Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-30 22:28:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
14,668 Commits 48 Branches 362 Tags
Commit Graph

2946 Commits

Author SHA1 Message Date
Luke Taylor
b2e9e82727 Fixed typo in message. 2008-04-22 21:54:54 +00:00
Luke Taylor
63decfeb93 SEC-761: HttpSessionContextIntegrationFilter.contextObject should be created in afterPropertiesSet(), not the constructor 
http://jira.springframework.org/browse/SEC-761. Added call to generateNewContext() in the afterPropertiesSet() method to take account of custom security context classes.
 2008-04-22 21:51:12 +00:00
Luke Taylor
1ae167434a SEC-756: Add checks for duplicate use of namespace elements such as global-method-security 
http://jira.springframework.org/browse/SEC-756. Refactored HttpSecurityBDP and added check for duplicate usage of the element.
 2008-04-22 21:25:35 +00:00
Luke Taylor
083644f2fe SEC-756: Refactored GlobalMethodSecurityDefinitionParser and added check for duplicate registration. 2008-04-22 18:25:35 +00:00
Luke Taylor
1258fa854e SEC-788: x509 authentication does not work properly 
http://jira.springframework.org/browse/SEC-788. Added check for X509 element when choosing entry point, if nothing else is available.
 2008-04-22 14:53:11 +00:00
Luke Taylor
e12b6afefa SEC-776: Http Session created for Anonymous request 
http://jira.springframework.org/browse/SEC-776. Added AuthenticationtrustResolver to HttpSCIF to check for anonymous authentication.
 2008-04-22 13:22:38 +00:00
Luke Taylor
88ea87642a SEC-791: RequestKey.equals throws NPE if method is null 
http://jira.springframework.org/browse/SEC-791. Fixed handling of equals when one http method is null.
 2008-04-22 12:32:33 +00:00
Luke Taylor
9eaa1cbbdd OPEN - issue SEC-789: Add support for optional role-prefix attribute to namespace 
http://jira.springframework.org/browse/SEC-789. Added role-prefix attribute to ldap provider and jdbc/ldap user-service elements.
 2008-04-21 18:29:54 +00:00
Luke Taylor
aba5a22b6c SEC-789: Add support for optional role-prefix attribute to namespace 
http://jira.springframework.org/browse/SEC-789. Added support for role-prefix to jdbc-user-service element.
 2008-04-21 17:44:32 +00:00
Luke Taylor
1a4130528a SEC-782: Incorrect UrlMatcher initialization in FilterChainProxy results in wrong lowercase/uppercase matching 
http://jira.springframework.org/browse/SEC-782. I've updated FilterChainProxy to make sure the same UrlMatcher is used throughout when converting a legacy configuration.
 2008-04-21 16:51:06 +00:00
Luke Taylor
5bb558bd6a SEC-777: The disabled status cannot be set in <user-service> 
http://jira.springframework.org/browse/SEC-777. Added the disabled flag to the relax grammar file.
 2008-04-21 15:59:08 +00:00
Luke Taylor
993fdd7a32 Added better toString() method to OrderedFilterDecorator to make it report the delegate filter information. 2008-04-21 12:53:54 +00:00
Luke Taylor
469f55ce05 SEC-773: global-method-security fails with JPA 
http://jira.springframework.org/browse/SEC-773. Added extra constructor to MethodDefinitionSourceAdvisor to allow for lazy initialization of the advice (MethodSecurityInterceptor), and in turn the AuthenticationManager and ay referenced UserDetailsService implementations.
 2008-04-18 13:15:56 +00:00
Luke Taylor
7238097310 OPEN - issue SEC-775: CLONE -impossible to specify "observeOncePerRequest" property in the namespace based configuration. 
http://jira.springframework.org/browse/SEC-775. Corrected check for value of observe-once-per-request attribute. Should be a check for "false" as it is true by default.
 2008-04-15 16:57:47 +00:00
Ben Alex
b5dc523041 [maven-release-plugin] prepare for next development iteration 2008-04-14 07:06:44 +00:00
Ben Alex
0c42670431 [maven-release-plugin] prepare release spring-security-parent-2.0.0 2008-04-14 07:05:46 +00:00
Ben Alex
4d714b33e0 SEC-770: Mark old org.springframework.security.acl module as @deprecated. 2008-04-14 06:50:01 +00:00
Luke Taylor
57b5f38df1 OPEN - issue SEC-769: Remember-Me functionality not available in namespace configuration 
http://jira.springframework.org/browse/SEC-769. I've added a check in FormLoginBeanDefintionParser to see if RememberMeServices is registered. If so, it will inject the bean into the filter. Also added a check in HttpSecurityBeanDefinitionParserTests that the field has been set.
 2008-04-13 22:11:09 +00:00
Luke Taylor
4ae40150c9 SEC-752: ClassLoading in GlobalMethodSecurityBeanDefinitionParser doesn't work in tooling 
http://jira.springframework.org/browse/SEC-752. Removed check for JSR-250 class.
 2008-04-13 20:59:39 +00:00
Luke Taylor
552dc6486a SEC-703: Expose customization of SQL used by <jdbc-user-service> 
http://jira.springframework.org/browse/SEC-703. Added suggested attributes for sql queries.
