mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-25 21:42:17 +00:00
ca3c1979b8
Previously Spring Security did not save the Security Context immediately prior to the following methods being invoked: - HttpServletResonse.flushBuffer() - HttpServletResonse.getWriter().close() - HttpServletResonse.getWriter().flush() - HttpServletRespose.getOutputStream().close() - HttpServletRespose.getOutputStream().flush() This meant that the client could get a response prior to the SecurityContext being stored. After the client got the response, it would make another request and this would not yet be authenticated. The reason this can occur is because all of the above methods commit the response, which means that the server can signal to the client the response is completed. A similar issue happened in SEC-398. Now the previously listed methods are wrapped in order to ensure the SecurityContext is persisted prior to the response being committed.
===============================================================================
SPRING SECURITY - README FILE
===============================================================================
-------------------------------------------------------------------------------
OVERVIEW
-------------------------------------------------------------------------------
Spring Security provides security services for
The Spring Framework (http://www.springframework.org).
For a detailed list of features and access to the latest release, please visit
http://www.springframework.org/projects/.
-------------------------------------------------------------------------------
BUILDING
-------------------------------------------------------------------------------
Spring Security is built using Maven. Please read the "Building from Source" page
at http://static.springframework.org/spring-security/site/.
-------------------------------------------------------------------------------
DOCUMENTATION
-------------------------------------------------------------------------------
Be sure to read the Reference Guide (docs/reference/html/springsecurity.html).
Extensive JavaDoc for the Spring Security code is also available (in docs/apidocs).
Both can also be found on the website.
-------------------------------------------------------------------------------
QUICK START
-------------------------------------------------------------------------------
We recommend you visit http://static.springframework.org/spring-security/site and
read the "Suggested Steps" page.
-------------------------------------------------------------------------------
MAVEN REPOSITORY DOWNLOADS
-------------------------------------------------------------------------------
Release jars for the project are available from the central maven repository
http://repo1.maven.org/maven2/org/springframework/security/
Note that milestone releases and snapshots are not uploaded to the central
repository, but can be obtained from te Spring milestone repository.
This blog article has full details on how to download milestone or snapshot
jars or use them in a Maven-based project build:
http://blog.springsource.com/main/2007/09/18/maven-artifacts-2/
-------------------------------------------------------------------------------
OBTAINING SUPPORT
-------------------------------------------------------------------------------
There are two types of support available, commercial and community. For
commercial support, please contact SpringSource. SpringSource employ the
people who wrote Spring Security, and lead the development of the project:
http://www.springsource.com
For peer help and assistance, please use the Spring Security forum
located at the Spring Community's forum site:
http://forum.springframework.org
Links to the forums, and other useful resources are
available from the web site.