5af53da106
Improved doc for'filters' attribute
18 years ago
2329dadf48
Removed jalopy parameter comments
18 years ago
f269373442
IDE-791: Remove explicit Spring LDAP class dependencies from LdapServerBDP.
18 years ago
8b2c0468ff
OPEN - issue SEC-834: Session fixation attack protection will cause problems with URL rewriting
...
http://jira.springframework.org/browse/SEC-834 . Modified HttpSecurityBDP to add session-fixation parameters to openId and form-login filters. Also added sessionRegistry property to AbstractProcessingFilter so that it doesn't conflict with concurrent session control.
18 years ago
d17a2da9e0
SEC-834: Session fixation attack protection will cause problems with URL rewriting
...
http://jira.springframework.org/browse/SEC-834 . Changed position of SessionFixationProtectionFilter and modified it to make a decision about whether authentication has taken place prior to calling doFilter(). Previously it did this on the return through the filter chain, which caused the problem described in this issue.
18 years ago
7f38c656ca
SEC-820: Expand regular expression used in hierarchical roles.
18 years ago
6493df13f8
SEC-803: Removed use of websphere SubjectHelper class.
18 years ago
59543af4fb
SEC-826: Support for JPA PersistenceContext annotation broken
...
http://jira.springframework.org/browse/SEC-826 Moved all injection post-processing to BeanPostProcessors (and deleted bean factory post-processor) to prevent early instantiation problems. Beas should now all be instantiated before the injection takes place.
18 years ago
1fee538c7e
Fixed typo in setter method (uses of).
18 years ago
ae2470127c
Fixed typo in setter method "seAttributePrefix"
18 years ago
e1b226ee57
Added 2.0.2 namespace file
18 years ago
add2649397
Javadoc typo.
18 years ago
781d88bd30
OPEN - issue SEC-825: Query string isn't beig stripped from URLs when ant matcher is in use (regression issue)
...
http://jira.springframework.org/browse/SEC-825 . Make sure the property is set on DefaultFilterInvocationDefinitionSource when ant paths are in use.
18 years ago
883b92e7bd
SEC-822: Converted to long arithmetic to prevent integer overflowing with long token validity periods
18 years ago
301d021bf5
SEC-817: NPE in org.springframework.security.config.FilterChainProxyPostProcessor
...
Reversed order of beanName.equals() call as suggested.
18 years ago
8ad2d681ab
SEC-818: Changed redirect URL validation to ignore potential property placeholders at parsing time and report a warning through the parser context rather than an error. Also validated the URLs in the beans themselves using Asserts, so an exception will occur later when the beans have been created rather than while assembling the bean definitions.
18 years ago
afc757e618
Removed reference to LdapDataAccessException since it isn't actually mentioned except in javadoc
18 years ago
c333070fe3
Javadoc tidying
18 years ago
fca3a2a709
SEC-812: Added missing TextUtils file
18 years ago
fa44c74993
SEC-812: Added entity-escaping of username stored under last username key, to prevent problems if it is rendered in a page without escaping the text.
18 years ago
06719053f1
Removed commons lang dependency.
18 years ago
9961c7f867
Moved to correct build location.
18 years ago
7a2e1e13d3
SEC-811: Provide a mechanism to allocate and rebuild cryptographically strong, randomised tokens.
18 years ago
4984d4be65
OPEN - issue SEC-757: Add validation of redirect URLs on namespace
...
http://jira.springframework.org/browse/SEC-757 . Added validation method to ConfigUtils and calls to it for url attributes.
18 years ago
81ebd094ff
OPEN - issue SEC-808: Switch namespace schema version to 2.0.1 and update spring.schemas
...
http://jira.springframework.org/browse/SEC-808 . Replaced 2.0 text with that from the 2.0 release, rather than the website schema.
18 years ago
473f6a32c6
OPEN - issue SEC-808: Switch namespace schema version to 2.0.1 and update spring.schemas
...
http://jira.springframework.org/browse/SEC-808 . Created new 2.0.1 schema files and updated tests to use them.
18 years ago
8281aeb0da
SEC-807: Allow mapping to a standard Ldap UserDetails through the namespace
...
http://jira.springframework.org/browse/SEC-807 . Added extra test for Ldap provider parser.
