04447bdbf0
SEC-1377: Extended HTML escaping functionality to take account of control characters, whitespace and to handle Unicode supplementary characters (surrogate pairs).
16 years ago
dbf673ec37
Build updates to include uploading of distro and docs, plus addition of admon graphics path to docbook plugin.
16 years ago
9734e4c82f
Added generation of sha1 of distro archive to build.
16 years ago
56849dc41e
Added tasks for apidocs, doc and distro archive generation to the build file.
16 years ago
10cd080090
SEC-1356: Update createUser method in LdapUserDetailsManager to create the LDAP entry before adding authorities. Prevents removal of authorities for an existing user.
16 years ago
0c10efbbf8
Revert SEC-1356.
...
Checking the path of a submitted cookie will never work as the path is not sent by the browser, so will be null.
16 years ago
1a7f71fc0f
SEC-1372: Return an empty list rather than null from SessionRegistryImpl.getAllSessions()
...
If the principal has no sessions, null is returned which contradicts the interface contract. In practice it didn't matter as the null was checked for, but it is cleaner to disallow a null value.
16 years ago
8137a8bcd0
Enabled detection of release builds and s3 maven deployment capability to gradle build.
...
The s3 deployment requires an updated snapshot of the spring aws-maven dependency, as the old one was incompatible with changes in the latest version (1.0-beta6) of the Maven "wagon" api.
16 years ago
a5dde8b28f
Updated doc on invalid session detection.
...
Invalid session URL must typically be omitted from the filter chain to prevent an infinite loop.
16 years ago
51dfc0fb39
Set versions to 3.0.2-CI-SNAPSHOT, post release.
16 years ago
05634f97dc
Updated version numbers for 3.0.1 release.
16 years ago
e1d41177bb
Update docbook plugin use to new gradle 0.9+ syntax.
16 years ago
81f91d28eb
Add docbook note and tip images.
16 years ago
670297c55d
SEC-1369: Make sure beans aren't registered twice in case allowBeanDefinitionOverriding=false in the app context.
...
The use of registerBeanComponent() also registers the bean definition, which causes an error if overriding is disallowed and the bean has already been registered using registerBeanDefinition(). I've also set the allowBeanDefinitionOverriding to 'false' on InMemoryXmlApplicationContext to detect future mistakes of this kind in testing.
16 years ago
0f90e69004
SEC-1362: Updated French messages translation.
16 years ago
a9567a58d8
SEC-1359,SEC-1360,SEC-1361,SEC-1363,SEC-1364,SEC-1365,SEC-1366,SEC-1367: Minor doc and Javadoc typos.
16 years ago
3a8daa1bf4
Gradle build improvements.
...
Added generation of source archives and trial support for maven deployment and pom generation, with "provided" configuration mapped to "provided" scope.
16 years ago
f62d97b092
SEC-1356: Fix broken tests.
...
Test cookies now require that the path be set in order for them to be recognised for auto-login purposes..
16 years ago
6eff4d90b7
SEC-1356: Modify AbstractRememberMeService to check the cookie path as well as the name when extracting it from the incoming request.
...
This makes things consistent with the cookie setting methods. If someone wants to share a cookie between multiple applications then they should modify the cookie extraction and setting methods to use a less-specific path.
16 years ago
d900829921
Added bundlor and maven support to gradle build
16 years ago
fa42d9d5ec
Fix taglibs template.mf
...
Was missing sub-packages of org.sfw.security.acls.
16 years ago
2023ca283e
SEC-1358: Support empty context path in DefaultWebInvocationPrivilegeEvaluator
...
This class was failing when an application was deployed at the root context because of an assertion which checked that the contexPath was not empty. An empty context path doesn't actually cause problems for the class so I've removed the assertion.
16 years ago
b323098167
Added gradle build files for taglibs, tutorial, contacts and openid.
...
Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).
16 years ago
e211f9b35f
SEC-1349: Allow configuration of OpenID with parameters which should be transferred to the return_to URL.
...
The OpenIDAuthenticationFilter now has a returnToUrlParameters property (a Set). If this is set, the named parameters will be copied from the incoming submitted request to the return_to URL. If not set, it defaults to the "parameter" property of the AbstractRememberMeServices of the parent class. If remember-me is not in use, it defaults to the empty set.
Enabled remember-me in the OpenID sample.
16 years ago
bc02fc2de1
Corrected "incorrect numer of tokens" error message in TokenBasedRememberMeServices.
16 years ago
51abedcbef
Parameterize getFilter() method in HttpSecurityBeanDefinitionParserTests.
...
Removes the need for casting to specific filter type.
16 years ago
f40a1fda34
SEC-1357: Use getClass().getClassLoader() in SecurityNamespaceHandler to check for web classes.
...
This is used in preference to ClassUtils.getDefaultClassLoader() which fails to find the web classes in some situations.
16 years ago
052537c8b0
Removing $Id$ markers and stripping trailing whitespace from the codebase.
16 years ago
9a323f15bc
Bring versions in itext module up-to-date
16 years ago
68ae49ebe1
SEC-1355: Update manual code snippet to cast to OpenIDAuthenticationToken.
16 years ago
4e4242d010
SEC-1354: Added integration tests for combinations of @PreAuthorize and @Secured annotations.
16 years ago
846aa40a7b
Updated "heavyduty" sample version information.
16 years ago
be72ed1350
Remove commented out beans from contacts sample app context.
...
These were left when the app was updated to use Spring MVC @Controller syntax and scanning.
16 years ago
9730600777
Revert bundlor version update.
...
Config was wrong, but even with the correct config
the maven jar plugin generates its own manifest
file and ignores the one generated by bundlor.
16 years ago
3c97d68346
Upgrade to bundlor RC1
16 years ago
dc5417f1d5
SEC-1352: Added support for placeholders in <user-service>
...
The username, password and authorities attributes can now be placeholders.
16 years ago
f5d36aef65
SEC-1350: Improved Javadoc for AbstractPreAuthenticatedProcessingFilter
...
Added clarification that the credentials returned
by the subclass should not be null or they will
typically be rejected by the provider. Also added
some general overview.
16 years ago
93973a4b75
SEC-1304: Removed compareTo method from GrantedAuthorityImpl
...
This method had been left by mistake when the Comparable
interface was removed. See also SEC-1347.
16 years ago
c6b8fe5e55
SEC-1346: Added missing 'return' statements after redirects.
...
ConcurrentSessionFilter and SessionManagementFilter now return immediately after redirecting to the expired URL and invalid session URLs respectively. Extra tests added to check.
16 years ago
80aacf447f
Refactored JaasAuthenticationProvider
...
The toUrl() method on File gives a deprecation warning with Java 6, so I reimplemented
the logic for building the Jaas config URL.
16 years ago
893f212fa5
Tidying
16 years ago
b737fa451d
SEC-1344: Minor CAS doc updates
16 years ago
0aab19ed4b
Added additional info on concurrent session usage
16 years ago
744ed95b51
SEC-1343: ref manual typos
16 years ago
7e817b9640
NOJIRA formatting fix
16 years ago
4afe6c2c6a
SEC-1341
...
made it more extensible
16 years ago
3bb5ca5d4b
NOJIRA
...
upgraded to latest CAS client (3.1.10)
16 years ago
bcb1ff8921
SEC-1342: Introduced extra factory method in SecurityConfig to get round problem with Spring converting a string with commas to an array
16 years ago
115d5b84ff
[maven-release-plugin] prepare for next development iteration
16 years ago
6c6ef08353
[maven-release-plugin] prepare release spring-security-3.0.0.RELEASE
16 years ago
Luke Taylor
Scott Battaglia