d3a0f05de9
SEC-783: GlobalMethodSecurityBeanDefinitionParser should support AfterInvocationProviders
...
http://jira.springframework.org/browse/SEC-783 . Added support for custom-after-invocation-provider
18 years ago
348d211b8c
SEC-797: Minor javadoc correction.
18 years ago
d1e23b3d2c
SEC-783: Added custom-after-invocation-provider element to namespace.
18 years ago
1090072fff
SEC-795: Add check for protected login page when using namespace
...
http://jira.springframework.org/browse/SEC-795 . I've added checks for the various scenarios which will result in a protected login page and suitable warning messages.
18 years ago
5d51b35cfa
SEC-792: Filters should only be added to the default stack if they are labelled using custom-filter.
...
http://jira.springframework.org/browse/SEC-792 . Updated FilterChainProxyPostProcessor to raise an exception if two filters have the same order, and also to unwrap wrapped filters once the sorting by order has been performed.
18 years ago
38774ec94f
SEC-792: Filters should only be added to the default stack if they are labelled using custom-filter.
...
http://jira.springframework.org/browse/SEC-792 . The filters are now maintained as a list in the context and have to be stored there explicitly on registration.
18 years ago
01185475a1
OPEN - issue SEC-793: ldap-authentication-provider element parser ignores hash attribute.
...
http://jira.springframework.org/browse/SEC-793 . Added support for hash attribute. password-encoder still takes precendence with a warning if both are present.
18 years ago
7e63fe7357
SEC-790: DefaultLoginPageGeneratingFilter should be a better HTTP citizen
...
http://jira.springframework.org/browse/SEC-790 . Applied submitted patch.
18 years ago
8ea7487ec3
Removed unused method.
18 years ago
ec81e780b2
Import cleaning.
18 years ago
599d9fea04
Minor improvements to toString() methods for logging.
18 years ago
b2e9e82727
Fixed typo in message.
18 years ago
63decfeb93
SEC-761: HttpSessionContextIntegrationFilter.contextObject should be created in afterPropertiesSet(), not the constructor
...
http://jira.springframework.org/browse/SEC-761 . Added call to generateNewContext() in the afterPropertiesSet() method to take account of custom security context classes.
18 years ago
1ae167434a
SEC-756: Add checks for duplicate use of namespace elements such as global-method-security
...
http://jira.springframework.org/browse/SEC-756 . Refactored HttpSecurityBDP and added check for duplicate usage of the element.
18 years ago
083644f2fe
SEC-756: Refactored GlobalMethodSecurityDefinitionParser and added check for duplicate registration.
18 years ago
1258fa854e
SEC-788: x509 authentication does not work properly
...
http://jira.springframework.org/browse/SEC-788 . Added check for X509 element when choosing entry point, if nothing else is available.
18 years ago
e12b6afefa
SEC-776: Http Session created for Anonymous request
...
http://jira.springframework.org/browse/SEC-776 . Added AuthenticationtrustResolver to HttpSCIF to check for anonymous authentication.
18 years ago
88ea87642a
SEC-791: RequestKey.equals throws NPE if method is null
...
http://jira.springframework.org/browse/SEC-791 . Fixed handling of equals when one http method is null.
18 years ago
9eaa1cbbdd
OPEN - issue SEC-789: Add support for optional role-prefix attribute to namespace
...
http://jira.springframework.org/browse/SEC-789 . Added role-prefix attribute to ldap provider and jdbc/ldap user-service elements.
18 years ago
aba5a22b6c
SEC-789: Add support for optional role-prefix attribute to namespace
...
http://jira.springframework.org/browse/SEC-789 . Added support for role-prefix to jdbc-user-service element.
18 years ago
1a4130528a
SEC-782: Incorrect UrlMatcher initialization in FilterChainProxy results in wrong lowercase/uppercase matching
...
http://jira.springframework.org/browse/SEC-782 . I've updated FilterChainProxy to make sure the same UrlMatcher is used throughout when converting a legacy configuration.
18 years ago
5bb558bd6a
SEC-777: The disabled status cannot be set in <user-service>
...
http://jira.springframework.org/browse/SEC-777 . Added the disabled flag to the relax grammar file.
18 years ago
993fdd7a32
Added better toString() method to OrderedFilterDecorator to make it report the delegate filter information.
