Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 07:37:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,501 Commits 34 Branches 337 Tags
Commit Graph

4501 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Luke Taylor
592782dc7f Added test for getAdditionalRoles in DefaultLdapAuthoritiesPopulator. 2010-12-20 17:31:14 +00:00
Luke Taylor
eebcfd28ef Move Ldap authorities populator tests to the correct package. 2010-12-20 17:23:43 +00:00
Luke Taylor
dbe270f132 SEC-1641: Correct code and test for null groupSearchBase. 2010-12-20 16:50:37 +00:00
Luke Taylor
428a0b7dce SEC-1639: Removed url argument from FilterChainProxy's VirtualFilterChain, since this can be directly computed from the request instance in the debug statements. 2010-12-20 14:13:13 +00:00
Luke Taylor
5f6dab67e1 SEC-1492: Added SimpleAuthoritiesMapper which provides a one-to-one authority mapping with case-conversion and the addition of a "role" prefix to the authority name. 2010-12-19 17:33:27 +00:00
Luke Taylor
3547cfcc92 SEC-1641: Remove the private setGroupSearchBase method and allowed a null value to be set for the group search base in the constructor. 2010-12-19 17:33:26 +00:00
Luke Taylor
f1fe3ce7e6 Update wrapper to gradle 0.9 release 2010-12-19 14:41:41 +00:00
Luke Taylor
48ea0a6249 SEC-1638: Added paragraph to docs explaining that for complete security, an app should not switch out of HTTPS at all. 2010-12-17 17:34:08 +00:00
Luke Taylor
7cf9740fd4 SEC-1638: Added an example configuration to the Javadoc for ChannelProcessingFilter and a pointer from the reference manual. 2010-12-17 17:09:20 +00:00
Rob Winch
1ed5227d75 Removed @Override from HttpFirewallBeanDefinitionParser.parse since it does not override a method definition, it implements one. 
Fixed The method parse(Element, ParserContext) of type HttpFirewallBeanDefinitionParser must override a superclass method	HttpFirewallBeanDefinitionParser.java	/spring-security-config/src/main/java/org/springframework/security/config/http	line 23	Java Problem
 2010-12-16 22:20:20 -06:00
Rob Winch
7c04fdbc90 SEC-1639: FirewalledRequest is now called on the specific FirewalledRequest instance rather that looping through ServletRequestWrappers. 
VirtualFilterChain now accepts the FirewalledRequest in the constructor. The reset method is called directly on the instance passed in instead of looping through the ServletRequestWrappers.
 2010-12-16 21:57:26 -06:00
Luke Taylor
46f83c8a08 SEC-1492: Added RoleHierarchyAuthoritiesMapper as the new preferred way of using a RoleHierarchy. 2010-12-16 16:00:43 +00:00
Luke Taylor
c8820166c8 SEC-1576: Parameterize the secured object type in AccessDecisionVoter. 2010-12-16 15:21:22 +00:00
Luke Taylor
85d685f7d3 SEC-1611: Make access attribute in authorize tag a runtime expression 2010-12-14 16:55:34 +00:00
Luke Taylor
ce421f22bf SEC-1635: Stop security interceptors from calling AfterInvocationManager if exception occurs during invocation 2010-12-14 16:24:51 +00:00
Luke Taylor
2be2660b13 SEC-1636: Add optimizations for simple pattern cases in AntPathRequestMatcher. "/**" and "**" are treated as universal matches and a trailing "/**" is now optimized using a substring match. 2010-12-11 21:56:35 +00:00
Luke Taylor
523f6add60 Javadoc fix 2010-12-09 12:39:05 +00:00
Luke Taylor
4a40d80da1 SEC-1418: Deprecate GrantedAuthorityImpl in favour of final SimpleGrantedAuthority. 
It should be noted that equality checks or lookups with Strings or other authority types will now fail where they would have succeeded before.
