spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-16 07:13:30 +00:00

Go to file

Rob Winch 1ab068a06d SEC-2005: Ensure SecurityContext saved prior to the response being committed

Previously Spring Security did not save the Security Context immediately prior
to the following methods being invoked:

   - HttpServletResonse.flushBuffer()
   - HttpServletResonse.getWriter().close()
   - HttpServletResonse.getWriter().flush()
   - HttpServletRespose.getOutputStream().close()
   - HttpServletRespose.getOutputStream().flush()

This meant that the client could get a response prior to the SecurityContext
being stored. After the client got the response, it would make another request
and this would not yet be authenticated. The reason this can occur is because
all of the above methods commit the response, which means that the server can
signal to the client the response is completed. A similar issue happened in
SEC-398.

Now the previously listed methods are wrapped in order to ensure the SecurityContext
is persisted prior to the response being committed.

2012-08-07 16:02:22 -05:00

acl

SEC-1999: Updated spring-context version for acs/template.mf

2012-07-25 16:39:08 -05:00

aspects

Fixing bundlor warnings.

2011-03-08 16:20:37 +00:00

buildSrc

SEC-1906: Fix EmmaPlugin for Gradle 1.0

2012-07-05 22:57:16 -05:00

cas

SEC-1700: Add fixed serializationVersionUID values to security context, authentication tokens and related classes

2011-04-21 19:55:32 +01:00

config

SEC-2020: Set eraseCredentialsAfterAuthentication when using http@authentication-manager-ref

2012-07-31 14:04:11 -05:00

core

SEC-1919: Log error when fail to communicate with LDAP

2012-07-31 16:55:48 -05:00

crypto

SEC-1990: Polishing code cleanup on BCrypt

2012-07-05 14:12:14 -05:00

docs

SEC-2010: Include missing <value> tag in Hierarchical Roles section of the reference

2012-07-19 10:18:12 -05:00

gradle

Added comment to ide-integration.gradle about STS-2723

2012-07-19 17:46:13 -05:00

itest

SEC-1723: Fix use of bean names in integration test app context.

2011-04-25 22:30:51 +01:00

ldap

SEC-2017: Convert IncorrectResultsSizeException.size() == 0 to BadCredentialsException in ActiveDirectoryAuthenticationProvider

2012-08-01 16:19:57 -05:00

openid

SEC-1820: Added null check for attributesToFetch in OpenID4JavaConsumer.

2011-09-20 21:46:21 +01:00

remoting

SEC-1906: Update to Gradle 1.0

2012-07-05 12:41:56 -05:00

samples

SEC-1906: Update to Gradle 1.0

2012-07-05 12:41:56 -05:00

sandbox

SEC-1430: Removed caching of username in session upon failed authentication. Improved Javadoc.

2010-11-26 13:58:49 +00:00

taglibs

Clean up warnings in AccessControlListTagTests

2012-08-02 09:49:19 -05:00

web

SEC-2005: Ensure SecurityContext saved prior to the response being committed

2012-08-07 16:02:22 -05:00

.gitignore

SEC-1995: Move version to gradle.properties so Bamboo can update on releases

2012-07-26 17:26:50 -05:00

build.gradle

SEC-1995: Move version to gradle.properties so Bamboo can update on releases

2012-07-26 17:26:50 -05:00

class_mapping_from_2.0.x.txt

SEC-1148: Simple classname mapping from 2.0 to 3.0

2009-12-02 22:44:30 +00:00

gradle.properties

SEC-1995: Move version to gradle.properties so Bamboo can update on releases

2012-07-26 17:26:50 -05:00

gradlew

SEC-1906: Fix EmmaPlugin for Gradle 1.0

2012-07-05 22:57:16 -05:00

gradlew.bat

SEC-1906: Fix EmmaPlugin for Gradle 1.0

2012-07-05 22:57:16 -05:00

license.txt

Change to Apache License version 2.0.

2004-03-23 04:44:48 +00:00

notice.txt

Broaden list of names used and correct URL.

2007-12-03 04:39:17 +00:00

readme.txt

SEC-1988: Add contributor guide link to readme.txt

2012-07-10 22:27:19 -05:00

settings.gradle

SEC-1906: Update to Gradle 1.0

2012-07-05 12:41:56 -05:00

readme.txt

===============================================================================
                    SPRING SECURITY - README FILE
===============================================================================

-------------------------------------------------------------------------------
OVERVIEW
-------------------------------------------------------------------------------

Spring Security provides security services for the Spring Framework
(http://www.springframework.org). Spring Security 3.1 requires Spring 3.0.3 as
a minimum and also requires Java 5.

For a detailed list of features and access to the latest release, please visit
http://www.springframework.org/projects/.

Spring Security is released under an Apache 2.0 license. See the accompanying
license.txt file.

-------------------------------------------------------------------------------
BUILDING
-------------------------------------------------------------------------------

Please read the "Building from Source" page at
http://static.springframework.org/spring-security/site/.

-------------------------------------------------------------------------------
DOCUMENTATION
-------------------------------------------------------------------------------

Be sure to read the Reference Guide  (docs/reference/html/springsecurity.html).
Extensive JavaDoc for the Spring Security code is also available (in docs/apidocs).
Both can also be found on the website.

-------------------------------------------------------------------------------
QUICK START
-------------------------------------------------------------------------------

We recommend you visit http://static.springframework.org/spring-security/site and
read the "Getting Started" page.

-------------------------------------------------------------------------------
MAVEN REPOSITORY DOWNLOADS
-------------------------------------------------------------------------------

Release jars for the project are available from the central maven repository

http://repo1.maven.org/maven2/org/springframework/security/

Note that milestone releases and snapshots are not uploaded to the central
repository, but can be obtained from the Spring milestone repository, using the
maven repository http://maven.springframework.org/snapshot/. You can't browse this
URL directly, but there is a separate browser interface. Check the downloads page
for more information
http://static.springsource.org/spring-security/site/downloads.html


-------------------------------------------------------------------------------
OBTAINING SUPPORT
-------------------------------------------------------------------------------

There are two types of support available, commercial and community. For
commercial support, please contact SpringSource. SpringSource employ the
people who wrote Spring Security, and lead the development of the project:

  http://www.springsource.com

For peer help and assistance, please use the Spring Security forum
located at the Spring Community's forum site:

  http://forum.springframework.org

Links to the forums, and other useful resources are
available from the web site.

-------------------------------------------------------------------------------
CONTRIBUTING
-------------------------------------------------------------------------------

Contributions are welcome. Please refer to the Contributor Guidelines for details

  https://github.com/SpringSource/spring-security/wiki/Contributor-Guidelines