GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
4385 Commits
0 Branches
300 Tags
128 MiB
Tree: abfa558c3c
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'abfa558c3c'
${ noResults }
Commit Graph

286 Commits (abfa558c3c94ca3daaa9a407e7cd4d4e516956d4)

Author SHA1 Message Date
Rob Winch a76a947b12 SEC-965: Added support for CAS proxy ticket authentication on any URL
15 years ago
Luke Taylor acf4b91a89 SEC-1674: Test to check that absolute URLs work in SimpleUrlLogoutSuccessHandler.
15 years ago
Luke Taylor ef72dd1986 SEC-1714: RegexRequestMatcher should prepend question mark to query string.
15 years ago
Luke Taylor 49dd928faa SEC-1712: Javadoc typo fix.
15 years ago
Luke Taylor 01c9c4e4db SEC-1697: Don't publish authorization success events in AbstractSecurityInterceptor by default.
15 years ago
Luke Taylor 78d5495945 SEC-1702: Add Burt's patch implementing hashcode method in AntPathRequestMatcher
15 years ago
Luke Taylor e470eaa41d SEC-1689: Moved core codec code into crypto package and removed existing duplication (Hex encoding etc). Refactoring of crypto code to use CharSequence for where possible instead of String.
15 years ago
Luke Taylor 44252207db SEC-1683: Corrected typo
15 years ago
Luke Taylor b0df1bd1b0 SEC-1673: Use a map to store the range values use in the bundlor templates.
15 years ago
Luke Taylor eb9482b33b Removal of some unused internal methods, plus additional tests for some areas lacking coverage.
15 years ago
Rob Winch 8c08eeb57b SEC-1666: Use constant time comparison for sensitive data.
15 years ago
Rob Winch 1b32babbf9 SEC-1545: Removed unused i18n keys, changed keys to follow naming conventions, found missing keys based upon old keys, sorted keys, any unknown keys are entered as a comment with the English value.
15 years ago
Rob Winch f20649f035 SEC-1648: added null check for getTargetUrlParameter() in SavedRequestAwareAuthenticationSuccessHandler.onAuthenticationSuccess and updated validation for AbstractAuthenticationTargetUrlRequestHandler.setTargetUrlParameter
15 years ago
Luke Taylor eeb466b613 SEC-1648: Implemented Rob's suggestion to use a null value for the targetUrlParameter rather than a boolean property. It should thus only be used if this value is set.
15 years ago
Luke Taylor bf59c75886 Test class to improve coverage of WAS-specific preauth code.
15 years ago
Luke Taylor 7fd3aa2b45 SEC-1603: Add support for injecting an AuthenticationSuccessHandler into RememberMeAuthenticationFilter.
15 years ago
Luke Taylor 423f9eae7a SEC-1648: Added a useTargetUrlparameter property to AbstractAuthenticationTargetUrlRequestHandler which defaults to false.
15 years ago
Luke Taylor 428a0b7dce SEC-1639: Removed url argument from FilterChainProxy's VirtualFilterChain, since this can be directly computed from the request instance in the debug statements.
15 years ago
Luke Taylor 7cf9740fd4 SEC-1638: Added an example configuration to the Javadoc for ChannelProcessingFilter and a pointer from the reference manual.
15 years ago
Rob Winch 7c04fdbc90 SEC-1639: FirewalledRequest is now called on the specific FirewalledRequest instance rather that looping through ServletRequestWrappers.
15 years ago
Luke Taylor c8820166c8 SEC-1576: Parameterize the secured object type in AccessDecisionVoter.
15 years ago
Luke Taylor ce421f22bf SEC-1635: Stop security interceptors from calling AfterInvocationManager if exception occurs during invocation
15 years ago
Luke Taylor 2be2660b13 SEC-1636: Add optimizations for simple pattern cases in AntPathRequestMatcher. "/**" and "**" are treated as universal matches and a trailing "/**" is now optimized using a substring match.
15 years ago
Luke Taylor 4a40d80da1 SEC-1418: Deprecate GrantedAuthorityImpl in favour of final SimpleGrantedAuthority.
15 years ago
Luke Taylor 4ad0652787 Removed array of authorities constructor from TestingAuthenticationToken and RunAsUserToken.
15 years ago
Luke Taylor 9b29dcb8bf SEC-1430: Removed username attribute from WebAttributes class.
