Commit Graph

3112 Commits

Author SHA1 Message Date
Luke Taylor df59cb9dcd Import cleaning. 2008-09-11 14:41:00 +00:00
Luke Taylor ef0389ae79 SEC-976: Removed checks for presence of core-tiger classes. 2008-09-11 14:37:55 +00:00
Luke Taylor 5b9bb8ba54 [maven-release-plugin] prepare for next development iteration 2008-09-05 19:04:22 +00:00
Luke Taylor 73eed2656d [maven-release-plugin] prepare release spring-security-parent-2.0.4 2008-09-05 18:57:43 +00:00
Luke Taylor f935830cdf Class index generation files 2008-09-05 14:26:26 +00:00
Luke Taylor ee04b189b7 Updated schema verisions to 2.0.4 2008-09-05 14:23:42 +00:00
Luke Taylor 8661e17df9 OPEN - issue SEC-960: DN Encoding in LDAPUserDetailsManager.changePassword() causes bind errors
http://jira.springframework.org/browse/SEC-960. Replaced call to toUrl() with toString() to prevent URL encoding when setting up principal name for reconnect() in changePassword() method.
2008-09-05 13:49:38 +00:00
Ben Alex c45b4e0989 SEC-951: Overcome serialization error caused by BasicLookupStrategy failing to modify AccessControlEntryImpl.acl field to the replacement AclImpl (previously old references to StubAclParent were retained). 2008-09-05 05:33:41 +00:00
Ben Alex 0f8ea229c2 SEC-908: Correct issue with BasePermission static initialization failure. 2008-09-05 04:33:52 +00:00
Luke Taylor 5102be3a59 SEC-971: getter for cookieName in AbstractRememberMeServices
http://jira.springframework.org/browse/SEC-971. Added getCookieName() method.
2008-09-04 16:05:34 +00:00
Luke Taylor de379dc2ac Converted literals to classname/interfacename docbook tags for easier indexing 2008-09-02 01:05:57 +00:00
Luke Taylor 09c70bb28e SEC-970: Corrected link in docbook html banner 2008-09-01 16:56:50 +00:00
Luke Taylor 4e2d6f8b2e SEC-967: TextUtils.java does not escape ampersand character
http://jira.springframework.org/browse/SEC-967. Added escaping of '&' character
2008-08-29 12:01:45 +00:00
Luke Taylor d781deffe7 OPEN - issue SEC-966: Consider adding escapeXml attribute to security:authentication
http://jira.springframework.org/browse/SEC-966.  Added escaping of rendered text as default.
2008-08-26 16:21:29 +00:00
Luke Taylor a4e4120443 SEC-963: LDAP Group Search Root
http://jira.springframework.org/browse/SEC-963. Changed namespace instances of DefaultAuthoritiesPopulator to use the root as the default search location.
2008-08-26 13:51:01 +00:00
Luke Taylor 83868a7334 SEC-955: ability to externalize port mapping for secured channel to a property file
http://jira.springframework.org/browse/SEC-955. Changed schema to make port-mapping type xsd:string to allow placeholders.
2008-08-26 13:20:01 +00:00
Luke Taylor 150f3d97d0 SEC-832: NamingEnumeration.hasMore fails on MS AD with PartialResultException
http://jira.springframework.org/browse/SEC-832. Changed searchForSingleEntry method to ignore PartialResultException, similar to Spring LDAP's approach.
2008-08-26 12:49:37 +00:00
Luke Taylor 7f28a8bc5d Refactored DefaultLdapAuthoritiesPopulator to remove contextSource field and setter method. 2008-08-26 12:38:02 +00:00
Luke Taylor 1cfd886517 SEC-922: Spring Security should respect Spring XML boolean operators for AJ pointcut
http://jira.springframework.org/browse/SEC-922. Added method to substitute boolean operators "and, not, or" with aspectj versions "&&, !, ||".
2008-08-18 23:31:14 +00:00
Luke Taylor bb457e1d07 SEC-957: logger.debug without guard causing massive performance hit
http://jira.springframework.org/browse/SEC-957. Added debug logging guard as requested.
2008-08-18 18:20:48 +00:00
Luke Taylor 09cf90258f SEC-758: Both AspectJSecurityInterceptor and AspectJAnnotationSecurityInterceptor not usable with @AspectJ notation
http://jira.springframework.org/browse/SEC-758. Added "throws Throwable" to AspectJAnnotationCallback signature.
2008-08-18 14:47:28 +00:00
Luke Taylor e15d7a78cd SEC-956: Remove MapBasedMethodDefinitionSource.lookupAttributes
http://jira.springframework.org/browse/SEC-956. Done.
