spring-security

Spring Security

framework java security spring spring-framework

Go to file

Luke Taylor 2b9beffd08 SEC-1444: Fix JNDI escaping problems in LDAP authentication. CompositeName adds quotes to names which contain a forward slash ("/") character. These are automatically removed by Spring LDAP's DistinguishedName, but only if they are at the ends of the String. Since we were preprending the base to the (quoted) DN, resulting in something like ["cn=joe/b",ou=people], this was causing problems with the DN value returned from the search. Additionally, the bind succeeds when a DN is used with a slash, but the subsequent call to getAttributes() fails. This call now passes in a DistinguishedName for the user DN instance instead of a String.		2010-03-27 15:30:15 +00:00
acl	SEC-1433: Reduce the number of direct dependencies on DataAccessException from spring-tx.	2010-03-26 18:05:28 +00:00
aspects	SEC-1262: Added extra test for PostFilter with AspectJ interceptor.	2010-03-11 20:55:06 +00:00
buildSrc	Hans Dockter's refactoring of gradle build, plus simplification of docbook plugin.	2010-03-05 23:23:43 +00:00
cas	SEC-1433: Reduce the number of direct dependencies on DataAccessException from spring-tx.	2010-03-26 18:05:28 +00:00
config	SEC-1433: Reduce the number of direct dependencies on DataAccessException from spring-tx.	2010-03-26 18:05:28 +00:00
core	SEC-1433: Reduce the number of direct dependencies on DataAccessException from spring-tx.	2010-03-26 18:05:28 +00:00
docs	SEC-524: Document addition of "var" attribute in authorization tags.	2010-03-25 19:48:26 +00:00
gradle	Added build file for itest-context.	2010-03-12 01:40:27 +00:00
itest	SEC-524: Added "var" attribute to authorize and accesscontrollist JSP tags.	2010-03-24 18:35:17 +00:00
ldap	SEC-1444: Fix JNDI escaping problems in LDAP authentication.	2010-03-27 15:30:15 +00:00
openid	SEC-1433: Reduce the number of direct dependencies on DataAccessException from spring-tx.	2010-03-26 18:05:28 +00:00
samples	SEC-1262: Added new (replacement) AspectJ interceptor which wraps the JoinPoint in a MethodInvocation adapter to provide compatibility with classes which only support MethodInvocation instances.	2010-03-11 01:51:59 +00:00
sandbox	Addition of commons-logging exclusions and adjustments to pom generation.	2010-03-07 21:58:25 +00:00
taglibs	SEC-524: Added "var" attribute to authorize and accesscontrollist JSP tags.	2010-03-24 18:35:17 +00:00
web	SEC-1446: Modified BasicAuthenticationFilter to treat invalid base64 and invalid Basic authentication tokens as a failed authentication (raising a BadCredentialsException, without calling the AuthenticationManager).	2010-03-23 00:45:06 +00:00
.gitignore	Hans Dockter's refactoring of gradle build, plus simplification of docbook plugin.	2010-03-05 23:23:43 +00:00
build.gradle	Added gradle support for aspects project.	2010-03-09 19:22:50 +00:00
class_mapping_from_2.0.x.txt	SEC-1148: Simple classname mapping from 2.0 to 3.0	2009-12-02 22:44:30 +00:00
license.txt	Change to Apache License version 2.0.	2004-03-23 04:44:48 +00:00
notice.txt	Broaden list of names used and correct URL.	2007-12-03 04:39:17 +00:00
pom.xml	Addition of commons-logging exclusions and adjustments to pom generation.	2010-03-07 21:58:25 +00:00
readme.txt	Removing $Id$ markers and stripping trailing whitespace from the codebase.	2010-01-08 21:05:13 +00:00
settings.gradle	Added build file for itest-context.	2010-03-12 01:40:27 +00:00

readme.txt

===============================================================================
                    SPRING SECURITY - README FILE
===============================================================================

-------------------------------------------------------------------------------
OVERVIEW
-------------------------------------------------------------------------------

Spring Security provides security services for
The Spring Framework (http://www.springframework.org).

For a detailed list of features and access to the latest release, please visit
http://www.springframework.org/projects/.


-------------------------------------------------------------------------------
BUILDING
-------------------------------------------------------------------------------

Spring Security is built using Maven. Please read the "Building from Source" page
at http://static.springframework.org/spring-security/site/.

-------------------------------------------------------------------------------
DOCUMENTATION
-------------------------------------------------------------------------------

Be sure to read the Reference Guide  (docs/reference/html/springsecurity.html).
Extensive JavaDoc for the Spring Security code is also available (in docs/apidocs).
Both can also be found on the website.

-------------------------------------------------------------------------------
QUICK START
-------------------------------------------------------------------------------

We recommend you visit http://static.springframework.org/spring-security/site and 
read the "Suggested Steps" page.

-------------------------------------------------------------------------------
MAVEN REPOSITORY DOWNLOADS
-------------------------------------------------------------------------------

Release jars for the project are available from the central maven repository

http://repo1.maven.org/maven2/org/springframework/security/

Note that milestone releases and snapshots are not uploaded to the central
repository, but can be obtained from te Spring milestone repository.
This blog article has full details on how to download milestone or snapshot
jars or use them in a Maven-based project build:

http://blog.springsource.com/main/2007/09/18/maven-artifacts-2/


-------------------------------------------------------------------------------
OBTAINING SUPPORT
-------------------------------------------------------------------------------

There are two types of support available, commercial and community. For
commercial support, please contact SpringSource. SpringSource employ the
people who wrote Spring Security, and lead the development of the project:

  http://www.springsource.com

For peer help and assistance, please use the Spring Security forum
located at the Spring Community's forum site: 

  http://forum.springframework.org

Links to the forums, and other useful resources are
available from the web site.