Luke Taylor
|
978b7d4707
|
SEC-1631: Reduced use of reflection in DefaultAuthenticationEventPublisher and added tests.
|
16 years ago |
|
Luke Taylor
|
bfb723feac
|
SEC-1557: Added getter to DelegatingMethodSecurityMetadataSource. Also added some optimizations of cache lookup key equals method. A class type check is unnecessary since the key class is a private inner class.
|
16 years ago |
|
Luke Taylor
|
441aa25383
|
SEC-1615: Changed key generation for anonymous provider to only use SecureRandom on demand.
|
16 years ago |
|
Luke Taylor
|
4ad0652787
|
Removed array of authorities constructor from TestingAuthenticationToken and RunAsUserToken.
|
16 years ago |
|
Luke Taylor
|
ca679e1479
|
Reformatting.
|
16 years ago |
|
Luke Taylor
|
9b29dcb8bf
|
SEC-1430: Removed username attribute from WebAttributes class.
|
16 years ago |
|
Luke Taylor
|
43be9ea2a4
|
SEC-1430: Removed caching of username in session upon failed authentication. Improved Javadoc.
|
16 years ago |
|
Luke Taylor
|
d64efe9747
|
SEC-1492: Added GrantedAuthoritiesMapper to provide mapping of loaded authorities to those which are eventually stored in the user Authentication object.
|
16 years ago |
|
Luke Taylor
|
89f80659a1
|
Move docs on request matching to correct file and delete unused one
|
16 years ago |
|
Luke Taylor
|
49242729e4
|
Added imgSrcPath parameter for use in docbookFopPdf task.
|
16 years ago |
|
Luke Taylor
|
51a53ddbaa
|
Minor refactoring of GAE code to use specific GrantedAuthority type.
|
16 years ago |
|
Luke Taylor
|
60970dd9c4
|
Added some tests for web expression handling code.
|
16 years ago |
|
Luke Taylor
|
2d9f98d535
|
SEC-1412: DefaultSavedRequest should ignore "If-Modified-Since" headers to prevent re-displaying the login form (the cached result of the original request).
|
16 years ago |
|
Luke Taylor
|
fc00d7ef1d
|
Move the unix scripts for the tutorial sample into a subdirectory
|
16 years ago |
|
Luke Taylor
|
37810a19c4
|
SEC-1619: Added check in GAE sample for change of Google user while still logged into the app.
Also updated GAE version and build script. Uploading to GAE now works when run from the gradle build file using the command 'gradle gaeDeploy'.
|
16 years ago |
|
Luke Taylor
|
8b51c2c97d
|
SEC-1587: Add explicit call to removeAttribute() to remove the context from the session if the current context is empty or anonymous.
Allows for the situation where a user is logged out without invalidating the session.
|
16 years ago |
|
Luke Taylor
|
7754882ba9
|
SEC-1550: Additional signature change (in AnonymousAuthenticationToken)
|
16 years ago |
Rob Winch
|
ffccc5f446
|
SEC-1617: Added spring-security-taglibs as a runtime dependency to jaas.gradle
|
16 years ago |
|
Luke Taylor
|
4b6a2168c7
|
SEC-1550: Additional signature change (in LdapUserDetailsManager.removeAuthorities())
|
16 years ago |
|
Luke Taylor
|
6b691f6fc0
|
SEC-1613: Corrected preauth docs.
|
16 years ago |
|
Rob Winch
|
4f51eb09c0
|
SEC-1606: Added a FirewalledRequestAwareRequestDispatcher that will call FirewalledRequest.reset() before a forward
|
16 years ago |
|
Luke Taylor
|
b9a98613eb
|
SEC-1593: Added tests to try to reproduce issue.
|
16 years ago |
|
Luke Taylor
|
1c8d28501c
|
SEC-1550: Convert signatures to use Collection<? extends GrantedAuthority> where appropriate.
|
16 years ago |
|
Luke Taylor
|
8d867e8b67
|
Updated integration tests to detect case reported as SPR-7563.
|
16 years ago |
|
Luke Taylor
|
265cdaf2a6
|
SEC-1595: Added extra constructor to OpenID4JavaConsumer which takes a ConsumerManager to allow a version compatible with GAE to be injected.
|
16 years ago |
|
Luke Taylor
|
337477de6a
|
SEC-1604: Change log level to debug for "Validated configuration attributes" message.
