root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
4,443 Commits 38 Branches 345 Tags 114 MiB
Commit Graph

4443 Commits

Author SHA1 Message Date
Luke Taylor 50828cdd43 SEC-1689: Move crypto module code to core for simplicity. 2011-03-10 18:58:47 +00:00
Luke Taylor a25d131f21 Some doc clarifications on the use of UserDetailService vs AuthenticationProvider. 2011-03-10 16:12:16 +00:00
Luke Taylor b26f2309f4 Add paragraph to manual database appendix to clarify that the standard schema is completely optional if you aren't using JdbcDaoImpl. 2011-03-10 13:41:44 +00:00
Luke Taylor 9cf8ba02ba Adding some extra section IDs in namespace appendix to provide bookmarkable URLs. 2011-03-10 13:15:58 +00:00
Luke Taylor ccc548b9e4 Fixing bundlor warnings. 2011-03-08 16:20:37 +00:00
Luke Taylor 5a6afbff95 SEC-1688: Allow injection of a PasswordEncoder from the crypto module into DaoAuthenticationProvider. 2011-03-08 16:20:26 +00:00
Luke Taylor 885f0270dc Some adjustments to the core build to make sure crypto classes are correctly exported to other tasks. 2011-03-08 16:19:51 +00:00
Luke Taylor 57c3afd31a SEC-1689: Adjust manual to remove references to separate crypto module. 2011-03-08 12:58:28 +00:00
Rob Winch a50c9afbab Modified jaas sample's LoginModule to prevent empty string username/password 2011-03-07 22:25:19 -06:00
Rob Winch 9e5d35235c Made the principal for jaas sample serializable 2011-03-07 22:25:16 -06:00
Rob Winch 6983b166d8 Configure Eclipse wtp to use the same context root as jetty 2011-03-07 22:12:13 -06:00
Rob Winch bd53ff1832 Updated gradle build so that eclipse is configured for AJDT 2011-03-07 22:12:13 -06:00
Rob Winch 8978a3af3d Updated gradle build to workaround GRADLE-1426 - configure Eclipse WTP correctly to include dependencies that were on the WAR when there are no source folders for the WAR. 2011-03-07 22:12:13 -06:00
Rob Winch 2b67f5fee6 Updated gradle build to workaround GRADLE-1422 - test dependencies being improperly deployed when using Eclipse WTP 2011-03-07 22:12:13 -06:00
Rob Winch 6c01590bbf Updated gradle build to workaround GRADLE-1116 - workaround /build/classes/test being added to the Eclipse classpath 2011-03-07 22:12:13 -06:00
Rob Winch c7de933cb9 Updated gradle wrapper to gradle-1.0-milestone-1 2011-03-07 22:12:10 -06:00
Luke Taylor 9d45828cb0 SEC-1689: Package crypto module classes with core. 2011-03-07 17:44:38 +00:00
Luke Taylor db6edfb512 Pull in changes to convert emma, aspectj and bundlor usage to plugins 2011-03-07 17:43:58 +00:00
Luke Taylor fd1a70edc2 SEC-1665: Add extra check of non-public declared methods in MethodInvocationAdapter, if public method cannot be found. 2011-03-04 17:45:37 +00:00
Luke Taylor dc73bbef3f Add inputs to AspectJ compilation tasks for change-detection purposes. 2011-03-04 17:40:15 +00:00
Luke Taylor 131c80f444 SEC-1690: Refactor expression PropertyAccessor for dealing with properties as beans in the ApplicationContext. 2011-03-02 16:33:25 +00:00
Luke Taylor 72f031253f Remove unnecessary dependency repos and update GAE version. 2011-02-28 15:43:25 +00:00
Luke Taylor 44252207db SEC-1683: Corrected typo 2011-02-28 15:43:25 +00:00
Luke Taylor 7a0a2dace6 Revert deliberate test failure. 2011-02-25 23:55:22 +00:00
Luke Taylor a9d325ea18 Deliberately fail test to test bamboo's reaction 2011-02-25 23:53:27 +00:00
