Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-23 15:20:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,938 Commits 33 Branches 337 Tags
Commit Graph

441 Commits

Author SHA1 Message Date
Rob Winch
ee12d54bec SEC-1536: moved web.authentication.jaas to web.jaasapi 
Renamed org.springframework.security.web.authentication.jaas to org.springframework.security.web.jaasapi to be better aligned with org.springframework.security.web.servletapi, added package-info.java, and removed trailing whitespaces
 2010-10-05 22:28:42 -05:00
Luke Taylor
1b2b371970 SEC-1544: Added CookieClearingLogoutHandler and 'delete-cookies' attribute to the 'logout' namespace element. 
When the user logs out, the handler will attempt to delete the named cookies (which it is constructor-injected with) by expiring them in the response.

Also added documentation on the feature and a suggestion for deleting JSESSIONID through an Apache proxy server, if the servlet container doesn't allow clearing the session cookie.
 2010-09-16 16:03:24 +01:00
Luke Taylor
551166a577 ApacheDS workDir property should be passed to the test process, not set as a system property in the main build process. 2010-09-14 14:43:21 +01:00
rwinch
de819378fc SEC-1536: added JAAS API Integration, updated doc, updated jaas sample 2010-09-13 13:12:45 -05:00
Luke Taylor
c5231fc213 SEC-1538: Deprecate PreAuthenticatedGrantedAuthoritiesAuthenticationDetails (forgot originally) and update documentation to remove reference to AbstractPreAuthenticationAuthenticationDetailsSource. 2010-09-13 12:19:21 +01:00
Luke Taylor
af56f4844d SEC-1562: Created SecurityExpressionHandler interface and AbstractSecurityExpressionHandler. 2010-09-07 19:46:45 +01:00
Luke Taylor
b0998c01bc SEC-1553: Make WebAuthenticationDetails serializable 2010-09-01 18:43:07 +01:00
Luke Taylor
f4d57ab5e8 SEC-1456: Remove maven poms as we are now using gradle for the build. 2010-08-30 19:02:19 +01:00
Luke Taylor
1a1372ab84 Removed deprecated AspectJInterceptor classes since these cannot be used with the existing MethodSecurityMetadataSource implementations (which no longer support JoinPoin as a secured object). Added some more tests. 2010-08-28 21:41:19 +01:00
Luke Taylor
ba890cf7e5 Removed invalid test method. 2010-08-24 21:03:33 +01:00
Luke Taylor
d1e8b8e29d More tests. Minor refactoring. 2010-08-24 20:57:45 +01:00
Luke Taylor
bf9d4a9747 Remove unnecessary local variable. 2010-08-24 20:29:25 +01:00
Luke Taylor
bdb906e588 Enable parameterization for log levels in logback files to allow the use of command-line options for controlling log output. 2010-08-24 18:25:39 +01:00
Luke Taylor
102bc2d6a0 Reduce unnecessary use of aspectj as a build dependency 2010-08-19 23:23:03 +01:00
Luke Taylor
c37ca1c2a9 Sample app build adjustments to remove unwanted deps such as jsp-api, tidy up use of JSTL, make sure all are using servlet 2.5 etc. 2010-08-19 22:41:51 +01:00
Luke Taylor
1680807470 Added eclipse plugin to build. Some minor fixes to remove eclipse warnings. 2010-08-18 14:11:16 +01:00
Luke Taylor
3c02989d67 Removal of jmock test dependency and upgrading of mockito version to 1.8.5. Minor adjustments to other build deps and configurations (e.g. prevent groovy from being used as a transitive dep, since we only use it for tests). 2010-08-18 02:32:43 +01:00
Luke Taylor
591bd532bd Polishing FilterChainProxy and its tests. 2010-08-17 02:20:34 +01:00
Luke Taylor
4bd41cbf72 SEC-1133: Support for setting of authenticationDetailsSource property for form-login, openid-login, http-basic and x509 namespace elements. These elements now support an additional 'authentication-details-source-ref' attribute. 2010-08-14 15:10:03 +01:00
Luke Taylor
281d77271e SEC-1486, SEC-1538, SEC-1537: Generification of AuthenticationDetailsSource. Deprecation of non-web pre-authentication classes and other unnecessary classes. Removal of reflection in WebAuthenticationDetailsSource. 2010-08-13 15:51:05 +01:00
Luke Taylor
2222a7be07 Use Integer.valueOf() in preference to new Integer() 2010-08-11 18:17:23 +01:00
Luke Taylor
db6da77a5f SEC-1413: Add RedirectStrategy to AbstractRetryEntryPoint. 2010-08-10 17:39:12 +01:00
