spring-security

Spring Security

java framework spring spring-framework security

Luke Taylor ed9411c660 SEC-1584: Addition of HttpFirewall strategy to FilterChainProxy to reject un-normalized requests and wrap the incoming request object before processing by the security filter chain to provide a more consistent representation of paths than is guaranteed by the servlet spec. The wrapper strips path parameters from pathInfo and servletPath to provide consistency of URL matching across servlet containers and protect against bypassing security constraints by the malicious addition of such parameters to the URL. The paths are canonicalized further by replacing of multiple sequences of "/" characters with a single "/".		15 years ago
acl	Switch version to 3.0.4-CI-SNAPSHOT.	16 years ago
aspects	Switch version to 3.0.4-CI-SNAPSHOT.	16 years ago
buildSrc	SEC-1508: Update docbook processing to use Docbook 5 namespaces.	16 years ago
cas	Switch version to 3.0.4-CI-SNAPSHOT.	16 years ago
config	Updating gitignore and removing unnecessary casts from FilterChainProxyConfigTests.	16 years ago
core	SEC-1578: Use ThreadLocal.remove() instead of ThreadLocal.set(null)	16 years ago
docs	SEC-1529: More user-friendly expression @PreAuthorize expression in EL chapter.	16 years ago
gradle	Update to Spring 3.0.3.RELEASE	16 years ago
itest	SEC-1532: Add cache of previously matched beans to ProtectPointcutPostProcessor to ensure that it doesn't perform pointcut matching every time a new prototype bean is created.	16 years ago
ldap	SEC-1520: Close NamingEnumeration in LDAP compare implementation.	16 years ago
openid	Switch version to 3.0.4-CI-SNAPSHOT.	16 years ago
samples	Remove optional qualifier from apacheds dependencies in LDAP sample.	16 years ago
sandbox	Switch version to 3.0.4-CI-SNAPSHOT.	16 years ago
taglibs	SEC-1518: Fix element ordering in security.tld	16 years ago
web	SEC-1584: Addition of HttpFirewall strategy to FilterChainProxy to reject un-normalized requests and wrap the incoming request object before processing by the security filter chain to provide a more consistent representation of paths than is guaranteed by the servlet spec. The wrapper strips path parameters from pathInfo and servletPath to provide consistency of URL matching across servlet containers and protect against bypassing security constraints by the malicious addition of such parameters to the URL. The paths are canonicalized further by replacing of multiple sequences of "/" characters with a single "/".	15 years ago
.gitignore	Updating gitignore and removing unnecessary casts from FilterChainProxyConfigTests.	16 years ago
build.gradle	Switch version to 3.0.4-CI-SNAPSHOT.	16 years ago
class_mapping_from_2.0.x.txt	SEC-1148: Simple classname mapping from 2.0 to 3.0	16 years ago
license.txt	…
notice.txt	Broaden list of names used and correct URL.	18 years ago
pom.xml	Switch version to 3.0.4-CI-SNAPSHOT.	16 years ago
readme.txt	Removing $Id$ markers and stripping trailing whitespace from the codebase.	16 years ago
settings.gradle	SEC-1232: GlobalMethodSecurityBeanDefinitionParser support for mode='aspectj'	16 years ago

readme.txt

===============================================================================
                    SPRING SECURITY - README FILE
===============================================================================

-------------------------------------------------------------------------------
OVERVIEW
-------------------------------------------------------------------------------

Spring Security provides security services for
The Spring Framework (http://www.springframework.org).

For a detailed list of features and access to the latest release, please visit
http://www.springframework.org/projects/.


-------------------------------------------------------------------------------
BUILDING
-------------------------------------------------------------------------------

Spring Security is built using Maven. Please read the "Building from Source" page
at http://static.springframework.org/spring-security/site/.

-------------------------------------------------------------------------------
DOCUMENTATION
-------------------------------------------------------------------------------

Be sure to read the Reference Guide  (docs/reference/html/springsecurity.html).
Extensive JavaDoc for the Spring Security code is also available (in docs/apidocs).
Both can also be found on the website.

-------------------------------------------------------------------------------
QUICK START
-------------------------------------------------------------------------------

We recommend you visit http://static.springframework.org/spring-security/site and 
read the "Suggested Steps" page.

-------------------------------------------------------------------------------
MAVEN REPOSITORY DOWNLOADS
-------------------------------------------------------------------------------

Release jars for the project are available from the central maven repository

http://repo1.maven.org/maven2/org/springframework/security/

Note that milestone releases and snapshots are not uploaded to the central
repository, but can be obtained from te Spring milestone repository.
This blog article has full details on how to download milestone or snapshot
jars or use them in a Maven-based project build:

http://blog.springsource.com/main/2007/09/18/maven-artifacts-2/


-------------------------------------------------------------------------------
OBTAINING SUPPORT
-------------------------------------------------------------------------------

There are two types of support available, commercial and community. For
commercial support, please contact SpringSource. SpringSource employ the
people who wrote Spring Security, and lead the development of the project:

  http://www.springsource.com

For peer help and assistance, please use the Spring Security forum
located at the Spring Community's forum site: 

  http://forum.springframework.org

Links to the forums, and other useful resources are
available from the web site.