Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,743 Commits 29 Branches 320 Tags 104 MiB
Commit Graph

119 Commits

Author SHA1 Message Date
Luke Taylor 69699431b1 SEC-1303: Added internal Hex and Base64 classes, and moved commons-codec dependency to test scope 2009-11-24 09:31:03 +00:00
Luke Taylor 4d8956a227 SEC-1288: Changed claimedIdentityFieldName in OpenIDAuthenticationFilter to "openid_identifier", as recommended by the 2.0 spec. 2009-11-17 22:05:38 +00:00
Luke Taylor d84542cf88 SEC-1285: minor vulnerability in BasicProcessingFilter. Changed logging of Basic authentication information. 2009-11-17 15:29:07 +00:00
Luke Taylor 617e517e5e SEC-1280: NullPointerException in PersistentTokenBasedRememberMeServices when logging out twice. Added check for null authentication in logout method. 2009-11-04 17:20:13 +00:00
Luke Taylor 930c1b6b53 Coverted to Junit 4 test. 2009-10-14 21:48:30 +00:00
Luke Taylor 11e476c486 Added issue numbers in comment. 2009-10-14 14:23:34 +00:00
Luke Taylor d4d45e1311 Make getHeader() methods check case-insensitive matching on header name. 2009-10-14 14:12:27 +00:00
Luke Taylor 7282eed197 Import cleaning. 2009-10-14 00:30:55 +00:00
Luke Taylor 799b96520b SEC-1269: Combining <form-login> and <open-id> fails to find entry point. Fixed entry point choice conditions when using openID and/or form-login 2009-10-14 00:30:28 +00:00
Luke Taylor 3f963ef8ca Restore versions and svn URLs in trunk (release plugin fail) 2009-10-11 21:59:38 +00:00
Luke Taylor af563e826c [maven-release-plugin] prepare release spring-security-3.0.0.RC1 2009-10-11 21:43:42 +00:00
Luke Taylor 881632cc08 SEC-1250: Removed duplicate property. 2009-10-11 15:20:24 +00:00
Luke Taylor 0da99171da SEC-1250: RequestHeaderPreAuthenticatedProcessingFilter cannot be use to fail back to another authentication type. Added exceptionIfHeaderMissing property. 2009-10-08 16:37:53 +00:00
Luke Taylor 3f72983a1e SEC-1257: Some additional API changes to use Collection instead of List... 2009-10-07 21:08:41 +00:00
Luke Taylor 1286741c7c SEC-1259: Improve consistency of authentication filter names. 2009-10-07 14:43:55 +00:00
Luke Taylor f213cc5d9e SEC-1257: APIs using List<ConfigAttribute> should use a Collection instead. Converted. 2009-10-06 19:46:44 +00:00
Luke Taylor caff3ee9ba SEC-1231: Authentication.getAuthorities should be of type Collection<GrantedAuthority> and not List<GrantedAuthority>. Refactored the interface and related classes to match (UserDetails etc). 2009-10-05 19:28:53 +00:00
Luke Taylor 07d7c0ddae Renamed form and openID filters to shorten names 2009-10-05 17:33:34 +00:00
Luke Taylor 1042305cfe Renamed web.wrapper to web.servletapi. Added some package.html files. 2009-10-05 16:59:37 +00:00
Luke Taylor 673cf300fb SEC-1229: Refactoring to remove package cycles. 2009-10-05 16:40:32 +00:00
Luke Taylor acf13c74ca SEC-1229: Refactored authentication.concurrent in core, moving classes into core.session 2009-10-05 15:51:00 +00:00
Luke Taylor 2b89ebdfbb SEC-1229: Further doc and mods to namespace config/naming to make it more consistent 2009-10-03 16:08:51 +00:00
Luke Taylor 073198886d SEC-1255: Modified UrlUtils. Full request URL for redirects uses the requestURI (which is encoded). The URL for path comparsions is built using the servletpath, as before. 2009-10-02 17:29:43 +00:00
Luke Taylor abba569282 Tidying. 2009-09-30 15:53:46 +00:00
Luke Taylor 1ead8472d1 SEC-1229: Added failure handler to the SessionManagementFilter to deal with concurrent login errors. 2009-09-29 16:14:31 +00:00
Luke Taylor bf39a5bb36 Added extra logging. 2009-09-29 16:13:16 +00:00
