Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,491 Commits 32 Branches 333 Tags 112 MiB
Commit Graph

4491 Commits

Author SHA1 Message Date
Luke Taylor b26f2309f4 Add paragraph to manual database appendix to clarify that the standard schema is completely optional if you aren't using JdbcDaoImpl. 2011-03-10 13:41:44 +00:00
Luke Taylor 9cf8ba02ba Adding some extra section IDs in namespace appendix to provide bookmarkable URLs. 2011-03-10 13:15:58 +00:00
Luke Taylor ccc548b9e4 Fixing bundlor warnings. 2011-03-08 16:20:37 +00:00
Luke Taylor 5a6afbff95 SEC-1688: Allow injection of a PasswordEncoder from the crypto module into DaoAuthenticationProvider. 2011-03-08 16:20:26 +00:00
Luke Taylor 885f0270dc Some adjustments to the core build to make sure crypto classes are correctly exported to other tasks. 2011-03-08 16:19:51 +00:00
Luke Taylor 57c3afd31a SEC-1689: Adjust manual to remove references to separate crypto module. 2011-03-08 12:58:28 +00:00
Rob Winch a50c9afbab Modified jaas sample's LoginModule to prevent empty string username/password 2011-03-07 22:25:19 -06:00
Rob Winch 9e5d35235c Made the principal for jaas sample serializable 2011-03-07 22:25:16 -06:00
Rob Winch 6983b166d8 Configure Eclipse wtp to use the same context root as jetty 2011-03-07 22:12:13 -06:00
Rob Winch bd53ff1832 Updated gradle build so that eclipse is configured for AJDT 2011-03-07 22:12:13 -06:00
Rob Winch 8978a3af3d Updated gradle build to workaround GRADLE-1426 - configure Eclipse WTP correctly to include dependencies that were on the WAR when there are no source folders for the WAR. 2011-03-07 22:12:13 -06:00
Rob Winch 2b67f5fee6 Updated gradle build to workaround GRADLE-1422 - test dependencies being improperly deployed when using Eclipse WTP 2011-03-07 22:12:13 -06:00
Rob Winch 6c01590bbf Updated gradle build to workaround GRADLE-1116 - workaround /build/classes/test being added to the Eclipse classpath 2011-03-07 22:12:13 -06:00
Rob Winch c7de933cb9 Updated gradle wrapper to gradle-1.0-milestone-1 2011-03-07 22:12:10 -06:00
Luke Taylor 9d45828cb0 SEC-1689: Package crypto module classes with core. 2011-03-07 17:44:38 +00:00
Luke Taylor db6edfb512 Pull in changes to convert emma, aspectj and bundlor usage to plugins 2011-03-07 17:43:58 +00:00
Luke Taylor fd1a70edc2 SEC-1665: Add extra check of non-public declared methods in MethodInvocationAdapter, if public method cannot be found. 2011-03-04 17:45:37 +00:00
Luke Taylor dc73bbef3f Add inputs to AspectJ compilation tasks for change-detection purposes. 2011-03-04 17:40:15 +00:00
Luke Taylor 131c80f444 SEC-1690: Refactor expression PropertyAccessor for dealing with properties as beans in the ApplicationContext. 2011-03-02 16:33:25 +00:00
Luke Taylor 72f031253f Remove unnecessary dependency repos and update GAE version. 2011-02-28 15:43:25 +00:00
Luke Taylor 44252207db SEC-1683: Corrected typo 2011-02-28 15:43:25 +00:00
Luke Taylor 7a0a2dace6 Revert deliberate test failure. 2011-02-25 23:55:22 +00:00
Luke Taylor a9d325ea18 Deliberately fail test to test bamboo's reaction 2011-02-25 23:53:27 +00:00
Luke Taylor 4a7608b7a9 SEC-1640: Add support for "this" property to MethodSecurityExpressionRoot object, representing the object on which the method is actually being invoked. 2011-02-17 17:51:22 +00:00
Luke Taylor 0b1beee432 Update Base64 implementation to include fixes (using diff) from the original up to version 2.3.7. 2011-02-14 22:40:41 +00:00
