spring-security

Author	SHA1	Message	Date
Luke Taylor	1833b234a5	SEC-1722: Correct javadoc	15 years ago
Luke Taylor	b87dabe1ac	SEC-1683: Corrected typo	15 years ago
Rob Winch	1b6587a5d4	SEC-1666: Use constant time comparison for sensitive data. Constant time comparison helps to mitigate timing attacks. See the following link for more information * http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/ * http://en.wikipedia.org/wiki/Timing_attack for more information.	15 years ago
Rob Winch	b3943ac268	SEC-1545: Removed unused i18n keys, changed keys to follow naming conventions, found missing keys based upon old keys, sorted keys, any unknown keys are entered as a comment with the English value. NOTE: The Groovy code that automated most of this is attached to SEC-1545 A mapping of Missing Key to the file that the key is found are as follows: ----------../core/src/main/resources/org/springframework/security/messages_cs_CZ.properties---------- JdbcDaoImpl.noAuthority=[../core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java] JdbcDaoImpl.notFound=[../core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java] PersistentTokenBasedRememberMeServices.cookieStolen=[../web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java] ----------../core/src/main/resources/org/springframework/security/messages_de.properties---------- JdbcDaoImpl.noAuthority=[../core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java] JdbcDaoImpl.notFound=[../core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java] PersistentTokenBasedRememberMeServices.cookieStolen=[../web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java] ----------../core/src/main/resources/org/springframework/security/messages_it.properties---------- JdbcDaoImpl.noAuthority=[../core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java] JdbcDaoImpl.notFound=[../core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java] PersistentTokenBasedRememberMeServices.cookieStolen=[../web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java] ----------../core/src/main/resources/org/springframework/security/messages_ko_KR.properties---------- PersistentTokenBasedRememberMeServices.cookieStolen=[../web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java] ----------../core/src/main/resources/org/springframework/security/messages_pl.properties---------- PersistentTokenBasedRememberMeServices.cookieStolen=[../web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java] ----------../core/src/main/resources/org/springframework/security/messages_pt_BR.properties---------- PersistentTokenBasedRememberMeServices.cookieStolen=[../web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java] ----------../core/src/main/resources/org/springframework/security/messages_pt_PT.properties---------- PersistentTokenBasedRememberMeServices.cookieStolen=[../web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java] ----------../core/src/main/resources/org/springframework/security/messages_uk_UA.properties---------- PersistentTokenBasedRememberMeServices.cookieStolen=[../web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java] ----------../core/src/main/resources/org/springframework/security/messages_zh_CN.properties---------- PersistentTokenBasedRememberMeServices.cookieStolen=[../web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java] How unknown keys were gussed by existing keys ----------../core/src/main/resources/org/springframework/security/messages_cs_CZ.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using SwitchUserProcessingFilter.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using AbstractUserDetailsAuthenticationProvider.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using SwitchUserProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication ----------../core/src/main/resources/org/springframework/security/messages_de.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using SwitchUserProcessingFilter.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using AbstractUserDetailsAuthenticationProvider.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using SwitchUserProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication ----------../core/src/main/resources/org/springframework/security/messages_es_ES.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using UserDetailsService.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using UserDetailsService.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using DigestProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication ----------../core/src/main/resources/org/springframework/security/messages_fr.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using UserDetailsService.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using UserDetailsService.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using DigestProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication ----------../core/src/main/resources/org/springframework/security/messages_it.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using SwitchUserProcessingFilter.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using AbstractUserDetailsAuthenticationProvider.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using DigestProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication ----------../core/src/main/resources/org/springframework/security/messages_ko_KR.