Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-11-04 08:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,766 Commits 48 Branches 362 Tags
Commit Graph

2914 Commits

Author SHA1 Message Date
Rob Winch
734188206d SEC-1940: ProviderManager publishes any AccountStatusException 
Previously there was a bug introduced by SEC-546 that prevented any
AccountStatusException from being published.

Now AccountStatusExceptions are also published.
 2012-07-30 14:09:50 -05:00
Rob Winch
10e6a6f943 Remove compile warnings in AspectJMethodSecurityInterceptorTests 2012-07-24 18:13:52 -05:00
Rob Winch
9a9aafaeec SEC-1967: Restore original SecurityContext in finally when RunAsManager is used 
Previously subclasses of AbstractSecurityInterceptor did not restore the original
Authentication when RunAsManager was used and an Exception was thrown in the
original method.

AbstractSecurityInterceptor has added a new method finallyInvocation which
should be invoked in a finally block immediately after the original invocation
which will restore the original Authentication. All existing sub classes have
been updated to use this new method.
 2012-07-24 18:08:27 -05:00
Rob Winch
1d701a2d8f SEC-2012: Remove additional incorrect javadoc from UserDetails#getPassword() 2012-07-21 10:35:28 -05:00
Rob Winch
b4fbabdbfd SEC-2012: Remove incorrect javadoc from UserDetails#getPassword() 
Previously the javadoc stated that password could not be null. However,
since the introduction of CredentialsContainer introduced in SEC-1493 the
password can be null.

The changes remove the statement that passwords cannot be null. While this
is a non-passive change to the interface, the current state leaves no choice
for a non-passive change. Removing the javadoc was determined the better
option since erasing the credentials was an explicit feature request. Note
that replacing the password with an obscure String can be risky as it
introduces the risk that the value is used to authenticate.
 2012-07-20 15:34:28 -05:00
Rob Winch
638e92a3f7 SEC-1992: Updated Spring version to 3.0.7 2012-07-06 10:32:45 -05:00
Rob Winch
f2345fcb21 SEC-1981: Remove dependency on Locale for the build 2012-07-05 13:30:41 -05:00
Rob Winch
8b05d23832 SEC-1971: Allow injection of ExpressionParser in AbstractSecurityExpressionHandler 2012-06-15 08:21:52 -05:00
Luke Taylor
5d71d2a4fa SEC-1887: Add MethodSecurityOperations interface. 
This should cater for implementations which want to use
the full filtering capabilities while creating a custom
expression root object.

