Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,791 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

1555 Commits

Author SHA1 Message Date
Luke Taylor d1e23b3d2c SEC-783: Added custom-after-invocation-provider element to namespace. 2008-04-24 02:02:23 +00:00
Luke Taylor 1090072fff SEC-795: Add check for protected login page when using namespace 
http://jira.springframework.org/browse/SEC-795. I've added checks for the various scenarios which will result in a protected login page and suitable warning messages.
 2008-04-24 01:59:19 +00:00
Luke Taylor 5d51b35cfa SEC-792: Filters should only be added to the default stack if they are labelled using custom-filter. 
http://jira.springframework.org/browse/SEC-792. Updated FilterChainProxyPostProcessor to raise an exception if two filters have the same order, and also to unwrap wrapped filters once the sorting by order has been performed.
 2008-04-23 23:19:44 +00:00
Luke Taylor 38774ec94f SEC-792: Filters should only be added to the default stack if they are labelled using custom-filter. 
http://jira.springframework.org/browse/SEC-792. The filters are now maintained as a list in the context and have to be stored there explicitly on registration.
 2008-04-23 16:06:54 +00:00
Luke Taylor 01185475a1 OPEN - issue SEC-793: ldap-authentication-provider element parser ignores hash attribute. 
http://jira.springframework.org/browse/SEC-793. Added support for hash attribute. password-encoder still takes precendence with a warning if both are present.
 2008-04-23 12:50:09 +00:00
Luke Taylor 7e63fe7357 SEC-790: DefaultLoginPageGeneratingFilter should be a better HTTP citizen 
http://jira.springframework.org/browse/SEC-790. Applied submitted patch.
 2008-04-23 00:41:52 +00:00
Luke Taylor 8ea7487ec3 Removed unused method. 2008-04-22 23:20:49 +00:00
Luke Taylor ec81e780b2 Import cleaning. 2008-04-22 22:27:51 +00:00
Luke Taylor 599d9fea04 Minor improvements to toString() methods for logging. 2008-04-22 22:21:20 +00:00
Luke Taylor b2e9e82727 Fixed typo in message. 2008-04-22 21:54:54 +00:00
Luke Taylor 63decfeb93 SEC-761: HttpSessionContextIntegrationFilter.contextObject should be created in afterPropertiesSet(), not the constructor 
http://jira.springframework.org/browse/SEC-761. Added call to generateNewContext() in the afterPropertiesSet() method to take account of custom security context classes.
 2008-04-22 21:51:12 +00:00
Luke Taylor 1ae167434a SEC-756: Add checks for duplicate use of namespace elements such as global-method-security 
http://jira.springframework.org/browse/SEC-756. Refactored HttpSecurityBDP and added check for duplicate usage of the element.
 2008-04-22 21:25:35 +00:00
Luke Taylor 083644f2fe SEC-756: Refactored GlobalMethodSecurityDefinitionParser and added check for duplicate registration. 2008-04-22 18:25:35 +00:00
Luke Taylor 1258fa854e SEC-788: x509 authentication does not work properly 
http://jira.springframework.org/browse/SEC-788. Added check for X509 element when choosing entry point, if nothing else is available.
 2008-04-22 14:53:11 +00:00
Luke Taylor e12b6afefa SEC-776: Http Session created for Anonymous request 
http://jira.springframework.org/browse/SEC-776. Added AuthenticationtrustResolver to HttpSCIF to check for anonymous authentication.
 2008-04-22 13:22:38 +00:00
Luke Taylor 88ea87642a SEC-791: RequestKey.equals throws NPE if method is null 
http://jira.springframework.org/browse/SEC-791. Fixed handling of equals when one http method is null.
 2008-04-22 12:32:33 +00:00
Luke Taylor 9eaa1cbbdd OPEN - issue SEC-789: Add support for optional role-prefix attribute to namespace 
http://jira.springframework.org/browse/SEC-789. Added role-prefix attribute to ldap provider and jdbc/ldap user-service elements.
 2008-04-21 18:29:54 +00:00
Luke Taylor aba5a22b6c SEC-789: Add support for optional role-prefix attribute to namespace 
http://jira.springframework.org/browse/SEC-789. Added support for role-prefix to jdbc-user-service element.
 2008-04-21 17:44:32 +00:00
Luke Taylor 1a4130528a SEC-782: Incorrect UrlMatcher initialization in FilterChainProxy results in wrong lowercase/uppercase matching 
http://jira.springframework.org/browse/SEC-782. I've updated FilterChainProxy to make sure the same UrlMatcher is used throughout when converting a legacy configuration.
 2008-04-21 16:51:06 +00:00
Luke Taylor 5bb558bd6a SEC-777: The disabled status cannot be set in <user-service> 
http://jira.springframework.org/browse/SEC-777. Added the disabled flag to the relax grammar file.
 2008-04-21 15:59:08 +00:00
Luke Taylor 993fdd7a32 Added better toString() method to OrderedFilterDecorator to make it report the delegate filter information. 2008-04-21 12:53:54 +00:00
Luke Taylor 469f55ce05 SEC-773: global-method-security fails with JPA 
http://jira.springframework.org/browse/SEC-773. Added extra constructor to MethodDefinitionSourceAdvisor to allow for lazy initialization of the advice (MethodSecurityInterceptor), and in turn the AuthenticationManager and ay referenced UserDetailsService implementations.
