a50c9afbab
Modified jaas sample's LoginModule to prevent empty string username/password
2011-03-07 22:25:19 -06:00
9e5d35235c
Made the principal for jaas sample serializable
2011-03-07 22:25:16 -06:00
6983b166d8
Configure Eclipse wtp to use the same context root as jetty
2011-03-07 22:12:13 -06:00
bd53ff1832
Updated gradle build so that eclipse is configured for AJDT
2011-03-07 22:12:13 -06:00
8978a3af3d
Updated gradle build to workaround GRADLE-1426 - configure Eclipse WTP correctly to include dependencies that were on the WAR when there are no source folders for the WAR.
2011-03-07 22:12:13 -06:00
2b67f5fee6
Updated gradle build to workaround GRADLE-1422 - test dependencies being improperly deployed when using Eclipse WTP
2011-03-07 22:12:13 -06:00
6c01590bbf
Updated gradle build to workaround GRADLE-1116 - workaround /build/classes/test being added to the Eclipse classpath
2011-03-07 22:12:13 -06:00
c7de933cb9
Updated gradle wrapper to gradle-1.0-milestone-1
2011-03-07 22:12:10 -06:00
9d45828cb0
SEC-1689: Package crypto module classes with core.
2011-03-07 17:44:38 +00:00
db6edfb512
Pull in changes to convert emma, aspectj and bundlor usage to plugins
2011-03-07 17:43:58 +00:00
fd1a70edc2
SEC-1665: Add extra check of non-public declared methods in MethodInvocationAdapter, if public method cannot be found.
2011-03-04 17:45:37 +00:00
dc73bbef3f
Add inputs to AspectJ compilation tasks for change-detection purposes.
2011-03-04 17:40:15 +00:00
131c80f444
SEC-1690: Refactor expression PropertyAccessor for dealing with properties as beans in the ApplicationContext.
2011-03-02 16:33:25 +00:00
72f031253f
Remove unnecessary dependency repos and update GAE version.
2011-02-28 15:43:25 +00:00
44252207db
SEC-1683: Corrected typo
2011-02-28 15:43:25 +00:00
7a0a2dace6
Revert deliberate test failure.
2011-02-25 23:55:22 +00:00
a9d325ea18
Deliberately fail test to test bamboo's reaction
2011-02-25 23:53:27 +00:00
4a7608b7a9
SEC-1640: Add support for "this" property to MethodSecurityExpressionRoot object, representing the object on which the method is actually being invoked.
2011-02-17 17:51:22 +00:00
0b1beee432
Update Base64 implementation to include fixes (using diff) from the original up to version 2.3.7.
2011-02-14 22:40:41 +00:00
94b7868039
SEC-1675: Add missing body-content elements to tag descriptor and update it to use 2.0 tag library schema.
2011-02-14 21:17:16 +00:00
088042b3d0
Upgrade spock and groovy versions, and make sure apacheDS work directory is set for config integrationTest task.
2011-02-14 19:03:08 +00:00
bc2448419b
SEC-1679: Make sure whitespace is trimmed from cookie names when specifying multiple cookies.
2011-02-14 19:02:28 +00:00
27be72a81c
SEC-1677: Split out LDAP server tests from config module.
2011-02-14 19:01:27 +00:00
44fb3aa4ab
SEC-1677: Create integrationTest task for Java projects and make all tests in itest module run as integration tests only.
2011-02-14 15:03:15 +00:00
a225dc3776
SEC-1677: Split out integration tests from LDAP test code.
2011-02-14 15:02:40 +00:00
9f8a47f73e
Reset post-release build version to snapshot.
2011-02-10 20:18:40 +00:00
b62d36d646
Set release version to 3.1.0.RC1
2011-02-10 20:12:54 +00:00
84ba7a0ea9
Additional tests for OpenID classes and minor refactoring of OpenID4JavaConsumer for easier testing.
2011-02-10 19:56:28 +00:00
164cba11c0
Increase max heap in gradle wrapper script.
