Tree: 820e3f5750

1.0.x

2.0.x

3.0.x

3.1.x

3.2.x

4.0.x

4.1.x

4.2.x

5.0.x

5.1.x

5.2.x

5.3.x

5.4.x

5.5.x

5.6.x

5.7.x

5.8.x

5.8.x_update-antora-ui-spring

6.0.x

6.1.x

6.2.x

6.2.x_update-antora-ui-spring

6.3.x

6.3.x_update-antora-ui-spring

6.4.x

6.5.x

7.0.x

dependabot/gradle/6.5.x/io.mockk-mockk-1.14.9

dependabot/gradle/main/org.springframework.data-spring-data-bom-2025.1.0-SNAPSHOT

dependencies-typo-6.5.x

dependencies-typo-main

docs-build

finalize

gh-16886

gh-pages

kotlin22

main

wrapperbot/spring-security/gradle-wrapper-8.10

wrapperbot/spring-security/gradle-wrapper-8.10.1

wrapperbot/spring-security/gradle-wrapper-8.10.2

wrapperbot/spring-security/gradle-wrapper-8.11

wrapperbot/spring-security/gradle-wrapper-8.11.1

wrapperbot/spring-security/gradle-wrapper-8.12

wrapperbot/spring-security/gradle-wrapper-8.12.1

wrapperbot/spring-security/gradle-wrapper-8.13

wrapperbot/spring-security/gradle-wrapper-8.14

wrapperbot/spring-security/gradle-wrapper-8.9

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

2.0.0

2.0.0.M1

2.0.0.M2

2.0.0.RC1

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5.RELEASE

2.0.6.RELEASE

2.0.7.RELEASE

2.0.8.RELEASE

2.5.0.M1

3.0.0.M1

3.0.0.M2

3.0.0.RC1

3.0.0.RC2

3.0.0.RELEASE

3.0.1.RELEASE

3.0.2.RELEASE

3.0.3.RELEASE

3.0.4.RELEASE

3.0.5.RELEASE

3.0.6.RELEASE

3.0.7.RELEASE

3.0.8.RELEASE

3.1.0.M1

3.1.0.M2

3.1.0.RC1

3.1.0.RC2

3.1.0.RC3

3.1.0.RELEASE

3.1.1.RELEASE

3.1.2.RELEASE

3.1.3.RELEASE

3.1.4.RELEASE

3.1.5.RELEASE

3.1.6.RELEASE

3.1.7.RELEASE

3.2.0.M1

3.2.0.M2

3.2.0.RC1

3.2.0.RC2

3.2.0.RELEASE

3.2.1.RELEASE

3.2.10.RELEASE

3.2.2.RELEASE

3.2.3.RELEASE

3.2.4.RELEASE

3.2.5.RELEASE

3.2.6.RELEASE

3.2.7.RELEASE

3.2.8.RELEASE

3.2.9.RELEASE

4.0.0.M1

4.0.0.M2

4.0.0.RC1

4.0.0.RC2

4.0.0.RELEASE

4.0.1.RELEASE

4.0.2.RELEASE

4.0.3.RELEASE

4.0.4.RELEASE

4.1.0.RC1

4.1.0.RC2

4.1.0.RELEASE

4.1.1.RELEASE

4.1.2.RELEASE

4.1.3.RELEASE

4.1.4.RELEASE

4.1.5.RELEASE

4.2.0.M1

4.2.0.RC1

4.2.0.RELEASE

4.2.1.RELEASE

4.2.10.RELEASE

4.2.11.RELEASE

4.2.12.RELEASE

4.2.13.RELEASE

4.2.14.RELEASE

4.2.15.RELEASE

4.2.16.RELEASE

4.2.17.RELEASE

4.2.18.RELEASE

4.2.19.RELEASE

4.2.2.RELEASE

4.2.20.RELEASE

4.2.3.RELEASE

4.2.4.RELEASE

4.2.5.RELEASE

4.2.6.RELEASE

4.2.7.RELEASE

4.2.8.RELEASE

4.2.9.RELEASE

5.0.0.M1

5.0.0.M2

5.0.0.M3

5.0.0.M4

5.0.0.M5

5.0.0.RC1

5.0.0.RELEASE

5.0.1.RELEASE

5.0.10.RELEASE

5.0.11.RELEASE

5.0.12.RELEASE

5.0.13.RELEASE

5.0.14.RELEASE

5.0.15.RELEASE

5.0.16.RELEASE