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using UserDetailsService.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using UserDetailsService.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using DigestProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication ----------../core/src/main/resources/org/springframework/security/messages_pl.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using UserDetailsService.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using UserDetailsService.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using DigestProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication ----------../core/src/main/resources/org/springframework/security/messages_pt_BR.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using UserDetailsService.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using UserDetailsService.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using DigestProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication ----------../core/src/main/resources/org/springframework/security/messages_pt_PT.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using UserDetailsService.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using UserDetailsService.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using DigestProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication ----------../core/src/main/resources/org/springframework/security/messages_uk_UA.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using UserDetailsService.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using UserDetailsService.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using DigestProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication ----------../core/src/main/resources/org/springframework/security/messages_zh_CN.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using UserDetailsService.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using UserDetailsService.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using DigestProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication	15 years ago
Luke Taylor	537d8f108a	SEC-1654: Correct debug output in DigestAuthenticationFilter.	15 years ago
Rob Winch	4dea140331	SEC-1639: FirewalledRequest is now called on the specific FirewalledRequest instance rather that looping through ServletRequestWrappers. VirtualFilterChain now accepts the FirewalledRequest in the constructor. The reset method is called directly on the instance passed in instead of looping through the ServletRequestWrappers. Conflicts: web/src/main/java/org/springframework/security/web/FilterChainProxy.java web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java	15 years ago
Luke Taylor	bb3a973fcb	SEC-1636: Add optimizations for universal match cases in AntUrlPathMatcher (using "/" and "" equality checks on the path).	15 years ago
Luke Taylor	e80853b698	SEC-1412: DefaultSavedRequest should ignore "If-Modified-Since" headers to prevent re-displaying the login form (the cached result of the original request).	15 years ago
Luke Taylor	82d105cbc3	SEC-1587: Add explicit call to removeAttribute() to remove the context from the session if the current context is empty or anonymous. Allows for the situation where a user is logged out without invalidating the session.	15 years ago
Luke Taylor	e88f47a96a	SEC-1561: Add check on whether the security context attribute is set in the current session to make sure it is stored when a new session has been created during the request.	15 years ago
Rob Winch	0bdc9c176b	SEC-1606: Added a FirewalledRequestAwareRequestDispatcher that will call FirewalledRequest.reset() before a forward	15 years ago
Luke Taylor	71b2af31ee	SEC-1608: Make sure FirewalledRequest.reset() is called when filter="none"	15 years ago
Luke Taylor	b688bb69ee	SEC-1543: Change IpAddressMatcher to return false when comparing an Inet6Address with an Inet4Address rather than raising an exception.	15 years ago
Luke Taylor	8e68fa1334	SEC-1584: Added namespace support for injecting custom HttpFirewall instance into FilterChainProxy.	15 years ago
Luke Taylor	ed9411c660	SEC-1584: Addition of HttpFirewall strategy to FilterChainProxy to reject un-normalized requests and wrap the incoming request object before processing by the security filter chain to provide a more consistent representation of paths than is guaranteed by the servlet spec. The wrapper strips path parameters from pathInfo and servletPath to provide consistency of URL matching across servlet containers and protect against bypassing security constraints by the malicious addition of such parameters to the URL. The paths are canonicalized further by replacing of multiple sequences of "/" characters with a single "/".	15 years ago
Luke Taylor	80ccd2b285	SEC-1501: Fix bean classname in Javadoc for SwitchUserFilter.	16 years ago
Luke Taylor	21a664b2eb	Deprecation warning suppression for UserMap.	16 years ago
Luke Taylor	09aba3906c	SEC-1496: Added support for use of any non-standard URL schemes in DefaultRedirectStrategy.	16 years ago
Luke Taylor	57cfff6f5c	SEC-1500: Convert AbstractRetryEntryPoint to use requestURI to correctly encode URLs.	16 years ago
