dbee91002e
Deprecate EncryptionUtils.
16 years ago
c12c43da9e
Javadoc fixes.
16 years ago
36612377e2
Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents.
16 years ago
e729819ce0
Updated incorrect package names in docbook
16 years ago
1e4f451352
Moved DelegatingAuthenticationEntryPointTest-context.xml to test/resources
16 years ago
dcbdfc2026
SEC-1396: Implement eager saving of SecurityContext in SessionManagementFilter on authentication.
...
The user is then seen as being authenticated to further (re-entrant) requests which occur before the existing request has completed. The saving logic is contained with the SecurityContextRepository implementation.
16 years ago
403f8da79a
Added missing jettyVersion variable to build.gradle.
16 years ago
90d6ff1fde
SEC-1406: Create a DelegatingAuthenticationEntryPoint
16 years ago
d32b078a8c
SEC-1406: Create a DelegatingAuthenticationEntryPoint
16 years ago
e678ba7283
Improvements to itest-web subproject.
...
Added to gradle build. Updated deps (testng and jwebunit). New test added for persistent remember-me.
16 years ago
70ef0d8b3e
Added extra test to itest/context as POC of using extra interceptor with http ns.
16 years ago
23511c930f
Standardising slf4j versions.
16 years ago
017dad8f5d
Added support for fop extensions in PDF generation.
16 years ago
2173029216
SEC-1404: Use a factory method to convert the path to lower case for use in the filter-chain map.
...
Delays the conversion till after palceholders have been substituted, preventing the placeholder from being converted (or the value not being converted).
16 years ago
d2413cf237
SEC-1406: Create a DelegatingAuthenticationEntryPoint
16 years ago
5753d69465
SEC-1404: Updated test for placeholders in intercept-url elements to check they work for filter='none' elements
16 years ago
81657d0efc
SEC-1403: Corrected interface name.
16 years ago
08c7155ab5
SEC-1404: Refactored IP subnet matching into IpAddressMatcher class to allow it to be used outside expressions.
16 years ago
1ecd3e228b
SEC-1405: added RequestMatcher interface.
16 years ago
2f40088fe7
Change spring-aop dep to compile scope in contacts sample
16 years ago
15c309a2ed
Add spring-aop to acl and contacts compile dependencies following changes for SEC-1390.
...
AopInfrastructureBean interface is now required.
16 years ago
f54831f2b5
SEC-1398: Minor changes to method security annotation information in namespace chapter.
...
Added some explanation of the different annotation types and their suitability.
16 years ago
67c9a0b78d
SEC-1389: Added "iterations" property to BaseDigestpasswordEncoder to support "stretching" of passwords.
16 years ago
bd2fd3448b
SEC-1392: Mark PermissionEvaluator and MethodSecurityExpressionHandler as AopInfrastructure beans to prevent them being advised and causing premature use of MethodSecurityMetadataSource before it is initialized properly.
16 years ago
984604b026
SEC-1384: Removed check for empty authority list from DefaultWebInvocationPrivilegeEvaluator.
...
The class previously rejected access if the user had no authorities. It will now allow the AccessDecisionManager to make the decision.
16 years ago
8720966d20
SEC-1390: Added null check on claimedIdentifier returned by DiscoveryInformation to prevent NPE.
16 years ago
b1243416fc
Minor corrections to aspectj interceptor docs
16 years ago
38837775a5
Minor corrections to aspectj interceptor docs.
16 years ago
10d787ede2
Javadoc corrections to SessionRegistryImpl
16 years ago
c4d2f59eec
SEC-1381: Update source repo information in docs to point to git rather than subversion.
16 years ago
912e7976da
Added doc upload capability to build.
16 years ago
dcf9ea25a6
Updated access-decision and after-invocation diagrams in manual.
16 years ago
0974e21fb6
SEC-1379: Added creation of a session if session timeout is detected (requested session ID is invalid).
...
This prevents problems with repeated detection of the same invalid session when the redirected request comes in.
16 years ago
d931495c8a
SEC-1380: Trim whitespace from config attributes when building a list in SecurityConfig.
16 years ago
04447bdbf0
SEC-1377: Extended HTML escaping functionality to take account of control characters, whitespace and to handle Unicode supplementary characters (surrogate pairs).
16 years ago
dbf673ec37
Build updates to include uploading of distro and docs, plus addition of admon graphics path to docbook plugin.
16 years ago
9734e4c82f
Added generation of sha1 of distro archive to build.
16 years ago
56849dc41e
Added tasks for apidocs, doc and distro archive generation to the build file.
16 years ago
10cd080090
SEC-1356: Update createUser method in LdapUserDetailsManager to create the LDAP entry before adding authorities. Prevents removal of authorities for an existing user.
16 years ago
0c10efbbf8
Revert SEC-1356.
...
Checking the path of a submitted cookie will never work as the path is not sent by the browser, so will be null.
16 years ago
1a7f71fc0f
SEC-1372: Return an empty list rather than null from SessionRegistryImpl.getAllSessions()
...
If the principal has no sessions, null is returned which contradicts the interface contract. In practice it didn't matter as the null was checked for, but it is cleaner to disallow a null value.
16 years ago
8137a8bcd0
Enabled detection of release builds and s3 maven deployment capability to gradle build.
...
The s3 deployment requires an updated snapshot of the spring aws-maven dependency, as the old one was incompatible with changes in the latest version (1.0-beta6) of the Maven "wagon" api.
16 years ago
a5dde8b28f
Updated doc on invalid session detection.
...
Invalid session URL must typically be omitted from the filter chain to prevent an infinite loop.
16 years ago
51dfc0fb39
Set versions to 3.0.2-CI-SNAPSHOT, post release.
16 years ago
05634f97dc
Updated version numbers for 3.0.1 release.
16 years ago
e1d41177bb
Update docbook plugin use to new gradle 0.9+ syntax.
16 years ago
81f91d28eb
Add docbook note and tip images.
16 years ago
670297c55d
SEC-1369: Make sure beans aren't registered twice in case allowBeanDefinitionOverriding=false in the app context.
...
The use of registerBeanComponent() also registers the bean definition, which causes an error if overriding is disallowed and the bean has already been registered using registerBeanDefinition(). I've also set the allowBeanDefinitionOverriding to 'false' on InMemoryXmlApplicationContext to detect future mistakes of this kind in testing.
16 years ago
0f90e69004
SEC-1362: Updated French messages translation.
16 years ago
a9567a58d8
SEC-1359,SEC-1360,SEC-1361,SEC-1363,SEC-1364,SEC-1365,SEC-1366,SEC-1367: Minor doc and Javadoc typos.
16 years ago
Luke Taylor
Mike Wiesner