Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,792 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

4792 Commits

Author SHA1 Message Date
Luke Taylor b60367e30c Upgrade to validater 4.2 2011-11-01 00:20:45 +00:00
Luke Taylor 0bccbbfc18 SEC-1779: Make new getters protected rather than public. 2011-11-01 00:20:34 +00:00
Luke Taylor 178765cf83 SEC-1836: Forgot taglib comment update. 2011-11-01 00:19:37 +00:00
Luke Taylor f456db267f SEC-1779: Added getters for success and failure handlers to AbstractAuthenticationProcessingFilter. 2011-11-01 00:06:23 +00:00
Luke Taylor 30088f19ae SEC-1806: Log that bean definition is being created rather than bean in LdapServerBDP. 2011-10-31 23:50:06 +00:00
Luke Taylor 09ac4bd8f9 SEC-1833: Remove unused securityContextClass from HttpSessionSecurityContextRepository. 2011-10-31 23:44:43 +00:00
Luke Taylor fc399af136 SEC-1836: use GET as the default method with authorize tag. 2011-10-31 23:23:37 +00:00
Luke Taylor 2f67bb3032 SEC-1847: Add authentication-manager-ref attribute to http and global-method-security namespace elements. 2011-10-30 21:51:02 +00:00
Luke Taylor bce4d81142 Mark overriding "extraInformation" methods in account status exceptions as deprecated. 2011-10-30 21:47:04 +00:00
Luke Taylor c0c283029a Upgrade Jetty version. 2011-10-30 21:45:58 +00:00
Luke Taylor 44e2543015 Minor changes to make filter chain validation more robust with custom request matchers. 2011-10-24 21:21:10 +01:00
Luke Taylor f2786805e6 SEC-1841: Added request-matcher-ref attribute to namespace for defining a filter chain. 2011-10-21 20:04:35 +01:00
Luke Taylor 58f7d3acc6 SEC-1835: Changed xsd:ID to xsd:token. 2011-10-21 18:35:06 +01:00
Luke Taylor f1e63f3008 SEC-1802: Add digits to valid URL scheme regex. 2011-10-21 17:25:50 +01:00
Rob Winch 2fd0a65049 SEC-1839: Updated preauth example to use </security:authentication-manager> instead of </security-authentication-manager> 2011-10-18 19:18:56 -05:00
Luke Taylor ac6ed671a1 SEC-1830: Use constructor injection in namespace parsing code for creation of ProviderManager 2011-09-26 18:24:36 +01:00
Luke Taylor 9d66e1fac3 Exclude static resources from filter chain in tutorial sample. 2011-09-25 22:30:14 +01:00
Luke Taylor 2953f56b2b Remove ancient code formatter artifacts. 2011-09-25 21:17:21 +01:00
Luke Taylor 869c6a7c18 SEC-1800: Set input size to 30 for OpenID login. 2011-09-25 21:13:37 +01:00
Luke Taylor 44364d0101 SEC-1826: Empty attribute list should be treated the same as null in DelegatingMethodSecurityMetadataSource. 2011-09-24 14:36:54 +01:00
Luke Taylor be8ee61f82 PreInvocationAuthorizationAdviceVoter was checking the wrong type in its "supports" method. 
This isn't actually used, but is still incorrect.