5.0.17.RELEASE

5.0.18.RELEASE

5.0.19.RELEASE

5.0.2.RELEASE

5.0.3.RELEASE

5.0.4.RELEASE

5.0.5.RELEASE

5.0.6.RELEASE

5.0.7.RELEASE

5.0.8.RELEASE

5.0.9.RELEASE

5.1.0.M1

5.1.0.M2

5.1.0.RC1

5.1.0.RC2

5.1.0.RELEASE

5.1.1.RELEASE

5.1.10.RELEASE

5.1.11.RELEASE

5.1.12.RELEASE

5.1.13.RELEASE

5.1.2.RELEASE

5.1.3.RELEASE

5.1.4.RELEASE

5.1.5.RELEASE

5.1.6.RELEASE

5.1.7.RELEASE

5.1.8.RELEASE

5.1.9.RELEASE

5.2.0.M1

5.2.0.M2

5.2.0.M3

5.2.0.M4

5.2.0.RC1

5.2.0.RELEASE

5.2.1.RELEASE

5.2.10.RELEASE

5.2.11.RELEASE

5.2.12.RELEASE

5.2.13.RELEASE

5.2.14.RELEASE

5.2.15.RELEASE

5.2.2.RELEASE

5.2.3.RELEASE

5.2.4.RELEASE

5.2.5.RELEASE

5.2.6.RELEASE

5.2.7.RELEASE

5.2.8.RELEASE

5.2.9.RELEASE

5.3.0.M1

5.3.0.RC1

5.3.0.RELEASE

5.3.1.RELEASE

5.3.10.RELEASE

5.3.11.RELEASE

5.3.12.RELEASE

5.3.13.RELEASE

5.3.2.RELEASE

5.3.3.RELEASE

5.3.4.RELEASE

5.3.5.RELEASE

5.3.6.RELEASE

5.3.7.RELEASE

5.3.8.RELEASE

5.3.9.RELEASE

5.4.0

5.4.0-M1

5.4.0-M2

5.4.0-RC1

5.4.1

5.4.10

5.4.11

5.4.2

5.4.3

5.4.4

5.4.5

5.4.6

5.4.7

5.4.8

5.4.9

5.5.0

5.5.0-M1

5.5.0-M2

5.5.0-M3

5.5.0-RC1

5.5.0-RC2

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.5.8

5.6.0

5.6.0-M1

5.6.0-M2

5.6.0-M3

5.6.0-RC1

5.6.1

5.6.10

5.6.11

5.6.12

5.6.2

5.6.3

5.6.4

5.6.5

5.6.6

5.6.7

5.6.8

5.6.9

5.7.0

5.7.0-M1

5.7.0-M2

5.7.0-M3

5.7.0-RC1

5.7.1

5.7.10

5.7.11

5.7.12

5.7.13

5.7.14

5.7.2

5.7.3

5.7.4

5.7.5

5.7.6

5.7.7

5.7.8

5.7.9

5.8.0

5.8.0-M1

5.8.0-M2

5.8.0-M3

5.8.0-RC1

5.8.1

5.8.10

5.8.11

5.8.12

5.8.13

5.8.14

5.8.15

5.8.16

5.8.2

5.8.3

5.8.4

5.8.5

5.8.6

5.8.7

5.8.8

5.8.9

6.0.0

6.0.0-M1

6.0.0-M2

6.0.0-M3

6.0.0-M4

6.0.0-M5

6.0.0-M6

6.0.0-M7

6.0.0-RC1

6.0.0-RC2

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.1.0

6.1.0-M1

6.1.0-M2

6.1.0-RC1

6.1.1

6.1.2

6.1.3

6.1.4

6.1.5

6.1.6

6.1.7

6.1.8

6.1.9

6.2.0

6.2.0-M1

6.2.0-M2

6.2.0-M3

6.2.0-RC1

6.2.0-RC2

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

6.3.0

6.3.0-M1

6.3.0-M2

6.3.0-M3

6.3.0-RC1

6.3.1

6.3.10

6.3.2

6.3.3

6.3.4

6.3.5

6.3.6

6.3.7

6.3.8

6.3.9

6.4.0

6.4.0-M1

6.4.0-M2

6.4.0-M3

6.4.0-M4

6.4.0-RC1

6.4.1

6.4.10

6.4.11

6.4.12

6.4.13

6.4.2

6.4.3

6.4.4

6.4.5

6.4.6

6.4.7

6.4.8

6.4.9

6.5.0

6.5.0-M1

6.5.0-M2

6.5.0-M3

6.5.0-RC1

6.5.1

6.5.2

6.5.3

6.5.4

6.5.5

6.5.6

6.5.7

7.0.0

7.0.0-M1

7.0.0-M2

7.0.0-M3

7.0.0-RC1

7.0.0-RC2

7.0.0-RC3

7.0.1

7.0.2

7.1.0-M1

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from '820e3f5750'

