Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,918 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

171 Commits

Author SHA1 Message Date
Luke Taylor 2ee7696bf4 Update version number to 3.1.0.CI-SNAPSHOT. 2010-02-19 17:35:19 +00:00
Luke Taylor 44f45d21f0 3.0.2 release. Update version in build files. 2010-02-19 01:22:21 +00:00
Luke Taylor 14ae36ac3b SEC-1412: Modify DefaultSavedRequest to ignore If-Not-Matched header. 
The browser (or at least Firefox) does not send it after a redirect, and it causes problems with Spring's ShallowEtagHeaderFilter if it is stored and returned by the saved request.
 2010-02-18 00:32:49 +00:00
Luke Taylor bd635edc31 SEC-1410: Makes sure usernames which are OpenID https identities are detected as well as http ones. 
Using ":" as the token delimiter means we accidentally mistake the URL for two tokens. This had previously been fixed for http URLs but not https ones.
 2010-02-15 22:46:18 +00:00
Luke Taylor c1133d1ef3 Removed unused import in DelegatingAuthenticationEntryPoint and corrected test class name. 2010-02-14 23:31:31 +00:00
Luke Taylor d30e31d816 Remove unnecessary @SuppressWarnings and inline dependency from ELRequestMatcher (util package) to core ExpressionUtils. 2010-02-14 23:29:27 +00:00
Luke Taylor c12c43da9e Javadoc fixes. 2010-02-14 23:27:09 +00:00
Luke Taylor 36612377e2 Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents. 2010-02-14 23:23:23 +00:00
Luke Taylor 1e4f451352 Moved DelegatingAuthenticationEntryPointTest-context.xml to test/resources 2010-02-11 18:08:06 +00:00
Luke Taylor dcbdfc2026 SEC-1396: Implement eager saving of SecurityContext in SessionManagementFilter on authentication. 
The user is then seen as being authenticated to further (re-entrant) requests which occur before the existing request has completed. The saving logic is contained with the SecurityContextRepository implementation.
 2010-02-11 17:47:22 +00:00
Mike Wiesner 90d6ff1fde SEC-1406: Create a DelegatingAuthenticationEntryPoint 2010-02-11 13:19:16 +01:00
Mike Wiesner d32b078a8c SEC-1406: Create a DelegatingAuthenticationEntryPoint 2010-02-11 09:05:28 +01:00
Mike Wiesner d2413cf237 SEC-1406: Create a DelegatingAuthenticationEntryPoint 2010-02-10 21:25:23 +01:00
Luke Taylor 08c7155ab5 SEC-1404: Refactored IP subnet matching into IpAddressMatcher class to allow it to be used outside expressions. 2010-02-10 15:06:01 +00:00
Luke Taylor 1ecd3e228b SEC-1405: added RequestMatcher interface. 2010-02-10 14:34:14 +00:00
Luke Taylor 984604b026 SEC-1384: Removed check for empty authority list from DefaultWebInvocationPrivilegeEvaluator. 
The class previously rejected access if the user had no authorities. It will now allow the AccessDecisionManager to make the decision.
 2010-02-06 14:38:44 +00:00
Luke Taylor 0974e21fb6 SEC-1379: Added creation of a session if session timeout is detected (requested session ID is invalid). 
This prevents problems with repeated detection of the same invalid session when the redirected request comes in.
 2010-01-23 02:12:30 +00:00
Luke Taylor 04447bdbf0 SEC-1377: Extended HTML escaping functionality to take account of control characters, whitespace and to handle Unicode supplementary characters (surrogate pairs). 2010-01-22 01:55:13 +00:00
Luke Taylor 0c10efbbf8 Revert SEC-1356. 
Checking the path of a submitted cookie will never work as the path is not sent by the browser, so will be null.
 2010-01-19 22:26:21 +00:00
Luke Taylor 1a7f71fc0f SEC-1372: Return an empty list rather than null from SessionRegistryImpl.getAllSessions() 
If the principal has no sessions, null is returned which contradicts the interface contract. In practice it didn't matter as the null was checked for, but it is cleaner to disallow a null value.
 2010-01-19 01:07:33 +00:00
Luke Taylor 51dfc0fb39 Set versions to 3.0.2-CI-SNAPSHOT, post release. 2010-01-15 18:15:19 +00:00
Luke Taylor 05634f97dc Updated version numbers for 3.0.1 release. 2010-01-15 18:04:28 +00:00
Luke Taylor a9567a58d8 SEC-1359,SEC-1360,SEC-1361,SEC-1363,SEC-1364,SEC-1365,SEC-1366,SEC-1367: Minor doc and Javadoc typos. 2010-01-13 15:36:58 +00:00
Luke Taylor 3a8daa1bf4 Gradle build improvements. 
Added generation of source archives and trial support for maven deployment and pom generation, with "provided" configuration mapped to "provided" scope.
 2010-01-13 00:44:05 +00:00
Luke Taylor f62d97b092 SEC-1356: Fix broken tests. 
Test cookies now require that the path be set in order for them to be recognised for auto-login purposes..
 2010-01-12 01:32:02 +00:00
Luke Taylor 6eff4d90b7 SEC-1356: Modify AbstractRememberMeService to check the cookie path as well as the name when extracting it from the incoming request. 
This makes things consistent with the cookie setting methods. If someone wants to share a cookie between multiple applications then they should modify the cookie extraction and setting methods to use a less-specific path.
 2010-01-12 00:49:53 +00:00
Luke Taylor 2023ca283e SEC-1358: Support empty context path in DefaultWebInvocationPrivilegeEvaluator 
This class was failing when an application was deployed at the root context because of an assertion which checked that the contexPath was not empty. An empty context path doesn't actually cause problems for the class so I've removed the assertion.
 2010-01-12 00:30:27 +00:00
Luke Taylor b323098167 Added gradle build files for taglibs, tutorial, contacts and openid. 
Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).
 2010-01-10 23:31:23 +00:00
Luke Taylor e211f9b35f SEC-1349: Allow configuration of OpenID with parameters which should be transferred to the return_to URL. 
The OpenIDAuthenticationFilter now has a returnToUrlParameters property (a Set). If this is set, the named parameters will be copied from the incoming submitted request to the return_to URL. If not set, it defaults to the "parameter" property of the AbstractRememberMeServices of the parent class. If remember-me is not in use, it defaults to the empty set.

