Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-30 14:18:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,882 Commits 48 Branches 362 Tags
Commit Graph

2904 Commits

Author SHA1 Message Date
Rob Winch
448a42916d SEC-1880: Corrected error message when using both logout-success-url and success-handler-ref 2011-12-30 11:31:24 -06:00
Rob Winch
ea56a98883 SEC-1868: Remove error level logs from SecurityNamespaceHandler when the web classes are not available and not required 
To get the detailed errors the FilterChainProxy is loaded again in reportMissingWebClasses
and included in the readerContext fatal log.
 2011-12-30 10:51:17 -06:00
Rob Winch
044861eb20 Renamed **/*Spec.groovy to **/*Tests.groovy to better follow conventions 2011-12-29 12:59:24 -06:00
Rob Winch
aabb16912f SEC-1878: DefaultFilterChainValidator properly handles AccessDecisionManager throwing exceptions other than AccessDeniedException 2011-12-28 16:43:19 -06:00
Rob Winch
999adbc6ee SEC-1827: If use-secure-cookie is set to false explicitly set useSecureCookie to false on AbstractRememberMeServices 2011-11-21 09:11:17 -06:00
Rob Winch
ff495b698e SEC-1858: Removed methods for generating docbook for xsd 
Not squashing so this is around if needed again
 2011-11-11 11:45:02 -06:00
Rob Winch
c8b847f1ed SEC-1858: Added integration tests to validate that the xsd is documented in the reference 2011-11-11 11:44:55 -06:00
Rob Winch
de397bc0ce SEC-1858: Updated xsd documentation to have documentation for all elements/attributes and added documentation of default values where appropriate 2011-11-11 09:00:53 -05:00
Luke Taylor
3b13a3fb25 SEC-1812: Replace assertion with warning message when overriding the global AuthenticationManager. 2011-11-02 14:23:59 +00:00
Luke Taylor
30088f19ae SEC-1806: Log that bean definition is being created rather than bean in LdapServerBDP. 2011-10-31 23:50:06 +00:00
Luke Taylor
2f67bb3032 SEC-1847: Add authentication-manager-ref attribute to http and global-method-security namespace elements. 2011-10-30 21:51:02 +00:00
Luke Taylor
44e2543015 Minor changes to make filter chain validation more robust with custom request matchers. 2011-10-24 21:21:10 +01:00
Luke Taylor
f2786805e6 SEC-1841: Added request-matcher-ref attribute to namespace for defining a filter chain. 2011-10-21 20:04:35 +01:00
Luke Taylor
58f7d3acc6 SEC-1835: Changed xsd:ID to xsd:token. 2011-10-21 18:35:06 +01:00
Luke Taylor
ac6ed671a1 SEC-1830: Use constructor injection in namespace parsing code for creation of ProviderManager 2011-09-26 18:24:36 +01:00
Luke Taylor
a1c714cff4 SEC-1754: Added an InvalidSessionStrategy to allow SessionManagementFilter to delegate out the behaviour when an invalid session identifier is submitted. 2011-07-14 16:43:02 +01:00
Luke Taylor
f92589f051 Extract a SecurityFilterChain interface and create a default implementation to facilitate other configuration options. 2011-07-06 00:12:48 +01:00
Luke Taylor
73442125de SEC-1775: Removed internal use of UserAttribute class in AnonymousAuthenticationFilter. 2011-07-04 21:09:48 +01:00
Luke Taylor
5d20f57fa8 Import cleaning. 2011-07-02 20:36:42 +01:00
Rob Winch
85807fdfd0 Removed @Overrides from method that implements interface instead of overriding superclass to resolve Java 1.5 error 2011-06-21 07:22:35 -05:00
Luke Taylor
5a1ddc660b SEC-1768: Added tests to reproduce "double-proxying" issue combining intercept-methods and tx-annotation-driven. Problem is caused by use of ProxyFactoryBean with auto-proxying. 2011-06-18 14:32:31 +01:00
Luke Taylor
52c0ee6756 Improve error reporting of missing web classes in namespace handler. Now catches and logs the class-loading error. 2011-06-13 13:39:55 +01:00
Luke Taylor
27caecd53f SEC-1452: Added namespace support for custom expression handler for use with web access expressions. 2011-05-19 15:27:58 +01:00
Luke Taylor
1b8eee6f07 Improve "missing web classes" message in SecurityNamespaceHandler, by indicating that a missing transitive dependency may also be the problem. 2011-05-16 00:19:30 +01:00
Luke Taylor
6e91786f92 SEC-1734: AbstractRememberMeServices will now default to using a secure cookie if the connection is secure. The behaviour can be overridden by setting the useSecureCookie property in which case the cookie will either always be secure (true) or never (false). 2011-05-09 13:36:23 +01:00
Luke Taylor
c4a1ce9f1a SEC-1725: Update docs to remove references to filter-chain-map. 2011-04-25 23:38:44 +01:00
Luke Taylor
b5924db74d SEC-1725: Add option to filter-chain to use an explicit request-matcher-ref instead of a "path" attribute. 2011-04-25 23:20:15 +01:00
Luke Taylor
