70d5ba536e
SEC-2057: ConcurrentSessionFilter is now after SecurityContextPersistenceFilter
...
Previously, ConcurrentSessionFilter was placed after SecurityContextPersistenceFilter
which meant that the SecurityContextHolder was empty when ConcurrentSessionFilter was
invoked. This caused the Authentication to be null when performing a logout. It also
caused complications with LogoutHandler implementations that would be accessing the
SecurityContextHolder and potentially clear it out expecting that
SecurityContextPersistenceFilter would then clear the SecurityContextRepository.
The ConcurrentSessionFilter is now positioned after the
SecurityContextPersistenceFilter to ensure that the SecurityContextHolder is populated
and cleared out appropriately.
14 years ago
4f993d95b5
Updates for 3.0.x autorepo support
14 years ago
7cb472f105
SEC-1880: Corrected error message when using both logout-success-url and success-handler-ref
14 years ago
863b36962b
SEC-1878: Added test to ensure that DefaultFilterChainValidator can handle web expressions
14 years ago
2d27b28199
Set version to 3.0.8.CI-SNAPSHOT.
15 years ago
714ee3e960
Set version to 3.0.7.RELEASE.
15 years ago
3dc4158f7d
Set version to 3.0.7.CI-SNAPSHOT
15 years ago
62f70f17ff
Set project release version to 3.0.6.RELEASE
15 years ago
2888f2b86f
SEC-1720: Avoid bean-creation side-effects in ContextSourceSettingPostProcessor.
15 years ago
04d42211b1
SEC-1705: Make sure a single OpenIDAuthenticationFilter bean is created by the namespace. Likewise for UsernamePasswordAuthenticationFilter.
15 years ago
afd556412e
SEC-1672: Provide error message when ambiguous configuration of intercept-url contains attributes filters=none and (access or requires-channel)
15 years ago
69a1fb76d3
SEC-1615: Changed key generation for anonymous provider to only use SecureRandom on demand.
15 years ago
d53db3ba13
Update version to 3.0.6.CI-SNAPSHOT.
15 years ago
90304f64c6
Update version for 3.0.5 release
15 years ago
6141ef79b3
Remove use of @Override with an interface method
15 years ago
3cfe23f60d
Update versions to 3.0.5.CI-SNAPSHOT
15 years ago
82d140ffb1
Version 3.0.4.RELEASE
15 years ago
1563491322
SEC-1600: Added Implementation-Version and Implementation-Title to manifest templates and checking of version numbers in namespace config module and core. Config checks the version of core it is running against and core checks the Spring version, reporting any mismatches or situations where the app is running with less than the recommended Spring version.
15 years ago
1739628e6a
SEC-1589: Add support for property placeholder in intercept-methods access attribute.
15 years ago
8e68fa1334
SEC-1584: Added namespace support for injecting custom HttpFirewall instance into FilterChainProxy.
15 years ago
e58f982351
Updating gitignore and removing unnecessary casts from FilterChainProxyConfigTests.
16 years ago
072b73354f
Update namespace handler message to account for later schema versions being used by mistake.
16 years ago
45674a16ea
SEC-1540: Apply patch to support HTTP method matching for requires-channel namespace attribute.
16 years ago
a1b124def5
SEC-1532: Add cache of previously matched beans to ProtectPointcutPostProcessor to ensure that it doesn't perform pointcut matching every time a new prototype bean is created.
16 years ago
25d222208d
Switch version to 3.0.4-CI-SNAPSHOT.
16 years ago
9b0c21dfef
3.0.3 release. Update version in build files.
16 years ago
02c1f02f2a
SEC-1493: Fix broken tests in 3.0.x branch
16 years ago
9a2d0c2cb5
SEC-1493: Added namespace support.
16 years ago
27faad3402
SEC-1488: Remove commons-logging dependencies from maven poms and use slf4j in all samples.
16 years ago
304f12fb63
SEC-1455: Load namespace parsers when required, rather than on init() call, to avoid classloaded issue with dmServer failing to resolve web classes when the namespace handler is first used.
16 years ago
8c605516b3
SEC-1463: Change namespace user-service parser to store username in lower-case when building map for in-memory UserDetailsService. Lookups are supposed to be case-insensitive with this class.
16 years ago
6354c7e052
SEC-1232: GlobalMethodSecurityBeanDefinitionParser support for mode='aspectj'
...
AspectJ sample application context also updated to use this syntax.
16 years ago
eda60b72b1
SEC-1448: Fixed failure to resolve generic method argument names in MethodSecurityEvaluationContext.
...
Changed to use AopUtils.getMostSpecificMethod() when obtaining the method on which the parameter resolution should be performed. Also added better error handling and log warning when parameter names cannot be resolved. The exception will then be a SpEL one, rather than a NPE.
16 years ago
f000aaa7e8
SEC-1440: Implement support for separate entry-point-ref on htt-basic namespace element. Changes ported from master branch.
16 years ago
634e340d80
Update schema version to 3.0.3
16 years ago
4c8e9e2d7e
SEC-1450: Replace use of ClassUtils.getMostSpecificMethod() in AbstractFallbackMethodDefinitionSource with AopUtils.getMostSpecificMethod() equivalent.
...
Ensures protect-pointcut expressions match methods with generic parameters.
16 years ago
59b69f6f48
SEC-1434: Remove use of BeanDefinition of type java.lang.String which causes problems in Google App Engine.
...
This results in the method BeanUtils.findEditorByConvention attempting to get hold of the system classloader which isn't allowed by the security manager in GAE.
16 years ago
1b0ac9c785
Porting of gradle changes from master.
16 years ago
87cf27ab7c
SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect.
16 years ago
317da55cd0
SEC-1423: Cache PointcutExpression instances in ProtectPointcutPostProcessor for more efficient startup.
16 years ago
9e751e22c8
Refactoring to remove remaining circular dependencies indicated by structure101.
16 years ago
9831980bc2
Update versions to 3.0.3.CI-SNAPSHOT.
16 years ago
44f45d21f0
3.0.2 release. Update version in build files.
16 years ago
10dc72b017
SEC-1387: Support serialization of security advised beans.
...
MethodSecurityMetadataSourceAdvisor now takes the SecurityMetadataSource bean name as an extra constructor argument and re-obtains the bean from the BeanFactory in its readObject method. Beans that are advised using <global-method-security> should therefore now be serializable.
16 years ago
5b5934144a
Avoid infinite loop in InterceptMethodsBeanDefinitionDecoratorTests when upgrading to Spring 3.0.1.
...
Converted test target to implement ApplicationListener<SessionCreatedEvent> so that it doesn't receive events from its own interceptor (which are in turn intercepted).
16 years ago
36612377e2
Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents.
16 years ago
dcbdfc2026
SEC-1396: Implement eager saving of SecurityContext in SessionManagementFilter on authentication.
...
The user is then seen as being authenticated to further (re-entrant) requests which occur before the existing request has completed. The saving logic is contained with the SecurityContextRepository implementation.
16 years ago
70ef0d8b3e
Added extra test to itest/context as POC of using extra interceptor with http ns.
16 years ago
23511c930f
Standardising slf4j versions.
16 years ago
2173029216
SEC-1404: Use a factory method to convert the path to lower case for use in the filter-chain map.
...
Delays the conversion till after palceholders have been substituted, preventing the placeholder from being converted (or the value not being converted).
16 years ago
Rob Winch
Rob Winch
Luke Taylor
Luke Taylor