7d97adc687
SEC-1584: Addition of HttpFirewall strategy to FilterChainProxy to reject un-normalized requests and wrap the incoming request object before processing by the security filter chain to provide a more consistent representation of paths than is guaranteed by the servlet spec. The wrapper strips path parameters from pathInfo and servletPath to provide consistency of URL matching across servlet containers and protect against bypassing security constraints by the malicious addition of such parameters to the URL. The paths are canonicalized further by replacing of multiple sequences of "/" characters with a single "/".
2010-10-27 13:25:39 +01:00
695c8f4ad6
Import cleaning and suppression of deprecation warnings.
2010-10-27 13:25:39 +01:00
bd84a2bfa1
SWC-1552 Update .tld in integration test to match change in taglib.
2010-10-26 14:00:45 +01:00
70600a0277
SEC-1552 Refactor AuthorizeTag and LegacyAuthorize tag to make them independent of JSP tag rendering.
2010-10-26 12:33:51 +01:00
7258abbbf4
SEC-1585: changed spring-beans-3.1.xsd to spring-beans-3.0.xsd
2010-10-10 19:51:37 -05:00
ee12d54bec
SEC-1536: moved web.authentication.jaas to web.jaasapi
...
Renamed org.springframework.security.web.authentication.jaas to org.springframework.security.web.jaasapi to be better aligned with org.springframework.security.web.servletapi, added package-info.java, and removed trailing whitespaces
2010-10-05 22:28:42 -05:00
8249492ce9
SEC-1578: Use ThreadLocal.remove() instead of ThreadLocal.set(null)
2010-10-04 17:07:04 -05:00
e69b981c72
Make method in MatcherType public for use in OAuth.
2010-09-25 20:09:12 +01:00
f978814bb1
Improve entry of username and password for scp upload.
2010-09-24 21:01:18 +01:00
685e0417a7
SEC-1544: Update the tutorial sample to attempt to delete the JSESSIONID cookie on logout.
2010-09-19 18:30:52 +01:00
11a87d1fa0
Switch to using xsd:boolean in schema file.
2010-09-19 18:17:06 +01:00
1b2b371970
SEC-1544: Added CookieClearingLogoutHandler and 'delete-cookies' attribute to the 'logout' namespace element.
...
When the user logs out, the handler will attempt to delete the named cookies (which it is constructor-injected with) by expiring them in the response.
Also added documentation on the feature and a suggestion for deleting JSESSIONID through an Apache proxy server, if the servlet container doesn't allow clearing the session cookie.
2010-09-16 16:03:24 +01:00
383211561c
Moved LDAP placeholder config test into LDAP tests to prevent issues with parallel tests. Converted LdapProviderBDP tests to groovy/spock. Other misc tidying of config tests.
2010-09-16 12:31:23 +01:00
7dd8cd2fb9
Make sure ApacheDS work directory is set correctly for separate LDAP test task in config module.
2010-09-16 10:50:12 +01:00
551166a577
ApacheDS workDir property should be passed to the test process, not set as a system property in the main build process.
2010-09-14 14:43:21 +01:00
a128e3b4fe
http://forum.springsource.org/showthread.php?p=318755 Added PlaceHolderAndELConfigTests.ldapAuthenticationProviderWorksWithPlaceholders
2010-09-13 13:44:12 -05:00
de819378fc
SEC-1536: added JAAS API Integration, updated doc, updated jaas sample
2010-09-13 13:12:45 -05:00
0217e98bdb
Added an AppListener to collect events for use in tests
2010-09-13 14:20:21 +01:00
62cbd51d54
SEC-1562: Made SecurityExpressionRootPropertyAccessor a package private class as it is no longer referenced from multiple packages.
2010-09-13 13:52:24 +01:00
c5231fc213
SEC-1538: Deprecate PreAuthenticatedGrantedAuthoritiesAuthenticationDetails (forgot originally) and update documentation to remove reference to AbstractPreAuthenticationAuthenticationDetailsSource.
