Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Spring Security
4,647 Commits 30 Branches 330 Tags 114 MiB
Java 94.5%
Kotlin 4.8%
JavaScript 0.3%
Groovy 0.2%
Go to file
Rob Winch 1ab068a06d SEC-2005: Ensure SecurityContext saved prior to the response being committed 
Previously Spring Security did not save the Security Context immediately prior
to the following methods being invoked:

   - HttpServletResonse.flushBuffer()
   - HttpServletResonse.getWriter().close()
   - HttpServletResonse.getWriter().flush()
   - HttpServletRespose.getOutputStream().close()
   - HttpServletRespose.getOutputStream().flush()

This meant that the client could get a response prior to the SecurityContext
being stored. After the client got the response, it would make another request
and this would not yet be authenticated. The reason this can occur is because
all of the above methods commit the response, which means that the server can
signal to the client the response is completed. A similar issue happened in
SEC-398.

Now the previously listed methods are wrapped in order to ensure the SecurityContext
is persisted prior to the response being committed.
 		2012-08-07 16:02:22 -05:00
acl SEC-1999: Updated spring-context version for acs/template.mf 2012-07-25 16:39:08 -05:00
aspects Fixing bundlor warnings. 2011-03-08 16:20:37 +00:00
buildSrc SEC-1906: Fix EmmaPlugin for Gradle 1.0 2012-07-05 22:57:16 -05:00
cas SEC-1700: Add fixed serializationVersionUID values to security context, authentication tokens and related classes 2011-04-21 19:55:32 +01:00
config SEC-2020: Set eraseCredentialsAfterAuthentication when using http@authentication-manager-ref 2012-07-31 14:04:11 -05:00
core SEC-1919: Log error when fail to communicate with LDAP 2012-07-31 16:55:48 -05:00
crypto SEC-1990: Polishing code cleanup on BCrypt 2012-07-05 14:12:14 -05:00
docs SEC-2010: Include missing <value> tag in Hierarchical Roles section of the reference 2012-07-19 10:18:12 -05:00
gradle Added comment to ide-integration.gradle about STS-2723 2012-07-19 17:46:13 -05:00
itest SEC-1723: Fix use of bean names in integration test app context. 2011-04-25 22:30:51 +01:00
ldap SEC-2017: Convert IncorrectResultsSizeException.size() == 0 to BadCredentialsException in ActiveDirectoryAuthenticationProvider 2012-08-01 16:19:57 -05:00
openid SEC-1820: Added null check for attributesToFetch in OpenID4JavaConsumer. 2011-09-20 21:46:21 +01:00
remoting SEC-1906: Update to Gradle 1.0 2012-07-05 12:41:56 -05:00
samples SEC-1906: Update to Gradle 1.0 2012-07-05 12:41:56 -05:00
sandbox SEC-1430: Removed caching of username in session upon failed authentication. Improved Javadoc. 2010-11-26 13:58:49 +00:00
taglibs Clean up warnings in AccessControlListTagTests 2012-08-02 09:49:19 -05:00
web SEC-2005: Ensure SecurityContext saved prior to the response being committed 2012-08-07 16:02:22 -05:00
.gitignore SEC-1995: Move version to gradle.properties so Bamboo can update on releases 2012-07-26 17:26:50 -05:00
build.gradle SEC-1995: Move version to gradle.properties so Bamboo can update on releases 2012-07-26 17:26:50 -05:00
class_mapping_from_2.0.x.txt SEC-1148: Simple classname mapping from 2.0 to 3.0 2009-12-02 22:44:30 +00:00
gradle.properties SEC-1995: Move version to gradle.properties so Bamboo can update on releases 2012-07-26 17:26:50 -05:00
gradlew SEC-1906: Fix EmmaPlugin for Gradle 1.0 2012-07-05 22:57:16 -05:00
gradlew.bat SEC-1906: Fix EmmaPlugin for Gradle 1.0 2012-07-05 22:57:16 -05:00
license.txt Change to Apache License version 2.0. 2004-03-23 04:44:48 +00:00
notice.txt Broaden list of names used and correct URL. 2007-12-03 04:39:17 +00:00
readme.txt SEC-1988: Add contributor guide link to readme.txt 2012-07-10 22:27:19 -05:00
settings.gradle SEC-1906: Update to Gradle 1.0 2012-07-05 12:41:56 -05:00

readme.txt 

===============================================================================
                    SPRING SECURITY - README FILE
===============================================================================

-------------------------------------------------------------------------------
OVERVIEW
-------------------------------------------------------------------------------

Spring Security provides security services for the Spring Framework
(http://www.springframework.org). Spring Security 3.1 requires Spring 3.0.3 as
a minimum and also requires Java 5.

For a detailed list of features and access to the latest release, please visit
http://www.springframework.org/projects/.

Spring Security is released under an Apache 2.0 license. See the accompanying
license.txt file.

-------------------------------------------------------------------------------
BUILDING
-------------------------------------------------------------------------------

Please read the "Building from Source" page at
http://static.springframework.org/spring-security/site/.

-------------------------------------------------------------------------------
DOCUMENTATION
-------------------------------------------------------------------------------

Be sure to read the Reference Guide  (docs/reference/html/springsecurity.html).
Extensive JavaDoc for the Spring Security code is also available (in docs/apidocs).
Both can also be found on the website.

-------------------------------------------------------------------------------
QUICK START
-------------------------------------------------------------------------------

We recommend you visit http://static.springframework.org/spring-security/site and
read the "Getting Started" page.

-------------------------------------------------------------------------------
MAVEN REPOSITORY DOWNLOADS
-------------------------------------------------------------------------------

Release jars for the project are available from the central maven repository

http://repo1.maven.org/maven2/org/springframework/security/

Note that milestone releases and snapshots are not uploaded to the central
repository, but can be obtained from the Spring milestone repository, using the
maven repository http://maven.springframework.org/snapshot/. You can't browse this
URL directly, but there is a separate browser interface. Check the downloads page
for more information
http://static.springsource.org/spring-security/site/downloads.html


-------------------------------------------------------------------------------
OBTAINING SUPPORT
-------------------------------------------------------------------------------

There are two types of support available, commercial and community. For
commercial support, please contact SpringSource. SpringSource employ the
people who wrote Spring Security, and lead the development of the project:

  http://www.springsource.com

For peer help and assistance, please use the Spring Security forum
located at the Spring Community's forum site:

  http://forum.springframework.org

Links to the forums, and other useful resources are
available from the web site.

-------------------------------------------------------------------------------
CONTRIBUTING
-------------------------------------------------------------------------------

Contributions are welcome. Please refer to the Contributor Guidelines for details

  https://github.com/SpringSource/spring-security/wiki/Contributor-Guidelines