Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-12 21:33:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,900 Commits 38 Branches 348 Tags
Commit Graph

2626 Commits

Author SHA1 Message Date
Luke Taylor
fca3a2a709 SEC-812: Added missing TextUtils file 2008-05-05 19:09:09 +00:00
Luke Taylor
fa44c74993 SEC-812: Added entity-escaping of username stored under last username key, to prevent problems if it is rendered in a page without escaping the text. 2008-05-05 18:37:02 +00:00
Luke Taylor
06719053f1 Removed commons lang dependency. 2008-05-05 17:18:47 +00:00
Ben Alex
9961c7f867 Moved to correct build location. 2008-05-02 10:52:57 +00:00
Ben Alex
7a2e1e13d3 SEC-811: Provide a mechanism to allocate and rebuild cryptographically strong, randomised tokens. 2008-05-02 10:38:56 +00:00
Luke Taylor
a599ef5398 [maven-release-plugin] prepare for next development iteration 2008-05-01 20:09:03 +00:00
Luke Taylor
3e808335a4 [maven-release-plugin] prepare release spring-security-parent-2.0.1 2008-05-01 20:07:46 +00:00
Luke Taylor
6ecfa0541f SEC-806: Osgi-ified more modules 2008-05-01 17:11:31 +00:00
Luke Taylor
4984d4be65 OPEN - issue SEC-757: Add validation of redirect URLs on namespace 
http://jira.springframework.org/browse/SEC-757. Added validation method to ConfigUtils and calls to it for url attributes.
 2008-05-01 16:39:31 +00:00
Luke Taylor
0df9dee9dd SEC-806: Improved OSGi bundle version information support 2008-04-30 18:02:47 +00:00
Luke Taylor
81ebd094ff OPEN - issue SEC-808: Switch namespace schema version to 2.0.1 and update spring.schemas 
http://jira.springframework.org/browse/SEC-808. Replaced 2.0 text with that from the 2.0 release, rather than the website schema.
 2008-04-29 18:59:25 +00:00
Luke Taylor
473f6a32c6 OPEN - issue SEC-808: Switch namespace schema version to 2.0.1 and update spring.schemas 
http://jira.springframework.org/browse/SEC-808. Created new 2.0.1 schema files and updated tests to use them.
 2008-04-29 18:53:33 +00:00
Luke Taylor
8281aeb0da SEC-807: Allow mapping to a standard Ldap UserDetails through the namespace 
http://jira.springframework.org/browse/SEC-807. Added extra test for Ldap provider parser.
 2008-04-29 18:01:59 +00:00
Luke Taylor
e4b32b8d29 OPEN - issue SEC-807: Allow mapping to a standard Ldap UserDetails through the namespace 
http://jira.springframework.org/browse/SEC-807. Added support for user-details-class attribute to ldap-authentication-provider and ldap-user-service.
 2008-04-29 16:53:24 +00:00
Luke Taylor
104716fedb SEC-805: Add extra fields to InetOrgPerson 
http://jira.springframework.org/browse/SEC-805. Added a substantial number of new fields to the class.
 2008-04-29 14:39:58 +00:00
Luke Taylor
ef112f7967 Fixed autoboxing problem. 2008-04-28 15:26:20 +00:00
Luke Taylor
341455cde4 SEC-799: Import cleaning following other changes. 2008-04-28 15:19:25 +00:00
Luke Taylor
2d692718e0 SEC-799: Add better detection of missing server-ref element for <ldap-user-service> and <ldap-authentication-provider /> 
http://jira.springframework.org/browse/SEC-799. Updated ContextSourceSettingPostProcessor to set the standard ContextSource as an alias if it is needed by a bean but has not been set (because the user specified their own server id on <ldap-server />).
 2008-04-28 15:01:20 +00:00
Luke Taylor
270fa92780 Improved Javadoc comment 2008-04-28 09:20:37 +00:00
Luke Taylor
d3a0f05de9 SEC-783: GlobalMethodSecurityBeanDefinitionParser should support AfterInvocationProviders 
http://jira.springframework.org/browse/SEC-783. Added support for custom-after-invocation-provider
 2008-04-25 12:28:30 +00:00
Luke Taylor
348d211b8c SEC-797: Minor javadoc correction. 2008-04-24 23:12:55 +00:00
Luke Taylor
d1e23b3d2c SEC-783: Added custom-after-invocation-provider element to namespace. 2008-04-24 02:02:23 +00:00
Luke Taylor
1090072fff SEC-795: Add check for protected login page when using namespace 
http://jira.springframework.org/browse/SEC-795. I've added checks for the various scenarios which will result in a protected login page and suitable warning messages.
 2008-04-24 01:59:19 +00:00
Luke Taylor
5d51b35cfa SEC-792: Filters should only be added to the default stack if they are labelled using custom-filter. 
http://jira.springframework.org/browse/SEC-792. Updated FilterChainProxyPostProcessor to raise an exception if two filters have the same order, and also to unwrap wrapped filters once the sorting by order has been performed.
 2008-04-23 23:19:44 +00:00
Luke Taylor
38774ec94f SEC-792: Filters should only be added to the default stack if they are labelled using custom-filter. 
http://jira.springframework.org/browse/SEC-792. The filters are now maintained as a list in the context and have to be stored there explicitly on registration.
 2008-04-23 16:06:54 +00:00
Luke Taylor
01185475a1 OPEN - issue SEC-793: ldap-authentication-provider element parser ignores hash attribute. 
http://jira.springframework.org/browse/SEC-793. Added support for hash attribute. password-encoder still takes precendence with a warning if both are present.
