2d3bc27d06
SEC-755: Updated bundle names in line with Christian's recommendations.
18 years ago
d0ae8e072d
Refactored out safeGetHttpSession method to remove multiple try/catch IllegalArgumentException blocks round request.getSession() calls.
18 years ago
6b86b05a0a
Removed autoboxing
18 years ago
d288f722a8
OPEN - issue SEC-759: GrantedAuthoritiesContainer should extend Serializable
...
http://jira.springframework.org/browse/SEC-759 . Added Serializable to interface.
18 years ago
3b3d339393
SEC-764: Added support for "position" attribute. Also added "LAST" as an option for filter position.
18 years ago
7145198e5a
OPEN - issue SEC-763: Allow setting of alwaysUseDirectTargetUrl via form-login namespace URL
...
http://jira.springframework.org/browse/SEC-763 . Added always-use-default target attribute to namespace.
18 years ago
a3de51ea51
Fixed typo in constant name.
18 years ago
029f8a2409
Made test method getFilters on FilterChainProxy default access.
18 years ago
a2d2c6b67a
Corrected element name.
18 years ago
243b5f4a2a
SEC-746: impossible to specify errorPage for the AccessDeniedHandlerImp when using namespace based configuration
...
http://jira.springframework.org/browse/SEC-746 . Added access-denied-page to http element.
18 years ago
f57ba43780
SEC-673: Reinstated a bean registration that had accidentally bean removed by the last patch, breaking core-tiger tests.
18 years ago
80dbc4fd75
SEC-673: Applied patch from Christian.
18 years ago
594b69b7ef
SEC-754: Changed tests to use unicode escapes rather than explicit UTF-8.
18 years ago
236e310ea7
SEC-747: impossible to specify "observeOncePerRequest" property in the namespace based configuration.
...
http://jira.springframework.org/browse/SEC-747 . Added once-per-request attribute to http element.
18 years ago
6612d0f729
SEC-754: Fixed wrong array length and added tests for encoding non-ascii password.
18 years ago
6d1932da33
SEC-753: Changed Spring version range in felix plugin to [2.0,2.6) to allow use with minor 2.5 versions.
18 years ago
92ad1ecf81
Typo in Javadoc.
18 years ago
67d5a5b814
SEC-750: Support for JPA PersistenceContext annotation broken
...
http://jira.springframework.org/browse/SEC-750 . Updates to prevent the HttpSecurityPostProcessor from causing beans to be instantiated. Added a simplified test case to HttpSecurityBeanDefinitionParserTests.
18 years ago
a43d054bd7
Removed comment about status checking as it is not entirely correct and misleads people.
18 years ago
21e83e8364
[maven-release-plugin] prepare for next development iteration
18 years ago
91ed7dceb6
[maven-release-plugin] prepare release release_2_0_0_RC1
18 years ago
3cb504fa95
Fixed jdk 1.4 compatibility issues
18 years ago
e05d1da102
Refactored AuthenticationUserDetailsService to userdetails package as it isn't preauth specific
18 years ago
f898bec370
OPEN - issue SEC-742: IllegalArgumentException if namespace configuration defines RememberMeServices without BasicProcessingFilter
...
http://jira.springframework.org/browse/SEC-742 . Fix. Post processor was assuming there was a BasicProcessinFilter in the app context when a remember-me services was present.
18 years ago
c347834401
OPEN - issue SEC-605: JdbcDaoImpl of UserDetailsService should provide a method for customizing creation of the final UserDetails object
...
http://jira.springframework.org/browse/SEC-605 . Added a createUserDetails method and also some other methods which are responsible for executing the individual queries for loading the userinformation and authorities.
18 years ago
40e51dd5fe
OPEN - issue SEC-649: Add user-service-ref attribute to remember-me namespace element
...
http://jira.springframework.org/browse/SEC-649 . Added attribute to namespace and parsing support.
18 years ago
cc752cfc28
OPEN - issue SEC-732: Encapsulate query objects in JdbcDaoImpl and JdbcUserDetailsManager
...
http://jira.springframework.org/browse/SEC-732 . Updated these classes to hide the internal query and update objects to allow future refactoring.
18 years ago
53b084e2f9
Simple tests to detect invalid configurations, particularly when the namespace has been updated without applying the spring-security.xsl transformation, which prevents certain elements from appearing at top level.
18 years ago
b1ae4922d2
SEC-726: Added entry-point-ref to <http> namespace element to allow customization of authentication process.
18 years ago
9db55f336c
SEC-739: Removed siteminder provider code.
18 years ago
512c64fb98
SEC-738: Add session-registry-alias attribute to concurrent-session-control
...
http://jira.springframework.org/browse/SEC-738 . Added this attribute. Also various bugfixes in handling of attribute names for concurrent session control.
18 years ago
07f820f1a6
Minor portlet-related changes suggested by John Lewis: Javadoc and default values of booleans.
18 years ago
c9b6fe9555
OPEN - issue SEC-657: Create pre-authenticated processing filter which obtains username from request header
...
http://jira.springframework.org/browse/SEC-657 . Added filter and test class.
18 years ago
b98c72056a
SEC-728: Change use of String.getBytes() in password encoders to use UTF-8
18 years ago
1463b9769d
SEC-629: authentication-provider doesn't support caching.
...
http://jira.springframework.org/browse/SEC-629 . Added support for cache-ref elements on jdbc-user-service and ldap-user-service
18 years ago
db6fafaf56
SEC-629: authentication-provider doesn't support caching. Refactored MockUserCache class to top level
18 years ago
1fece47b49
SEC-691: Applied patch to allow setting of returned user attributes from LDAP search.
18 years ago
350a626587
SEC-477: Added preauthenticated websphere contribution.
18 years ago
584853bbcb
Tidied imports.
18 years ago
ef5b3e2f9c
SEC-733: Changed names of <global-method-security> attributes as discussed with Ben and updated sample to reflect the changes. Also changed explicit instantiation of Jsr250 and Secured annotation MethodDefinitionSource beans in GlobalMethodSecurityBDP into bean definitions to make more tooling friendly.
18 years ago
9ea2408ac6
Fixed error in choosing main entry point (it's an alias not a bean name, so doesn't appear in the entry map - you have to get it direct from the bean factory).
18 years ago
1b8a3c5673
SEC-689: Updated session fixation protection namespace support to set session registry on SessionFixationProtectionFilter.
18 years ago
eeb14b3965
Changed filter order numbers to start at zero (makes them more readable in log compared with large negative numbers)
18 years ago
4681ff3d50
SEC-689: Fix 1.4 compatibility issue (overlooked autoboxing of boolean)
18 years ago
43b51ca64d
SEC-689: Session Fixation protection should be available to all authentication mechanisms.
...
http://jira.springframework.org/browse/SEC-689 . Added support to namespace.
18 years ago
2af2f299cb
SEC-689: Further tests, logging improvements.
18 years ago
a29842a467
SEC-689: Tests for SessionFixationProtectionFilter
18 years ago
8f5bcb64a6
SEC-689: Session Fixation protection should be available to all authentication mechanisms.
...
http://jira.springframework.org/browse/SEC-689 . Added a general SessionFixationProtectionFilter which can be added to the filter stack to detect when a user has been authenticated and then migrate them to a new session. Also added support to <http/> namespace element.
18 years ago
83bcc6ad7c
Removed loggers from subclasses of SpringSecurityFilter in favour of using base class logger.
18 years ago
0860333a3f
SEC-733: AspectJ Pointcut Expression Parsing support.
18 years ago
Luke Taylor
Ben Alex