spring-security

Author	SHA1	Message	Date
Luke Taylor	ee74c4ced2	SEC-1803: Add check in AbstractAuthenticationTargetUrlRequestHandler for null targetUrlParameter before attempting to read it from the request. Prevents NPE when targetUrlParameter is not set.	15 years ago
Luke Taylor	3dc4158f7d	Set version to 3.0.7.CI-SNAPSHOT	15 years ago
Luke Taylor	62f70f17ff	Set project release version to 3.0.6.RELEASE	15 years ago
Luke Taylor	a087e828a6	SEC-1790: Disable use of spring-security-redirect by default for SimpleUrlLogoutSuccesshandler.	15 years ago
Luke Taylor	5238ba0e26	SEC-1790: Reject redirect locations containing CR or LF.	15 years ago
Luke Taylor	ca2af8bc59	SEC-1770: Call refreshLastRequest on the session registry rather than the SessionInformation object to make sure it works with alternative SessionRegistry implementations.	15 years ago
Rob Winch	f359bed596	SEC-1777: Corrected log in HttpSessionSecurityContextRepository to reference itself instead of HttpSessionContextIntegrationFilter	15 years ago
Luke Taylor	73b67da3a8	SEC-1762: Fix input value assertion check for targetUrlParameter.	15 years ago
Luke Taylor	977da0da1f	SEC-1733: Support explicit zero netmask correctly.	15 years ago
Luke Taylor	1833b234a5	SEC-1722: Correct javadoc	15 years ago
Luke Taylor	b87dabe1ac	SEC-1683: Corrected typo	15 years ago
Rob Winch	1b6587a5d4	SEC-1666: Use constant time comparison for sensitive data. Constant time comparison helps to mitigate timing attacks. See the following link for more information * http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/ * http://en.wikipedia.org/wiki/Timing_attack for more information.	15 years ago
Rob Winch	b3943ac268	SEC-1545: Removed unused i18n keys, changed keys to follow naming conventions, found missing keys based upon old keys, sorted keys, any unknown keys are entered as a comment with the English value. NOTE: The Groovy code that automated most of this is attached to SEC-1545 A mapping of Missing Key to the file that the key is found are as follows: ----------../core/src/main/resources/org/springframework/security/messages_cs_CZ.properties---------- JdbcDaoImpl.noAuthority=[../core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java] JdbcDaoImpl.notFound=[../core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java] PersistentTokenBasedRememberMeServices.cookieStolen=[../web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java] ----------../core/src/main/resources/org/springframework/security/messages_de.properties---------- JdbcDaoImpl.noAuthority=[../core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java] JdbcDaoImpl.notFound=[../core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java] PersistentTokenBasedRememberMeServices.cookieStolen=[../web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java] ----------../core/src/main/resources/org/springframework/security/messages_it.properties---------- JdbcDaoImpl.noAuthority=[../core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java] JdbcDaoImpl.notFound=[../core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java] PersistentTokenBasedRememberMeServices.cookieStolen=[../web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java] ----------../core/src/main/resources/org/springframework/security/messages_ko_KR.properties---------- PersistentTokenBasedRememberMeServices.cookieStolen=[../web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java] ----------../core/src/main/resources/org/springframework/security/messages_pl.properties---------- PersistentTokenBasedRememberMeServices.cookieStolen=[../web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java] ----------../core/src/main/resources/org/springframework/security/messages_pt_BR.properties---------- PersistentTokenBasedRememberMeServices.cookieStolen=[../web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java] ----------../core/src/main/resources/org/springframework/security/messages_pt_PT.properties---------- PersistentTokenBasedRememberMeServices.cookieStolen=[../web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java] ----------../core/src/main/resources/org/springframework/security/messages_uk_UA.properties---------- PersistentTokenBasedRememberMeServices.cookieStolen=[../web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java] ----------../core/src/main/resources/org/springframework/security/messages_zh_CN.properties---------- PersistentTokenBasedRememberMeServices.cookieStolen=[../web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java] How unknown keys were gussed by existing keys ----------../core/src/main/resources/org/springframework/security/messages_cs_CZ.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using SwitchUserProcessingFilter.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using AbstractUserDetailsAuthenticationProvider.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using SwitchUserProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication ----------../core/src/main/resources/org/springframework/security/messages_de.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using SwitchUserProcessingFilter.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using AbstractUserDetailsAuthenticationProvider.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using SwitchUserProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication ----------../core/src/main/resources/org/springframework/security/messages_es_ES.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using UserDetailsService.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using UserDetailsService.