root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 21 Packages Projects Releases Wiki Activity
4,117 Commits 47 Branches 367 Tags 124 MiB
Commit Graph

208 Commits

Author SHA1 Message Date
Rob Winch 70d5ba536e SEC-2057: ConcurrentSessionFilter is now after SecurityContextPersistenceFilter 
Previously, ConcurrentSessionFilter was placed after SecurityContextPersistenceFilter
which meant that the SecurityContextHolder was empty when ConcurrentSessionFilter was
invoked. This caused the Authentication to be null when performing a logout. It also
caused complications with LogoutHandler implementations that would be accessing the
SecurityContextHolder and potentially clear it out expecting that
SecurityContextPersistenceFilter would then clear the SecurityContextRepository.

The ConcurrentSessionFilter is now positioned after the
SecurityContextPersistenceFilter to ensure that the SecurityContextHolder is populated
and cleared out appropriately.
 2012-10-03 14:04:24 -05:00
Rob Winch 4f993d95b5 Updates for 3.0.x autorepo support 2012-10-02 11:20:40 -05:00
Rob Winch 7cb472f105 SEC-1880: Corrected error message when using both logout-success-url and success-handler-ref 2011-12-30 11:35:48 -06:00
Rob Winch 863b36962b SEC-1878: Added test to ensure that DefaultFilterChainValidator can handle web expressions 2011-12-28 16:24:48 -06:00
Luke Taylor 2d27b28199 Set version to 3.0.8.CI-SNAPSHOT. 2011-09-05 23:04:06 +01:00
Luke Taylor 714ee3e960 Set version to 3.0.7.RELEASE. 2011-09-05 23:03:17 +01:00
Luke Taylor 3dc4158f7d Set version to 3.0.7.CI-SNAPSHOT 2011-08-19 12:52:39 -07:00
Luke Taylor 62f70f17ff Set project release version to 3.0.6.RELEASE 2011-08-19 12:47:55 -07:00
Luke Taylor 2888f2b86f SEC-1720: Avoid bean-creation side-effects in ContextSourceSettingPostProcessor. 2011-04-20 13:00:56 +01:00
Luke Taylor 04d42211b1 SEC-1705: Make sure a single OpenIDAuthenticationFilter bean is created by the namespace. Likewise for UsernamePasswordAuthenticationFilter. 2011-03-31 22:03:27 +01:00
Rob Winch afd556412e SEC-1672: Provide error message when ambiguous configuration of intercept-url contains attributes filters=none and (access or requires-channel) 2011-02-09 20:37:03 -06:00
Luke Taylor 69a1fb76d3 SEC-1615: Changed key generation for anonymous provider to only use SecureRandom on demand. 2010-12-01 20:51:13 +00:00
Luke Taylor d53db3ba13 Update version to 3.0.6.CI-SNAPSHOT. 2010-11-18 12:39:19 +00:00
Luke Taylor 90304f64c6 Update version for 3.0.5 release 2010-11-18 12:36:08 +00:00
Luke Taylor 6141ef79b3 Remove use of @Override with an interface method 2010-10-28 16:10:48 +01:00
Luke Taylor 3cfe23f60d Update versions to 3.0.5.CI-SNAPSHOT 2010-10-26 15:32:22 +01:00
Luke Taylor 82d140ffb1 Version 3.0.4.RELEASE 2010-10-26 15:32:22 +01:00
Luke Taylor 1563491322 SEC-1600: Added Implementation-Version and Implementation-Title to manifest templates and checking of version numbers in namespace config module and core. Config checks the version of core it is running against and core checks the Spring version, reporting any mismatches or situations where the app is running with less than the recommended Spring version. 2010-10-26 15:32:21 +01:00
Luke Taylor 1739628e6a SEC-1589: Add support for property placeholder in intercept-methods access attribute. 2010-10-26 15:32:21 +01:00
Luke Taylor 8e68fa1334 SEC-1584: Added namespace support for injecting custom HttpFirewall instance into FilterChainProxy. 2010-10-26 15:32:21 +01:00
Luke Taylor e58f982351 Updating gitignore and removing unnecessary casts from FilterChainProxyConfigTests. 2010-10-05 13:31:49 +01:00
Luke Taylor 072b73354f Update namespace handler message to account for later schema versions being used by mistake. 2010-10-05 13:31:49 +01:00
Luke Taylor 45674a16ea SEC-1540: Apply patch to support HTTP method matching for requires-channel namespace attribute. 2010-08-18 13:17:21 +01:00
Luke Taylor a1b124def5 SEC-1532: Add cache of previously matched beans to ProtectPointcutPostProcessor to ensure that it doesn't perform pointcut matching every time a new prototype bean is created. 2010-08-11 18:29:21 +01:00
Luke Taylor 25d222208d Switch version to 3.0.4-CI-SNAPSHOT. 2010-07-01 00:37:55 +01:00
Luke Taylor 9b0c21dfef 3.0.3 release. Update version in build files. 2010-07-01 00:37:29 +01:00
Luke Taylor 02c1f02f2a SEC-1493: Fix broken tests in 3.0.x branch 2010-06-25 13:36:08 +01:00
Luke Taylor 9a2d0c2cb5 SEC-1493: Added namespace support. 2010-06-20 21:11:49 +01:00
