Luke Taylor
|
249610c7ed
|
SEC-1742: Remove deprecated "includeDetailsObject" field from DaoAuthenticationProvider.
|
2011-08-12 19:44:26 +01:00 |
Luke Taylor
|
1976cb1bf7
|
SEC-1742: Deprecate use of extraInformation field in AuthenticationException, making it transient and removing any sensitive data in UserDetails objects which are stored in it.
|
2011-08-12 19:44:26 +01:00 |
Luke Taylor
|
824464516c
|
SEC-1790: Reject redirect locations containing CR or LF.
|
2011-08-12 19:44:26 +01:00 |
Luke Taylor
|
6333909107
|
SEC-1797: Create a new session in AbstractPreAuthenticatedProcessingFilter when the existing session is invalidated on detecting a principal change.
|
2011-08-12 19:07:17 +01:00 |
Luke Taylor
|
74daa68691
|
SEC-1796: Check for annotated annotations at class/interface level. Previously only the specific security annotation was checked for. By delegating to Spring's AnnotationUtils, custom annotations carrying the security annotation are also detected.
|
2011-08-12 14:29:55 +01:00 |
Luke Taylor
|
8ce4d326f5
|
Update HttpClient to 4.1.2 and removed incorrect bundlor references to commons version.
|
2011-08-12 00:23:29 +01:00 |
Luke Taylor
|
0120643721
|
SEC-1794: Convert OpenIDAuthenticationStatus to an enum.
|
2011-08-10 17:09:33 +01:00 |
Luke Taylor
|
0c2a950fa0
|
SEC-1788: Avoid unnecessary call to getPreAuthenticatedPrincipal() in AbstractPreAuthenticatedProcessingFilter when not checking for principal changes is not enabled.
|
2011-08-10 17:07:09 +01:00 |
Rob Winch
|
7399c9a7a5
|
SEC-1792: Fixed NullPointerException in RunAsUserToken#toString()
|
2011-07-29 09:55:18 -05:00 |
Rob Winch
|
dfd467f26e
|
cleaned imports in RunAsUserToken
|
2011-07-29 09:39:02 -05:00 |
Luke Taylor
|
7e44580c75
|
Minor refactoring of aspects tests.
|
2011-07-20 17:42:05 +01:00 |
Luke Taylor
|
8740efc0f5
|
Added constructor injection options to ConcurrentSessionFilter
|
2011-07-18 15:09:31 +01:00 |
Luke Taylor
|
a1c714cff4
|
SEC-1754: Added an InvalidSessionStrategy to allow SessionManagementFilter to delegate out the behaviour when an invalid session identifier is submitted.
|
2011-07-14 16:43:02 +01:00 |
Luke Taylor
|
ac3d8b25f2
|
Expand LDAP authentication FAQ with information about bind authentication and unreadable password attributes.
|
2011-07-14 13:13:39 +01:00 |
Luke Taylor
|
8440743108
|
Remove Sql query objects from JdbcTokenRepositoryImpl in favour of direct JdbcTemplate use.
|
2011-07-13 23:28:41 +01:00 |
Luke Taylor
|
89fa771093
|
SEC-1753: Cater for missing DiscoveryInformation object in OpenID4JavaConsumer.endConsumption.
|
2011-07-13 22:29:47 +01:00 |
Luke Taylor
|
700fa9e0b6
|
SEC-1772: remote URL decoding of targetUrlParameter in AbstractAuthenticationTargetUrlRequestHandler.
|
2011-07-13 22:13:52 +01:00 |
Luke Taylor
|
de97bac85b
|
SEC-1763: Prevent nested switches in SwitchUserFilter by calling attemptExitUser() before doing the switch.
|
2011-07-13 21:59:11 +01:00 |
Luke Taylor
|
a504cfae1a
|
SEC-1770: Call refreshLastRequest on the session registry rather than the SessionInformation object to make sure it works with alternative SessionRegistry implementations.
|
2011-07-13 20:56:47 +01:00 |
Luke Taylor
|
d5946b81b4
|
Added FAQ on how to add ApacheDS entries to pom.
|
2011-07-13 17:50:29 +01:00 |
Luke Taylor
|
c117c643df
|
SEC-1782: Javadoc correction for LdapAuthenticationProvider.
|
2011-07-12 01:50:24 +01:00 |
Rob Winch
|
330f82f562
|
SEC-1777: Corrected log in HttpSessionSecurityContextRepository to reference itself instead of HttpSessionContextIntegrationFilter
|
2011-07-09 19:24:12 -05:00 |
Florian Fankhauser
|
2e83d98c8f
|
SEC-1776: Corrected typo in manual
|
2011-07-09 19:24:12 -05:00 |
Rob Winch
|
825f0061fb
|
SEC-1761: Support HttpOnly Flag for Cookies when using Servlet 3.0
|
2011-07-09 19:23:51 -05:00 |
Luke Taylor
|
56e86dd36f
|
Adding assertions on constructor arg values.