 2008-04-23 12:50:09 +00:00
Luke Taylor
7e63fe7357 SEC-790: DefaultLoginPageGeneratingFilter should be a better HTTP citizen 
http://jira.springframework.org/browse/SEC-790. Applied submitted patch.
 2008-04-23 00:41:52 +00:00
Luke Taylor
8ea7487ec3 Removed unused method. 2008-04-22 23:20:49 +00:00
Luke Taylor
ec81e780b2 Import cleaning. 2008-04-22 22:27:51 +00:00
Luke Taylor
599d9fea04 Minor improvements to toString() methods for logging. 2008-04-22 22:21:20 +00:00
Luke Taylor
b2e9e82727 Fixed typo in message. 2008-04-22 21:54:54 +00:00
Luke Taylor
63decfeb93 SEC-761: HttpSessionContextIntegrationFilter.contextObject should be created in afterPropertiesSet(), not the constructor 
http://jira.springframework.org/browse/SEC-761. Added call to generateNewContext() in the afterPropertiesSet() method to take account of custom security context classes.
 2008-04-22 21:51:12 +00:00
Luke Taylor
1ae167434a SEC-756: Add checks for duplicate use of namespace elements such as global-method-security 
http://jira.springframework.org/browse/SEC-756. Refactored HttpSecurityBDP and added check for duplicate usage of the element.
 2008-04-22 21:25:35 +00:00
Luke Taylor
083644f2fe SEC-756: Refactored GlobalMethodSecurityDefinitionParser and added check for duplicate registration. 2008-04-22 18:25:35 +00:00
Luke Taylor
1258fa854e SEC-788: x509 authentication does not work properly 
http://jira.springframework.org/browse/SEC-788. Added check for X509 element when choosing entry point, if nothing else is available.
 2008-04-22 14:53:11 +00:00
Luke Taylor
e12b6afefa SEC-776: Http Session created for Anonymous request 
http://jira.springframework.org/browse/SEC-776. Added AuthenticationtrustResolver to HttpSCIF to check for anonymous authentication.
 2008-04-22 13:22:38 +00:00
Luke Taylor
88ea87642a SEC-791: RequestKey.equals throws NPE if method is null 
http://jira.springframework.org/browse/SEC-791. Fixed handling of equals when one http method is null.
 2008-04-22 12:32:33 +00:00
Luke Taylor
9eaa1cbbdd OPEN - issue SEC-789: Add support for optional role-prefix attribute to namespace 
http://jira.springframework.org/browse/SEC-789. Added role-prefix attribute to ldap provider and jdbc/ldap user-service elements.
 2008-04-21 18:29:54 +00:00
Luke Taylor
aba5a22b6c SEC-789: Add support for optional role-prefix attribute to namespace 
http://jira.springframework.org/browse/SEC-789. Added support for role-prefix to jdbc-user-service element.
 2008-04-21 17:44:32 +00:00
Luke Taylor
1a4130528a SEC-782: Incorrect UrlMatcher initialization in FilterChainProxy results in wrong lowercase/uppercase matching 
http://jira.springframework.org/browse/SEC-782. I've updated FilterChainProxy to make sure the same UrlMatcher is used throughout when converting a legacy configuration.
 2008-04-21 16:51:06 +00:00
Luke Taylor
5bb558bd6a SEC-777: The disabled status cannot be set in <user-service> 
http://jira.springframework.org/browse/SEC-777. Added the disabled flag to the relax grammar file.
 2008-04-21 15:59:08 +00:00
Luke Taylor
993fdd7a32 Added better toString() method to OrderedFilterDecorator to make it report the delegate filter information. 2008-04-21 12:53:54 +00:00
Luke Taylor
469f55ce05 SEC-773: global-method-security fails with JPA 
http://jira.springframework.org/browse/SEC-773. Added extra constructor to MethodDefinitionSourceAdvisor to allow for lazy initialization of the advice (MethodSecurityInterceptor), and in turn the AuthenticationManager and ay referenced UserDetailsService implementations.
 2008-04-18 13:15:56 +00:00
Luke Taylor
7238097310 OPEN - issue SEC-775: CLONE -impossible to specify "observeOncePerRequest" property in the namespace based configuration. 
http://jira.springframework.org/browse/SEC-775. Corrected check for value of observe-once-per-request attribute. Should be a check for "false" as it is true by default.
 2008-04-15 16:57:47 +00:00
Ben Alex
b5dc523041 [maven-release-plugin] prepare for next development iteration 2008-04-14 07:06:44 +00:00
Ben Alex
0c42670431 [maven-release-plugin] prepare release spring-security-parent-2.0.0 2008-04-14 07:05:46 +00:00
Ben Alex
4d714b33e0 SEC-770: Mark old org.springframework.security.acl module as @deprecated. 2008-04-14 06:50:01 +00:00
Luke Taylor
57b5f38df1 OPEN - issue SEC-769: Remember-Me functionality not available in namespace configuration 
http://jira.springframework.org/browse/SEC-769. I've added a check in FormLoginBeanDefintionParser to see if RememberMeServices is registered. If so, it will inject the bean into the filter. Also added a check in HttpSecurityBeanDefinitionParserTests that the field has been set.
 2008-04-13 22:11:09 +00:00
Luke Taylor
4ae40150c9 SEC-752: ClassLoading in GlobalMethodSecurityBeanDefinitionParser doesn't work in tooling 
http://jira.springframework.org/browse/SEC-752. Removed check for JSR-250 class.
 2008-04-13 20:59:39 +00:00
Luke Taylor
552dc6486a SEC-703: Expose customization of SQL used by <jdbc-user-service> 
http://jira.springframework.org/browse/SEC-703. Added suggested attributes for sql queries.
 2008-04-13 20:51:40 +00:00