root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 24 Packages Projects Releases Wiki Activity
2,895 Commits 41 Branches 345 Tags 112 MiB
Commit Graph

1620 Commits

Author SHA1 Message Date
Luke Taylor ecd2cc6da7 Added some Assert calls to setters and improved comments. 2008-05-30 15:29:51 +00:00
Luke Taylor f228d013d8 SEC-861: Change default value of justUseSavedRequestOnGet to false 2008-05-30 15:09:51 +00:00
Luke Taylor 4de4bb8e87 SEC-860: Added setter for authenticationDetailsSource to AbstractRememberMeServices 2008-05-30 14:29:32 +00:00
Luke Taylor f8cded10ee Typo. 2008-05-30 11:20:16 +00:00
Luke Taylor c031588975 SEC-606: Added support for customizable credentials character set. 2008-05-29 18:00:15 +00:00
Luke Taylor 36a192b70f SEC-858: Replaced integer properties in schema with strings to allow use of placeholders. 2008-05-29 16:13:14 +00:00
Luke Taylor 980a72f9a0 Removed TODO (done). 2008-05-29 15:54:50 +00:00
Luke Taylor 517a7f117a SEC-857: Make request wrapper getParameterValues() consistent with getParameterMap() etc. 2008-05-29 15:49:43 +00:00
Luke Taylor 244579faf4 OPEN - issue SEC-856: GroupManager JdbcUserDetailsManager implementation: addGroupAuthority() method doesn't work. 
http://jira.springframework.org/browse/SEC-856. Refactored class to remove the JDBC-related inner classes.
 2008-05-28 16:25:28 +00:00
Luke Taylor d63536cc0d SEC-821: Added support for eternal session registry and concurrent session controller to the 2.0.2 namespace. 2008-05-27 13:14:21 +00:00
Luke Taylor 8b5bbe3800 SEC-830: Changed SavedRequestAwareWrapper to make wrapped request parameters take precedence over saved request ones. 2008-05-25 22:57:03 +00:00
Luke Taylor 45c3084502 SEC-836: Made LDAP namespace elements use subtree group searching by default. 2008-05-23 23:57:01 +00:00
Luke Taylor 871e529840 SEC-850: custom-authentication-provider Registering Separate Bean Definitions in App Context and Providers List 
http://jira.springframework.org/browse/SEC-850. Added extra test.
 2008-05-23 23:32:57 +00:00
Luke Taylor d1005e4cfb SEC-850: custom-authentication-provider Registering Separate Bean Definitions in App Context and Providers List 
http://jira.springframework.org/browse/SEC-850. Changed bean decorator to add a bean reference to the ProviderManager rather than a bean definition.
 2008-05-23 23:25:09 +00:00
Luke Taylor 9ce0270226 Fixed typo in test name 2008-05-23 22:57:30 +00:00
Luke Taylor 7603ce2f97 SEC-848: Remove all Spring LDAP dependecy loading from namespace parsers 
http://jira.springframework.org/browse/SEC-848. Replaced class references with class names.
 2008-05-23 21:30:57 +00:00
Luke Taylor 25ba269db0 SEC-835: use setContentType on response for J2EE 1.3 compatibility. 2008-05-23 20:55:10 +00:00
Luke Taylor 11b448c0e0 SEC-847: Updated the xsl file to inline openid-login and other elements 2008-05-23 16:29:44 +00:00
Luke Taylor 08c5fe8925 Fixed autoboxing issue 2008-05-22 12:19:00 +00:00
Luke Taylor fbe3ca48f4 SEC-823, SEC-843: Allow setting of custom RememberMeServices and token validity periodon remember-me namespace element 2008-05-21 16:03:05 +00:00
Luke Taylor 3e33b8a880 Update InMemoryXmlApplicationContext to use 2.0.2 schema 2008-05-20 22:46:37 +00:00
Luke Taylor b60c578b25 SEC-844: Support for SHA-256 hashing. 2008-05-20 22:45:02 +00:00
Luke Taylor 03981ab6a0 SEC-844: Added sec-256 to namespace schema 2008-05-20 22:32:03 +00:00
Luke Taylor e9adbd4d62 SEC-844, SEC-843, SEC-823: Added support for sha-256, custom remember-me services and setting of remember me token validity period to namespace schema. Also added 2.0.2 XSD file 2008-05-20 19:48:32 +00:00
Luke Taylor 29d31b72d0 SEC-837: Add special character filtering to LDAP search filters 2008-05-20 19:25:37 +00:00
Luke Taylor 3fb1f59fde SEC-837: Add special character filtering to LDAP search filterscore/src/test/java/org/springframework/security/ldap 2008-05-20 19:22:49 +00:00
Luke Taylor 5af53da106 Improved doc for'filters' attribute 2008-05-18 11:09:50 +00:00
Luke Taylor 2329dadf48 Removed jalopy parameter comments 2008-05-15 17:58:15 +00:00
Luke Taylor f269373442 IDE-791: Remove explicit Spring LDAP class dependencies from LdapServerBDP. 2008-05-15 14:33:42 +00:00
Luke Taylor 8b2c0468ff OPEN - issue SEC-834: Session fixation attack protection will cause problems with URL rewriting 
http://jira.springframework.org/browse/SEC-834. Modified HttpSecurityBDP to add session-fixation parameters to openId and form-login filters. Also added sessionRegistry property to AbstractProcessingFilter so that it doesn't conflict with concurrent session control.