|
2011-07-06 20:50:25 +01:00 |
Luke Taylor
|
f92589f051
|
Extract a SecurityFilterChain interface and create a default implementation to facilitate other configuration options.
|
2011-07-06 00:12:48 +01:00 |
Luke Taylor
|
2d271666a4
|
Add constructors to facilitate constructor-based injection for required/shared bean properties.
|
2011-07-05 20:25:49 +01:00 |
Luke Taylor
|
73442125de
|
SEC-1775: Removed internal use of UserAttribute class in AnonymousAuthenticationFilter.
|
2011-07-04 21:09:48 +01:00 |
Luke Taylor
|
5d20f57fa8
|
Import cleaning.
|
2011-07-02 20:36:42 +01:00 |
Luke Taylor
|
b15475ab3d
|
SEC-1771: Change TokenBasedRememberMeServices to obtain password from UserDetailsService if necessary.
|
2011-07-02 20:36:42 +01:00 |
Luke Taylor
|
737a9d1825
|
Improved toString methods on request wrappers.
|
2011-07-02 20:36:41 +01:00 |
Rob Winch
|
85807fdfd0
|
Removed @Overrides from method that implements interface instead of overriding superclass to resolve Java 1.5 error
|
2011-06-21 07:22:35 -05:00 |
Rob Winch
|
c3a3a5bfbf
|
Updated core.gradle to include crypto as referenced project in eclipse
|
2011-06-21 07:22:35 -05:00 |
Luke Taylor
|
d253f5e109
|
SEC-1768: Use AopProxyUtils.ultimateTargetClass() to cater for the situation where the security interceptor is being applied to a proxy.
|
2011-06-18 14:35:56 +01:00 |
Luke Taylor
|
5a1ddc660b
|
SEC-1768: Added tests to reproduce "double-proxying" issue combining intercept-methods and tx-annotation-driven. Problem is caused by use of ProxyFactoryBean with auto-proxying.
|
2011-06-18 14:32:31 +01:00 |
Luke Taylor
|
b0a60a7ff2
|
Reset to snapshot version.
|
2011-06-17 11:49:18 +01:00 |
Luke Taylor
|
926be1ca78
|
Intermediate crypto release version.
|
2011-06-17 11:46:19 +01:00 |
Luke Taylor
|
2861a951aa
|
Minor FAQ update on version info.
|
2011-06-17 11:45:56 +01:00 |
Luke Taylor
|
1f1faa6da0
|
Use getClass() in logger instantiation in AbstractLdapAuthenticationProvider.
|
2011-06-15 14:06:57 +01:00 |
Luke Taylor
|
d9ccebd565
|
Add crypto module to LDAP bundlor template
|
2011-06-15 11:47:29 +01:00 |
Luke Taylor
|
89b7b2b935
|
SEC-1764: Remove use of Java 6 method Arrays.copyOfRange.
|
2011-06-15 11:22:17 +01:00 |
Luke Taylor
|
571bfc4869
|
Refactoring to use Utf8 encoder instead of String.getBytes("UTF-8").
|
2011-06-14 18:47:50 +01:00 |
Luke Taylor
|
361b77685d
|
Add crypto as an exported dependency of core in IDEA configuration.
|
2011-06-14 18:47:49 +01:00 |
Luke Taylor
|
2b8d4684a1
|
SEC-1764: Ensure password encoders use UTF-8 charset when creating strings from byte arrays.
|
2011-06-14 18:47:49 +01:00 |
Luke Taylor
|
dc92baa257
|
Remove truststore settings from tutorial sample as they aren't required.
|
2011-06-13 15:03:51 +01:00 |
Luke Taylor
|
e4ecdd55f6
|
Enable https in tutorial sample.
|
2011-06-13 13:45:09 +01:00 |
Luke Taylor
|
52c0ee6756
|
Improve error reporting of missing web classes in namespace handler. Now catches and logs the class-loading error.
|
2011-06-13 13:39:55 +01:00 |
Luke Taylor
|
e27f655e9d
|
SEC-1689: Re-instate crypto as separate library (for use in non-Spring Security apps), as well as packaging with core.
|
2011-06-10 00:01:25 +01:00 |
Luke Taylor
|
ecfffaaa3f
|
Make aspectj dependencies optional throughout and spring-jdbc/tx optional in core poms. Reduces exclusions required in third-party poms (e.g. spring-social).
|
2011-06-09 22:57:49 +01:00 |
Luke Taylor
|
80fd96df6d
|
SEC-1650: Updates and corrections to tutorial sample to fit better with new tutorial.
|
2011-06-07 16:46:38 +01:00 |