d9ab0758ee
SEC-954: Removed test dependency on AbstractMethodDefinitionSource.
18 years ago
36b35e3b1f
CLOSED - issue SEC-953: Query string isn't ignored while url - filterchain pattern matching
...
http://jira.springframework.org/browse/SEC-953 . Fixed autoboxing issue.
18 years ago
39a656eb78
OPEN - issue SEC-953: Query string isn't ignored while url - filterchain pattern matching
...
http://jira.springframework.org/browse/SEC-953 . Added stripQueryStringFromUrls parameter to FilterChainProxy which works the same as the one on DefaultFilterInvocationDefinitionSource. This defaults to true when used with ant path matching.
18 years ago
b6dec19e90
SEC-932: Added supplied class and test class.
18 years ago
3ab9fcdcaf
Tidying.
18 years ago
3a9eb018ba
SEC-950: Added test to attempt to reproduce problem.
18 years ago
b3a23b4377
Some minor improvements to schema comments
18 years ago
25814d341d
Tidying.
18 years ago
e951c42c2b
Improved javadoc. Some tidying up.
18 years ago
7258d30e13
Reinstated missing author tag and some minor tidying (de-jalopying). Removed unused logger.
18 years ago
3ee3591feb
SEC-947: Added check on "before" and "after" values to make sure they don't overflow when decremented/incremented respectfully.
18 years ago
1af7eed433
SEC-883: RoleHierarchyVoter
...
http://jira.springframework.org/browse/SEC-883 . Added RoleHierarchyVoter and deprecated existing approach. Also moved TestingAuthenticationToken to test package structure.
18 years ago
54ac7b3e46
SEC-935: Updated schema to include OpenID filter name. Also updated some doc comments and added default schema name (spring-security.xsd) to schemas.
18 years ago
3049b933d9
Moved XML test snippet to ConfigTestUtils class and removed context files from core-tiger tests in favour of in-memory XML
18 years ago
1d96283876
Removed commented out line.
18 years ago
d7926f3557
SEC-943: Forgot to commit tests.
18 years ago
e5d86b13b7
SEC-941: Embedded ldap-server uses hard-coded ldap url for importing ldif files
...
http://jira.springframework.org/browse/SEC-941 . Changed LdapUtils.parseRootDnFromUrl to use URI.getRawPath() so the returned root value still contains the escaping. I think this should be Ok.
18 years ago
67e5afbb79
OPEN - issue SEC-881: PreAuthenticatedFilter continues filter chain after unsuccessfulAuthentication(...)
...
http://jira.springframework.org/browse/SEC-881 . Updated Javadoc.
18 years ago
000bb1cbed
OPEN - issue SEC-881: PreAuthenticatedFilter continues filter chain after unsuccessfulAuthentication(...)
...
http://jira.springframework.org/browse/SEC-881 . Added test class.
18 years ago
243c4f22d4
OPEN - issue SEC-899: GrantedAuthorityImpl.compareTo should handle null roles
...
http://jira.springframework.org/browse/SEC-899 . Changed to return -1 when compared to custom auhority which returns null from getAuthority()
18 years ago
d4c105d8ba
OPEN - issue SEC-934: security:intercept-url throws NPE if defined twice with the same url
...
http://jira.springframework.org/browse/SEC-934 . Added log warning when the same url is used multiple times.
18 years ago
f6ff958411
Renamed rnc file.
18 years ago
4bb3eb12c3
SEC-933: global-method-security and aop:aspectj-autoproxy throws NullPointerException in some situations
...
http://jira.springframework.org/browse/SEC-933 . Removed the setting of the attributeSource field from the interceptor in MethodDefinitionSourceAdvisor as this was overwriting the version supplied with the constructor with null (causing the NPE).
Also implemented lazy initialization of the authentication provider list from the bean factory in a custom NamespaceAuthenticationManager (extends ProviderManager and introspects the BeanFactory when getProviders() is first called). This should prevent the perennial problem of the eager initialization of UserDetailsService and other beans when the interceptor is eagerly initialized by something like aspectj-autoproxy.