Luke Taylor 27faad3402 SEC-1488: Remove commons-logging dependencies from maven poms and use slf4j in all samples. 2010-05-28 13:10:08 +01:00
Luke Taylor 304f12fb63 SEC-1455: Load namespace parsers when required, rather than on init() call, to avoid classloaded issue with dmServer failing to resolve web classes when the namespace handler is first used. 2010-05-21 15:42:11 +01:00
Luke Taylor 8c605516b3 SEC-1463: Change namespace user-service parser to store username in lower-case when building map for in-memory UserDetailsService. Lookups are supposed to be case-insensitive with this class. 2010-04-24 16:42:00 +01:00
Luke Taylor 6354c7e052 SEC-1232: GlobalMethodSecurityBeanDefinitionParser support for mode='aspectj' 
AspectJ sample application context also updated to use this syntax.
 2010-03-31 17:41:23 +01:00
Luke Taylor eda60b72b1 SEC-1448: Fixed failure to resolve generic method argument names in MethodSecurityEvaluationContext. 
Changed to use AopUtils.getMostSpecificMethod() when obtaining the method on which the parameter resolution should be performed. Also added better error handling and log warning when parameter names cannot be resolved. The exception will then be a SpEL one, rather than a NPE.
 2010-03-27 17:22:38 +00:00
Luke Taylor f000aaa7e8 SEC-1440: Implement support for separate entry-point-ref on htt-basic namespace element. Changes ported from master branch. 2010-03-26 14:06:12 +00:00
Luke Taylor 634e340d80 Update schema version to 3.0.3 2010-03-26 13:53:56 +00:00
Luke Taylor 4c8e9e2d7e SEC-1450: Replace use of ClassUtils.getMostSpecificMethod() in AbstractFallbackMethodDefinitionSource with AopUtils.getMostSpecificMethod() equivalent. 
Ensures protect-pointcut expressions match methods with generic parameters.
 2010-03-24 21:03:45 +00:00
Luke Taylor 59b69f6f48 SEC-1434: Remove use of BeanDefinition of type java.lang.String which causes problems in Google App Engine. 
This results in the method BeanUtils.findEditorByConvention attempting to get hold of the system classloader which isn't allowed by the security manager in GAE.
 2010-03-16 02:22:36 +00:00
Luke Taylor 1b0ac9c785 Porting of gradle changes from master. 2010-03-11 02:15:02 +00:00
Luke Taylor 87cf27ab7c SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect. 2010-03-04 21:49:38 +00:00
Luke Taylor 317da55cd0 SEC-1423: Cache PointcutExpression instances in ProtectPointcutPostProcessor for more efficient startup. 2010-02-26 17:50:45 +00:00
Luke Taylor 9e751e22c8 Refactoring to remove remaining circular dependencies indicated by structure101. 2010-02-26 17:50:14 +00:00
Luke Taylor 9831980bc2 Update versions to 3.0.3.CI-SNAPSHOT. 2010-02-26 15:04:43 +00:00
Luke Taylor 44f45d21f0 3.0.2 release. Update version in build files. 2010-02-19 01:22:21 +00:00
Luke Taylor 10dc72b017 SEC-1387: Support serialization of security advised beans. 
MethodSecurityMetadataSourceAdvisor now takes the SecurityMetadataSource bean name as an extra constructor argument and re-obtains the bean from the BeanFactory in its readObject method. Beans that are advised using <global-method-security> should therefore now be serializable.
 2010-02-19 00:53:14 +00:00
Luke Taylor 5b5934144a Avoid infinite loop in InterceptMethodsBeanDefinitionDecoratorTests when upgrading to Spring 3.0.1. 
Converted test target to implement ApplicationListener<SessionCreatedEvent> so that it doesn't receive events from its own interceptor (which are in turn intercepted).
 2010-02-16 00:03:15 +00:00
Luke Taylor 36612377e2 Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents. 2010-02-14 23:23:23 +00:00
Luke Taylor dcbdfc2026 SEC-1396: Implement eager saving of SecurityContext in SessionManagementFilter on authentication. 
The user is then seen as being authenticated to further (re-entrant) requests which occur before the existing request has completed. The saving logic is contained with the SecurityContextRepository implementation.
 2010-02-11 17:47:22 +00:00
Luke Taylor 70ef0d8b3e Added extra test to itest/context as POC of using extra interceptor with http ns. 2010-02-11 01:48:00 +00:00
Luke Taylor 23511c930f Standardising slf4j versions. 2010-02-11 01:33:31 +00:00
Luke Taylor 2173029216 SEC-1404: Use a factory method to convert the path to lower case for use in the filter-chain map. 
Delays the conversion till after palceholders have been substituted, preventing the placeholder from being converted (or the value not being converted).
 2010-02-10 23:49:26 +00:00