4758 Commits

Author SHA1 Message Date
Luke Taylor
5fce0a58bd SEC-1750: Make sure RunAs replacement is constrained to the SecurityContext of the current thread. 2011-08-12 19:44:27 +01:00
Luke Taylor
b48fc53fa2 SEC-1741: Modify ContextPropagatingRemoteInvocation to pass a simple combination of principal/credentials as Strings, rather than serializing the whole SecurityContext object from the client. 2011-08-12 19:44:27 +01:00
Luke Taylor
249610c7ed SEC-1742: Remove deprecated "includeDetailsObject" field from DaoAuthenticationProvider. 2011-08-12 19:44:26 +01:00
Luke Taylor
1976cb1bf7 SEC-1742: Deprecate use of extraInformation field in AuthenticationException, making it transient and removing any sensitive data in UserDetails objects which are stored in it. 2011-08-12 19:44:26 +01:00
Luke Taylor
824464516c SEC-1790: Reject redirect locations containing CR or LF. 2011-08-12 19:44:26 +01:00
Luke Taylor
6333909107 SEC-1797: Create a new session in AbstractPreAuthenticatedProcessingFilter when the existing session is invalidated on detecting a principal change. 2011-08-12 19:07:17 +01:00
Luke Taylor
74daa68691 SEC-1796: Check for annotated annotations at class/interface level. Previously only the specific security annotation was checked for. By delegating to Spring's AnnotationUtils, custom annotations carrying the security annotation are also detected. 2011-08-12 14:29:55 +01:00
Luke Taylor
8ce4d326f5 Update HttpClient to 4.1.2 and removed incorrect bundlor references to commons version. 2011-08-12 00:23:29 +01:00
Luke Taylor
0120643721 SEC-1794: Convert OpenIDAuthenticationStatus to an enum. 2011-08-10 17:09:33 +01:00
Luke Taylor
0c2a950fa0 SEC-1788: Avoid unnecessary call to getPreAuthenticatedPrincipal() in AbstractPreAuthenticatedProcessingFilter when not checking for principal changes is not enabled. 2011-08-10 17:07:09 +01:00
Rob Winch
7399c9a7a5 SEC-1792: Fixed NullPointerException in RunAsUserToken#toString() 2011-07-29 09:55:18 -05:00
Rob Winch
dfd467f26e cleaned imports in RunAsUserToken 2011-07-29 09:39:02 -05:00
Luke Taylor
7e44580c75 Minor refactoring of aspects tests. 2011-07-20 17:42:05 +01:00
Luke Taylor
8740efc0f5 Added constructor injection options to ConcurrentSessionFilter 2011-07-18 15:09:31 +01:00
Luke Taylor
a1c714cff4 SEC-1754: Added an InvalidSessionStrategy to allow SessionManagementFilter to delegate out the behaviour when an invalid session identifier is submitted. 2011-07-14 16:43:02 +01:00
Luke Taylor
ac3d8b25f2 Expand LDAP authentication FAQ with information about bind authentication and unreadable password attributes. 2011-07-14 13:13:39 +01:00
Luke Taylor
8440743108 Remove Sql query objects from JdbcTokenRepositoryImpl in favour of direct JdbcTemplate use. 2011-07-13 23:28:41 +01:00
Luke Taylor
89fa771093 SEC-1753: Cater for missing DiscoveryInformation object in OpenID4JavaConsumer.endConsumption. 2011-07-13 22:29:47 +01:00
Luke Taylor
700fa9e0b6 SEC-1772: remote URL decoding of targetUrlParameter in AbstractAuthenticationTargetUrlRequestHandler. 2011-07-13 22:13:52 +01:00
Luke Taylor
de97bac85b SEC-1763: Prevent nested switches in SwitchUserFilter by calling attemptExitUser() before doing the switch. 2011-07-13 21:59:11 +01:00
Luke Taylor
a504cfae1a SEC-1770: Call refreshLastRequest on the session registry rather than the SessionInformation object to make sure it works with alternative SessionRegistry implementations. 2011-07-13 20:56:47 +01:00
Luke Taylor
d5946b81b4 Added FAQ on how to add ApacheDS entries to pom. 2011-07-13 17:50:29 +01:00
Luke Taylor