Luke Taylor 94b7868039 SEC-1675: Add missing body-content elements to tag descriptor and update it to use 2.0 tag library schema. 2011-02-14 21:17:16 +00:00
Luke Taylor 088042b3d0 Upgrade spock and groovy versions, and make sure apacheDS work directory is set for config integrationTest task. 2011-02-14 19:03:08 +00:00
Luke Taylor bc2448419b SEC-1679: Make sure whitespace is trimmed from cookie names when specifying multiple cookies. 2011-02-14 19:02:28 +00:00
Luke Taylor 27be72a81c SEC-1677: Split out LDAP server tests from config module. 2011-02-14 19:01:27 +00:00
Luke Taylor 44fb3aa4ab SEC-1677: Create integrationTest task for Java projects and make all tests in itest module run as integration tests only. 2011-02-14 15:03:15 +00:00
Luke Taylor a225dc3776 SEC-1677: Split out integration tests from LDAP test code. 2011-02-14 15:02:40 +00:00
Luke Taylor 9f8a47f73e Reset post-release build version to snapshot. 2011-02-10 20:18:40 +00:00
Luke Taylor b62d36d646 Set release version to 3.1.0.RC1 2011-02-10 20:12:54 +00:00
Luke Taylor 84ba7a0ea9 Additional tests for OpenID classes and minor refactoring of OpenID4JavaConsumer for easier testing. 2011-02-10 19:56:28 +00:00
Luke Taylor 164cba11c0 Increase max heap in gradle wrapper script. 2011-02-10 12:26:00 +00:00
Luke Taylor bd7389b6ff SEC-1652: Only use URI for ldif path if file isn't found. 2011-02-09 23:25:16 +00:00
Luke Taylor 3fe49dfae5 Added JDK and Spring links to Javadoc generation task. 2011-02-08 16:43:34 +00:00
Luke Taylor 12561660b1 Add Javadoc groups to build. 2011-02-08 16:13:12 +00:00
Luke Taylor b0df1bd1b0 SEC-1673: Use a map to store the range values use in the bundlor templates. 2011-02-07 16:06:23 +00:00
Luke Taylor eb9482b33b Removal of some unused internal methods, plus additional tests for some areas lacking coverage. 2011-02-07 00:24:20 +00:00
Luke Taylor 20e65a93ea Minor test updates. 2011-02-06 17:27:07 +00:00
Luke Taylor 5f58108717 Typo. 2011-02-06 15:31:36 +00:00
Luke Taylor 83050f96cb SEC-1656: Document potential need for pre-emptive session creation if writing the security context manuall. 2011-02-06 14:58:36 +00:00
Luke Taylor a790c7e192 SEC-1670: Take account of JNDI CompositeName escaping in value of SearchResult.getName() when performing a search for a user entry in SpringSecurityLdapTemplate. 2011-02-03 17:57:43 +00:00
Luke Taylor 4e349904e5 Add missing language attributes to programlisting tags for highlighting. 2011-02-01 16:54:18 +00:00
Luke Taylor 5caa41753a Add check for coverage data before trying to produce report. 2011-02-01 15:41:17 +00:00
Rob Winch 8c08eeb57b SEC-1666: Use constant time comparison for sensitive data. 
Constant time comparison helps to mitigate timing attacks. See the following link for more information

 * http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/
 * http://en.wikipedia.org/wiki/Timing_attack for more information.
 2011-01-31 23:03:51 -06:00
Luke Taylor 6a62b51870 Fix typo in FAQ. 2011-01-31 12:32:05 +00:00
Rob Winch 2e822e9abe SEC-1659: Ensure that Digester is returning digest(digest(value)...) instead of digesting the same value multiple times. 
Make it so that the Digester returns digest(digest(value)...) instead of digesting the same value multiple times. This
alligns with the OWASP recommendations at http://www.owasp.org/index.php/Hashing_Java#Hardening_against_the_attacker.27s_attack
 2011-01-30 22:30:01 -06:00
Luke Taylor 347a2a91a9 SEC-1494: Document the use of system properties for disabling authorize tag functionality. 2011-01-30 14:04:32 +00:00