04dc65c8fe SEC-1657: Corresponding namespace updates to use SecurityFilterChain list in place of filterChainMap. 2011-04-25 13:48:47 +01:00
Luke Taylor
71ed6d7964 SEC-1720: Avoid bean-creation side-effects in ContextSourceSettingPostProcessor. 2011-04-20 11:58:00 +01:00
Luke Taylor
8d702a4f98 SEC-1699: Make sure a FilterInvocation is passed to the AccessDecisionManager when checking the login page access in DefaultFilterChainValidator. 2011-04-14 18:04:29 +01:00
Luke Taylor
160fed1bfe SEC-1713: Fix typo in schema RNC file. 2011-04-08 17:22:57 +01:00
Luke Taylor
8d99918798 SEC-1491: Add support for an external priority SecurityMetadataSource to be referenced from global-method-security. 2011-04-05 15:07:43 +01:00
Luke Taylor
ddaf9eb64f SEC-1705: Make sure a single OpenIDAuthenticationFilter bean is created by the namespace. Likewise for UsernamePasswordAuthenticationFilter. 2011-03-31 21:09:54 +01:00
Luke Taylor
bc2448419b SEC-1679: Make sure whitespace is trimmed from cookie names when specifying multiple cookies. 2011-02-14 19:02:28 +00:00
Luke Taylor
27be72a81c SEC-1677: Split out LDAP server tests from config module. 2011-02-14 19:01:27 +00:00
Luke Taylor
866615ceaa SEC-1662: Cater for the case where a user uses two <http> elements without patterns and the RequestMatcher does not have two arguments. 2011-01-26 16:39:50 +00:00
Luke Taylor
2eefbf3a23 SEC-1657: Added support for 'name' attribute in <http> element to expose filter chain as a list bean. 2011-01-14 17:21:22 +00:00
Luke Taylor
6de2197c0f SEC-1653: Ensure UserDetailsServiceFactoryBean is registered using the tools API to prevent errors in STS. 2011-01-11 00:10:07 +00:00
Luke Taylor
8d7830a1ee SEC-1603: Add support in namespace for use of AuthenticationSuccessHandler with remember-me. 2011-01-06 15:16:13 +00:00
Rob Winch
1ed5227d75 Removed @Override from HttpFirewallBeanDefinitionParser.parse since it does not override a method definition, it implements one. 
Fixed The method parse(Element, ParserContext) of type HttpFirewallBeanDefinitionParser must override a superclass method	HttpFirewallBeanDefinitionParser.java	/spring-security-config/src/main/java/org/springframework/security/config/http	line 23	Java Problem
 2010-12-16 22:20:20 -06:00
Luke Taylor
2be2660b13 SEC-1636: Add optimizations for simple pattern cases in AntPathRequestMatcher. "/**" and "**" are treated as universal matches and a trailing "/**" is now optimized using a substring match. 2010-12-11 21:56:35 +00:00
Luke Taylor
4a40d80da1 SEC-1418: Deprecate GrantedAuthorityImpl in favour of final SimpleGrantedAuthority. 
It should be noted that equality checks or lookups with Strings or other authority types will now fail where they would have succeeded before.
 2010-12-03 16:41:46 +00:00
Luke Taylor
441aa25383 SEC-1615: Changed key generation for anonymous provider to only use SecureRandom on demand. 2010-12-01 20:52:37 +00:00
Luke Taylor
b9a98613eb SEC-1593: Added tests to try to reproduce issue. 2010-11-03 19:37:25 +00:00
Luke Taylor
21ed5feb8d SEC-1600: Added Implementation-Version and Implementation-Title to manifest templates and checking of version numbers in namespace config module and core. Config checks the version of core it is running against and core checks the Spring version, reporting any mismatches or situations where the app is running with less than the recommended Spring version. 2010-10-27 13:25:40 +01:00
Luke Taylor
f70942c6f5 SEC-1589: Add support for property placeholder in intercept-methods access attribute. 2010-10-27 13:25:39 +01:00
Luke Taylor
173537f4f2 SEC-1584: Added namespace support for injecting custom HttpFirewall instance into FilterChainProxy. 2010-10-27 13:25:39 +01:00
Luke Taylor
0961671772 Reinstated missing 3.0.3 schema file 2010-10-27 13:25:39 +01:00
Luke Taylor
f455e9a5a4 SEC-1584: Documentation of request-checking and matching process. Logging of servletPath and and pathInfo in DebugFilter for comparison. 2010-10-27 13:25:39 +01:00
Luke Taylor
7d97adc687 SEC-1584: Addition of HttpFirewall strategy to FilterChainProxy to reject un-normalized requests and wrap the incoming request object before processing by the security filter chain to provide a more consistent representation of paths than is guaranteed by the servlet spec. The wrapper strips path parameters from pathInfo and servletPath to provide consistency of URL matching across servlet containers and protect against bypassing security constraints by the malicious addition of such parameters to the URL. The paths are canonicalized further by replacing of multiple sequences of "/" characters with a single "/". 2010-10-27 13:25:39 +01:00