 2008-05-15 01:34:14 +00:00
Luke Taylor d17a2da9e0 SEC-834: Session fixation attack protection will cause problems with URL rewriting 
http://jira.springframework.org/browse/SEC-834. Changed position of SessionFixationProtectionFilter and modified it to make a decision about whether authentication has taken place prior to calling doFilter(). Previously it did this on the return through the filter chain, which caused the problem described in this issue.
 2008-05-15 00:26:27 +00:00
Luke Taylor 7f38c656ca SEC-820: Expand regular expression used in hierarchical roles. 2008-05-14 22:59:33 +00:00
Luke Taylor 6493df13f8 SEC-803: Removed use of websphere SubjectHelper class. 2008-05-14 22:51:39 +00:00
Luke Taylor 59543af4fb SEC-826: Support for JPA PersistenceContext annotation broken 
http://jira.springframework.org/browse/SEC-826 Moved all injection post-processing to BeanPostProcessors (and deleted bean factory post-processor) to prevent early instantiation problems. Beas should now all be instantiated before the injection takes place.
 2008-05-14 16:41:52 +00:00
Luke Taylor 1fee538c7e Fixed typo in setter method (uses of). 2008-05-13 15:32:30 +00:00
Luke Taylor ae2470127c Fixed typo in setter method "seAttributePrefix" 2008-05-13 13:51:49 +00:00
Luke Taylor e1b226ee57 Added 2.0.2 namespace file 2008-05-10 17:16:46 +00:00
Luke Taylor add2649397 Javadoc typo. 2008-05-09 18:09:56 +00:00
Luke Taylor 781d88bd30 OPEN - issue SEC-825: Query string isn't beig stripped from URLs when ant matcher is in use (regression issue) 
http://jira.springframework.org/browse/SEC-825. Make sure the property is set on DefaultFilterInvocationDefinitionSource when ant paths are in use.
 2008-05-09 18:08:32 +00:00
Luke Taylor 883b92e7bd SEC-822: Converted to long arithmetic to prevent integer overflowing with long token validity periods 2008-05-08 15:07:40 +00:00
Luke Taylor 301d021bf5 SEC-817: NPE in org.springframework.security.config.FilterChainProxyPostProcessor 
Reversed order of beanName.equals() call as suggested.
 2008-05-07 13:58:53 +00:00
Luke Taylor 8ad2d681ab SEC-818: Changed redirect URL validation to ignore potential property placeholders at parsing time and report a warning through the parser context rather than an error. Also validated the URLs in the beans themselves using Asserts, so an exception will occur later when the beans have been created rather than while assembling the bean definitions. 2008-05-07 13:49:20 +00:00
Luke Taylor afc757e618 Removed reference to LdapDataAccessException since it isn't actually mentioned except in javadoc 2008-05-06 14:43:52 +00:00
Luke Taylor c333070fe3 Javadoc tidying 2008-05-06 13:59:46 +00:00
Luke Taylor fca3a2a709 SEC-812: Added missing TextUtils file 2008-05-05 19:09:09 +00:00
Luke Taylor fa44c74993 SEC-812: Added entity-escaping of username stored under last username key, to prevent problems if it is rendered in a page without escaping the text. 2008-05-05 18:37:02 +00:00
Luke Taylor 06719053f1 Removed commons lang dependency. 2008-05-05 17:18:47 +00:00
Ben Alex 9961c7f867 Moved to correct build location. 2008-05-02 10:52:57 +00:00
Ben Alex 7a2e1e13d3 SEC-811: Provide a mechanism to allocate and rebuild cryptographically strong, randomised tokens. 2008-05-02 10:38:56 +00:00
Luke Taylor a599ef5398 [maven-release-plugin] prepare for next development iteration 2008-05-01 20:09:03 +00:00