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using DigestProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication ----------../core/src/main/resources/org/springframework/security/messages_fr.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using UserDetailsService.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using UserDetailsService.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using DigestProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication ----------../core/src/main/resources/org/springframework/security/messages_it.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using SwitchUserProcessingFilter.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using AbstractUserDetailsAuthenticationProvider.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using DigestProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication ----------../core/src/main/resources/org/springframework/security/messages_ko_KR.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using UserDetailsService.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using UserDetailsService.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using DigestProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication ----------../core/src/main/resources/org/springframework/security/messages_pl.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using UserDetailsService.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using UserDetailsService.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using DigestProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication ----------../core/src/main/resources/org/springframework/security/messages_pt_BR.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using UserDetailsService.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using UserDetailsService.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using DigestProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication ----------../core/src/main/resources/org/springframework/security/messages_pt_PT.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using UserDetailsService.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using UserDetailsService.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using DigestProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication ----------../core/src/main/resources/org/springframework/security/messages_uk_UA.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using UserDetailsService.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using UserDetailsService.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using DigestProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication ----------../core/src/main/resources/org/springframework/security/messages_zh_CN.properties---------- AccountStatusUserDetailsChecker.credentialsExpired was guessed using UserDetailsService.credentialsExpired AccountStatusUserDetailsChecker.disabled was guessed using UserDetailsService.disabled AccountStatusUserDetailsChecker.expired was guessed using SwitchUserProcessingFilter.expired AccountStatusUserDetailsChecker.locked was guessed using AbstractUserDetailsAuthenticationProvider.locked AclEntryAfterInvocationProvider.noPermission was guessed using BasicAclEntryAfterInvocationProvider.noPermission BindAuthenticator.emptyPassword was guessed using LdapAuthenticationProvider.emptyPassword ConcurrentSessionControlStrategy.exceededAllowed was guessed using ConcurrentSessionControllerImpl.exceededAllowed DigestAuthenticationFilter.incorrectRealm was guessed using DigestProcessingFilter.incorrectRealm DigestAuthenticationFilter.incorrectResponse was guessed using DigestProcessingFilter.incorrectResponse DigestAuthenticationFilter.missingAuth was guessed using DigestProcessingFilter.missingAuth DigestAuthenticationFilter.missingMandatory was guessed using DigestProcessingFilter.missingMandatory DigestAuthenticationFilter.nonceCompromised was guessed using DigestProcessingFilter.nonceCompromised DigestAuthenticationFilter.nonceEncoding was guessed using DigestProcessingFilter.nonceEncoding DigestAuthenticationFilter.nonceExpired was guessed using DigestProcessingFilter.nonceExpired DigestAuthenticationFilter.nonceNotNumeric was guessed using DigestProcessingFilter.nonceNotNumeric DigestAuthenticationFilter.nonceNotTwoTokens was guessed using DigestProcessingFilter.nonceNotTwoTokens DigestAuthenticationFilter.usernameNotFound was guessed using DigestProcessingFilter.usernameNotFound LdapAuthenticationProvider.badCredentials was guessed using PasswordComparisonAuthenticator.badCredentials LdapAuthenticationProvider.onlySupports was guessed using AbstractUserDetailsAuthenticationProvider.onlySupports SubjectDnX509PrincipalExtractor.noMatching was guessed using DaoX509AuthoritiesPopulator.noMatching SwitchUserFilter.noCurrentUser was guessed using SwitchUserProcessingFilter.noCurrentUser SwitchUserFilter.noOriginalAuthentication was guessed using SwitchUserProcessingFilter.noOriginalAuthentication	15 years ago
Luke Taylor	537d8f108a	SEC-1654: Correct debug output in DigestAuthenticationFilter.	15 years ago
Rob Winch	4dea140331	SEC-1639: FirewalledRequest is now called on the specific FirewalledRequest instance rather that looping through ServletRequestWrappers. VirtualFilterChain now accepts the FirewalledRequest in the constructor. The reset method is called directly on the instance passed in instead of looping through the ServletRequestWrappers. Conflicts: web/src/main/java/org/springframework/security/web/FilterChainProxy.java web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java	15 years ago