2008-08-18 13:13:18 +00:00
Luke Taylor 3bf5e406b7 SEC-936: NPE in AbstractFallbackMethodDefinitionSource
http://jira.springframework.org/browse/SEC-936. Changed to check if the value of MethodInvocation.getThis() is null to prevent NPE. MapBasedMethodDefinitionSource now ignores calls to findAttributes() with a null target class (all its entries require a class) and the fallback option in AbstractFallbackMethodDefinitionSource is used if the targetClass is null (i.e. Method.getDeclaringClass() will be used as the Class)
2008-08-16 02:31:36 +00:00
Luke Taylor 6a68a2531c SEC-904: Moved test module out of sandbox 2008-08-16 02:24:32 +00:00
Luke Taylor 959cdd8335 SEC-936: Tests 2008-08-16 01:58:45 +00:00
Luke Taylor 8e0a6b9d1a SEC-904: Test module updates 2008-08-15 23:54:16 +00:00
Luke Taylor 827d0e1ebf OPEN - issue SEC-865: Re-Challenge NTLM Clients after Authentication Failure
http://jira.springframework.org/browse/SEC-865. Changed NTLM filter to re-challenge if retryOnAuthFailure is set and the Smb logon call fails. Updated JCIFS version in pom.
2008-08-15 22:44:22 +00:00
Luke Taylor 55d357f42d OPEN - issue SEC-905: <protect-pointcut /> pointcuts do not respect method arguments
http://jira.springframework.org/browse/SEC-905. Added extra registration method to MapBasedMethodDefinitionSource which takes a Method instance rather than the method name.
2008-08-12 17:11:38 +00:00
Luke Taylor d9ab0758ee SEC-954: Removed test dependency on AbstractMethodDefinitionSource. 2008-08-12 17:08:55 +00:00
Luke Taylor 36b35e3b1f CLOSED - issue SEC-953: Query string isn't ignored while url - filterchain pattern matching
http://jira.springframework.org/browse/SEC-953. Fixed autoboxing issue.
2008-08-11 21:15:09 +00:00
Luke Taylor 39a656eb78 OPEN - issue SEC-953: Query string isn't ignored while url - filterchain pattern matching
http://jira.springframework.org/browse/SEC-953. Added stripQueryStringFromUrls parameter to FilterChainProxy which works the same as the one on DefaultFilterInvocationDefinitionSource. This defaults to true when used with ant path matching.
2008-08-11 19:15:33 +00:00
Luke Taylor b6dec19e90 SEC-932: Added supplied class and test class. 2008-08-11 16:36:01 +00:00
Luke Taylor 69e776f581 Fixed invalid tags in faq.fml 2008-08-11 16:18:26 +00:00
Luke Taylor 3ab9fcdcaf Tidying. 2008-08-11 15:05:16 +00:00
Luke Taylor 5e3204a5cb Typo 2008-08-09 11:22:35 +00:00
Luke Taylor 6409f140e0 SEC-902: Changed Ntlm entry point to send 403 if no failure URL set 2008-08-08 16:44:13 +00:00
Luke Taylor 130e70373f SEC-936: Initial test which fails to reproduce the problem 2008-08-08 16:41:23 +00:00
Luke Taylor 3a9eb018ba SEC-950: Added test to attempt to reproduce problem. 2008-08-08 15:41:14 +00:00
Luke Taylor 8b376ccdeb SEC-910: Finished LDAP ns reference 2008-08-08 14:59:44 +00:00
Luke Taylor b3a23b4377 Some minor improvements to schema comments 2008-08-07 19:15:13 +00:00
Luke Taylor 7461d0e5f1 Added authentication, method security and start of LDAP ns info 2008-08-07 19:12:56 +00:00
Luke Taylor 566f656eba Added ldap-server xml:id 2008-08-07 19:11:43 +00:00
Luke Taylor e5d2578aec Added example of @Secured use and some extra explanation 2008-08-07 19:10:53 +00:00
Luke Taylor fb3d0b7f25 Fixed link 2008-08-07 19:09:49 +00:00
Luke Taylor 2d0b594a97 Fixed missing section closing tag 2008-08-07 15:21:25 +00:00
Luke Taylor 42af39a59e Some corrections to explicit FilterChainProxy information 2008-08-07 13:33:36 +00:00
Luke Taylor 930be9338b Added info on default target options when using form-login 2008-08-07 12:41:12 +00:00
Luke Taylor c1a6ae0832 Added faq on required dependencies 2008-08-07 12:40:25 +00:00
Luke Taylor c49bc7ffbb SEC-910: Finishing off http part of namespace appendix 2008-08-07 10:47:59 +00:00
Luke Taylor 25814d341d Tidying. 2008-08-06 16:18:05 +00:00