2011-02-10 12:26:00 +00:00
bd7389b6ff
SEC-1652: Only use URI for ldif path if file isn't found.
2011-02-09 23:25:16 +00:00
3fe49dfae5
Added JDK and Spring links to Javadoc generation task.
2011-02-08 16:43:34 +00:00
12561660b1
Add Javadoc groups to build.
2011-02-08 16:13:12 +00:00
b0df1bd1b0
SEC-1673: Use a map to store the range values use in the bundlor templates.
2011-02-07 16:06:23 +00:00
eb9482b33b
Removal of some unused internal methods, plus additional tests for some areas lacking coverage.
2011-02-07 00:24:20 +00:00
20e65a93ea
Minor test updates.
2011-02-06 17:27:07 +00:00
5f58108717
Typo.
2011-02-06 15:31:36 +00:00
83050f96cb
SEC-1656: Document potential need for pre-emptive session creation if writing the security context manuall.
2011-02-06 14:58:36 +00:00
a790c7e192
SEC-1670: Take account of JNDI CompositeName escaping in value of SearchResult.getName() when performing a search for a user entry in SpringSecurityLdapTemplate.
2011-02-03 17:57:43 +00:00
4e349904e5
Add missing language attributes to programlisting tags for highlighting.
2011-02-01 16:54:18 +00:00
5caa41753a
Add check for coverage data before trying to produce report.
2011-02-01 15:41:17 +00:00
8c08eeb57b
SEC-1666: Use constant time comparison for sensitive data.
...
Constant time comparison helps to mitigate timing attacks. See the following link for more information
* http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/
* http://en.wikipedia.org/wiki/Timing_attack for more information.
2011-01-31 23:03:51 -06:00
6a62b51870
Fix typo in FAQ.
2011-01-31 12:32:05 +00:00
2e822e9abe
SEC-1659: Ensure that Digester is returning digest(digest(value)...) instead of digesting the same value multiple times.
...
Make it so that the Digester returns digest(digest(value)...) instead of digesting the same value multiple times. This
alligns with the OWASP recommendations at http://www.owasp.org/index.php/Hashing_Java#Hardening_against_the_attacker.27s_attack
2011-01-30 22:30:01 -06:00
347a2a91a9
SEC-1494: Document the use of system properties for disabling authorize tag functionality.
2011-01-30 14:04:32 +00:00
66e2a5246d
SEC-1652: Use a URI for resolving the LDIF file for loading in ApacheDS container to allow for loading files which are contained in a jar.
2011-01-30 14:04:32 +00:00
3f7f87e19f
SEC-1592: Updated CasAuthenticationFilter so that it does not continue FilterChain when handling proxy requests.
...
The fix moves CommonUtils.readAndRespondToProxyReceptorRequest into CasAuthenticationFilter.attemptAuthentication. This makes sense since
The CAS server is authenticating that the proxy url is valid (i.e. it exists and the SSL handshake succeeds). It also allows the FilterChain
to not be processed by returning a null Authentication.
2011-01-27 09:25:01 -06:00
077af5e187
SEC-1661: Use a DistinguishedName to wrap the search base to avoid the need for JNDI escaping.
2011-01-26 17:13:11 +00:00
866615ceaa
SEC-1662: Cater for the case where a user uses two <http> elements without patterns and the RequestMatcher does not have two arguments.
2011-01-26 16:39:50 +00:00
d58dd79a52
SEC-1494: Updated the tutorial webapp to use CSS and make use of the securityHiddenUI element when UI security is disabled.
2011-01-25 13:16:46 +00:00
00200cecbc
SEC-1494: Added system property "spring.security.disableUISecurity" which will prevent authorize tags from hiding content. By default, the property will also cause the area that would normally be hidden to be decorated with a <span class="securityHiddenUI"> tag, thus allowing the area to be rendered with some distinguishing css (e.g. a different background colour).
2011-01-25 13:16:46 +00:00
Rob Winch
Luke Taylor