Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-31 06:38:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
14,668 Commits 48 Branches 362 Tags
Commit Graph

2946 Commits

Author SHA1 Message Date
Luke Taylor
c947d42146 SEC-1010: Moved TestingAuthenticationProvider and token to main core src tree and updated poms to match 2008-10-15 06:35:11 +00:00
Luke Taylor
6c8a82fa13 Updated poms to Spring 2.5 and fixed up sandbox to work with latest build 2008-10-15 05:52:40 +00:00
Luke Taylor
7cc0965383 SEC-1001: Move core tiger code into core and adjust pom files 2008-10-03 15:23:31 +00:00
Luke Taylor
97381fb448 SEC-974: Made getExceptionMappings() protected. 2008-10-01 16:25:20 +00:00
Luke Taylor
4542f00b14 SEC-975: Namespace security syntax does not interpret properties 
http://jira.springframework.org/browse/SEC-975. Changed creation of AccessDeniedHandler to use a BeanDefinition to make sure placeholders work OK.
 2008-09-12 19:06:53 +00:00
Luke Taylor
5e4634d216 Minor Javadoc improvement. 2008-09-12 14:57:21 +00:00
Luke Taylor
d291def963 Removed invalid comment. 2008-09-12 10:18:40 +00:00
Luke Taylor
df59cb9dcd Import cleaning. 2008-09-11 14:41:00 +00:00
Luke Taylor
ef0389ae79 SEC-976: Removed checks for presence of core-tiger classes. 2008-09-11 14:37:55 +00:00
Luke Taylor
5b9bb8ba54 [maven-release-plugin] prepare for next development iteration 2008-09-05 19:04:22 +00:00
Luke Taylor
73eed2656d [maven-release-plugin] prepare release spring-security-parent-2.0.4 2008-09-05 18:57:43 +00:00
Luke Taylor
8661e17df9 OPEN - issue SEC-960: DN Encoding in LDAPUserDetailsManager.changePassword() causes bind errors 
http://jira.springframework.org/browse/SEC-960. Replaced call to toUrl() with toString() to prevent URL encoding when setting up principal name for reconnect() in changePassword() method.
 2008-09-05 13:49:38 +00:00
Luke Taylor
5102be3a59 SEC-971: getter for cookieName in AbstractRememberMeServices 
http://jira.springframework.org/browse/SEC-971. Added getCookieName() method.
 2008-09-04 16:05:34 +00:00
Luke Taylor
4e2d6f8b2e SEC-967: TextUtils.java does not escape ampersand character 
http://jira.springframework.org/browse/SEC-967. Added escaping of '&' character
 2008-08-29 12:01:45 +00:00
Luke Taylor
d781deffe7 OPEN - issue SEC-966: Consider adding escapeXml attribute to security:authentication 
http://jira.springframework.org/browse/SEC-966.  Added escaping of rendered text as default.
 2008-08-26 16:21:29 +00:00
Luke Taylor
a4e4120443 SEC-963: LDAP Group Search Root 
http://jira.springframework.org/browse/SEC-963. Changed namespace instances of DefaultAuthoritiesPopulator to use the root as the default search location.
 2008-08-26 13:51:01 +00:00
Luke Taylor
83868a7334 SEC-955: ability to externalize port mapping for secured channel to a property file 
http://jira.springframework.org/browse/SEC-955. Changed schema to make port-mapping type xsd:string to allow placeholders.
 2008-08-26 13:20:01 +00:00
Luke Taylor
150f3d97d0 SEC-832: NamingEnumeration.hasMore fails on MS AD with PartialResultException 
http://jira.springframework.org/browse/SEC-832. Changed searchForSingleEntry method to ignore PartialResultException, similar to Spring LDAP's approach.