${ noResults }

Commit Graph

1725 Commits (820e3f57504a7fb8fcc8a74e06a481ab47a10ea2)

Author	SHA1	Message	Date
Luke Taylor	85c4c91e0e	IDEA inspection refactorings.	16 years ago
Luke Taylor	a3d27a9863	SEC-1314: cloneFromHttpSession accidentally go left behind, even though it is always false.	16 years ago
Luke Taylor	a2bd1bc9af	SEC-1498: Allow use of absolute URL fopr login form in LoginUrlAuthenticationEntryPoint.	16 years ago
Luke Taylor	64375484a1	More build and logging tuning.	16 years ago
Luke Taylor	63734cfcf9	SEC-1528: Remove logic which checks if context in the session is the same as the current context to make sure that session.setAttribute() is called when the value in the session has been modified directly.	16 years ago
Luke Taylor	9dd6a5eb8f	SEC-1499: Added some Javadoc and doc on the problems of using session-fixation protection with attributes that implement HttpSessionBindingListener.	16 years ago
Luke Taylor	d7d8448120	SEC-1521: Add check for null SecurityContextRepository and clarify related docs on use of null implementation (NullSecurityContextRepository).	16 years ago
Luke Taylor	5d35919ca3	SEC-1490: Code for GAE Sample webapp	16 years ago
Luke Taylor	69a10c48ae	Switch to using slf4j/logback for logging. ... We still compile modules against commons-logging but all runtime logging and samples will use logback	16 years ago
Luke Taylor	8df356de29	SEC-1471: Allow use of a RequestMatcher with HttpSessionRequestCache to configure which requests should be cached by calls to saveRequest. ... Also removed the justUseSavedRequestOnGet property, as this behaviour can be controlled by the RequestMatcher.	16 years ago
Luke Taylor	026517f674	Removal of deprecated methods and classes.	16 years ago
Luke Taylor	09176b0af4	SEC-1501: Fix bean classname in Javadoc for SwitchUserFilter.	16 years ago
Luke Taylor	ea8d37892c	SEC-1496: Added support for use of any non-standard URL schemes in DefaultRedirectStrategy.	16 years ago
Luke Taylor	4d10d4b67f	SEC-1500: Convert AbstractRetryEntryPoint to use requestURI to correctly encode URLs.	16 years ago
Luke Taylor	76ebb759f3	Removed unnecessary casts.	16 years ago
Luke Taylor	7d74b7c87e	SEC-1171: Allow multiple http elements and add pattern attribute to specify filter chain mapping.	16 years ago
Luke Taylor	e156d5339a	Fix build when upload properties are missing. Added missing hsql test dependency	16 years ago
Luke Taylor	0e57ce2dc3	SEC-1481: Updated constructors of Authentication types to use a generic wildcard for authorities collection.	16 years ago
Luke Taylor	978bb9f601	Remove commented-out code in ETF.	16 years ago
Luke Taylor	f0c4cccb0d	SEC-1479: Clarify that matching is against servletPath + pathInfo for ant pattern matching. Added some extra pointers to request-matching info in namespace doc.	16 years ago
Luke Taylor	bf288101a0	Javadoc improvements	16 years ago
Luke Taylor	b3aad4cf19	Javadoc fixes.	16 years ago
Luke Taylor	0c09780644	SEC-1476: Modify AbstractPreAuthenticatedProcessingFilter to store authentication exception in request instead of creating a new session.	16 years ago
Luke Taylor	fcf33afce0	Formatting.	16 years ago
Luke Taylor	bca6c1aeac	SEC-1468: Doc and Javadoc updates.	16 years ago
Luke Taylor	024e6904ff	SEC-1464: Deprecate UserMap, InMemoryDaoImpl and other related classes in favour of the simpler (non-property editor based) InMemoryUserDetailsManager.	16 years ago
Luke Taylor	ee1fd1bc50	SEC-1431: Modify OpenID sample to use a custom UserDetailsService which allows any user to authenticate, allocating them a standard role and "registers" their ID in a map, allowing it to be retrieved in subsequent logins.	16 years ago
Luke Taylor	74896f217b	SEC-1459: Generifying AuthenticationUserDetailsService. Now parameterized with <? extends Authentication>.	16 years ago
Luke Taylor	a45d2a4fb2	SEC-1462: Only apply session fixation protection strategy if request.isRequestedSessionIdValid() returns true. We don't need to create a new session if the current one already has a different Id from the client.	16 years ago
