0c10efbbf8
Revert SEC-1356.
...
Checking the path of a submitted cookie will never work as the path is not sent by the browser, so will be null.
16 years ago
1a7f71fc0f
SEC-1372: Return an empty list rather than null from SessionRegistryImpl.getAllSessions()
...
If the principal has no sessions, null is returned which contradicts the interface contract. In practice it didn't matter as the null was checked for, but it is cleaner to disallow a null value.
16 years ago
51dfc0fb39
Set versions to 3.0.2-CI-SNAPSHOT, post release.
16 years ago
05634f97dc
Updated version numbers for 3.0.1 release.
16 years ago
a9567a58d8
SEC-1359,SEC-1360,SEC-1361,SEC-1363,SEC-1364,SEC-1365,SEC-1366,SEC-1367: Minor doc and Javadoc typos.
16 years ago
3a8daa1bf4
Gradle build improvements.
...
Added generation of source archives and trial support for maven deployment and pom generation, with "provided" configuration mapped to "provided" scope.
16 years ago
f62d97b092
SEC-1356: Fix broken tests.
...
Test cookies now require that the path be set in order for them to be recognised for auto-login purposes..
16 years ago
6eff4d90b7
SEC-1356: Modify AbstractRememberMeService to check the cookie path as well as the name when extracting it from the incoming request.
...
This makes things consistent with the cookie setting methods. If someone wants to share a cookie between multiple applications then they should modify the cookie extraction and setting methods to use a less-specific path.
16 years ago
2023ca283e
SEC-1358: Support empty context path in DefaultWebInvocationPrivilegeEvaluator
...
This class was failing when an application was deployed at the root context because of an assertion which checked that the contexPath was not empty. An empty context path doesn't actually cause problems for the class so I've removed the assertion.
16 years ago
b323098167
Added gradle build files for taglibs, tutorial, contacts and openid.
...
Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).
16 years ago
e211f9b35f
SEC-1349: Allow configuration of OpenID with parameters which should be transferred to the return_to URL.
...
The OpenIDAuthenticationFilter now has a returnToUrlParameters property (a Set). If this is set, the named parameters will be copied from the incoming submitted request to the return_to URL. If not set, it defaults to the "parameter" property of the AbstractRememberMeServices of the parent class. If remember-me is not in use, it defaults to the empty set.
Enabled remember-me in the OpenID sample.
16 years ago
bc02fc2de1
Corrected "incorrect numer of tokens" error message in TokenBasedRememberMeServices.
16 years ago
052537c8b0
Removing $Id$ markers and stripping trailing whitespace from the codebase.
16 years ago
f5d36aef65
SEC-1350: Improved Javadoc for AbstractPreAuthenticatedProcessingFilter
...
Added clarification that the credentials returned
by the subclass should not be null or they will
typically be rejected by the provider. Also added
some general overview.
16 years ago
c6b8fe5e55
SEC-1346: Added missing 'return' statements after redirects.
...
ConcurrentSessionFilter and SessionManagementFilter now return immediately after redirecting to the expired URL and invalid session URLs respectively. Extra tests added to check.
16 years ago
893f212fa5
Tidying
16 years ago
115d5b84ff
[maven-release-plugin] prepare for next development iteration
16 years ago
6c6ef08353
[maven-release-plugin] prepare release spring-security-3.0.0.RELEASE
16 years ago
e64866ae6a
Updated bundlor templates and introduced spring.version variable
16 years ago
3418aab46e
SEC-1327: Javadoc additions to clarify some behaviour
16 years ago
fcce29f8df
SEC-1326: Updating dependencies to match Spring versions. Removing unused deps.
16 years ago
97a31cae04
SEC-1333: Added error message for invalid redirect URL assertion
17 years ago
aeed49393c
Switching StringBuffer to StringBuilder throughout the codebase (APIs permitting).
17 years ago
76731254c0
SEC-1328: Fixed issue with redirect to context relative URLs where the context name is part of the domain name.
17 years ago
06e092d46a
Midor Javadoc correction.
17 years ago
6805761d85
Extra test to confirm http-method specific matching behaviour.
17 years ago
cad32ffe39
SEC-1325: Tighten up Authentication interface contract to disallow null authorities. Modified internals of AbstractAuthenticationToken to use an empty list instead of null. Clarified Javadoc. removed unnecessary null checks in classes which use the interface.
17 years ago
520e733cb2
[maven-release-plugin] prepare for next development iteration
17 years ago
f2cf17bd49
[maven-release-plugin] prepare release spring-security-3.0.0.RC2
17 years ago
075e7a15ad
Corrected package name in Javadoc.
17 years ago
444d93b13f
SEC-1316: Remove 'removeAfterRequest' property from AnonymousAuthenticationFilter
17 years ago
b27d7afd24
SEC-1315: Modify HttpSessionSecurityContextRepository to check for anonymous token before creating a session. Moved the anonymity check to be before the session creation.
17 years ago
aee6b8f3f9
SEC-1314: Deprecate cloneFromHttpSession and securityContextClass in HttpSessionSecurityContextRepository. Both deprecated.
17 years ago
dab76249db
Added gradle build files (experimental)
17 years ago
69699431b1
SEC-1303: Added internal Hex and Base64 classes, and moved commons-codec dependency to test scope
17 years ago
4d8956a227
SEC-1288: Changed claimedIdentityFieldName in OpenIDAuthenticationFilter to "openid_identifier", as recommended by the 2.0 spec.
17 years ago
d84542cf88
SEC-1285: minor vulnerability in BasicProcessingFilter. Changed logging of Basic authentication information.
17 years ago
617e517e5e
SEC-1280: NullPointerException in PersistentTokenBasedRememberMeServices when logging out twice. Added check for null authentication in logout method.
17 years ago
930c1b6b53
Coverted to Junit 4 test.
17 years ago
11e476c486
Added issue numbers in comment.
17 years ago
d4d45e1311
Make getHeader() methods check case-insensitive matching on header name.
17 years ago
7282eed197
Import cleaning.
17 years ago
799b96520b
SEC-1269: Combining <form-login> and <open-id> fails to find entry point. Fixed entry point choice conditions when using openID and/or form-login
17 years ago
3f963ef8ca
Restore versions and svn URLs in trunk (release plugin fail)
17 years ago
af563e826c
[maven-release-plugin] prepare release spring-security-3.0.0.RC1
17 years ago
881632cc08
SEC-1250: Removed duplicate property.
17 years ago
0da99171da
SEC-1250: RequestHeaderPreAuthenticatedProcessingFilter cannot be use to fail back to another authentication type. Added exceptionIfHeaderMissing property.
17 years ago
3f72983a1e
SEC-1257: Some additional API changes to use Collection instead of List...
17 years ago
1286741c7c
SEC-1259: Improve consistency of authentication filter names.
17 years ago
f213cc5d9e
SEC-1257: APIs using List<ConfigAttribute> should use a Collection instead. Converted.
17 years ago
Luke Taylor