Enabled remember-me in the OpenID sample.
 2010-01-09 01:04:13 +00:00
Luke Taylor bc02fc2de1 Corrected "incorrect numer of tokens" error message in TokenBasedRememberMeServices. 2010-01-08 23:57:27 +00:00
Luke Taylor 052537c8b0 Removing $Id$ markers and stripping trailing whitespace from the codebase. 2010-01-08 21:05:13 +00:00
Luke Taylor f5d36aef65 SEC-1350: Improved Javadoc for AbstractPreAuthenticatedProcessingFilter 
Added clarification that the credentials returned
by the subclass should not be null or they will
typically be rejected by the provider. Also added
some general overview.
 2010-01-05 16:01:55 +00:00
Luke Taylor c6b8fe5e55 SEC-1346: Added missing 'return' statements after redirects. 
ConcurrentSessionFilter and SessionManagementFilter now return immediately after redirecting to the expired URL and invalid session URLs respectively. Extra tests added to check.
 2010-01-03 19:06:58 +00:00
Luke Taylor 893f212fa5 Tidying 2010-01-02 19:53:19 +00:00
Luke Taylor 115d5b84ff [maven-release-plugin] prepare for next development iteration 2009-12-22 22:20:01 +00:00
Luke Taylor 6c6ef08353 [maven-release-plugin] prepare release spring-security-3.0.0.RELEASE 2009-12-22 22:19:38 +00:00
Luke Taylor e64866ae6a Updated bundlor templates and introduced spring.version variable 2009-12-22 01:10:04 +00:00
Luke Taylor 3418aab46e SEC-1327: Javadoc additions to clarify some behaviour 2009-12-21 17:32:54 +00:00
Luke Taylor fcce29f8df SEC-1326: Updating dependencies to match Spring versions. Removing unused deps. 2009-12-21 17:32:38 +00:00
Luke Taylor 97a31cae04 SEC-1333: Added error message for invalid redirect URL assertion 2009-12-18 19:29:36 +00:00
Luke Taylor aeed49393c Switching StringBuffer to StringBuilder throughout the codebase (APIs permitting). 2009-12-18 18:44:42 +00:00
Luke Taylor 76731254c0 SEC-1328: Fixed issue with redirect to context relative URLs where the context name is part of the domain name. 2009-12-18 18:04:03 +00:00
Luke Taylor 06e092d46a Midor Javadoc correction. 2009-12-15 15:39:01 +00:00
Luke Taylor 6805761d85 Extra test to confirm http-method specific matching behaviour. 2009-12-14 13:55:48 +00:00
Luke Taylor cad32ffe39 SEC-1325: Tighten up Authentication interface contract to disallow null authorities. Modified internals of AbstractAuthenticationToken to use an empty list instead of null. Clarified Javadoc. removed unnecessary null checks in classes which use the interface. 2009-12-13 17:37:24 +00:00
Luke Taylor 520e733cb2 [maven-release-plugin] prepare for next development iteration 2009-12-08 21:19:41 +00:00
Luke Taylor f2cf17bd49 [maven-release-plugin] prepare release spring-security-3.0.0.RC2 2009-12-08 21:19:20 +00:00
Luke Taylor 075e7a15ad Corrected package name in Javadoc. 2009-12-07 21:44:02 +00:00
Luke Taylor 444d93b13f SEC-1316: Remove 'removeAfterRequest' property from AnonymousAuthenticationFilter 2009-12-07 13:54:39 +00:00
Luke Taylor b27d7afd24 SEC-1315: Modify HttpSessionSecurityContextRepository to check for anonymous token before creating a session. Moved the anonymity check to be before the session creation. 2009-12-06 15:28:03 +00:00