* Fix passivity and add tests
* Introduce SessionInformationExpiredEvent as a value object
* Rename ExpiredSessionStrategy to SessionInformationExpiredStrategy
to account for the need of SessionInformation
* Switch to Constructor Injection
* Move the changes to the xsd to 4.2 xsd instead of 4.1
Issue gh-3808
This commit adds an ExpiredSessionStrategy for the ConcurrentSessionFilter
analogous to the InvalidSessionStrategy for the SessionManagementFilter. It also
adds a configuration option for both the InvalidSessionStrategy and
ExpiredSessionStrategy to the XML namespace and Java configuration.
Fixes gh-3794
Fixes gh-3795
We have an issue where token strings that contain a colon break
the existing decoding strategy, which tokenizes on colons. This
change urlencodes the individual tokens when creating the cookie
string; and urldecodes them decoding the cookie and extracting the
tokens. This also eliminates the need for existing code to deal with
openid tokens which contain urls, and thus colons.
Fixes gh-3355
Issue gh-3736
* ClassLoader argument - this is required because we do not want to assume
the ClassLoader that should be used
* Clean up logging - logging is now at debug level because we don't expect
all of the modules are loaded (they are quite possibly off the ClassPath)
* Remove ObjectUtils as it was being used on methods that expect a
Collection or Array with non collection based objects
* Polish Javadoc warnings
The validation does not work due to restrictions within the servlet
container. Specifically we cannot access the servlets that are registered.
This commit reverts the validation logic for MvcRequestMatcher to determine
if servletPath is required.
Fixes gh-4027
This commit adds a check for rememberme to the ExceptionTranslationFilter.
Using this when someone isn't fully authenticated he will be prompted with a
login screen and after that will be redirected to the original requested URI.
Fixes gh-2427
Currently CookieCsrfTokenRepository does not specify that the httpOnly
flag needs set to false. We should update the reference to include this
setting (and a comment about it) since it states that the settings will
work with AngularJS.
This commit updates the documentation and provides a convenience factory
method to create a CookieCsrfTokenRepository with cookiHttpOnly=false
Fixes gh-3865
It is now possible to provide a SpEL expression for
@AuthenticationPrincipal. This allows invoking custom logic including
methods on the principal object.
Fixes gh-3859
* Rename to DelegatingLogoutSuccessHandler for consistency
* Remove JavascriptOriginRequestMatcher in favor of
RequestHeaderRequestMatcher
Issue gh-3282
OnCommittedResponseWrapper trackContentLength will throw a
NullPointerException when the content length passed in is null.
This commit properly tracks the null value as a length of 4.
Fixes gh-3823
Perviously there were issues with case insenstive patterns and URI
variables that contained upper case characters. For example, the pattern
"/user/{userId}" could not resolve the variable #userId Instead it was
forced to lowercase and #userid was used.
Now if the pattern is case insensitive then so is the variable. This means
that #userId will work as will #userid.
Fixes gh-3786
Julio Valcarcel
Rob Winch
Marten Deinum
Joe Grandja
Dennis Kieselhorst
Stefan Penndorf
Jeremy Waters
Jitendra Singh Bisht
Joe Grandja
Eddú Meléndez
Ruben Dijkstra
Adrien SAUVEZ
bartolom
Li Weinan
Shazin Sadakath
Rob Winch
Johnny Lim
Simon Olofsson
Andrew NS Yeow