 2008-08-26 12:49:37 +00:00
Luke Taylor
7f28a8bc5d Refactored DefaultLdapAuthoritiesPopulator to remove contextSource field and setter method. 2008-08-26 12:38:02 +00:00
Luke Taylor
1cfd886517 SEC-922: Spring Security should respect Spring XML boolean operators for AJ pointcut 
http://jira.springframework.org/browse/SEC-922. Added method to substitute boolean operators "and, not, or" with aspectj versions "&&, !, ||".
 2008-08-18 23:31:14 +00:00
Luke Taylor
bb457e1d07 SEC-957: logger.debug without guard causing massive performance hit 
http://jira.springframework.org/browse/SEC-957. Added debug logging guard as requested.
 2008-08-18 18:20:48 +00:00
Luke Taylor
09cf90258f SEC-758: Both AspectJSecurityInterceptor and AspectJAnnotationSecurityInterceptor not usable with @AspectJ notation 
http://jira.springframework.org/browse/SEC-758. Added "throws Throwable" to AspectJAnnotationCallback signature.
 2008-08-18 14:47:28 +00:00
Luke Taylor
e15d7a78cd SEC-956: Remove MapBasedMethodDefinitionSource.lookupAttributes 
http://jira.springframework.org/browse/SEC-956. Done.
 2008-08-18 13:13:18 +00:00
Luke Taylor
3bf5e406b7 SEC-936: NPE in AbstractFallbackMethodDefinitionSource 
http://jira.springframework.org/browse/SEC-936. Changed to check if the value of MethodInvocation.getThis() is null to prevent NPE. MapBasedMethodDefinitionSource now ignores calls to findAttributes() with a null target class (all its entries require a class) and the fallback option in AbstractFallbackMethodDefinitionSource is used if the targetClass is null (i.e. Method.getDeclaringClass() will be used as the Class)
 2008-08-16 02:31:36 +00:00
Luke Taylor
55d357f42d OPEN - issue SEC-905: <protect-pointcut /> pointcuts do not respect method arguments 
http://jira.springframework.org/browse/SEC-905. Added extra registration method to MapBasedMethodDefinitionSource which takes a Method instance rather than the method name.
 2008-08-12 17:11:38 +00:00
Luke Taylor
d9ab0758ee SEC-954: Removed test dependency on AbstractMethodDefinitionSource. 2008-08-12 17:08:55 +00:00
Luke Taylor
36b35e3b1f CLOSED - issue SEC-953: Query string isn't ignored while url - filterchain pattern matching 
http://jira.springframework.org/browse/SEC-953. Fixed autoboxing issue.
 2008-08-11 21:15:09 +00:00
Luke Taylor
39a656eb78 OPEN - issue SEC-953: Query string isn't ignored while url - filterchain pattern matching 
http://jira.springframework.org/browse/SEC-953. Added stripQueryStringFromUrls parameter to FilterChainProxy which works the same as the one on DefaultFilterInvocationDefinitionSource. This defaults to true when used with ant path matching.
 2008-08-11 19:15:33 +00:00
Luke Taylor
b6dec19e90 SEC-932: Added supplied class and test class. 2008-08-11 16:36:01 +00:00
Luke Taylor
3ab9fcdcaf Tidying. 2008-08-11 15:05:16 +00:00
Luke Taylor
3a9eb018ba SEC-950: Added test to attempt to reproduce problem. 2008-08-08 15:41:14 +00:00
Luke Taylor
b3a23b4377 Some minor improvements to schema comments 2008-08-07 19:15:13 +00:00
Luke Taylor
25814d341d Tidying. 2008-08-06 16:18:05 +00:00
Luke Taylor
e951c42c2b Improved javadoc. Some tidying up. 2008-08-06 15:28:04 +00:00
Luke Taylor
7258d30e13 Reinstated missing author tag and some minor tidying (de-jalopying). Removed unused logger. 2008-08-06 13:41:01 +00:00
Luke Taylor
3ee3591feb SEC-947: Added check on "before" and "after" values to make sure they don't overflow when decremented/incremented respectfully. 2008-08-05 23:26:01 +00:00
Luke Taylor
1af7eed433 SEC-883: RoleHierarchyVoter 
http://jira.springframework.org/browse/SEC-883. Added RoleHierarchyVoter and deprecated existing approach. Also moved TestingAuthenticationToken to test package structure.
