Luke Taylor
|
538e75ce1b
|
SEC-1903: Use a static CRLF Pattern in FirewalledResponse
The Pattern was being recompiled for every request
when a single instance could be shared for performance
reasons.
|
14 years ago |
Andrei Stefan
|
0f9ee81df1
|
SEC-1887: Improve extensibility of expression-based security classes
Introduces a new SecurityExpressionOperations interface which is
implemented by SecurityExpressionRoot
|
14 years ago |
Rob Winch
|
22225effcc
|
Call SecurityContextHolder.clearContext() in tear down of HttpSessionSecurityContextRepositoryTests
|
14 years ago |
|
Rob Winch
|
5d94cd5e13
|
SEC-1735: Do not remove SecurityContext from HttpSession when anonymous Authentication is saved if original SecurityContext was anonymous
|
14 years ago |
|
Rob Winch
|
6fe6e18939
|
SEC-1870: Updated HttpSessionDestroyedEvent to properly look for SecurityContexts as session attribute values instead of session attribute names
|
14 years ago |
|
Rob Winch
|
8ca2927761
|
Renamed **/Test.java to **/Tests.java to better follow conventions
|
14 years ago |
|
Luke Taylor
|
0bccbbfc18
|
SEC-1779: Make new getters protected rather than public.
|
14 years ago |
|
Luke Taylor
|
f456db267f
|
SEC-1779: Added getters for success and failure handlers to AbstractAuthenticationProcessingFilter.
|
14 years ago |
|
Luke Taylor
|
09ac4bd8f9
|
SEC-1833: Remove unused securityContextClass from HttpSessionSecurityContextRepository.
|
14 years ago |
|
Luke Taylor
|
44e2543015
|
Minor changes to make filter chain validation more robust with custom request matchers.
|
15 years ago |
|
Luke Taylor
|
f1e63f3008
|
SEC-1802: Add digits to valid URL scheme regex.
|
15 years ago |
|
Luke Taylor
|
869c6a7c18
|
SEC-1800: Set input size to 30 for OpenID login.
|
15 years ago |
|
Luke Taylor
|
824464516c
|
SEC-1790: Reject redirect locations containing CR or LF.
|
15 years ago |
|
Luke Taylor
|
6333909107
|
SEC-1797: Create a new session in AbstractPreAuthenticatedProcessingFilter when the existing session is invalidated on detecting a principal change.
|
15 years ago |
|
Luke Taylor
|
0c2a950fa0
|
SEC-1788: Avoid unnecessary call to getPreAuthenticatedPrincipal() in AbstractPreAuthenticatedProcessingFilter when not checking for principal changes is not enabled.
|
15 years ago |
|
Luke Taylor
|
8740efc0f5
|
Added constructor injection options to ConcurrentSessionFilter
|
15 years ago |
|
Luke Taylor
|
a1c714cff4
|
SEC-1754: Added an InvalidSessionStrategy to allow SessionManagementFilter to delegate out the behaviour when an invalid session identifier is submitted.
|
15 years ago |
|
Luke Taylor
|
8440743108
|
Remove Sql query objects from JdbcTokenRepositoryImpl in favour of direct JdbcTemplate use.
|
15 years ago |
|
Luke Taylor
|
700fa9e0b6
|
SEC-1772: remote URL decoding of targetUrlParameter in AbstractAuthenticationTargetUrlRequestHandler.
|
15 years ago |
|
Luke Taylor
|
de97bac85b
|
SEC-1763: Prevent nested switches in SwitchUserFilter by calling attemptExitUser() before doing the switch.
|
15 years ago |
|
Luke Taylor
|
a504cfae1a
|
SEC-1770: Call refreshLastRequest on the session registry rather than the SessionInformation object to make sure it works with alternative SessionRegistry implementations.
|
15 years ago |
|
Rob Winch
|
330f82f562
|
SEC-1777: Corrected log in HttpSessionSecurityContextRepository to reference itself instead of HttpSessionContextIntegrationFilter
|
15 years ago |
|
Rob Winch
|
825f0061fb
|
SEC-1761: Support HttpOnly Flag for Cookies when using Servlet 3.0
|
15 years ago |
|
Luke Taylor
|
56e86dd36f
|
Adding assertions on constructor arg values.
