Tree: ec7b9703a6

1.0.x

2.0.x

3.0.x

3.1.x

3.2.x

4.0.x

4.1.x

4.2.x

5.0.x

5.1.x

5.2.x

5.3.x

5.4.x

5.5.x

5.6.x

5.7.x

5.8.x

5.8.x_update-antora-ui-spring

6.0.x

6.1.x

6.2.x

6.2.x_update-antora-ui-spring

6.3.x

6.3.x_update-antora-ui-spring

6.4.x

6.5.x

7.0.x

dependabot/gradle/6.4.x/ch.qos.logback-logback-classic-1.5.26

dependabot/gradle/6.5.x/io.mockk-mockk-1.14.9

dependabot/gradle/main/io.spring.nullability-io.spring.nullability.gradle.plugin-0.0.11

dependabot/gradle/main/org.springframework.data-spring-data-bom-2025.1.0-SNAPSHOT

dependencies-typo-6.5.x

dependencies-typo-main

docs-build

finalize

gh-16886

gh-pages

kotlin22

main

wrapperbot/spring-security/gradle-wrapper-8.10

wrapperbot/spring-security/gradle-wrapper-8.10.1

wrapperbot/spring-security/gradle-wrapper-8.10.2

wrapperbot/spring-security/gradle-wrapper-8.11

wrapperbot/spring-security/gradle-wrapper-8.11.1

wrapperbot/spring-security/gradle-wrapper-8.12

wrapperbot/spring-security/gradle-wrapper-8.12.1

wrapperbot/spring-security/gradle-wrapper-8.13

wrapperbot/spring-security/gradle-wrapper-8.14

wrapperbot/spring-security/gradle-wrapper-8.9

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

2.0.0

2.0.0.M1

2.0.0.M2

2.0.0.RC1

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5.RELEASE

2.0.6.RELEASE

2.0.7.RELEASE

2.0.8.RELEASE

2.5.0.M1

3.0.0.M1

3.0.0.M2

3.0.0.RC1

3.0.0.RC2

3.0.0.RELEASE

3.0.1.RELEASE

3.0.2.RELEASE

3.0.3.RELEASE

3.0.4.RELEASE

3.0.5.RELEASE

3.0.6.RELEASE

3.0.7.RELEASE

3.0.8.RELEASE

3.1.0.M1

3.1.0.M2

3.1.0.RC1

3.1.0.RC2

3.1.0.RC3

3.1.0.RELEASE

3.1.1.RELEASE

3.1.2.RELEASE

3.1.3.RELEASE

3.1.4.RELEASE

3.1.5.RELEASE

3.1.6.RELEASE

3.1.7.RELEASE

3.2.0.M1

3.2.0.M2

3.2.0.RC1

3.2.0.RC2

3.2.0.RELEASE

3.2.1.RELEASE

3.2.10.RELEASE

3.2.2.RELEASE

3.2.3.RELEASE

3.2.4.RELEASE

3.2.5.RELEASE

3.2.6.RELEASE

3.2.7.RELEASE

3.2.8.RELEASE

3.2.9.RELEASE

4.0.0.M1

4.0.0.M2

4.0.0.RC1

4.0.0.RC2

4.0.0.RELEASE

4.0.1.RELEASE

4.0.2.RELEASE

4.0.3.RELEASE

4.0.4.RELEASE

4.1.0.RC1

4.1.0.RC2

4.1.0.RELEASE

4.1.1.RELEASE

4.1.2.RELEASE

4.1.3.RELEASE

4.1.4.RELEASE

4.1.5.RELEASE

4.2.0.M1

4.2.0.RC1

4.2.0.RELEASE

4.2.1.RELEASE

4.2.10.RELEASE

4.2.11.RELEASE

4.2.12.RELEASE

4.2.13.RELEASE

4.2.14.RELEASE

4.2.15.RELEASE

4.2.16.RELEASE

4.2.17.RELEASE

4.2.18.RELEASE

4.2.19.RELEASE

4.2.2.RELEASE

4.2.20.RELEASE

4.2.3.RELEASE

4.2.4.RELEASE

4.2.5.RELEASE

4.2.6.RELEASE

4.2.7.RELEASE

4.2.8.RELEASE

4.2.9.RELEASE

5.0.0.M1

5.0.0.M2

5.0.0.M3

5.0.0.M4

5.0.0.M5

5.0.0.RC1

5.0.0.RELEASE

5.0.1.RELEASE

5.0.10.RELEASE

5.0.11.RELEASE