 2011-09-24 13:13:38 +01:00
Luke Taylor a573e7b395 SEC-1820: Added null check for attributesToFetch in OpenID4JavaConsumer. 2011-09-20 21:46:21 +01:00
Rob Winch 4a000d040c SEC-1815: Downgrade openid to use HttpClient 4.1.1 to avoid bug in openid4java's usage of HttpClient 2011-09-18 18:52:27 -05:00
Luke Taylor 359bd7c468 SEC-1804: Updated Javadoc wrt immutability of User class. 2011-08-25 10:50:50 +01:00
Luke Taylor 7bde24af6c Reset version to 3.1.0.CI-SNAPSHOT. 2011-08-19 15:24:45 -07:00
Luke Taylor 9e619611ae Set release version to 3.1.0.RC3 2011-08-19 15:24:44 -07:00
Luke Taylor 8ce6c73802 Add check for empty attributes list as well as null, in DelegatingMethodSecurityMetadataSource 2011-08-19 15:24:44 -07:00
Luke Taylor d6b7b52a79 Update to Spring 3.0.6. 2011-08-19 15:06:26 -07:00
Luke Taylor 3e4fc0b948 SEC-1795: Fix possible NPEs in AclImpl.equals() 2011-08-19 11:45:34 -07:00
Luke Taylor a4c05239e5 SEC-1719: Lithuanian messages translation. 2011-08-19 11:17:05 -07:00
Luke Taylor 503ac9ae7c SEC-1798: Remove internal evaluation of EL in JSP tag implementations. 2011-08-12 19:44:27 +01:00
Luke Taylor 45d938566c Some tests for Base64 encoding. 2011-08-12 19:44:27 +01:00
Luke Taylor 59a07175a6 SEC-1744: Do not trust authorities contained in the authentication request in JaasAuthenticationProvider. 2011-08-12 19:44:27 +01:00
Luke Taylor c618f4ab52 Add missing package to remoting bundlor template. 2011-08-12 19:44:27 +01:00
Luke Taylor 5fce0a58bd SEC-1750: Make sure RunAs replacement is constrained to the SecurityContext of the current thread. 2011-08-12 19:44:27 +01:00
Luke Taylor b48fc53fa2 SEC-1741: Modify ContextPropagatingRemoteInvocation to pass a simple combination of principal/credentials as Strings, rather than serializing the whole SecurityContext object from the client. 2011-08-12 19:44:27 +01:00
Luke Taylor 249610c7ed SEC-1742: Remove deprecated "includeDetailsObject" field from DaoAuthenticationProvider. 2011-08-12 19:44:26 +01:00
Luke Taylor 1976cb1bf7 SEC-1742: Deprecate use of extraInformation field in AuthenticationException, making it transient and removing any sensitive data in UserDetails objects which are stored in it. 2011-08-12 19:44:26 +01:00
Luke Taylor 824464516c SEC-1790: Reject redirect locations containing CR or LF. 2011-08-12 19:44:26 +01:00
Luke Taylor 6333909107 SEC-1797: Create a new session in AbstractPreAuthenticatedProcessingFilter when the existing session is invalidated on detecting a principal change. 2011-08-12 19:07:17 +01:00
Luke Taylor 74daa68691 SEC-1796: Check for annotated annotations at class/interface level. Previously only the specific security annotation was checked for. By delegating to Spring's AnnotationUtils, custom annotations carrying the security annotation are also detected. 2011-08-12 14:29:55 +01:00
Luke Taylor 8ce4d326f5 Update HttpClient to 4.1.2 and removed incorrect bundlor references to commons version. 2011-08-12 00:23:29 +01:00
Luke Taylor 0120643721 SEC-1794: Convert OpenIDAuthenticationStatus to an enum. 2011-08-10 17:09:33 +01:00
Luke Taylor 0c2a950fa0 SEC-1788: Avoid unnecessary call to getPreAuthenticatedPrincipal() in AbstractPreAuthenticatedProcessingFilter when not checking for principal changes is not enabled. 2011-08-10 17:07:09 +01:00
Rob Winch 7399c9a7a5 SEC-1792: Fixed NullPointerException in RunAsUserToken#toString() 2011-07-29 09:55:18 -05:00
Rob Winch dfd467f26e cleaned imports in RunAsUserToken 2011-07-29 09:39:02 -05:00
Luke Taylor 7e44580c75 Minor refactoring of aspects tests. 2011-07-20 17:42:05 +01:00
Luke Taylor 8740efc0f5 Added constructor injection options to ConcurrentSessionFilter 2011-07-18 15:09:31 +01:00
Luke Taylor a1c714cff4 SEC-1754: Added an InvalidSessionStrategy to allow SessionManagementFilter to delegate out the behaviour when an invalid session identifier is submitted. 2011-07-14 16:43:02 +01:00
Luke Taylor ac3d8b25f2 Expand LDAP authentication FAQ with information about bind authentication and unreadable password attributes. 2011-07-14 13:13:39 +01:00