2010-09-13 12:19:21 +01:00
829444d59b
SEC-1564: testCompile configurations should include jcl-over-slf4j rather than logback.
2010-09-11 11:01:12 +01:00
58d9903ebc
SEC-1564: JAAS Configuration can now be injected into DefaultJaasAuthenticationProvider
2010-09-10 20:17:22 -05:00
8bf1b8420a
SEC-1563: Move PermissionEvaluator and related methods to SecurityExpressionRoot
2010-09-08 15:06:00 +01:00
ca44ebd3cc
SEC-1338: Applied submitted patch, making use of java.util.concurrent classes in place of traditional synchronization.
2010-09-08 12:59:49 +01:00
af56f4844d
SEC-1562: Created SecurityExpressionHandler interface and AbstractSecurityExpressionHandler.
2010-09-07 19:46:45 +01:00
b0998c01bc
SEC-1553: Make WebAuthenticationDetails serializable
2010-09-01 18:43:07 +01:00
577ec27507
Polishing.
2010-08-30 19:03:47 +01:00
7a3892556c
Added a "docs" convenience task
2010-08-30 19:03:15 +01:00
f4d57ab5e8
SEC-1456: Remove maven poms as we are now using gradle for the build.
2010-08-30 19:02:19 +01:00
696150f3c3
Remove unused import.
2010-08-30 11:52:52 +01:00
1a1372ab84
Removed deprecated AspectJInterceptor classes since these cannot be used with the existing MethodSecurityMetadataSource implementations (which no longer support JoinPoin as a secured object). Added some more tests.
2010-08-28 21:41:19 +01:00
65712f5cbc
SEC-1549: AclPermissionCacheOptimizer now does nothing if passed an empty collection of domain objects.
2010-08-28 14:39:43 +01:00
20988c8cf6
Minor refactoring of debug filter and tidying up tests.
2010-08-27 01:49:30 +01:00
566328fea4
Minor tweaking of IDEA deps.
2010-08-24 22:36:42 +01:00
ba890cf7e5
Removed invalid test method.
2010-08-24 21:03:33 +01:00
d1e8b8e29d
More tests. Minor refactoring.
2010-08-24 20:57:45 +01:00
bf9d4a9747
Remove unnecessary local variable.
2010-08-24 20:29:25 +01:00
5902c6b262
Adjustments to coverage generation (enable debug logging when coverage on).
2010-08-24 18:27:44 +01:00
f71d9df7fe
Deprecate unnecessary method in SecurityConfig
2010-08-24 18:26:38 +01:00
42721d407b
Added tests for acls/afterinvocation package
2010-08-24 18:26:09 +01:00
bdb906e588
Enable parameterization for log levels in logback files to allow the use of command-line options for controlling log output.
2010-08-24 18:25:39 +01:00
c1418c7536
Minor change in doc information about samples since these are no longer in maven repo.
2010-08-23 14:58:27 +01:00
35335e84b3
Reset post-release build version.
2010-08-23 00:13:20 +01:00
23c4d1ec28
Set version to 3.1.0.M1.
2010-08-22 23:54:33 +01:00
b39b63bf3d
Add logback configuration for contacts sample.
2010-08-22 22:43:49 +01:00
b2fc1d8491
Fix namespace schema version in CAS sample.
2010-08-22 22:43:10 +01:00
837771537f
Tweak docs build to only prevent "assemble" from depending on the archive/upload tasks.
2010-08-22 22:42:54 +01:00
98108d2694
Add support for ant.scp to TarUpload task.
2010-08-22 22:41:41 +01:00
07d8275ee6
Modify order of saxon and xerces deps in dependency list to prevent Aelfred parser from being used in build.
2010-08-22 22:31:01 +01:00
b9dfc69d62
Apply idea and eclipse plugins to java projects only.
2010-08-22 22:29:11 +01:00
Luke Taylor
Rossen Stoyanchev
Rob Winch