5.0.12.RELEASE

5.0.13.RELEASE

5.0.14.RELEASE

5.0.15.RELEASE

5.0.16.RELEASE

5.0.17.RELEASE

5.0.18.RELEASE

5.0.19.RELEASE

5.0.2.RELEASE

5.0.3.RELEASE

5.0.4.RELEASE

5.0.5.RELEASE

5.0.6.RELEASE

5.0.7.RELEASE

5.0.8.RELEASE

5.0.9.RELEASE

5.1.0.M1

5.1.0.M2

5.1.0.RC1

5.1.0.RC2

5.1.0.RELEASE

5.1.1.RELEASE

5.1.10.RELEASE

5.1.11.RELEASE

5.1.12.RELEASE

5.1.13.RELEASE

5.1.2.RELEASE

5.1.3.RELEASE

5.1.4.RELEASE

5.1.5.RELEASE

5.1.6.RELEASE

5.1.7.RELEASE

5.1.8.RELEASE

5.1.9.RELEASE

5.2.0.M1

5.2.0.M2

5.2.0.M3

5.2.0.M4

5.2.0.RC1

5.2.0.RELEASE

5.2.1.RELEASE

5.2.10.RELEASE

5.2.11.RELEASE

5.2.12.RELEASE

5.2.13.RELEASE

5.2.14.RELEASE

5.2.15.RELEASE

5.2.2.RELEASE

5.2.3.RELEASE

5.2.4.RELEASE

5.2.5.RELEASE

5.2.6.RELEASE

5.2.7.RELEASE

5.2.8.RELEASE

5.2.9.RELEASE

5.3.0.M1

5.3.0.RC1

5.3.0.RELEASE

5.3.1.RELEASE

5.3.10.RELEASE

5.3.11.RELEASE

5.3.12.RELEASE

5.3.13.RELEASE

5.3.2.RELEASE

5.3.3.RELEASE

5.3.4.RELEASE

5.3.5.RELEASE

5.3.6.RELEASE

5.3.7.RELEASE

5.3.8.RELEASE

5.3.9.RELEASE

5.4.0

5.4.0-M1

5.4.0-M2

5.4.0-RC1

5.4.1

5.4.10

5.4.11

5.4.2

5.4.3

5.4.4

5.4.5

5.4.6

5.4.7

5.4.8

5.4.9

5.5.0

5.5.0-M1

5.5.0-M2

5.5.0-M3

5.5.0-RC1

5.5.0-RC2

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.5.8

5.6.0

5.6.0-M1

5.6.0-M2

5.6.0-M3

5.6.0-RC1

5.6.1

5.6.10

5.6.11

5.6.12

5.6.2

5.6.3

5.6.4

5.6.5

5.6.6

5.6.7

5.6.8

5.6.9

5.7.0

5.7.0-M1

5.7.0-M2

5.7.0-M3

5.7.0-RC1

5.7.1

5.7.10

5.7.11

5.7.12

5.7.13

5.7.14

5.7.2

5.7.3

5.7.4

5.7.5

5.7.6

5.7.7

5.7.8

5.7.9

5.8.0

5.8.0-M1

5.8.0-M2

5.8.0-M3

5.8.0-RC1

5.8.1

5.8.10

5.8.11

5.8.12

5.8.13

5.8.14

5.8.15

5.8.16

5.8.2

5.8.3

5.8.4

5.8.5

5.8.6

5.8.7

5.8.8

5.8.9

6.0.0

6.0.0-M1

6.0.0-M2

6.0.0-M3

6.0.0-M4

6.0.0-M5

6.0.0-M6

6.0.0-M7

6.0.0-RC1

6.0.0-RC2

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.1.0

6.1.0-M1

6.1.0-M2

6.1.0-RC1

6.1.1

6.1.2

6.1.3

6.1.4

6.1.5

6.1.6

6.1.7

6.1.8

6.1.9

6.2.0

6.2.0-M1

6.2.0-M2

6.2.0-M3

6.2.0-RC1

6.2.0-RC2

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

6.3.0

6.3.0-M1

6.3.0-M2

6.3.0-M3

6.3.0-RC1

6.3.1

6.3.10

6.3.2

6.3.3

6.3.4

6.3.5

6.3.6

6.3.7

6.3.8

6.3.9

6.4.0

6.4.0-M1

6.4.0-M2

6.4.0-M3

6.4.0-M4

6.4.0-RC1

6.4.1

6.4.10

6.4.11

6.4.12

6.4.13

6.4.2

6.4.3

6.4.4

6.4.5

6.4.6

6.4.7

6.4.8

6.4.9

6.5.0

6.5.0-M1

6.5.0-M2

6.5.0-M3

6.5.0-RC1

6.5.1

6.5.2

6.5.3

6.5.4

6.5.5

6.5.6

6.5.7

7.0.0

7.0.0-M1

7.0.0-M2

7.0.0-M3

7.0.0-RC1

7.0.0-RC2

7.0.0-RC3

7.0.1

7.0.2

7.1.0-M1

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from 'ec7b9703a6'