18 years ago
f453264bde
SEC-909: custom remember me services doesn't get registered as logout handler
...
http://jira.springframework.org/browse/SEC-909 . HttpSecurityBeanDefinitionParser now passes the resolved RememberMeServices bean name to the LogoutBeanDefinitionparser so that it an use it explicitly.
18 years ago
1ddc033fe5
SEC-903: Wrong attribute mapping when using jdbc-user-service bean
...
http://jira.springframework.org/browse/SEC-903 . Corrected property name set by JdbcUserServiceBeanDefinitionParser (was setting authorities query rather than groups one).
18 years ago
e303e8b71a
SEC-924: Implement automatic injection of namespace created RememberMeServices into custom AbstractProcessingFilter based beans.
...
http://jira.springframework.org/browse/SEC-924 . Delayed setting of NullRememberMeServices in AbstractProcessingFilter until afterPropertiesSet method is called, allowing the null value to be read by the namespace and the confgiured RememberMeServices bean injected.
18 years ago
bf5896600e
OPEN - issue SEC-913: SwitchUserProcessingFilter modifies the switchFailureUrl member variable on failure
...
http://jira.springframework.org/browse/SEC-913 . Applied patch as suggested (use sendRedirect method for failure URL).
18 years ago
b4c63db680
SEC-921: Improved messages_zh_CN.properties for Chinese
...
http://jira.springframework.org/browse/SEC-921 . Added contributed file.
18 years ago
a56c13fb22
SEC-912: Added callback methods to BasicProcessingFilter for successful and unsuccessful authentication.
18 years ago
697c7c5f48
SEC-918: Added more info on DB schema to javadoc
18 years ago
6d179122d3
SEC-916: Added Spanish messages contribution.
18 years ago
2cda6242c8
SEC-904: Moved multi-threaded tests into sandbox
18 years ago
479693ced7
SEC-900: Added extra checks on expiry time
18 years ago
775a6c3939
[maven-release-plugin] prepare for next development iteration
18 years ago
87d50aecce
[maven-release-plugin] prepare release spring-security-parent-2.0.3
18 years ago
3ee8733261
SEC-879: Added required BeanPostProcessor to set SessionRegistry is set on namespace registered AbstractProcessingFilter and SessionFixationProtectionFilter when using custom ConcurrentSessionController
...
http://jira.springframework.org/browse/SEC-879 .
18 years ago
d5ee89bb7c
Correct typo in error message.
18 years ago
ff5bfccdba
SEC-892: Linked use of create-session='never' in namespace to corresponding properties in ExceptionTranslationFilter and AbstractProcessingFilter
18 years ago
c56d524bd9
SEC-887: Added setter method for account status checker.
18 years ago
af5f193ec1
SEC-890: Corrected use of dataSource property name in RememberMeBDP.
18 years ago
7d79ae5424
SEC-880: Fix incorrect index value.
18 years ago
32b8009bee
SEC-875: Removed duplicated parameters from SavedRequestWrapper.getParameterValues()
18 years ago
3b775d29d3
SEC-870: Polish messages file contribution
18 years ago
358f284f42
SEC-760: Correct bug where more than one concurrent JaasAuthenticationProvider used.
18 years ago
ff785a829f
[maven-release-plugin] prepare for next development iteration
18 years ago
db1d8604a6
[maven-release-plugin] prepare release spring-security-parent-2.0.2
18 years ago
9308284bd4
SEC-864: Removed duplicate OpenID provider.
18 years ago
122e1c47ed
Changed rnc filename prior to 2.0.2 release
18 years ago
64ab7e534c
Spelling corrections in Javadoc.
18 years ago
ab6d29d927
SEC-862: Make logoutSuccessUrl accessible to sub-classes.
18 years ago
Luke Taylor
Ben Alex