Luke Taylor
183333d189 SEC-1430: Forgot to commit changes to new ExceptionMappingAuthenticationFailureHandlerTests. 2010-08-09 17:09:02 +01:00
Luke Taylor
2e98b84494 SEC-1430: internalize session key for SavedRequest. This should be accessed using the RequestCache interface if required. Additional refactoring of related tests which were still in AbstractAuthenticationProcessingFilterTests for historical reasons, but should be in their respective success/failure handler test classes. 2010-08-08 17:49:06 +01:00
Luke Taylor
85c4c91e0e IDEA inspection refactorings. 2010-08-05 23:28:07 +01:00
Luke Taylor
a3d27a9863 SEC-1314: cloneFromHttpSession accidentally go left behind, even though it is always false. 2010-08-05 21:21:09 +01:00
Luke Taylor
a2bd1bc9af SEC-1498: Allow use of absolute URL fopr login form in LoginUrlAuthenticationEntryPoint. 2010-08-05 21:09:34 +01:00
Luke Taylor
64375484a1 More build and logging tuning. 2010-08-04 22:55:17 +01:00
Luke Taylor
63734cfcf9 SEC-1528: Remove logic which checks if context in the session is the same as the current context to make sure that session.setAttribute() is called when the value in the session has been modified directly. 2010-08-02 22:41:57 +01:00
Luke Taylor
9dd6a5eb8f SEC-1499: Added some Javadoc and doc on the problems of using session-fixation protection with attributes that implement HttpSessionBindingListener. 2010-07-23 16:27:57 +01:00
Luke Taylor
d7d8448120 SEC-1521: Add check for null SecurityContextRepository and clarify related docs on use of null implementation (NullSecurityContextRepository). 2010-07-23 15:59:53 +01:00
Luke Taylor
5d35919ca3 SEC-1490: Code for GAE Sample webapp 2010-07-20 23:41:31 +01:00
Luke Taylor
69a10c48ae Switch to using slf4j/logback for logging. 
We still compile modules against commons-logging but all runtime logging and samples will use logback
 2010-07-12 12:39:52 +01:00
Luke Taylor
8df356de29 SEC-1471: Allow use of a RequestMatcher with HttpSessionRequestCache to configure which requests should be cached by calls to saveRequest. 
Also removed the justUseSavedRequestOnGet property, as this behaviour can be controlled by the RequestMatcher.
 2010-06-28 19:51:30 +01:00
Luke Taylor
026517f674 Removal of deprecated methods and classes. 2010-06-26 16:23:42 +01:00
Luke Taylor
09176b0af4 SEC-1501: Fix bean classname in Javadoc for SwitchUserFilter. 2010-06-25 19:45:34 +01:00
Luke Taylor
ea8d37892c SEC-1496: Added support for use of any non-standard URL schemes in DefaultRedirectStrategy. 2010-06-18 03:33:49 +01:00
Luke Taylor
4d10d4b67f SEC-1500: Convert AbstractRetryEntryPoint to use requestURI to correctly encode URLs. 2010-06-18 01:34:07 +01:00
Luke Taylor
76ebb759f3 Removed unnecessary casts. 2010-06-08 22:56:59 +01:00
Luke Taylor
7d74b7c87e SEC-1171: Allow multiple http elements and add pattern attribute to specify filter chain mapping. 2010-05-27 15:54:15 +01:00
Luke Taylor
e156d5339a Fix build when upload properties are missing. Added missing hsql test dependency 2010-05-24 17:01:19 +01:00
Luke Taylor
0e57ce2dc3 SEC-1481: Updated constructors of Authentication types to use a generic wildcard for authorities collection. 2010-05-21 15:59:50 +01:00
Luke Taylor
978bb9f601 Remove commented-out code in ETF. 2010-05-16 15:16:40 +01:00
Luke Taylor
f0c4cccb0d SEC-1479: Clarify that matching is against servletPath + pathInfo for ant pattern matching. Added some extra pointers to request-matching info in namespace doc. 2010-05-16 14:14:13 +01:00
Luke Taylor
bf288101a0 Javadoc improvements 2010-05-16 14:14:13 +01:00
Luke Taylor
b3aad4cf19 Javadoc fixes. 2010-05-06 20:02:08 +01:00
Luke Taylor
0c09780644 SEC-1476: Modify AbstractPreAuthenticatedProcessingFilter to store authentication exception in request instead of creating a new session. 2010-05-05 14:13:48 +01:00
Luke Taylor
fcf33afce0 Formatting. 2010-05-03 14:53:05 +01:00
Luke Taylor
bca6c1aeac SEC-1468: Doc and Javadoc updates. 2010-04-26 23:26:07 +01:00
Luke Taylor
024e6904ff SEC-1464: Deprecate UserMap, InMemoryDaoImpl and other related classes in favour of the simpler (non-property editor based) InMemoryUserDetailsManager. 2010-04-25 04:27:09 +01:00