${ noResults }

Commit Graph

2030 Commits (ec7b9703a69e90409da89ec2bf449a45fdd09fb1)

Author	SHA1	Message	Date
Luke Taylor	ec7b9703a6	Expand message on incorrect Spring version to suggest checking the classpath for unwanted jars.	15 years ago
Luke Taylor	fc75b69ab8	SEC-1607: Report correct version for Spring Security (not Spring version).	15 years ago
Luke Taylor	3cfe23f60d	Update versions to 3.0.5.CI-SNAPSHOT	15 years ago
Luke Taylor	82d140ffb1	Version 3.0.4.RELEASE	15 years ago
Luke Taylor	1563491322	SEC-1600: Added Implementation-Version and Implementation-Title to manifest templates and checking of version numbers in namespace config module and core. Config checks the version of core it is running against and core checks the Spring version, reporting any mismatches or situations where the app is running with less than the recommended Spring version.	15 years ago
Luke Taylor	c458311d2d	SEC-1548: Added extra logging to Dao-authentication classes to clarify reasons for authentication failure (missing user vs wrong password etc.).	15 years ago
Luke Taylor	d6f408e8bf	SEC-1583: Added hasAuthority and hasAnyAuthority imlementations to SecurityExpressionRoot.	15 years ago
Rob Winch	443231d1e8	SEC-1578: Use ThreadLocal.remove() instead of ThreadLocal.set(null)	16 years ago
Luke Taylor	a1b124def5	SEC-1532: Add cache of previously matched beans to ProtectPointcutPostProcessor to ensure that it doesn't perform pointcut matching every time a new prototype bean is created.	16 years ago
Luke Taylor	845c50a1c3	SEC-1507: Applied patch to return empty authority list rather than null from RoleHierarchyImpl.	16 years ago
Luke Taylor	25d222208d	Switch version to 3.0.4-CI-SNAPSHOT.	16 years ago
Luke Taylor	9b0c21dfef	3.0.3 release. Update version in build files.	16 years ago
Luke Taylor	02c1f02f2a	SEC-1493: Fix broken tests in 3.0.x branch	16 years ago
Luke Taylor	21a664b2eb	Deprecation warning suppression for UserMap.	16 years ago
Luke Taylor	73b62497a3	SEC-1493: Added CredentialsContainer interface and implemented it in User, AbstractAuthenticationToken and UsernamePasswordAuthenticationToken. ProviderManager makes use of this to erase the credentials of the returned Authentication object (and its contents) if configured to do so by setting the 'eraseCredentialsAfterAuthentication' property.	16 years ago
Luke Taylor	8737fe3acb	SEC-1495: Convert User class equals and hashcode methods to only use the "username" property. ... This prevents situations where other data may have changed when a User object is reloaded (during a subsequent authentication attempt, in which case and Set.contains()/Map.containsKey() will return false even though the collection in question contains a principal representing the same user.	16 years ago
Luke Taylor	27faad3402	SEC-1488: Remove commons-logging dependencies from maven poms and use slf4j in all samples.	16 years ago
Luke Taylor	aaa7bd90b2	SEC-1481: Updated constructors of Authentication types to use a generic wildcard for authorities collection.	16 years ago
Luke Taylor	295e0ded18	SEC-1483: Change User constructor to use a generic wildcard for authorities collection.	16 years ago
Luke Taylor	8c605516b3	SEC-1463: Change namespace user-service parser to store username in lower-case when building map for in-memory UserDetailsService. Lookups are supposed to be case-insensitive with this class.	16 years ago
Luke Taylor	eda60b72b1	SEC-1448: Fixed failure to resolve generic method argument names in MethodSecurityEvaluationContext. ... Changed to use AopUtils.getMostSpecificMethod() when obtaining the method on which the parameter resolution should be performed. Also added better error handling and log warning when parameter names cannot be resolved. The exception will then be a SpEL one, rather than a NPE.	16 years ago
Luke Taylor	4c8e9e2d7e	SEC-1450: Replace use of ClassUtils.getMostSpecificMethod() in AbstractFallbackMethodDefinitionSource with AopUtils.getMostSpecificMethod() equivalent. ... Ensures protect-pointcut expressions match methods with generic parameters.	16 years ago