|
15 years ago |
|
Luke Taylor
|
f92589f051
|
Extract a SecurityFilterChain interface and create a default implementation to facilitate other configuration options.
|
15 years ago |
|
Luke Taylor
|
2d271666a4
|
Add constructors to facilitate constructor-based injection for required/shared bean properties.
|
15 years ago |
|
Luke Taylor
|
73442125de
|
SEC-1775: Removed internal use of UserAttribute class in AnonymousAuthenticationFilter.
|
15 years ago |
|
Luke Taylor
|
b15475ab3d
|
SEC-1771: Change TokenBasedRememberMeServices to obtain password from UserDetailsService if necessary.
|
15 years ago |
|
Luke Taylor
|
737a9d1825
|
Improved toString methods on request wrappers.
|
15 years ago |
|
Luke Taylor
|
571bfc4869
|
Refactoring to use Utf8 encoder instead of String.getBytes("UTF-8").
|
15 years ago |
|
Luke Taylor
|
685f12c5a0
|
SEC-1733: Support explicit zero netmask correctly.
|
15 years ago |
|
Luke Taylor
|
f5f410ae3b
|
Clean unused imports.
|
15 years ago |
|
Luke Taylor
|
ec97b70df9
|
SEC-1668: Allow customization of username parameter in SwitchUserFilter.
|
15 years ago |
|
Luke Taylor
|
6d04670f87
|
SEC-1695: Allow customization of the session key under which the SecurityContext is stored.
|
15 years ago |
|
Luke Taylor
|
84902ebb50
|
Javadoc correction.
|
15 years ago |
|
Luke Taylor
|
63f160dc72
|
SEC-1749: Add support for PageContext lookup of objects and use of PermissionEvaluator when using web access expressions.
|
15 years ago |
|
Luke Taylor
|
6e91786f92
|
SEC-1734: AbstractRememberMeServices will now default to using a secure cookie if the connection is secure. The behaviour can be overridden by setting the useSecureCookie property in which case the cookie will either always be secure (true) or never (false).
|
15 years ago |
|
Luke Taylor
|
04dc65c8fe
|
SEC-1657: Corresponding namespace updates to use SecurityFilterChain list in place of filterChainMap.
|
15 years ago |
|
Luke Taylor
|
37d0454fd7
|
SEC-1657: Create SecurityFilterChain class for use in configuring FilterChinProxy. Encapsulates a RequestMatcher and List<Filter>.
|
15 years ago |
|
Luke Taylor
|
614d8c0321
|
SEC-1723: Use standard SpEL syntax for accessing beans in the app context by name.
|
15 years ago |
|
Luke Taylor
|
dd108041a0
|
SEC-1722: Correct javadoc
|
15 years ago |
|
Luke Taylor
|
8178371927
|
SEC-1700: Add fixed serializationVersionUID values to security context, authentication tokens and related classes
|
15 years ago |
|
Rob Winch
|
a76a947b12
|
SEC-965: Added support for CAS proxy ticket authentication on any URL
|
15 years ago |
|
Luke Taylor
|
acf4b91a89
|
SEC-1674: Test to check that absolute URLs work in SimpleUrlLogoutSuccessHandler.
|
15 years ago |
|
Luke Taylor
|
ef72dd1986
|
SEC-1714: RegexRequestMatcher should prepend question mark to query string.
|
15 years ago |
|
Luke Taylor
|
49dd928faa
|
SEC-1712: Javadoc typo fix.
|
15 years ago |
|
Luke Taylor
|
01c9c4e4db
|
SEC-1697: Don't publish authorization success events in AbstractSecurityInterceptor by default.
|
15 years ago |
|
Luke Taylor
|
78d5495945
|
SEC-1702: Add Burt's patch implementing hashcode method in AntPathRequestMatcher
|
15 years ago |
|
Luke Taylor
|
e470eaa41d
|
SEC-1689: Moved core codec code into crypto package and removed existing duplication (Hex encoding etc). Refactoring of crypto code to use CharSequence for where possible instead of String.
|
15 years ago |
|
Luke Taylor
|
44252207db
|
SEC-1683: Corrected typo
|
15 years ago |