Luke Taylor	93deec8d40	SEC-1458: Remove logger field in HttpSessionEventPublisher in favour of direct lookup. Prevents early initialization of logging system when listener is initialized.	16 years ago
Luke Taylor	0521d10069	SEC-1294: Enable access to beans from ApplicationContext in EL expressions. ... ExpressionHandlers are now ApplicationContextAware and set the app context on the SecurityExpressionRoot. A custom PropertyAccessor resolves the properties against the root by looking them up in the app context.	16 years ago
Luke Taylor	2e2625873c	SEC-1446: Modified BasicAuthenticationFilter to treat invalid base64 and invalid Basic authentication tokens as a failed authentication (raising a BadCredentialsException, without calling the AuthenticationManager). ... This solves the problem in this issue (invalid Base64 not resulting in a 401) and also prevents unnecessary calls to the AuthenticationManager.	16 years ago
Luke Taylor	d5df53f1db	SEC-1439: Make getters and setters public on HttpRequestResponseHolder. ... Necessary to allow use of custom SecurityContextRepository.	16 years ago
Luke Taylor	f3264ba9ab	Addition of commons-logging exclusions and adjustments to pom generation.	16 years ago
Luke Taylor	43f0e11106	SEC-1429: Removed cached authentication from session after successful authentication.	16 years ago
Luke Taylor	89d8c8cc83	Additional test classes for authentication and logout success/failure handling.	16 years ago
Luke Taylor	a3263753d9	Fix to Javadoc for AbstractAuthenticationProcessingFilter.	16 years ago
Luke Taylor	530ab3ae30	SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect.	16 years ago
Luke Taylor	43f3568b16	SEC-1407: Removed original URL matching classes and updated Javadoc of new RequestMatcher versions.	16 years ago
Luke Taylor	ae8027fa47	SEC-1425: Replace use of Java 1.6 String.isEmpty().	16 years ago
Luke Taylor	93438defff	SEC-1407: Use RequestMatcher instances as the FilterInvocationSecurityMetadataSource keys and in the FilterChainMap use by FilterChainProxy. ... This greatly simplifies the code and opens up possibilities for other matching strategies (e.g. EL). This also means that matching is now completely strict - the order of the matchers is all that matters (not whether an HTTP method is included or not). The first matcher that returns true will be used.	16 years ago
Luke Taylor	cb0f3f677f	SEC-1425: Add check for empty cookie in AbstractRememberMeServices. ... Prevents ArrayOutOfBoundsException later when processing the tokeniszed cookie.	16 years ago
Luke Taylor	f0466b6488	SEC-1424: Added support for "stateless" option for create-session attribute, designed for applications which do not use sessions at all.	16 years ago
Luke Taylor	e2f9be9015	SEC-1307: Modify context saving logic in HttpSessionSecurityContextRepository to check the SecurityContext and its contents (the Authentication) against the respective values when the request first arrived at the SecurityContextPersistenceFilter. As explained in the issue, this allows a definite decision to be made about whether the current thread has modified the context information during the request, indicating that it should be saved. ... Also removed deprecated HttpSessionContextIntegrationFilter and tests.	16 years ago
Luke Taylor	4dd10cd266	Refactor overly large doFilter() method in DigestAuthenticationFilter.	16 years ago
Luke Taylor	f3f84da625	Increase upper bounds of Spring and Spring Security versions in bundlor templates to 3.2.0.	16 years ago
Luke Taylor	2ee7696bf4	Update version number to 3.1.0.CI-SNAPSHOT.	16 years ago
Luke Taylor	44f45d21f0	3.0.2 release. Update version in build files.	16 years ago
Luke Taylor	14ae36ac3b	SEC-1412: Modify DefaultSavedRequest to ignore If-Not-Matched header. ... The browser (or at least Firefox) does not send it after a redirect, and it causes problems with Spring's ShallowEtagHeaderFilter if it is stored and returned by the saved request.	16 years ago
Luke Taylor	bd635edc31	SEC-1410: Makes sure usernames which are OpenID https identities are detected as well as http ones. ... Using ":" as the token delimiter means we accidentally mistake the URL for two tokens. This had previously been fixed for http URLs but not https ones.	16 years ago