Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-25 21:42:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,023 Commits 36 Branches 348 Tags
Commit Graph

3023 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Luke Taylor
08c5fe8925 Fixed autoboxing issue 2008-05-22 12:19:00 +00:00
Luke Taylor
fbe3ca48f4 SEC-823, SEC-843: Allow setting of custom RememberMeServices and token validity periodon remember-me namespace element 2008-05-21 16:03:05 +00:00
Luke Taylor
3e33b8a880 Update InMemoryXmlApplicationContext to use 2.0.2 schema 2008-05-20 22:46:37 +00:00
Luke Taylor
b60c578b25 SEC-844: Support for SHA-256 hashing. 2008-05-20 22:45:02 +00:00
Luke Taylor
03981ab6a0 SEC-844: Added sec-256 to namespace schema 2008-05-20 22:32:03 +00:00
Luke Taylor
e9adbd4d62 SEC-844, SEC-843, SEC-823: Added support for sha-256, custom remember-me services and setting of remember me token validity period to namespace schema. Also added 2.0.2 XSD file 2008-05-20 19:48:32 +00:00
Luke Taylor
29d31b72d0 SEC-837: Add special character filtering to LDAP search filters 2008-05-20 19:25:37 +00:00
Luke Taylor
3fb1f59fde SEC-837: Add special character filtering to LDAP search filterscore/src/test/java/org/springframework/security/ldap 2008-05-20 19:22:49 +00:00
Luke Taylor
219d2e8962 Corrected link 2008-05-20 10:57:17 +00:00
Luke Taylor
ff215e6750 Minor doc fixes 2008-05-20 10:54:29 +00:00
Luke Taylor
6ae81d553b SEC-842: Minor doc fixes 2008-05-20 10:48:59 +00:00
Luke Taylor
5af53da106 Improved doc for'filters' attribute 2008-05-18 11:09:50 +00:00
Luke Taylor
2329dadf48 Removed jalopy parameter comments 2008-05-15 17:58:15 +00:00
Luke Taylor
fb5eefeea5 SEC-740: Finished preauth chapter 2008-05-15 17:00:45 +00:00
Luke Taylor
f269373442 IDE-791: Remove explicit Spring LDAP class dependencies from LdapServerBDP. 2008-05-15 14:33:42 +00:00
Luke Taylor
4f6b4e4bfd Make sample login pages use c:out for data output 2008-05-15 12:48:13 +00:00
Luke Taylor
8b2c0468ff OPEN - issue SEC-834: Session fixation attack protection will cause problems with URL rewriting 
http://jira.springframework.org/browse/SEC-834. Modified HttpSecurityBDP to add session-fixation parameters to openId and form-login filters. Also added sessionRegistry property to AbstractProcessingFilter so that it doesn't conflict with concurrent session control.
 2008-05-15 01:34:14 +00:00
Luke Taylor
d17a2da9e0 SEC-834: Session fixation attack protection will cause problems with URL rewriting 
http://jira.springframework.org/browse/SEC-834. Changed position of SessionFixationProtectionFilter and modified it to make a decision about whether authentication has taken place prior to calling doFilter(). Previously it did this on the return through the filter chain, which caused the problem described in this issue.
 2008-05-15 00:26:27 +00:00
Luke Taylor
7f38c656ca SEC-820: Expand regular expression used in hierarchical roles. 2008-05-14 22:59:33 +00:00
Luke Taylor
6493df13f8 SEC-803: Removed use of websphere SubjectHelper class. 2008-05-14 22:51:39 +00:00
Luke Taylor
d4defb10fe SEC-833: Fixed login-failure-url in contacts sample app. 2008-05-14 22:41:13 +00:00
Luke Taylor
59543af4fb SEC-826: Support for JPA PersistenceContext annotation broken 
http://jira.springframework.org/browse/SEC-826 Moved all injection post-processing to BeanPostProcessors (and deleted bean factory post-processor) to prevent early instantiation problems. Beas should now all be instantiated before the injection takes place.
