e7f47964ee
fix typo in setUseSecureCookie method documentation
14 years ago
5d71d2a4fa
SEC-1887: Add MethodSecurityOperations interface.
...
This should cater for implementations which want to use
the full filtering capabilities while creating a custom
expression root object.
Also cleaning whitespace.
14 years ago
538e75ce1b
SEC-1903: Use a static CRLF Pattern in FirewalledResponse
...
The Pattern was being recompiled for every request
when a single instance could be shared for performance
reasons.
14 years ago
0f9ee81df1
SEC-1887: Improve extensibility of expression-based security classes
...
Introduces a new SecurityExpressionOperations interface which is
implemented by SecurityExpressionRoot
14 years ago
22225effcc
Call SecurityContextHolder.clearContext() in tear down of HttpSessionSecurityContextRepositoryTests
14 years ago
5d94cd5e13
SEC-1735: Do not remove SecurityContext from HttpSession when anonymous Authentication is saved if original SecurityContext was anonymous
14 years ago
6fe6e18939
SEC-1870: Updated HttpSessionDestroyedEvent to properly look for SecurityContexts as session attribute values instead of session attribute names
14 years ago
8ca2927761
Renamed **/Test.java to **/Tests.java to better follow conventions
14 years ago
0bccbbfc18
SEC-1779: Make new getters protected rather than public.
14 years ago
f456db267f
SEC-1779: Added getters for success and failure handlers to AbstractAuthenticationProcessingFilter.
14 years ago
09ac4bd8f9
SEC-1833: Remove unused securityContextClass from HttpSessionSecurityContextRepository.
14 years ago
44e2543015
Minor changes to make filter chain validation more robust with custom request matchers.
14 years ago
f1e63f3008
SEC-1802: Add digits to valid URL scheme regex.
14 years ago
869c6a7c18
SEC-1800: Set input size to 30 for OpenID login.
14 years ago
824464516c
SEC-1790: Reject redirect locations containing CR or LF.
15 years ago
6333909107
SEC-1797: Create a new session in AbstractPreAuthenticatedProcessingFilter when the existing session is invalidated on detecting a principal change.
15 years ago
0c2a950fa0
SEC-1788: Avoid unnecessary call to getPreAuthenticatedPrincipal() in AbstractPreAuthenticatedProcessingFilter when not checking for principal changes is not enabled.
15 years ago
8740efc0f5
Added constructor injection options to ConcurrentSessionFilter
15 years ago
a1c714cff4
SEC-1754: Added an InvalidSessionStrategy to allow SessionManagementFilter to delegate out the behaviour when an invalid session identifier is submitted.
15 years ago
8440743108
Remove Sql query objects from JdbcTokenRepositoryImpl in favour of direct JdbcTemplate use.
15 years ago
700fa9e0b6
SEC-1772: remote URL decoding of targetUrlParameter in AbstractAuthenticationTargetUrlRequestHandler.
15 years ago
de97bac85b
SEC-1763: Prevent nested switches in SwitchUserFilter by calling attemptExitUser() before doing the switch.
15 years ago
a504cfae1a
SEC-1770: Call refreshLastRequest on the session registry rather than the SessionInformation object to make sure it works with alternative SessionRegistry implementations.
15 years ago
330f82f562
SEC-1777: Corrected log in HttpSessionSecurityContextRepository to reference itself instead of HttpSessionContextIntegrationFilter
15 years ago
825f0061fb
SEC-1761: Support HttpOnly Flag for Cookies when using Servlet 3.0
15 years ago
56e86dd36f
Adding assertions on constructor arg values.
15 years ago
f92589f051
Extract a SecurityFilterChain interface and create a default implementation to facilitate other configuration options.
15 years ago
2d271666a4
Add constructors to facilitate constructor-based injection for required/shared bean properties.
15 years ago
73442125de
SEC-1775: Removed internal use of UserAttribute class in AnonymousAuthenticationFilter.
15 years ago
b15475ab3d
SEC-1771: Change TokenBasedRememberMeServices to obtain password from UserDetailsService if necessary.
15 years ago
737a9d1825
Improved toString methods on request wrappers.
15 years ago
571bfc4869
Refactoring to use Utf8 encoder instead of String.getBytes("UTF-8").
15 years ago
685f12c5a0
SEC-1733: Support explicit zero netmask correctly.
15 years ago
f5f410ae3b
Clean unused imports.
15 years ago
ec97b70df9
SEC-1668: Allow customization of username parameter in SwitchUserFilter.
15 years ago
6d04670f87
SEC-1695: Allow customization of the session key under which the SecurityContext is stored.
15 years ago
84902ebb50
Javadoc correction.
15 years ago
63f160dc72
SEC-1749: Add support for PageContext lookup of objects and use of PermissionEvaluator when using web access expressions.
15 years ago
6e91786f92
SEC-1734: AbstractRememberMeServices will now default to using a secure cookie if the connection is secure. The behaviour can be overridden by setting the useSecureCookie property in which case the cookie will either always be secure (true) or never (false).
15 years ago
04dc65c8fe
SEC-1657: Corresponding namespace updates to use SecurityFilterChain list in place of filterChainMap.
15 years ago
37d0454fd7
SEC-1657: Create SecurityFilterChain class for use in configuring FilterChinProxy. Encapsulates a RequestMatcher and List<Filter>.
15 years ago
614d8c0321
SEC-1723: Use standard SpEL syntax for accessing beans in the app context by name.
15 years ago
dd108041a0
SEC-1722: Correct javadoc
15 years ago
8178371927
SEC-1700: Add fixed serializationVersionUID values to security context, authentication tokens and related classes
15 years ago
a76a947b12
SEC-965: Added support for CAS proxy ticket authentication on any URL
15 years ago
acf4b91a89
SEC-1674: Test to check that absolute URLs work in SimpleUrlLogoutSuccessHandler.
15 years ago
ef72dd1986
SEC-1714: RegexRequestMatcher should prepend question mark to query string.
15 years ago
49dd928faa
SEC-1712: Javadoc typo fix.
15 years ago
01c9c4e4db
SEC-1697: Don't publish authorization success events in AbstractSecurityInterceptor by default.
15 years ago
78d5495945
SEC-1702: Add Burt's patch implementing hashcode method in AntPathRequestMatcher
15 years ago
Tristan Burch
Luke Taylor
Andrei Stefan
Rob Winch