Luke Taylor	aaa7bd90b2	SEC-1481: Updated constructors of Authentication types to use a generic wildcard for authorities collection.	16 years ago
Luke Taylor	6d6c2d31ef	SEC-1462: Only apply session fixation protection strategy if request.isRequestedSessionIdValid() returns true. We don't need to create a new session if the current one already has a different Id from the client.	16 years ago
Luke Taylor	0760bb947b	SEC-1458: Remove logger field in HttpSessionEventPublisher in favour of direct lookup. Prevents early initialization of logging system when listener is initialized.	16 years ago
Luke Taylor	b8e50c0933	SEC-1439: Make getters and setters public on HttpRequestResponseHolder. Necessary to allow use of custom SecurityContextRepository.(cherry picked from commit d5df53f1dbfcbe274656cce4e7a2e064f8db1597)	16 years ago
Luke Taylor	677576ea8b	SEC-1429: Fix test. Wasn't setting allowSessionCreation=false on failure handler.	16 years ago
Luke Taylor	5a5b62e2cb	SEC-1429: Removed cached authentication from session after successful authentication.(cherry picked from commit 43f0e111067dec72f2a496ad7d9df9fc10de43dc)	16 years ago
Luke Taylor	6ac8588144	Fix to Javadoc for AbstractAuthenticationProcessingFilter.(cherry picked from commit a3263753d93bba781471135448c4de5564fe464a)	16 years ago
Luke Taylor	5690f1c581	SEC-1428: Check if response has been committed before redirecting to target URL in AbstractAuthenticationTargetUrlRequestHandler.	16 years ago
Luke Taylor	87cf27ab7c	SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect.	16 years ago
Luke Taylor	a7e21318bf	SEC-1425: Replace use of Java 1.6 String.isEmpty().	16 years ago
Luke Taylor	b46ae6ac62	SEC-1425: Add check for empty cookie in AbstractRememberMeServices. Prevents ArrayOutOfBoundsException later when processing the tokeniszed cookie.	16 years ago
Luke Taylor	14ae36ac3b	SEC-1412: Modify DefaultSavedRequest to ignore If-Not-Matched header. The browser (or at least Firefox) does not send it after a redirect, and it causes problems with Spring's ShallowEtagHeaderFilter if it is stored and returned by the saved request.	16 years ago
Luke Taylor	bd635edc31	SEC-1410: Makes sure usernames which are OpenID https identities are detected as well as http ones. Using ":" as the token delimiter means we accidentally mistake the URL for two tokens. This had previously been fixed for http URLs but not https ones.	16 years ago
Luke Taylor	c1133d1ef3	Removed unused import in DelegatingAuthenticationEntryPoint and corrected test class name.	16 years ago
Luke Taylor	d30e31d816	Remove unnecessary @SuppressWarnings and inline dependency from ELRequestMatcher (util package) to core ExpressionUtils.	16 years ago
Luke Taylor	c12c43da9e	Javadoc fixes.	16 years ago
Luke Taylor	36612377e2	Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents.	16 years ago
Luke Taylor	1e4f451352	Moved DelegatingAuthenticationEntryPointTest-context.xml to test/resources	16 years ago
Luke Taylor	dcbdfc2026	SEC-1396: Implement eager saving of SecurityContext in SessionManagementFilter on authentication. The user is then seen as being authenticated to further (re-entrant) requests which occur before the existing request has completed. The saving logic is contained with the SecurityContextRepository implementation.	16 years ago
Mike Wiesner	90d6ff1fde	SEC-1406: Create a DelegatingAuthenticationEntryPoint	16 years ago
Mike Wiesner	d32b078a8c	SEC-1406: Create a DelegatingAuthenticationEntryPoint	16 years ago
Mike Wiesner	d2413cf237	SEC-1406: Create a DelegatingAuthenticationEntryPoint	16 years ago
Luke Taylor	08c7155ab5	SEC-1404: Refactored IP subnet matching into IpAddressMatcher class to allow it to be used outside expressions.	16 years ago
Luke Taylor	1ecd3e228b	SEC-1405: added RequestMatcher interface.	16 years ago
Luke Taylor	984604b026	SEC-1384: Removed check for empty authority list from DefaultWebInvocationPrivilegeEvaluator. The class previously rejected access if the user had no authorities. It will now allow the AccessDecisionManager to make the decision.	16 years ago
Luke Taylor	0974e21fb6	SEC-1379: Added creation of a session if session timeout is detected (requested session ID is invalid). This prevents problems with repeated detection of the same invalid session when the redirected request comes in.	16 years ago
Luke Taylor	04447bdbf0	SEC-1377: Extended HTML escaping functionality to take account of control characters, whitespace and to handle Unicode supplementary characters (surrogate pairs).	16 years ago
Luke Taylor	0c10efbbf8	Revert SEC-1356. Checking the path of a submitted cookie will never work as the path is not sent by the browser, so will be null.	16 years ago
Luke Taylor	1a7f71fc0f	SEC-1372: Return an empty list rather than null from SessionRegistryImpl.getAllSessions() If the principal has no sessions, null is returned which contradicts the interface contract. In practice it didn't matter as the null was checked for, but it is cleaner to disallow a null value.	16 years ago
Luke Taylor	a9567a58d8	SEC-1359,SEC-1360,SEC-1361,SEC-1363,SEC-1364,SEC-1365,SEC-1366,SEC-1367: Minor doc and Javadoc typos.	16 years ago
Luke Taylor	f62d97b092	SEC-1356: Fix broken tests. Test cookies now require that the path be set in order for them to be recognised for auto-login purposes..	16 years ago

1 2 3 4

179 Commits (a2cdbab50c76bd2dc01cb10bdbf21881253285c2)