|
16 years ago |
|
Luke Taylor
|
54d0a263de
|
SEC-1590: Removed WebAuthenticatioDetails.doPopulateAdditionalInformation() method which is caled from superclass constructor.
|
16 years ago |
|
Luke Taylor
|
43ec2beec0
|
SEC-1183: Modified Attributes2GrantedAuthoritiesMapper to return Collection<? extends GrantedAuthority>.
|
16 years ago |
|
Luke Taylor
|
84efffb937
|
SEC-1542: Add a setter for the UserDetailsChecker in AbstractRememberMeServices.
|
16 years ago |
|
Luke Taylor
|
2671e52d5a
|
Expand message on incorrect Spring version to suggest checking the classpath for unwanted jars.
|
16 years ago |
|
Luke Taylor
|
0696bed78e
|
SEC-1608: Make sure FirewalledRequest.reset() is called when filter="none"
|
16 years ago |
|
Luke Taylor
|
deef2706ef
|
SEC-1607: Report correct version for Spring Security (not Spring version).
|
16 years ago |
|
Luke Taylor
|
f85baac943
|
Updated to Spring 3.0.5
|
16 years ago |
|
Luke Taylor
|
21ed5feb8d
|
SEC-1600: Added Implementation-Version and Implementation-Title to manifest templates and checking of version numbers in namespace config module and core. Config checks the version of core it is running against and core checks the Spring version, reporting any mismatches or situations where the app is running with less than the recommended Spring version.
|
16 years ago |
|
Luke Taylor
|
4de8b84b0d
|
SEC-1543: Change IpAddressMatcher to return false when comparing an Inet6Address with an Inet4Address rather than raising an exception.
|
16 years ago |
|
Luke Taylor
|
cf0289bc02
|
SEC-1598: Removed invalid properties from SessionFixationProtectionStrategy bean declaration in Session Management chapter docbook.
|
16 years ago |
|
Luke Taylor
|
fabadff5f1
|
SEC-1597: Corrected bean class name for RememberMeAuthenticationProvider in docbook source.
|
16 years ago |
|
Luke Taylor
|
31afb9c76d
|
Deleted superseded dao-auth-provider.xml chapter.
|
16 years ago |
|
Luke Taylor
|
07b9ded126
|
SEC-1599: Corrected docbook source.
|
16 years ago |
|
Luke Taylor
|
091a6d26f1
|
SEC-1548: Added extra logging to Dao-authentication classes to clarify reasons for authentication failure (missing user vs wrong password etc.).
|
16 years ago |
|
Luke Taylor
|
883ca2a55d
|
Import cleaning.
|
16 years ago |
|
Luke Taylor
|
1724d1eac6
|
SEC-1561: HttpSessionSecurityContextRepository should check whether the session contains the context attribute in case a new session has been created during the request. If the attribute is empty, then the context should be stored regardless of whether a change is detected or not.
|
16 years ago |
|
Luke Taylor
|
54694d5ab7
|
SEC-1583: Added hasAuthority and hasAnyAuthority imlementations to SecurityExpressionRoot.
|
16 years ago |
|
Luke Taylor
|
f70942c6f5
|
SEC-1589: Add support for property placeholder in intercept-methods access attribute.
|
16 years ago |
|
Luke Taylor
|
173537f4f2
|
SEC-1584: Added namespace support for injecting custom HttpFirewall instance into FilterChainProxy.
|
16 years ago |
|
Luke Taylor
|
0961671772
|
Reinstated missing 3.0.3 schema file
|
16 years ago |
|
Luke Taylor
|
a6d47203db
|
FilterInvocation should set queryString on dummy request.
|
16 years ago |
|
Luke Taylor
|
f455e9a5a4
|
SEC-1584: Documentation of request-checking and matching process. Logging of servletPath and and pathInfo in DebugFilter for comparison.
|
16 years ago |
|
Luke Taylor
|
0fd2c48dfb
|
SEC-1584: Additional integration tests.
|
16 years ago |
|
Luke Taylor
|
7d97adc687
|
SEC-1584: Addition of HttpFirewall strategy to FilterChainProxy to reject un-normalized requests and wrap the incoming request object before processing by the security filter chain to provide a more consistent representation of paths than is guaranteed by the servlet spec. The wrapper strips path parameters from pathInfo and servletPath to provide consistency of URL matching across servlet containers and protect against bypassing security constraints by the malicious addition of such parameters to the URL. The paths are canonicalized further by replacing of multiple sequences of "/" characters with a single "/".
|
16 years ago |
