f5d36aef65
SEC-1350: Improved Javadoc for AbstractPreAuthenticatedProcessingFilter
...
Added clarification that the credentials returned
by the subclass should not be null or they will
typically be rejected by the provider. Also added
some general overview.
16 years ago
c6b8fe5e55
SEC-1346: Added missing 'return' statements after redirects.
...
ConcurrentSessionFilter and SessionManagementFilter now return immediately after redirecting to the expired URL and invalid session URLs respectively. Extra tests added to check.
16 years ago
893f212fa5
Tidying
16 years ago
3418aab46e
SEC-1327: Javadoc additions to clarify some behaviour
16 years ago
97a31cae04
SEC-1333: Added error message for invalid redirect URL assertion
16 years ago
aeed49393c
Switching StringBuffer to StringBuilder throughout the codebase (APIs permitting).
16 years ago
76731254c0
SEC-1328: Fixed issue with redirect to context relative URLs where the context name is part of the domain name.
16 years ago
06e092d46a
Midor Javadoc correction.
16 years ago
6805761d85
Extra test to confirm http-method specific matching behaviour.
16 years ago
cad32ffe39
SEC-1325: Tighten up Authentication interface contract to disallow null authorities. Modified internals of AbstractAuthenticationToken to use an empty list instead of null. Clarified Javadoc. removed unnecessary null checks in classes which use the interface.
16 years ago
075e7a15ad
Corrected package name in Javadoc.
16 years ago
444d93b13f
SEC-1316: Remove 'removeAfterRequest' property from AnonymousAuthenticationFilter
16 years ago
b27d7afd24
SEC-1315: Modify HttpSessionSecurityContextRepository to check for anonymous token before creating a session. Moved the anonymity check to be before the session creation.
16 years ago
aee6b8f3f9
SEC-1314: Deprecate cloneFromHttpSession and securityContextClass in HttpSessionSecurityContextRepository. Both deprecated.
16 years ago
69699431b1
SEC-1303: Added internal Hex and Base64 classes, and moved commons-codec dependency to test scope
16 years ago
4d8956a227
SEC-1288: Changed claimedIdentityFieldName in OpenIDAuthenticationFilter to "openid_identifier", as recommended by the 2.0 spec.
16 years ago
d84542cf88
SEC-1285: minor vulnerability in BasicProcessingFilter. Changed logging of Basic authentication information.
16 years ago
617e517e5e
SEC-1280: NullPointerException in PersistentTokenBasedRememberMeServices when logging out twice. Added check for null authentication in logout method.
17 years ago
930c1b6b53
Coverted to Junit 4 test.
17 years ago
11e476c486
Added issue numbers in comment.
17 years ago
d4d45e1311
Make getHeader() methods check case-insensitive matching on header name.
17 years ago
7282eed197
Import cleaning.
17 years ago
799b96520b
SEC-1269: Combining <form-login> and <open-id> fails to find entry point. Fixed entry point choice conditions when using openID and/or form-login
17 years ago
881632cc08
SEC-1250: Removed duplicate property.
17 years ago
0da99171da
SEC-1250: RequestHeaderPreAuthenticatedProcessingFilter cannot be use to fail back to another authentication type. Added exceptionIfHeaderMissing property.
17 years ago
3f72983a1e
SEC-1257: Some additional API changes to use Collection instead of List...
17 years ago
1286741c7c
SEC-1259: Improve consistency of authentication filter names.
17 years ago
f213cc5d9e
SEC-1257: APIs using List<ConfigAttribute> should use a Collection instead. Converted.
17 years ago
caff3ee9ba
SEC-1231: Authentication.getAuthorities should be of type Collection<GrantedAuthority> and not List<GrantedAuthority>. Refactored the interface and related classes to match (UserDetails etc).
17 years ago
07d7c0ddae
Renamed form and openID filters to shorten names
17 years ago
1042305cfe
Renamed web.wrapper to web.servletapi. Added some package.html files.
17 years ago
673cf300fb
SEC-1229: Refactoring to remove package cycles.
17 years ago
acf13c74ca
SEC-1229: Refactored authentication.concurrent in core, moving classes into core.session
17 years ago
2b89ebdfbb
SEC-1229: Further doc and mods to namespace config/naming to make it more consistent
17 years ago
073198886d
SEC-1255: Modified UrlUtils. Full request URL for redirects uses the requestURI (which is encoded). The URL for path comparsions is built using the servletpath, as before.
17 years ago
abba569282
Tidying.
17 years ago
1ead8472d1
SEC-1229: Added failure handler to the SessionManagementFilter to deal with concurrent login errors.
17 years ago
bf39a5bb36
Added extra logging.
17 years ago
731402e9f5
SEC-525: [PATCH] Add AccessCheckerTag based on URL resource access permissions. Added functionality to "authorize" tag to allow evaluation of whether a particual url is accessible to the user. Uses a WebInvocationPrivilegeEvaluator registered in the application context.
17 years ago
1c4a809e09
SEC-1245: Add role hierarchy support to expression handlers. Done.
17 years ago
e7486fc203
Removed Ordered interface from Http403EntryPoint (unused).
17 years ago
40cf50fc98
SEC-1148: Javadoc.
17 years ago
ff78ec00f7
SEC-1226: Additional Javadoc.
17 years ago
23c8f479b8
SEC-1226: Renamed useRelativeContext to contextRelative to match corresponding flag name in Spring Framework.
17 years ago
593d2e227a
SEC-1226: Renamed useRelativeContext to contextRelative to match corresponding flag name in Spring Framework.
17 years ago
9c7423599e
SEC-1167: Extended SavedRequest interface to allow it to be used by wrapper. Removed null checks in wrapper, as the SavedRequest cannot now be null.
17 years ago
4064b7b4f6
SEC-1167: Introduce more flexible SavedRequest handling. Introduced interface for SavedRequest.
17 years ago
acd10dd716
SEC-1243: Make determineTargetUrl protected.
17 years ago
ac4e7bbadb
SEC-1241: Make sure saved request is removed after a match.
17 years ago
f518da9d8b
SEC-1236: Using HTTP Method-specific intercept-urls causes patterns with no method to be ignored. Fixed by also checking null key in map if no method-specific attributes are found.
17 years ago
Luke Taylor