14:46:28 +01:00
Luke Taylor
9b8d2719a6 SEC-1686: Up required minimum version to 3.0.6 in version check. 2011-06-18 14:45:23 +01:00
Luke Taylor
73b67da3a8 SEC-1762: Fix input value assertion check for targetUrlParameter. 2011-06-17 13:43:15 +01:00
Luke Taylor
b5546d1d29 SEC-1764: Remove use of Java 6 method Arrays.copyOfRange. 2011-06-15 11:18:26 +01:00
Luke Taylor
70ca0d1a39 SEC-1764: Ensure password encoders use UTF-8 charset when creating strings from byte arrays. 2011-06-14 20:15:34 +01:00
Luke Taylor
7a5a062cd0 SEC-1764: Backport Utf8 encoder to 3.0.x 2011-06-14 20:11:03 +01:00
Luke Taylor
977da0da1f SEC-1733: Support explicit zero netmask correctly. 2011-06-07 16:47:22 +01:00
Luke Taylor
dfbc938e99 Added note in namespace docs on mismatch between using filters="none" and other attributes. 2011-06-06 12:37:52 +01:00
Rob Winch
d5f1f6cbff SEC-1757: Updated tutorial sample to state that listing of accounts is allowed by anyone and to display accounts for the different types of access to posting to Accounts 2011-06-02 21:20:27 -05:00
Luke Taylor
a2cdbab50c SEC-1747: Upgrade to Spring LDAP 1.3.1 2011-05-17 23:40:07 +01:00
Luke Taylor
1833b234a5 SEC-1722: Correct javadoc 2011-04-22 11:51:46 +01:00
Luke Taylor
6c97fccc91 SEC-1700: Allow for case where JAAS config is not a simple file, but may be a jar resource, for example. 2011-04-20 14:53:22 +01:00
Luke Taylor
2888f2b86f SEC-1720: Avoid bean-creation side-effects in ContextSourceSettingPostProcessor. 2011-04-20 13:00:56 +01:00
Luke Taylor
04d42211b1 SEC-1705: Make sure a single OpenIDAuthenticationFilter bean is created by the namespace. Likewise for UsernamePasswordAuthenticationFilter. 2011-03-31 22:03:27 +01:00
Rob Winch
6a87a5f1a1 SEC-1703: Updated namespace for intercept-url 2011-03-29 21:59:07 -05:00
Rob Winch
f6b21880a2 SEC-1703: Updated cas custom-filter@ref to match example bean id and custom-filter@position to be CAS_FILTER 2011-03-29 20:18:01 -05:00
Luke Taylor
198d5d0482 SEC-1701: Trim claimed identity parameter value before submitting to OpenID4Java. 2011-03-25 19:11:34 +00:00
Rob Winch
acee3e2593 SEC-1698: Update documentation to use correct package for RequestHeaderAuthenticationFilter 2011-03-16 23:53:47 -05:00
Luke Taylor
b87dabe1ac SEC-1683: Corrected typo 2011-02-28 15:44:53 +00:00
Luke Taylor
f509193604 Update Base64 implementation to include fixes (using diff) from the original up to version 2.3.7. 2011-02-16 15:58:28 +00:00