Luke Taylor 731402e9f5 SEC-525: [PATCH] Add AccessCheckerTag based on URL resource access permissions. Added functionality to "authorize" tag to allow evaluation of whether a particual url is accessible to the user. Uses a WebInvocationPrivilegeEvaluator registered in the application context. 2009-09-16 00:23:13 +00:00
Luke Taylor 1c4a809e09 SEC-1245: Add role hierarchy support to expression handlers. Done. 2009-09-15 17:17:21 +00:00
Luke Taylor e7486fc203 Removed Ordered interface from Http403EntryPoint (unused). 2009-09-14 16:06:15 +00:00
Luke Taylor 40cf50fc98 SEC-1148: Javadoc. 2009-09-13 21:51:54 +00:00
Luke Taylor ff78ec00f7 SEC-1226: Additional Javadoc. 2009-09-13 21:22:17 +00:00
Luke Taylor 23c8f479b8 SEC-1226: Renamed useRelativeContext to contextRelative to match corresponding flag name in Spring Framework. 2009-09-13 20:45:38 +00:00
Luke Taylor 593d2e227a SEC-1226: Renamed useRelativeContext to contextRelative to match corresponding flag name in Spring Framework. 2009-09-13 20:44:52 +00:00
Luke Taylor 9c7423599e SEC-1167: Extended SavedRequest interface to allow it to be used by wrapper. Removed null checks in wrapper, as the SavedRequest cannot now be null. 2009-09-13 16:27:35 +00:00
Luke Taylor 4064b7b4f6 SEC-1167: Introduce more flexible SavedRequest handling. Introduced interface for SavedRequest. 2009-09-13 15:03:14 +00:00
Luke Taylor acd10dd716 SEC-1243: Make determineTargetUrl protected. 2009-09-11 20:48:41 +00:00
Luke Taylor ac4e7bbadb SEC-1241: Make sure saved request is removed after a match. 2009-09-09 10:11:45 +00:00
Luke Taylor f518da9d8b SEC-1236: Using HTTP Method-specific intercept-urls causes patterns with no method to be ignored. Fixed by also checking null key in map if no method-specific attributes are found. 2009-09-05 15:26:07 +00:00
Luke Taylor 5bdfd8cd77 Tidying imports etc to remove compiler warnings. 2009-09-05 14:14:58 +00:00
Luke Taylor 002b788a8c Minor refactoring. 2009-09-04 12:15:19 +00:00
Mike Wiesner 5623c13038 SEC-1047: Added an option to DigestProcessingFilter that the created Authentication object is now marked as "authenticated" 2009-09-02 16:12:19 +00:00
Luke Taylor 936326f4ab SEC-1180: Unreachable code inside UrlUtils.buildRequestUrl(...). Removed code block. 2009-09-01 18:13:28 +00:00
Luke Taylor 32dbb7e8bd import cleaning 2009-09-01 16:41:53 +00:00
Luke Taylor 2039200617 SEC-1217: AbstractRememberMeServices should set 'secure' attribute on remember-me cookie if in secure context. Added "useSecureCookie" configuration property and corresponding use-secure-cookie attribute in namespace. 2009-09-01 16:08:20 +00:00
Luke Taylor b2c2b93545 SEC-1190: Added "invalidateSessionOnPrincipalChange" property to AbstactPreAuthenticatedProcessingFilter. If set to true (the default) and a new principal is detected, the existing session will be invalidated before proceeding to authenticate the user. 2009-09-01 00:18:48 +00:00
Luke Taylor 3cc47c9c4d SEC-1190: Added "checkForPrincipalChanges" property to AbstactPreAuthenticatedProcessingFilter. 2009-08-31 23:28:40 +00:00
Luke Taylor dbcb13ad14 SEC-1229: Redesign Concurrent Session Control implementation. Renamed session strategy interface and introduced SessionAuthenticationException for rejection of session/Authentication combination. 2009-08-31 22:48:49 +00:00
Luke Taylor a4ccc4ac21 Make WebSecurityExpressionRoot public to allow reuse. 2009-08-28 14:02:02 +00:00
Luke Taylor 471206a29d SEC-1229: Redesign Concurrent Session Control implementation. Added ConcurrentSessionControlAuthenticatedSessionStrategy 2009-08-27 10:43:01 +00:00
Luke Taylor ab0d66071a SEC-1226: Introduce RedirectStrategy to replace RedirectUtils. Implemented strategy and applied throughout relevant classes. 2009-08-27 10:42:11 +00:00