Luke Taylor	e518adbef1	SEC-1443: Modify Jsr250Voter to handle multiple "RolesAllowed" roles. ... It now votes to abstain if there are no Jsr250 attributes present. If any are found, it will either deny or grant access. For multiple "RoleAllowed" attributes, access will be granted if any user authority matches or denied if no match is found.	16 years ago
Luke Taylor	91153df78d	SEC-1262: Added new (replacement) AspectJ interceptor which wraps the JoinPoint in a MethodInvocation adapter to provide compatibility with classes which only support MethodInvocation instances. ... Also deprecated the existing AspectJ interceptors. This will also allow future simplification of the AbstractMethodSecurityMetadataSource, as it no longer needs to support JoinPoints.	16 years ago
Luke Taylor	1b0ac9c785	Porting of gradle changes from master.	16 years ago
Luke Taylor	87cf27ab7c	SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect.	16 years ago
Luke Taylor	bc6aae132b	SEC-1420: Add htmlEscape attribute to authentication JSP tag. ... This allows HTML escaping to be disabled if required.	16 years ago
Luke Taylor	9831980bc2	Update versions to 3.0.3.CI-SNAPSHOT.	16 years ago
Luke Taylor	44f45d21f0	3.0.2 release. Update version in build files.	16 years ago
Luke Taylor	d2b2ca3bc6	SEC-1387: Use a transient object as the advice monitor, rather than a Serializable. ... No need for an anonymous inner class.	16 years ago
Luke Taylor	10dc72b017	SEC-1387: Support serialization of security advised beans. ... MethodSecurityMetadataSourceAdvisor now takes the SecurityMetadataSource bean name as an extra constructor argument and re-obtains the bean from the BeanFactory in its readObject method. Beans that are advised using <global-method-security> should therefore now be serializable.	16 years ago
Luke Taylor	dbee91002e	Deprecate EncryptionUtils.	16 years ago
Luke Taylor	c12c43da9e	Javadoc fixes.	16 years ago
Luke Taylor	36612377e2	Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents.	16 years ago
Luke Taylor	67c9a0b78d	SEC-1389: Added "iterations" property to BaseDigestpasswordEncoder to support "stretching" of passwords.	16 years ago
Luke Taylor	bd2fd3448b	SEC-1392: Mark PermissionEvaluator and MethodSecurityExpressionHandler as AopInfrastructure beans to prevent them being advised and causing premature use of MethodSecurityMetadataSource before it is initialized properly.	16 years ago
Luke Taylor	10d787ede2	Javadoc corrections to SessionRegistryImpl	16 years ago
Luke Taylor	d931495c8a	SEC-1380: Trim whitespace from config attributes when building a list in SecurityConfig.	16 years ago
Luke Taylor	1a7f71fc0f	SEC-1372: Return an empty list rather than null from SessionRegistryImpl.getAllSessions() ... If the principal has no sessions, null is returned which contradicts the interface contract. In practice it didn't matter as the null was checked for, but it is cleaner to disallow a null value.	16 years ago
Luke Taylor	51dfc0fb39	Set versions to 3.0.2-CI-SNAPSHOT, post release.	16 years ago
Luke Taylor	05634f97dc	Updated version numbers for 3.0.1 release.	16 years ago
Luke Taylor	0f90e69004	SEC-1362: Updated French messages translation.	16 years ago
Luke Taylor	b323098167	Added gradle build files for taglibs, tutorial, contacts and openid. ... Changed build file names to match module names (by manipulating the project objects in the settings.gradle file).	16 years ago
Luke Taylor	052537c8b0	Removing $Id$ markers and stripping trailing whitespace from the codebase.	16 years ago
Luke Taylor	93973a4b75	SEC-1304: Removed compareTo method from GrantedAuthorityImpl ... This method had been left by mistake when the Comparable interface was removed. See also SEC-1347.	16 years ago
Luke Taylor	80aacf447f	Refactored JaasAuthenticationProvider ... The toUrl() method on File gives a deprecation warning with Java 6, so I reimplemented the logic for building the Jaas config URL.	16 years ago
Luke Taylor	893f212fa5	Tidying	16 years ago
Luke Taylor	bcb1ff8921	SEC-1342: Introduced extra factory method in SecurityConfig to get round problem with Spring converting a string with commas to an array	16 years ago
Luke Taylor	115d5b84ff	[maven-release-plugin] prepare for next development iteration	16 years ago
Luke Taylor	6c6ef08353	[maven-release-plugin] prepare release spring-security-3.0.0.RELEASE	16 years ago