 2008-04-13 20:51:40 +00:00
Luke Taylor
d6e5dbbcfd SEC-767: Added override for flushBuffer in response wrapper. 2008-04-13 20:22:31 +00:00
Luke Taylor
9d54c2d22b OPEN - issue SEC-637: Dependency on RequestUtils 
http://jira.springframework.org/browse/SEC-637. Removed use of ServletRequestUtils in AbstractRememberMeServices
 2008-04-13 12:53:01 +00:00
Luke Taylor
0422cb1f8f Fixed artifact groups for aspectjrt and added cas sample to project build 2008-04-13 00:08:18 +00:00
Luke Taylor
83c152e379 SEC-768: Changed exception to error reported through parser context. Added entry-point-ref to cas config 2008-04-13 00:02:46 +00:00
Luke Taylor
a2f4ee1c58 SEC-767: Added check for committed response before attempting to create a new session 2008-04-12 23:18:03 +00:00
Luke Taylor
2d3bc27d06 SEC-755: Updated bundle names in line with Christian's recommendations. 2008-04-12 18:38:06 +00:00
Luke Taylor
d0ae8e072d Refactored out safeGetHttpSession method to remove multiple try/catch IllegalArgumentException blocks round request.getSession() calls. 2008-04-12 15:01:52 +00:00
Luke Taylor
6b86b05a0a Removed autoboxing 2008-04-11 23:22:36 +00:00
Luke Taylor
d288f722a8 OPEN - issue SEC-759: GrantedAuthoritiesContainer should extend Serializable 
http://jira.springframework.org/browse/SEC-759. Added Serializable to interface.
 2008-04-11 17:25:41 +00:00
Luke Taylor
3b3d339393 SEC-764: Added support for "position" attribute. Also added "LAST" as an option for filter position. 2008-04-11 17:01:08 +00:00
Luke Taylor
7145198e5a OPEN - issue SEC-763: Allow setting of alwaysUseDirectTargetUrl via form-login namespace URL 
http://jira.springframework.org/browse/SEC-763. Added always-use-default target attribute to namespace.
 2008-04-11 12:03:55 +00:00
Luke Taylor
a3de51ea51 Fixed typo in constant name. 2008-04-09 23:41:27 +00:00
Luke Taylor
029f8a2409 Made test method getFilters on FilterChainProxy default access. 2008-04-07 22:41:50 +00:00
Luke Taylor
a2d2c6b67a Corrected element name. 2008-04-07 22:28:47 +00:00
Luke Taylor
243b5f4a2a SEC-746: impossible to specify errorPage for the AccessDeniedHandlerImp when using namespace based configuration 
http://jira.springframework.org/browse/SEC-746. Added access-denied-page to http element.
 2008-04-07 22:17:09 +00:00
Luke Taylor
f57ba43780 SEC-673: Reinstated a bean registration that had accidentally bean removed by the last patch, breaking core-tiger tests. 2008-04-07 21:05:13 +00:00
Luke Taylor
80dbc4fd75 SEC-673: Applied patch from Christian. 2008-04-07 20:20:58 +00:00
Luke Taylor
594b69b7ef SEC-754: Changed tests to use unicode escapes rather than explicit UTF-8. 2008-04-07 18:05:45 +00:00
Luke Taylor
236e310ea7 SEC-747: impossible to specify "observeOncePerRequest" property in the namespace based configuration. 
http://jira.springframework.org/browse/SEC-747. Added once-per-request attribute to http element.
 2008-04-07 15:30:27 +00:00
Luke Taylor
6612d0f729 SEC-754: Fixed wrong array length and added tests for encoding non-ascii password. 2008-04-07 14:13:40 +00:00
Luke Taylor
6d1932da33 SEC-753: Changed Spring version range in felix plugin to [2.0,2.6) to allow use with minor 2.5 versions. 2008-04-07 12:39:00 +00:00
Luke Taylor
92ad1ecf81 Typo in Javadoc. 2008-04-06 00:08:41 +00:00
Luke Taylor
67d5a5b814 SEC-750: Support for JPA PersistenceContext annotation broken 
http://jira.springframework.org/browse/SEC-750. Updates to prevent the HttpSecurityPostProcessor from causing beans to be instantiated. Added a simplified test case to HttpSecurityBeanDefinitionParserTests.
 2008-04-06 00:04:50 +00:00
Luke Taylor
a43d054bd7 Removed comment about status checking as it is not entirely correct and misleads people. 2008-04-04 19:40:28 +00:00
Luke Taylor
21e83e8364 [maven-release-plugin] prepare for next development iteration 2008-04-01 15:03:29 +00:00
Luke Taylor
91ed7dceb6 [maven-release-plugin] prepare release release_2_0_0_RC1 2008-04-01 15:01:30 +00:00
Luke Taylor
3cb504fa95 Fixed jdk 1.4 compatibility issues 2008-04-01 14:32:31 +00:00
Luke Taylor
e05d1da102 Refactored AuthenticationUserDetailsService to userdetails package as it isn't preauth specific 2008-03-31 23:08:30 +00:00
Luke Taylor
f898bec370 OPEN - issue SEC-742: IllegalArgumentException if namespace configuration defines RememberMeServices without BasicProcessingFilter 
http://jira.springframework.org/browse/SEC-742. Fix. Post processor was assuming there was a BasicProcessinFilter in the app context when a remember-me services was present.
 2008-03-31 22:44:11 +00:00
Luke Taylor
c347834401 OPEN - issue SEC-605: JdbcDaoImpl of UserDetailsService should provide a method for customizing creation of the final UserDetails object 
http://jira.springframework.org/browse/SEC-605. Added a createUserDetails method and also some other methods which are responsible for executing the individual queries for loading the userinformation and authorities.
 2008-03-31 18:01:07 +00:00