84141c4c76
SEC-1927: Corrected debug log in SessionManagementFilter to have a space between ID and the session and added guard to log statement
2012-03-11 18:35:38 -05:00
5d71d2a4fa
SEC-1887: Add MethodSecurityOperations interface.
...
This should cater for implementations which want to use
the full filtering capabilities while creating a custom
expression root object.
Also cleaning whitespace.
2012-02-01 15:49:56 +00:00
538e75ce1b
SEC-1903: Use a static CRLF Pattern in FirewalledResponse
...
The Pattern was being recompiled for every request
when a single instance could be shared for performance
reasons.
2012-02-01 13:21:16 +00:00
0f9ee81df1
SEC-1887: Improve extensibility of expression-based security classes
...
Introduces a new SecurityExpressionOperations interface which is
implemented by SecurityExpressionRoot
2012-01-31 19:06:43 +00:00
22225effcc
Call SecurityContextHolder.clearContext() in tear down of HttpSessionSecurityContextRepositoryTests
2011-12-30 16:05:35 -06:00
5d94cd5e13
SEC-1735: Do not remove SecurityContext from HttpSession when anonymous Authentication is saved if original SecurityContext was anonymous
2011-12-30 16:04:02 -06:00
6fe6e18939
SEC-1870: Updated HttpSessionDestroyedEvent to properly look for SecurityContexts as session attribute values instead of session attribute names
2011-12-29 15:44:49 -06:00
8ca2927761
Renamed **/Test.java to **/Tests.java to better follow conventions
2011-12-28 17:39:29 -06:00
0bccbbfc18
SEC-1779: Make new getters protected rather than public.
2011-11-01 00:20:34 +00:00
f456db267f
SEC-1779: Added getters for success and failure handlers to AbstractAuthenticationProcessingFilter.
2011-11-01 00:06:23 +00:00
09ac4bd8f9
SEC-1833: Remove unused securityContextClass from HttpSessionSecurityContextRepository.
2011-10-31 23:44:43 +00:00
44e2543015
Minor changes to make filter chain validation more robust with custom request matchers.
2011-10-24 21:21:10 +01:00
f1e63f3008
SEC-1802: Add digits to valid URL scheme regex.
2011-10-21 17:25:50 +01:00
869c6a7c18
SEC-1800: Set input size to 30 for OpenID login.
2011-09-25 21:13:37 +01:00
824464516c
SEC-1790: Reject redirect locations containing CR or LF.
2011-08-12 19:44:26 +01:00
6333909107
SEC-1797: Create a new session in AbstractPreAuthenticatedProcessingFilter when the existing session is invalidated on detecting a principal change.
2011-08-12 19:07:17 +01:00
0c2a950fa0
SEC-1788: Avoid unnecessary call to getPreAuthenticatedPrincipal() in AbstractPreAuthenticatedProcessingFilter when not checking for principal changes is not enabled.
2011-08-10 17:07:09 +01:00
8740efc0f5
Added constructor injection options to ConcurrentSessionFilter
2011-07-18 15:09:31 +01:00
a1c714cff4
SEC-1754: Added an InvalidSessionStrategy to allow SessionManagementFilter to delegate out the behaviour when an invalid session identifier is submitted.
2011-07-14 16:43:02 +01:00
8440743108
Remove Sql query objects from JdbcTokenRepositoryImpl in favour of direct JdbcTemplate use.
2011-07-13 23:28:41 +01:00
700fa9e0b6
SEC-1772: remote URL decoding of targetUrlParameter in AbstractAuthenticationTargetUrlRequestHandler.
2011-07-13 22:13:52 +01:00
de97bac85b
SEC-1763: Prevent nested switches in SwitchUserFilter by calling attemptExitUser() before doing the switch.
2011-07-13 21:59:11 +01:00
a504cfae1a
SEC-1770: Call refreshLastRequest on the session registry rather than the SessionInformation object to make sure it works with alternative SessionRegistry implementations.