18 years ago
469f55ce05
SEC-773: global-method-security fails with JPA
...
http://jira.springframework.org/browse/SEC-773 . Added extra constructor to MethodDefinitionSourceAdvisor to allow for lazy initialization of the advice (MethodSecurityInterceptor), and in turn the AuthenticationManager and ay referenced UserDetailsService implementations.
18 years ago
7238097310
OPEN - issue SEC-775: CLONE -impossible to specify "observeOncePerRequest" property in the namespace based configuration.
...
http://jira.springframework.org/browse/SEC-775 . Corrected check for value of observe-once-per-request attribute. Should be a check for "false" as it is true by default.
18 years ago
b5dc523041
[maven-release-plugin] prepare for next development iteration
18 years ago
0c42670431
[maven-release-plugin] prepare release spring-security-parent-2.0.0
18 years ago
4d714b33e0
SEC-770: Mark old org.springframework.security.acl module as @deprecated .
18 years ago
57b5f38df1
OPEN - issue SEC-769: Remember-Me functionality not available in namespace configuration
...
http://jira.springframework.org/browse/SEC-769 . I've added a check in FormLoginBeanDefintionParser to see if RememberMeServices is registered. If so, it will inject the bean into the filter. Also added a check in HttpSecurityBeanDefinitionParserTests that the field has been set.
18 years ago
4ae40150c9
SEC-752: ClassLoading in GlobalMethodSecurityBeanDefinitionParser doesn't work in tooling
...
http://jira.springframework.org/browse/SEC-752 . Removed check for JSR-250 class.
18 years ago
552dc6486a
SEC-703: Expose customization of SQL used by <jdbc-user-service>
...
http://jira.springframework.org/browse/SEC-703 . Added suggested attributes for sql queries.
18 years ago
d6e5dbbcfd
SEC-767: Added override for flushBuffer in response wrapper.
18 years ago
9d54c2d22b
OPEN - issue SEC-637: Dependency on RequestUtils
...
http://jira.springframework.org/browse/SEC-637 . Removed use of ServletRequestUtils in AbstractRememberMeServices
18 years ago
0422cb1f8f
Fixed artifact groups for aspectjrt and added cas sample to project build
18 years ago
83c152e379
SEC-768: Changed exception to error reported through parser context. Added entry-point-ref to cas config
18 years ago
a2f4ee1c58
SEC-767: Added check for committed response before attempting to create a new session
18 years ago
2d3bc27d06
SEC-755: Updated bundle names in line with Christian's recommendations.
18 years ago
d0ae8e072d
Refactored out safeGetHttpSession method to remove multiple try/catch IllegalArgumentException blocks round request.getSession() calls.
18 years ago
6b86b05a0a
Removed autoboxing
18 years ago
d288f722a8
OPEN - issue SEC-759: GrantedAuthoritiesContainer should extend Serializable
...
http://jira.springframework.org/browse/SEC-759 . Added Serializable to interface.
18 years ago
3b3d339393
SEC-764: Added support for "position" attribute. Also added "LAST" as an option for filter position.
18 years ago
7145198e5a
OPEN - issue SEC-763: Allow setting of alwaysUseDirectTargetUrl via form-login namespace URL
...
http://jira.springframework.org/browse/SEC-763 . Added always-use-default target attribute to namespace.
18 years ago
a3de51ea51
Fixed typo in constant name.
18 years ago
029f8a2409
Made test method getFilters on FilterChainProxy default access.
18 years ago
a2d2c6b67a
Corrected element name.
18 years ago
243b5f4a2a
SEC-746: impossible to specify errorPage for the AccessDeniedHandlerImp when using namespace based configuration
...
http://jira.springframework.org/browse/SEC-746 . Added access-denied-page to http element.
18 years ago
f57ba43780
SEC-673: Reinstated a bean registration that had accidentally bean removed by the last patch, breaking core-tiger tests.
18 years ago
80dbc4fd75
SEC-673: Applied patch from Christian.
18 years ago
594b69b7ef
SEC-754: Changed tests to use unicode escapes rather than explicit UTF-8.
18 years ago
236e310ea7
SEC-747: impossible to specify "observeOncePerRequest" property in the namespace based configuration.
...
http://jira.springframework.org/browse/SEC-747 . Added once-per-request attribute to http element.
18 years ago
Luke Taylor
Ben Alex