 2008-08-04 13:08:03 +00:00
Luke Taylor
54ac7b3e46 SEC-935: Updated schema to include OpenID filter name. Also updated some doc comments and added default schema name (spring-security.xsd) to schemas. 2008-08-01 12:51:31 +00:00
Luke Taylor
3049b933d9 Moved XML test snippet to ConfigTestUtils class and removed context files from core-tiger tests in favour of in-memory XML 2008-07-31 21:35:29 +00:00
Luke Taylor
1d96283876 Removed commented out line. 2008-07-31 20:45:25 +00:00
Luke Taylor
d7926f3557 SEC-943: Forgot to commit tests. 2008-07-31 20:30:56 +00:00
Luke Taylor
e5d86b13b7 SEC-941: Embedded ldap-server uses hard-coded ldap url for importing ldif files 
http://jira.springframework.org/browse/SEC-941. Changed LdapUtils.parseRootDnFromUrl to use URI.getRawPath() so the returned root value still contains the escaping. I think this should be Ok.
 2008-07-31 19:50:08 +00:00
Luke Taylor
67e5afbb79 OPEN - issue SEC-881: PreAuthenticatedFilter continues filter chain after unsuccessfulAuthentication(...) 
http://jira.springframework.org/browse/SEC-881. Updated Javadoc.
 2008-07-31 15:56:37 +00:00
Luke Taylor
000bb1cbed OPEN - issue SEC-881: PreAuthenticatedFilter continues filter chain after unsuccessfulAuthentication(...) 
http://jira.springframework.org/browse/SEC-881. Added test class.
 2008-07-31 15:42:04 +00:00
Luke Taylor
243c4f22d4 OPEN - issue SEC-899: GrantedAuthorityImpl.compareTo should handle null roles 
http://jira.springframework.org/browse/SEC-899. Changed to return -1 when compared to custom auhority which returns null from getAuthority()
 2008-07-31 13:01:22 +00:00
Luke Taylor
d4c105d8ba OPEN - issue SEC-934: security:intercept-url throws NPE if defined twice with the same url 
http://jira.springframework.org/browse/SEC-934. Added log warning when the same url is used multiple times.
 2008-07-30 15:03:47 +00:00
Luke Taylor
f6ff958411 Renamed rnc file. 2008-07-30 11:05:44 +00:00
Luke Taylor
4bb3eb12c3 SEC-933: global-method-security and aop:aspectj-autoproxy throws NullPointerException in some situations 
http://jira.springframework.org/browse/SEC-933. Removed the setting of the attributeSource field from the interceptor in MethodDefinitionSourceAdvisor as this was overwriting the version supplied with the constructor with null (causing the NPE).
Also implemented lazy initialization of the authentication provider list from the bean factory in a custom NamespaceAuthenticationManager (extends ProviderManager and introspects the BeanFactory when getProviders() is first called). This should prevent the perennial problem of the eager initialization of UserDetailsService and other beans when the interceptor is eagerly initialized by something like aspectj-autoproxy.
 2008-07-30 11:01:23 +00:00
Luke Taylor
f453264bde SEC-909: custom remember me services doesn't get registered as logout handler 
http://jira.springframework.org/browse/SEC-909. HttpSecurityBeanDefinitionParser now passes the resolved RememberMeServices bean name to the LogoutBeanDefinitionparser so that it an use it explicitly.
 2008-07-15 18:22:53 +00:00
Luke Taylor
1ddc033fe5 SEC-903: Wrong attribute mapping when using jdbc-user-service bean 
http://jira.springframework.org/browse/SEC-903. Corrected property name set by JdbcUserServiceBeanDefinitionParser (was setting authorities query rather than groups one).
 2008-07-15 16:43:57 +00:00