18 years ago
e4b32b8d29
OPEN - issue SEC-807: Allow mapping to a standard Ldap UserDetails through the namespace
...
http://jira.springframework.org/browse/SEC-807 . Added support for user-details-class attribute to ldap-authentication-provider and ldap-user-service.
18 years ago
104716fedb
SEC-805: Add extra fields to InetOrgPerson
...
http://jira.springframework.org/browse/SEC-805 . Added a substantial number of new fields to the class.
18 years ago
ef112f7967
Fixed autoboxing problem.
18 years ago
341455cde4
SEC-799: Import cleaning following other changes.
18 years ago
2d692718e0
SEC-799: Add better detection of missing server-ref element for <ldap-user-service> and <ldap-authentication-provider />
...
http://jira.springframework.org/browse/SEC-799 . Updated ContextSourceSettingPostProcessor to set the standard ContextSource as an alias if it is needed by a bean but has not been set (because the user specified their own server id on <ldap-server />).
18 years ago
270fa92780
Improved Javadoc comment
18 years ago
d3a0f05de9
SEC-783: GlobalMethodSecurityBeanDefinitionParser should support AfterInvocationProviders
...
http://jira.springframework.org/browse/SEC-783 . Added support for custom-after-invocation-provider
18 years ago
348d211b8c
SEC-797: Minor javadoc correction.
18 years ago
d1e23b3d2c
SEC-783: Added custom-after-invocation-provider element to namespace.
18 years ago
1090072fff
SEC-795: Add check for protected login page when using namespace
...
http://jira.springframework.org/browse/SEC-795 . I've added checks for the various scenarios which will result in a protected login page and suitable warning messages.
18 years ago
5d51b35cfa
SEC-792: Filters should only be added to the default stack if they are labelled using custom-filter.
...
http://jira.springframework.org/browse/SEC-792 . Updated FilterChainProxyPostProcessor to raise an exception if two filters have the same order, and also to unwrap wrapped filters once the sorting by order has been performed.
18 years ago
38774ec94f
SEC-792: Filters should only be added to the default stack if they are labelled using custom-filter.
...
http://jira.springframework.org/browse/SEC-792 . The filters are now maintained as a list in the context and have to be stored there explicitly on registration.
18 years ago
01185475a1
OPEN - issue SEC-793: ldap-authentication-provider element parser ignores hash attribute.
...
http://jira.springframework.org/browse/SEC-793 . Added support for hash attribute. password-encoder still takes precendence with a warning if both are present.
18 years ago
7e63fe7357
SEC-790: DefaultLoginPageGeneratingFilter should be a better HTTP citizen
...
http://jira.springframework.org/browse/SEC-790 . Applied submitted patch.
18 years ago
8ea7487ec3
Removed unused method.
18 years ago
ec81e780b2
Import cleaning.
18 years ago
599d9fea04
Minor improvements to toString() methods for logging.
18 years ago
b2e9e82727
Fixed typo in message.
18 years ago
63decfeb93
SEC-761: HttpSessionContextIntegrationFilter.contextObject should be created in afterPropertiesSet(), not the constructor
...
http://jira.springframework.org/browse/SEC-761 . Added call to generateNewContext() in the afterPropertiesSet() method to take account of custom security context classes.
18 years ago
1ae167434a
SEC-756: Add checks for duplicate use of namespace elements such as global-method-security
...
http://jira.springframework.org/browse/SEC-756 . Refactored HttpSecurityBDP and added check for duplicate usage of the element.
18 years ago
083644f2fe
SEC-756: Refactored GlobalMethodSecurityDefinitionParser and added check for duplicate registration.
18 years ago
1258fa854e
SEC-788: x509 authentication does not work properly
...
http://jira.springframework.org/browse/SEC-788 . Added check for X509 element when choosing entry point, if nothing else is available.
18 years ago
e12b6afefa
SEC-776: Http Session created for Anonymous request
...
http://jira.springframework.org/browse/SEC-776 . Added AuthenticationtrustResolver to HttpSCIF to check for anonymous authentication.
18 years ago
Luke Taylor
Ben Alex