15 years ago
Luke Taylor 43be9ea2a4 SEC-1430: Removed caching of username in session upon failed authentication. Improved Javadoc.
15 years ago
Luke Taylor d64efe9747 SEC-1492: Added GrantedAuthoritiesMapper to provide mapping of loaded authorities to those which are eventually stored in the user Authentication object.
15 years ago
Luke Taylor 60970dd9c4 Added some tests for web expression handling code.
15 years ago
Luke Taylor 2d9f98d535 SEC-1412: DefaultSavedRequest should ignore "If-Modified-Since" headers to prevent re-displaying the login form (the cached result of the original request).
15 years ago
Luke Taylor 8b51c2c97d SEC-1587: Add explicit call to removeAttribute() to remove the context from the session if the current context is empty or anonymous.
15 years ago
Rob Winch 4f51eb09c0 SEC-1606: Added a FirewalledRequestAwareRequestDispatcher that will call FirewalledRequest.reset() before a forward
15 years ago
Luke Taylor 1c8d28501c SEC-1550: Convert signatures to use Collection<? extends GrantedAuthority> where appropriate.
15 years ago
Luke Taylor 8d867e8b67 Updated integration tests to detect case reported as SPR-7563.
15 years ago
Luke Taylor 54d0a263de SEC-1590: Removed WebAuthenticatioDetails.doPopulateAdditionalInformation() method which is caled from superclass constructor.
15 years ago
Luke Taylor 43ec2beec0 SEC-1183: Modified Attributes2GrantedAuthoritiesMapper to return Collection<? extends GrantedAuthority>.
15 years ago
Luke Taylor 84efffb937 SEC-1542: Add a setter for the UserDetailsChecker in AbstractRememberMeServices.
15 years ago
Luke Taylor 0696bed78e SEC-1608: Make sure FirewalledRequest.reset() is called when filter="none"
15 years ago
Luke Taylor 21ed5feb8d SEC-1600: Added Implementation-Version and Implementation-Title to manifest templates and checking of version numbers in namespace config module and core. Config checks the version of core it is running against and core checks the Spring version, reporting any mismatches or situations where the app is running with less than the recommended Spring version.
15 years ago
Luke Taylor 4de8b84b0d SEC-1543: Change IpAddressMatcher to return false when comparing an Inet6Address with an Inet4Address rather than raising an exception.
15 years ago
Luke Taylor 883ca2a55d Import cleaning.
15 years ago
Luke Taylor 1724d1eac6 SEC-1561: HttpSessionSecurityContextRepository should check whether the session contains the context attribute in case a new session has been created during the request. If the attribute is empty, then the context should be stored regardless of whether a change is detected or not.
15 years ago
Luke Taylor a6d47203db FilterInvocation should set queryString on dummy request.
15 years ago
Luke Taylor 7d97adc687 SEC-1584: Addition of HttpFirewall strategy to FilterChainProxy to reject un-normalized requests and wrap the incoming request object before processing by the security filter chain to provide a more consistent representation of paths than is guaranteed by the servlet spec. The wrapper strips path parameters from pathInfo and servletPath to provide consistency of URL matching across servlet containers and protect against bypassing security constraints by the malicious addition of such parameters to the URL. The paths are canonicalized further by replacing of multiple sequences of "/" characters with a single "/".
15 years ago
Rossen Stoyanchev 70600a0277 SEC-1552 Refactor AuthorizeTag and LegacyAuthorize tag to make them independent of JSP tag rendering.
15 years ago
Rob Winch ee12d54bec SEC-1536: moved web.authentication.jaas to web.jaasapi
16 years ago
Luke Taylor 1b2b371970 SEC-1544: Added CookieClearingLogoutHandler and 'delete-cookies' attribute to the 'logout' namespace element.
16 years ago
Luke Taylor 551166a577 ApacheDS workDir property should be passed to the test process, not set as a system property in the main build process.
16 years ago
rwinch de819378fc SEC-1536: added JAAS API Integration, updated doc, updated jaas sample
16 years ago
Luke Taylor c5231fc213 SEC-1538: Deprecate PreAuthenticatedGrantedAuthoritiesAuthenticationDetails (forgot originally) and update documentation to remove reference to AbstractPreAuthenticationAuthenticationDetailsSource.
16 years ago