Luke Taylor 4a7608b7a9 SEC-1640: Add support for "this" property to MethodSecurityExpressionRoot object, representing the object on which the method is actually being invoked. 2011-02-17 17:51:22 +00:00
Luke Taylor 0b1beee432 Update Base64 implementation to include fixes (using diff) from the original up to version 2.3.7. 2011-02-14 22:40:41 +00:00
Luke Taylor 94b7868039 SEC-1675: Add missing body-content elements to tag descriptor and update it to use 2.0 tag library schema. 2011-02-14 21:17:16 +00:00
Luke Taylor 088042b3d0 Upgrade spock and groovy versions, and make sure apacheDS work directory is set for config integrationTest task. 2011-02-14 19:03:08 +00:00
Luke Taylor bc2448419b SEC-1679: Make sure whitespace is trimmed from cookie names when specifying multiple cookies. 2011-02-14 19:02:28 +00:00
Luke Taylor 27be72a81c SEC-1677: Split out LDAP server tests from config module. 2011-02-14 19:01:27 +00:00
Luke Taylor 44fb3aa4ab SEC-1677: Create integrationTest task for Java projects and make all tests in itest module run as integration tests only. 2011-02-14 15:03:15 +00:00
Luke Taylor a225dc3776 SEC-1677: Split out integration tests from LDAP test code. 2011-02-14 15:02:40 +00:00
Luke Taylor 9f8a47f73e Reset post-release build version to snapshot. 2011-02-10 20:18:40 +00:00
Luke Taylor b62d36d646 Set release version to 3.1.0.RC1 2011-02-10 20:12:54 +00:00
Luke Taylor 84ba7a0ea9 Additional tests for OpenID classes and minor refactoring of OpenID4JavaConsumer for easier testing. 2011-02-10 19:56:28 +00:00
Luke Taylor 164cba11c0 Increase max heap in gradle wrapper script. 2011-02-10 12:26:00 +00:00
Luke Taylor bd7389b6ff SEC-1652: Only use URI for ldif path if file isn't found. 2011-02-09 23:25:16 +00:00
Luke Taylor 3fe49dfae5 Added JDK and Spring links to Javadoc generation task. 2011-02-08 16:43:34 +00:00
Luke Taylor 12561660b1 Add Javadoc groups to build. 2011-02-08 16:13:12 +00:00
Luke Taylor b0df1bd1b0 SEC-1673: Use a map to store the range values use in the bundlor templates. 2011-02-07 16:06:23 +00:00
Luke Taylor eb9482b33b Removal of some unused internal methods, plus additional tests for some areas lacking coverage. 2011-02-07 00:24:20 +00:00
Luke Taylor 20e65a93ea Minor test updates. 2011-02-06 17:27:07 +00:00
Luke Taylor 5f58108717 Typo. 2011-02-06 15:31:36 +00:00
Luke Taylor 83050f96cb SEC-1656: Document potential need for pre-emptive session creation if writing the security context manuall. 2011-02-06 14:58:36 +00:00
Luke Taylor a790c7e192 SEC-1670: Take account of JNDI CompositeName escaping in value of SearchResult.getName() when performing a search for a user entry in SpringSecurityLdapTemplate. 2011-02-03 17:57:43 +00:00
Luke Taylor 4e349904e5 Add missing language attributes to programlisting tags for highlighting. 2011-02-01 16:54:18 +00:00
Luke Taylor 5caa41753a Add check for coverage data before trying to produce report. 2011-02-01 15:41:17 +00:00
Rob Winch 8c08eeb57b SEC-1666: Use constant time comparison for sensitive data. 
Constant time comparison helps to mitigate timing attacks. See the following link for more information

 * http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/
 * http://en.wikipedia.org/wiki/Timing_attack for more information.
 2011-01-31 23:03:51 -06:00
Luke Taylor 6a62b51870 Fix typo in FAQ. 2011-01-31 12:32:05 +00:00