2011-07-13 20:56:47 +01:00
330f82f562
SEC-1777: Corrected log in HttpSessionSecurityContextRepository to reference itself instead of HttpSessionContextIntegrationFilter
2011-07-09 19:24:12 -05:00
825f0061fb
SEC-1761: Support HttpOnly Flag for Cookies when using Servlet 3.0
2011-07-09 19:23:51 -05:00
56e86dd36f
Adding assertions on constructor arg values.
2011-07-06 20:50:25 +01:00
f92589f051
Extract a SecurityFilterChain interface and create a default implementation to facilitate other configuration options.
2011-07-06 00:12:48 +01:00
2d271666a4
Add constructors to facilitate constructor-based injection for required/shared bean properties.
2011-07-05 20:25:49 +01:00
73442125de
SEC-1775: Removed internal use of UserAttribute class in AnonymousAuthenticationFilter.
2011-07-04 21:09:48 +01:00
b15475ab3d
SEC-1771: Change TokenBasedRememberMeServices to obtain password from UserDetailsService if necessary.
2011-07-02 20:36:42 +01:00
737a9d1825
Improved toString methods on request wrappers.
2011-07-02 20:36:41 +01:00
571bfc4869
Refactoring to use Utf8 encoder instead of String.getBytes("UTF-8").
2011-06-14 18:47:50 +01:00
685f12c5a0
SEC-1733: Support explicit zero netmask correctly.
2011-06-07 12:15:07 +01:00
f5f410ae3b
Clean unused imports.
2011-05-25 20:39:16 +01:00
ec97b70df9
SEC-1668: Allow customization of username parameter in SwitchUserFilter.
2011-05-25 20:03:02 +01:00
6d04670f87
SEC-1695: Allow customization of the session key under which the SecurityContext is stored.
2011-05-25 19:51:47 +01:00
84902ebb50
Javadoc correction.
2011-05-24 12:01:04 +01:00
63f160dc72
SEC-1749: Add support for PageContext lookup of objects and use of PermissionEvaluator when using web access expressions.
2011-05-19 15:27:35 +01:00
6e91786f92
SEC-1734: AbstractRememberMeServices will now default to using a secure cookie if the connection is secure. The behaviour can be overridden by setting the useSecureCookie property in which case the cookie will either always be secure (true) or never (false).
2011-05-09 13:36:23 +01:00
04dc65c8fe
SEC-1657: Corresponding namespace updates to use SecurityFilterChain list in place of filterChainMap.
2011-04-25 13:48:47 +01:00
37d0454fd7
SEC-1657: Create SecurityFilterChain class for use in configuring FilterChinProxy. Encapsulates a RequestMatcher and List<Filter>.
2011-04-23 22:15:35 +01:00
614d8c0321
SEC-1723: Use standard SpEL syntax for accessing beans in the app context by name.
2011-04-22 13:47:59 +01:00
dd108041a0
SEC-1722: Correct javadoc
2011-04-22 11:49:48 +01:00
8178371927
SEC-1700: Add fixed serializationVersionUID values to security context, authentication tokens and related classes
2011-04-21 19:55:32 +01:00
a76a947b12
SEC-965: Added support for CAS proxy ticket authentication on any URL
2011-04-17 18:00:35 -05:00
acf4b91a89
SEC-1674: Test to check that absolute URLs work in SimpleUrlLogoutSuccessHandler.
2011-04-14 15:06:05 +01:00
ef72dd1986
SEC-1714: RegexRequestMatcher should prepend question mark to query string.
2011-04-11 14:02:54 +01:00
49dd928faa
SEC-1712: Javadoc typo fix.
2011-04-08 17:24:12 +01:00
01c9c4e4db
SEC-1697: Don't publish authorization success events in AbstractSecurityInterceptor by default.
2011-04-06 13:58:58 +01:00
78d5495945
SEC-1702: Add Burt's patch implementing hashcode method in AntPathRequestMatcher
2011-03-25 20:44:18 +00:00
Rob Winch
Luke Taylor
Andrei Stefan