 2008-04-18 13:15:56 +00:00
Luke Taylor 7238097310 OPEN - issue SEC-775: CLONE -impossible to specify "observeOncePerRequest" property in the namespace based configuration. 
http://jira.springframework.org/browse/SEC-775. Corrected check for value of observe-once-per-request attribute. Should be a check for "false" as it is true by default.
 2008-04-15 16:57:47 +00:00
Ben Alex b5dc523041 [maven-release-plugin] prepare for next development iteration 2008-04-14 07:06:44 +00:00
Ben Alex 0c42670431 [maven-release-plugin] prepare release spring-security-parent-2.0.0 2008-04-14 07:05:46 +00:00
Ben Alex 4d714b33e0 SEC-770: Mark old org.springframework.security.acl module as @deprecated. 2008-04-14 06:50:01 +00:00
Luke Taylor 57b5f38df1 OPEN - issue SEC-769: Remember-Me functionality not available in namespace configuration 
http://jira.springframework.org/browse/SEC-769. I've added a check in FormLoginBeanDefintionParser to see if RememberMeServices is registered. If so, it will inject the bean into the filter. Also added a check in HttpSecurityBeanDefinitionParserTests that the field has been set.
 2008-04-13 22:11:09 +00:00
Luke Taylor 4ae40150c9 SEC-752: ClassLoading in GlobalMethodSecurityBeanDefinitionParser doesn't work in tooling 
http://jira.springframework.org/browse/SEC-752. Removed check for JSR-250 class.
 2008-04-13 20:59:39 +00:00
Luke Taylor 552dc6486a SEC-703: Expose customization of SQL used by <jdbc-user-service> 
http://jira.springframework.org/browse/SEC-703. Added suggested attributes for sql queries.
 2008-04-13 20:51:40 +00:00
Luke Taylor d6e5dbbcfd SEC-767: Added override for flushBuffer in response wrapper. 2008-04-13 20:22:31 +00:00
Luke Taylor 9d54c2d22b OPEN - issue SEC-637: Dependency on RequestUtils 
http://jira.springframework.org/browse/SEC-637. Removed use of ServletRequestUtils in AbstractRememberMeServices
 2008-04-13 12:53:01 +00:00
Luke Taylor 0422cb1f8f Fixed artifact groups for aspectjrt and added cas sample to project build 2008-04-13 00:08:18 +00:00
Luke Taylor 83c152e379 SEC-768: Changed exception to error reported through parser context. Added entry-point-ref to cas config 2008-04-13 00:02:46 +00:00
Luke Taylor a2f4ee1c58 SEC-767: Added check for committed response before attempting to create a new session 2008-04-12 23:18:03 +00:00
Luke Taylor 2d3bc27d06 SEC-755: Updated bundle names in line with Christian's recommendations. 2008-04-12 18:38:06 +00:00
Luke Taylor d0ae8e072d Refactored out safeGetHttpSession method to remove multiple try/catch IllegalArgumentException blocks round request.getSession() calls. 2008-04-12 15:01:52 +00:00
Luke Taylor 6b86b05a0a Removed autoboxing 2008-04-11 23:22:36 +00:00
Luke Taylor d288f722a8 OPEN - issue SEC-759: GrantedAuthoritiesContainer should extend Serializable 
http://jira.springframework.org/browse/SEC-759. Added Serializable to interface.
 2008-04-11 17:25:41 +00:00
Luke Taylor 3b3d339393 SEC-764: Added support for "position" attribute. Also added "LAST" as an option for filter position. 2008-04-11 17:01:08 +00:00
Luke Taylor 7145198e5a OPEN - issue SEC-763: Allow setting of alwaysUseDirectTargetUrl via form-login namespace URL 
http://jira.springframework.org/browse/SEC-763. Added always-use-default target attribute to namespace.
 2008-04-11 12:03:55 +00:00
Luke Taylor a3de51ea51 Fixed typo in constant name. 2008-04-09 23:41:27 +00:00
Luke Taylor 029f8a2409 Made test method getFilters on FilterChainProxy default access. 2008-04-07 22:41:50 +00:00
Luke Taylor a2d2c6b67a Corrected element name. 2008-04-07 22:28:47 +00:00
Luke Taylor 243b5f4a2a SEC-746: impossible to specify errorPage for the AccessDeniedHandlerImp when using namespace based configuration 
http://jira.springframework.org/browse/SEC-746. Added access-denied-page to http element.
 2008-04-07 22:17:09 +00:00
Luke Taylor f57ba43780 SEC-673: Reinstated a bean registration that had accidentally bean removed by the last patch, breaking core-tiger tests. 2008-04-07 21:05:13 +00:00
Luke Taylor 80dbc4fd75 SEC-673: Applied patch from Christian. 2008-04-07 20:20:58 +00:00
Luke Taylor 594b69b7ef SEC-754: Changed tests to use unicode escapes rather than explicit UTF-8. 2008-04-07 18:05:45 +00:00
Luke Taylor 236e310ea7 SEC-747: impossible to specify "observeOncePerRequest" property in the namespace based configuration. 
http://jira.springframework.org/browse/SEC-747. Added once-per-request attribute to http element.
 2008-04-07 15:30:27 +00:00
Luke Taylor 6612d0f729 SEC-754: Fixed wrong array length and added tests for encoding non-ascii password. 2008-04-07 14:13:40 +00:00
Luke Taylor 6d1932da33 SEC-753: Changed Spring version range in felix plugin to [2.0,2.6) to allow use with minor 2.5 versions. 2008-04-07 12:39:00 +00:00