 2010-12-03 16:41:46 +00:00
Luke Taylor
978b7d4707 SEC-1631: Reduced use of reflection in DefaultAuthenticationEventPublisher and added tests. 2010-12-02 18:19:27 +00:00
Luke Taylor
bfb723feac SEC-1557: Added getter to DelegatingMethodSecurityMetadataSource. Also added some optimizations of cache lookup key equals method. A class type check is unnecessary since the key class is a private inner class. 2010-12-01 21:55:33 +00:00
Luke Taylor
441aa25383 SEC-1615: Changed key generation for anonymous provider to only use SecureRandom on demand. 2010-12-01 20:52:37 +00:00
Luke Taylor
4ad0652787 Removed array of authorities constructor from TestingAuthenticationToken and RunAsUserToken. 2010-12-01 20:52:37 +00:00
Luke Taylor
ca679e1479 Reformatting. 2010-12-01 20:52:37 +00:00
Luke Taylor
9b29dcb8bf SEC-1430: Removed username attribute from WebAttributes class. 2010-11-26 14:20:19 +00:00
Luke Taylor
43be9ea2a4 SEC-1430: Removed caching of username in session upon failed authentication. Improved Javadoc. 2010-11-26 13:58:49 +00:00
Luke Taylor
d64efe9747 SEC-1492: Added GrantedAuthoritiesMapper to provide mapping of loaded authorities to those which are eventually stored in the user Authentication object. 2010-11-25 15:19:37 +00:00
Luke Taylor
89f80659a1 Move docs on request matching to correct file and delete unused one 2010-11-24 00:30:37 +00:00
Luke Taylor
49242729e4 Added imgSrcPath parameter for use in docbookFopPdf task. 2010-11-24 00:28:59 +00:00
Luke Taylor
51a53ddbaa Minor refactoring of GAE code to use specific GrantedAuthority type. 2010-11-17 14:15:11 +00:00
Luke Taylor
60970dd9c4 Added some tests for web expression handling code. 2010-11-15 20:01:38 +00:00
Luke Taylor
2d9f98d535 SEC-1412: DefaultSavedRequest should ignore "If-Modified-Since" headers to prevent re-displaying the login form (the cached result of the original request). 2010-11-15 16:14:24 +00:00
Luke Taylor
fc00d7ef1d Move the unix scripts for the tutorial sample into a subdirectory 2010-11-12 15:19:46 +00:00
Luke Taylor
37810a19c4 SEC-1619: Added check in GAE sample for change of Google user while still logged into the app. 
Also updated GAE version and build script. Uploading to GAE now works when run from the gradle build file using the command 'gradle gaeDeploy'.
 2010-11-10 15:37:42 +00:00
Luke Taylor
8b51c2c97d SEC-1587: Add explicit call to removeAttribute() to remove the context from the session if the current context is empty or anonymous. 
Allows for the situation where a user is logged out without invalidating the session.
 2010-11-09 13:55:45 +00:00
Luke Taylor
7754882ba9 SEC-1550: Additional signature change (in AnonymousAuthenticationToken) 2010-11-09 13:48:57 +00:00
Rob Winch
ffccc5f446 SEC-1617: Added spring-security-taglibs as a runtime dependency to jaas.gradle 2010-11-08 19:27:44 -06:00
Luke Taylor
4b6a2168c7 SEC-1550: Additional signature change (in LdapUserDetailsManager.removeAuthorities()) 2010-11-08 15:14:30 +00:00
Luke Taylor
6b691f6fc0 SEC-1613: Corrected preauth docs. 2010-11-04 14:32:06 +00:00
Rob Winch
4f51eb09c0 SEC-1606: Added a FirewalledRequestAwareRequestDispatcher that will call FirewalledRequest.reset() before a forward 2010-11-03 15:27:59 -05:00
Luke Taylor
b9a98613eb SEC-1593: Added tests to try to reproduce issue. 2010-11-03 19:37:25 +00:00
Luke Taylor
1c8d28501c SEC-1550: Convert signatures to use Collection<? extends GrantedAuthority> where appropriate. 2010-11-03 13:48:59 +00:00
Luke Taylor
8d867e8b67 Updated integration tests to detect case reported as SPR-7563. 2010-11-02 20:35:24 +00:00
Luke Taylor
265cdaf2a6 SEC-1595: Added extra constructor to OpenID4JavaConsumer which takes a ConsumerManager to allow a version compatible with GAE to be injected. 2010-11-02 20:19:16 +00:00
Luke Taylor
337477de6a SEC-1604: Change log level to debug for "Validated configuration attributes" message. 2010-11-02 20:06:42 +00:00
Luke Taylor
54d0a263de SEC-1590: Removed WebAuthenticatioDetails.doPopulateAdditionalInformation() method which is caled from superclass constructor. 2010-11-02 19:50:40 +00:00
Luke Taylor
43ec2beec0 SEC-1183: Modified Attributes2GrantedAuthoritiesMapper to return Collection<? extends GrantedAuthority>. 2010-11-02 14:02:55 +00:00
Luke Taylor
84efffb937 SEC-1542: Add a setter for the UserDetailsChecker in AbstractRememberMeServices. 2010-11-02 13:41:59 +00:00
Luke Taylor
2671e52d5a Expand message on incorrect Spring version to suggest checking the classpath for unwanted jars. 2010-11-02 12:31:44 +00:00
Luke Taylor
0696bed78e SEC-1608: Make sure FirewalledRequest.reset() is called when filter="none" 2010-11-02 12:08:39 +00:00
Luke Taylor
deef2706ef SEC-1607: Report correct version for Spring Security (not Spring version). 2010-11-02 11:13:32 +00:00