 2008-05-14 16:41:52 +00:00
Luke Taylor
332f8fe5a1 SEC-624: Minor updates to docs 2008-05-13 17:16:19 +00:00
Luke Taylor
7a8eec11da SEC-765: Brief outline of preauth sample 2008-05-13 17:14:45 +00:00
Luke Taylor
ff61644219 SEC-740: More on preauth 2008-05-13 17:13:47 +00:00
Luke Taylor
1fee538c7e Fixed typo in setter method (uses of). 2008-05-13 15:32:30 +00:00
Luke Taylor
ae2470127c Fixed typo in setter method "seAttributePrefix" 2008-05-13 13:51:49 +00:00
Luke Taylor
2a4d859812 SEC-829: Minor doc fix 2008-05-13 10:18:09 +00:00
Luke Taylor
15b893f9ae SEC-809: OpenIDProcessingFilter updated to set authentication details (to make compatible with concurrent session control). 2008-05-12 20:05:24 +00:00
Luke Taylor
de886e36fa SEC-624: Expanded general info on obtaining samples and added pointers to ldap and cas versions 2008-05-10 17:21:18 +00:00
Luke Taylor
ad9a667b75 SEC-624: Inserted sub-sections for key class definitions so they appear in toc 2008-05-10 17:19:46 +00:00
Luke Taylor
f70701d55a SEC-624: Added section on 'getting the source' for reference from samples chapter 2008-05-10 17:18:29 +00:00
Luke Taylor
e1b226ee57 Added 2.0.2 namespace file 2008-05-10 17:16:46 +00:00
Luke Taylor
af0153d833 Extended intro to Authentication part to include pointers to tech overview and namespace config 2008-05-10 17:10:49 +00:00
Luke Taylor
d78a021fe1 Added basic intro to preauth 2008-05-10 16:07:39 +00:00
Luke Taylor
e1c17450b3 Updated faqs to add infinite loop and access denied debug message 2008-05-10 12:31:14 +00:00
Luke Taylor
add2649397 Javadoc typo. 2008-05-09 18:09:56 +00:00
Luke Taylor
781d88bd30 OPEN - issue SEC-825: Query string isn't beig stripped from URLs when ant matcher is in use (regression issue) 
http://jira.springframework.org/browse/SEC-825. Make sure the property is set on DefaultFilterInvocationDefinitionSource when ant paths are in use.
 2008-05-09 18:08:32 +00:00
Luke Taylor
1030dca353 SEC-786: Added information on the need ofor a UserDetailsService if using auto-config/remember-me 2008-05-09 15:01:39 +00:00
Luke Taylor
b99f9d343d SEC-624: Added some info on use of role-prefix 2008-05-09 14:25:42 +00:00
Luke Taylor
c0e829a41d SEC-700: Added info on new remember-me imlementation and namespace config examples 2008-05-08 15:59:01 +00:00
Luke Taylor
5a1258a4ca Corrected references to parts and reading order 2008-05-08 15:54:27 +00:00
Luke Taylor
883b92e7bd SEC-822: Converted to long arithmetic to prevent integer overflowing with long token validity periods 2008-05-08 15:07:40 +00:00
Luke Taylor
301d021bf5 SEC-817: NPE in org.springframework.security.config.FilterChainProxyPostProcessor 
Reversed order of beanName.equals() call as suggested.
 2008-05-07 13:58:53 +00:00
Luke Taylor
8ad2d681ab SEC-818: Changed redirect URL validation to ignore potential property placeholders at parsing time and report a warning through the parser context rather than an error. Also validated the URLs in the beans themselves using Asserts, so an exception will occur later when the beans have been created rather than while assembling the bean definitions. 2008-05-07 13:49:20 +00:00
Luke Taylor
5cf0c84e2f SEC-814: Added standard bean config to ldap example and updated doc to provide some pointers to DefaultLdapAuthoritiesPopulator 2008-05-06 14:50:14 +00:00
Luke Taylor
afc757e618 Removed reference to LdapDataAccessException since it isn't actually mentioned except in javadoc 2008-05-06 14:43:52 +00:00
Luke Taylor
c333070fe3 Javadoc tidying 2008-05-06 13:59:46 +00:00
Luke Taylor
fca3a2a709 SEC-812: Added missing TextUtils file 2008-05-05 19:09:09 +00:00
Luke Taylor
fa44c74993 SEC-812: Added entity-escaping of username stored under last username key, to prevent problems if it is rendered in a page without escaping the text. 2008-05-05 18:37:02 +00:00