Luke Taylor	bb3a973fcb	SEC-1636: Add optimizations for universal match cases in AntUrlPathMatcher (using "/" and "" equality checks on the path).	15 years ago
Luke Taylor	d53db3ba13	Update version to 3.0.6.CI-SNAPSHOT.	15 years ago
Luke Taylor	90304f64c6	Update version for 3.0.5 release	15 years ago
Luke Taylor	e80853b698	SEC-1412: DefaultSavedRequest should ignore "If-Modified-Since" headers to prevent re-displaying the login form (the cached result of the original request).	15 years ago
Luke Taylor	82d105cbc3	SEC-1587: Add explicit call to removeAttribute() to remove the context from the session if the current context is empty or anonymous. Allows for the situation where a user is logged out without invalidating the session.	15 years ago
Luke Taylor	e88f47a96a	SEC-1561: Add check on whether the security context attribute is set in the current session to make sure it is stored when a new session has been created during the request.	15 years ago
Rob Winch	0bdc9c176b	SEC-1606: Added a FirewalledRequestAwareRequestDispatcher that will call FirewalledRequest.reset() before a forward	15 years ago
Luke Taylor	71b2af31ee	SEC-1608: Make sure FirewalledRequest.reset() is called when filter="none"	15 years ago
Luke Taylor	3cfe23f60d	Update versions to 3.0.5.CI-SNAPSHOT	15 years ago
Luke Taylor	82d140ffb1	Version 3.0.4.RELEASE	15 years ago
Luke Taylor	1563491322	SEC-1600: Added Implementation-Version and Implementation-Title to manifest templates and checking of version numbers in namespace config module and core. Config checks the version of core it is running against and core checks the Spring version, reporting any mismatches or situations where the app is running with less than the recommended Spring version.	15 years ago
Luke Taylor	b688bb69ee	SEC-1543: Change IpAddressMatcher to return false when comparing an Inet6Address with an Inet4Address rather than raising an exception.	15 years ago
Luke Taylor	8e68fa1334	SEC-1584: Added namespace support for injecting custom HttpFirewall instance into FilterChainProxy.	15 years ago
Luke Taylor	ed9411c660	SEC-1584: Addition of HttpFirewall strategy to FilterChainProxy to reject un-normalized requests and wrap the incoming request object before processing by the security filter chain to provide a more consistent representation of paths than is guaranteed by the servlet spec. The wrapper strips path parameters from pathInfo and servletPath to provide consistency of URL matching across servlet containers and protect against bypassing security constraints by the malicious addition of such parameters to the URL. The paths are canonicalized further by replacing of multiple sequences of "/" characters with a single "/".	15 years ago
Luke Taylor	25d222208d	Switch version to 3.0.4-CI-SNAPSHOT.	16 years ago
Luke Taylor	9b0c21dfef	3.0.3 release. Update version in build files.	16 years ago
Luke Taylor	1872d94aa1	Porting gradle changes from master	16 years ago
Luke Taylor	80ccd2b285	SEC-1501: Fix bean classname in Javadoc for SwitchUserFilter.	16 years ago
Luke Taylor	21a664b2eb	Deprecation warning suppression for UserMap.	16 years ago
Luke Taylor	09aba3906c	SEC-1496: Added support for use of any non-standard URL schemes in DefaultRedirectStrategy.	16 years ago
Luke Taylor	57cfff6f5c	SEC-1500: Convert AbstractRetryEntryPoint to use requestURI to correctly encode URLs.	16 years ago
Luke Taylor	aaa7bd90b2	SEC-1481: Updated constructors of Authentication types to use a generic wildcard for authorities collection.	16 years ago
Luke Taylor	6d6c2d31ef	SEC-1462: Only apply session fixation protection strategy if request.isRequestedSessionIdValid() returns true. We don't need to create a new session if the current one already has a different Id from the client.	16 years ago
Luke Taylor	0760bb947b	SEC-1458: Remove logger field in HttpSessionEventPublisher in favour of direct lookup. Prevents early initialization of logging system when listener is initialized.	16 years ago
Luke Taylor	b8e50c0933	SEC-1439: Make getters and setters public on HttpRequestResponseHolder. Necessary to allow use of custom SecurityContextRepository.(cherry picked from commit d5df53f1dbfcbe274656cce4e7a2e064f8db1597)	16 years ago
Luke Taylor	677576ea8b	SEC-1429: Fix test. Wasn't setting allowSessionCreation=false on failure handler.	16 years ago
Luke Taylor	1b0ac9c785	Porting of gradle changes from master.	16 years ago
Luke Taylor	5a5b62e2cb	SEC-1429: Removed cached authentication from session after successful authentication.(cherry picked from commit 43f0e111067dec72f2a496ad7d9df9fc10de43dc)	16 years ago
Luke Taylor	6ac8588144	Fix to Javadoc for AbstractAuthenticationProcessingFilter.(cherry picked from commit a3263753d93bba781471135448c4de5564fe464a)	16 years ago
Luke Taylor	5690f1c581	SEC-1428: Check if response has been committed before redirecting to target URL in AbstractAuthenticationTargetUrlRequestHandler.	16 years ago
Luke Taylor	87cf27ab7c	SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect.	16 years ago
Luke Taylor	a7e21318bf	SEC-1425: Replace use of Java 1.6 String.isEmpty().	16 years ago
Luke Taylor	b46ae6ac62	SEC-1425: Add check for empty cookie in AbstractRememberMeServices. Prevents ArrayOutOfBoundsException later when processing the tokeniszed cookie.	16 years ago
Luke Taylor	9831980bc2	Update versions to 3.0.3.CI-SNAPSHOT.	16 years ago
Luke Taylor	44f45d21f0	3.0.2 release. Update version in build files.	16 years ago

1 2 3 4 5

219 Commits (ee74c4ced201eb320bce76f0de2017123ced70ce)