Also cleaning whitespace.
 2012-02-01 15:49:56 +00:00
Andrei Stefan
0f9ee81df1 SEC-1887: Improve extensibility of expression-based security classes 
Introduces a new SecurityExpressionOperations interface which is
implemented by SecurityExpressionRoot
 2012-01-31 19:06:43 +00:00
Luke Taylor
f97463cdb5 Minor comment fixes 2012-01-16 14:49:59 +00:00
Rob Winch
1f835fec43 SEC-1867: Perform null check on Authentication.getCredentials() prior to calling toString() 2011-12-30 14:00:13 -06:00
Rob Winch
8ca2927761 Renamed **/Test.java to **/Tests.java to better follow conventions 2011-12-28 17:39:29 -06:00
Rob Winch
3dca70403d Suppress compiler warnings and minor javadoc fix for ProviderManager 2011-11-11 11:45:02 -06:00
Luke Taylor
8fd2963e6b Deprecate storage of Authentication object in AuthenticationException. 2011-11-01 13:05:53 +00:00
Luke Taylor
bce4d81142 Mark overriding "extraInformation" methods in account status exceptions as deprecated. 2011-10-30 21:47:04 +00:00
Luke Taylor
2953f56b2b Remove ancient code formatter artifacts. 2011-09-25 21:17:21 +01:00
Luke Taylor
44364d0101 SEC-1826: Empty attribute list should be treated the same as null in DelegatingMethodSecurityMetadataSource. 2011-09-24 14:36:54 +01:00
Luke Taylor
be8ee61f82 PreInvocationAuthorizationAdviceVoter was checking the wrong type in its "supports" method. 
This isn't actually used, but is still incorrect.
 2011-09-24 13:13:38 +01:00
Luke Taylor
359bd7c468 SEC-1804: Updated Javadoc wrt immutability of User class. 2011-08-25 10:50:50 +01:00
Luke Taylor
8ce6c73802 Add check for empty attributes list as well as null, in DelegatingMethodSecurityMetadataSource 2011-08-19 15:24:44 -07:00
Luke Taylor
d6b7b52a79 Update to Spring 3.0.6. 2011-08-19 15:06:26 -07:00
Luke Taylor
a4c05239e5 SEC-1719: Lithuanian messages translation. 2011-08-19 11:17:05 -07:00
Luke Taylor
59a07175a6 SEC-1744: Do not trust authorities contained in the authentication request in JaasAuthenticationProvider. 2011-08-12 19:44:27 +01:00
Luke Taylor
5fce0a58bd SEC-1750: Make sure RunAs replacement is constrained to the SecurityContext of the current thread. 2011-08-12 19:44:27 +01:00
Luke Taylor
249610c7ed SEC-1742: Remove deprecated "includeDetailsObject" field from DaoAuthenticationProvider. 2011-08-12 19:44:26 +01:00
Luke Taylor
1976cb1bf7 SEC-1742: Deprecate use of extraInformation field in AuthenticationException, making it transient and removing any sensitive data in UserDetails objects which are stored in it. 2011-08-12 19:44:26 +01:00
Luke Taylor
74daa68691 SEC-1796: Check for annotated annotations at class/interface level. Previously only the specific security annotation was checked for. By delegating to Spring's AnnotationUtils, custom annotations carrying the security annotation are also detected. 2011-08-12 14:29:55 +01:00
Rob Winch
7399c9a7a5 SEC-1792: Fixed NullPointerException in RunAsUserToken#toString() 2011-07-29 09:55:18 -05:00
Rob Winch
dfd467f26e cleaned imports in RunAsUserToken 2011-07-29 09:39:02 -05:00
Luke Taylor
56e86dd36f Adding assertions on constructor arg values. 2011-07-06 20:50:25 +01:00
Luke Taylor
2d271666a4 Add constructors to facilitate constructor-based injection for required/shared bean properties. 2011-07-05 20:25:49 +01:00
Luke Taylor
d253f5e109 SEC-1768: Use AopProxyUtils.ultimateTargetClass() to cater for the situation where the security interceptor is being applied to a proxy. 2011-06-18 14:35:56 +01:00
Luke Taylor
571bfc4869 Refactoring to use Utf8 encoder instead of String.getBytes("UTF-8"). 2011-06-14 18:47:50 +01:00
Luke Taylor
2b8d4684a1 SEC-1764: Ensure password encoders use UTF-8 charset when creating strings from byte arrays. 2011-06-14 18:47:49 +01:00
Luke Taylor
e27f655e9d SEC-1689: Re-instate crypto as separate library (for use in non-Spring Security apps), as well as packaging with core. 2011-06-10 00:01:25 +01:00
Luke Taylor
6d04670f87 SEC-1695: Allow customization of the session key under which the SecurityContext is stored. 2011-05-25 19:51:47 +01:00
Luke Taylor
42e0e158b4 Simplify Digester utility class. 2011-05-25 19:09:08 +01:00
Luke Taylor
21295a58e5 SEC-1751: Applied patch to use zero-IV for queryable text encryption. 2011-05-23 20:10:16 +01:00
Luke Taylor
5a4aed238c SEC-1752: Fixed Utf8 codec to take account of the limit of the ByteBuffer returned by CharsetEncoder.encode(). 2011-05-23 18:55:25 +01:00
Luke Taylor
63f160dc72 SEC-1749: Add support for PageContext lookup of objects and use of PermissionEvaluator when using web access expressions. 2011-05-19 15:27:35 +01:00
Luke Taylor
c758f36629 Forgot to add version information test previously 2011-05-17 23:54:43 +01:00
Luke Taylor
295ea27526 SEC-1743: Separate remoting from core into separate module. 2011-05-16 00:19:30 +01:00
Luke Taylor
396eced291 Add test to check version information. 2011-05-07 17:15:02 +01:00
Luke Taylor
6a2a636fd7 Update Javadoc for UserDetailsManager to reflect that the new password doesn't need to be stored in the security context (and probably shouldn't be). 2011-05-07 16:20:12 +01:00
Luke Taylor
a2858240f1 SEC-1728: Remove references to SUN provider and incorrect seeding of SecureRandom in SecureRandomBytesKeyGenerator. 2011-04-27 22:10:17 +01:00
Luke Taylor
73fb1764b8 SEC-1730: Fix broken KeyGenerators method. 2011-04-26 19:06:45 +01:00
Luke Taylor
614d8c0321 SEC-1723: Use standard SpEL syntax for accessing beans in the app context by name. 2011-04-22 13:47:59 +01:00
Luke Taylor
8178371927 SEC-1700: Add fixed serializationVersionUID values to security context, authentication tokens and related classes 2011-04-21 19:55:32 +01:00
Luke Taylor
5a9aa6d1aa SEC-1700: Allow for case where JAAS config is not a simple file, but may be a jar resource, for example. 2011-04-20 14:35:09 +01:00