c117c643df SEC-1782: Javadoc correction for LdapAuthenticationProvider. 2011-07-12 01:50:24 +01:00
Rob Winch
330f82f562 SEC-1777: Corrected log in HttpSessionSecurityContextRepository to reference itself instead of HttpSessionContextIntegrationFilter 2011-07-09 19:24:12 -05:00
Florian Fankhauser
2e83d98c8f SEC-1776: Corrected typo in manual 2011-07-09 19:24:12 -05:00
Rob Winch
825f0061fb SEC-1761: Support HttpOnly Flag for Cookies when using Servlet 3.0 2011-07-09 19:23:51 -05:00
Luke Taylor
56e86dd36f Adding assertions on constructor arg values. 2011-07-06 20:50:25 +01:00
Luke Taylor
f92589f051 Extract a SecurityFilterChain interface and create a default implementation to facilitate other configuration options. 2011-07-06 00:12:48 +01:00
Luke Taylor
2d271666a4 Add constructors to facilitate constructor-based injection for required/shared bean properties. 2011-07-05 20:25:49 +01:00
Luke Taylor
73442125de SEC-1775: Removed internal use of UserAttribute class in AnonymousAuthenticationFilter. 2011-07-04 21:09:48 +01:00
Luke Taylor
5d20f57fa8 Import cleaning. 2011-07-02 20:36:42 +01:00
Luke Taylor
b15475ab3d SEC-1771: Change TokenBasedRememberMeServices to obtain password from UserDetailsService if necessary. 2011-07-02 20:36:42 +01:00
Luke Taylor
737a9d1825 Improved toString methods on request wrappers. 2011-07-02 20:36:41 +01:00
Rob Winch
85807fdfd0 Removed @Overrides from method that implements interface instead of overriding superclass to resolve Java 1.5 error 2011-06-21 07:22:35 -05:00
Rob Winch
c3a3a5bfbf Updated core.gradle to include crypto as referenced project in eclipse 2011-06-21 07:22:35 -05:00
Luke Taylor
d253f5e109 SEC-1768: Use AopProxyUtils.ultimateTargetClass() to cater for the situation where the security interceptor is being applied to a proxy. 2011-06-18 14:35:56 +01:00
Luke Taylor
5a1ddc660b SEC-1768: Added tests to reproduce "double-proxying" issue combining intercept-methods and tx-annotation-driven. Problem is caused by use of ProxyFactoryBean with auto-proxying. 2011-06-18 14:32:31 +01:00
Luke Taylor
b0a60a7ff2 Reset to snapshot version. 2011-06-17 11:49:18 +01:00
Luke Taylor
926be1ca78 Intermediate crypto release version. 2011-06-17 11:46:19 +01:00
Luke Taylor
2861a951aa Minor FAQ update on version info. 2011-06-17 11:45:56 +01:00
Luke Taylor
1f1faa6da0 Use getClass() in logger instantiation in AbstractLdapAuthenticationProvider. 2011-06-15 14:06:57 +01:00
Luke Taylor
d9ccebd565 Add crypto module to LDAP bundlor template 2011-06-15 11:47:29 +01:00
Luke Taylor
89b7b2b935 SEC-1764: Remove use of Java 6 method Arrays.copyOfRange. 2011-06-15 11:22:17 +01:00
Luke Taylor
571bfc4869 Refactoring to use Utf8 encoder instead of String.getBytes("UTF-8"). 2011-06-14 18:47:50 +01:00
Luke Taylor
361b77685d Add crypto as an exported dependency of core in IDEA configuration. 2011-06-14 18:47:49 +01:00
Luke Taylor
2b8d4684a1 SEC-1764: Ensure password encoders use UTF-8 charset when creating strings from byte arrays. 2011-06-14 18:47:49 +01:00
Luke Taylor
dc92baa257 Remove truststore settings from tutorial sample as they aren't required. 2011-06-13 15:03:51 +01:00
Luke Taylor
e4ecdd55f6 Enable https in tutorial sample. 2011-06-13 13:45:09 +01:00
Luke Taylor
52c0ee6756 Improve error reporting of missing web classes in namespace handler. Now catches and logs the class-loading error. 2011-06-13 13:39:55 +01:00
Luke Taylor
e27f655e9d SEC-1689: Re-instate crypto as separate library (for use in non-Spring Security apps), as well as packaging with core. 2011-06-10 00:01:25 +01:00