Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Tree: 1c8d28501c
Branches Tags

Commit History

Author SHA1 Message Date
  Luke Taylor 1c8d28501c SEC-1550: Convert signatures to use Collection<? extends GrantedAuthority> where appropriate. 15 years ago
  Luke Taylor 8d867e8b67 Updated integration tests to detect case reported as SPR-7563. 15 years ago
  Luke Taylor 265cdaf2a6 SEC-1595: Added extra constructor to OpenID4JavaConsumer which takes a ConsumerManager to allow a version compatible with GAE to be injected. 15 years ago
  Luke Taylor 337477de6a SEC-1604: Change log level to debug for "Validated configuration attributes" message. 15 years ago
  Luke Taylor 54d0a263de SEC-1590: Removed WebAuthenticatioDetails.doPopulateAdditionalInformation() method which is caled from superclass constructor. 15 years ago
  Luke Taylor 43ec2beec0 SEC-1183: Modified Attributes2GrantedAuthoritiesMapper to return Collection<? extends GrantedAuthority>. 15 years ago
  Luke Taylor 84efffb937 SEC-1542: Add a setter for the UserDetailsChecker in AbstractRememberMeServices. 15 years ago
  Luke Taylor 2671e52d5a Expand message on incorrect Spring version to suggest checking the classpath for unwanted jars. 15 years ago
  Luke Taylor 0696bed78e SEC-1608: Make sure FirewalledRequest.reset() is called when filter="none" 15 years ago
  Luke Taylor deef2706ef SEC-1607: Report correct version for Spring Security (not Spring version). 15 years ago
  Luke Taylor f85baac943 Updated to Spring 3.0.5 15 years ago
  Luke Taylor 21ed5feb8d SEC-1600: Added Implementation-Version and Implementation-Title to manifest templates and checking of version numbers in namespace config module and core. Config checks the version of core it is running against and core checks the Spring version, reporting any mismatches or situations where the app is running with less than the recommended Spring version. 15 years ago
  Luke Taylor 4de8b84b0d SEC-1543: Change IpAddressMatcher to return false when comparing an Inet6Address with an Inet4Address rather than raising an exception. 15 years ago
  Luke Taylor cf0289bc02 SEC-1598: Removed invalid properties from SessionFixationProtectionStrategy bean declaration in Session Management chapter docbook. 15 years ago
  Luke Taylor fabadff5f1 SEC-1597: Corrected bean class name for RememberMeAuthenticationProvider in docbook source. 15 years ago
  Luke Taylor 31afb9c76d Deleted superseded dao-auth-provider.xml chapter. 15 years ago
  Luke Taylor 07b9ded126 SEC-1599: Corrected docbook source. 15 years ago
  Luke Taylor 091a6d26f1 SEC-1548: Added extra logging to Dao-authentication classes to clarify reasons for authentication failure (missing user vs wrong password etc.). 15 years ago
  Luke Taylor 883ca2a55d Import cleaning. 15 years ago
  Luke Taylor 1724d1eac6 SEC-1561: HttpSessionSecurityContextRepository should check whether the session contains the context attribute in case a new session has been created during the request. If the attribute is empty, then the context should be stored regardless of whether a change is detected or not. 15 years ago
  Luke Taylor 54694d5ab7 SEC-1583: Added hasAuthority and hasAnyAuthority imlementations to SecurityExpressionRoot. 15 years ago
  Luke Taylor f70942c6f5 SEC-1589: Add support for property placeholder in intercept-methods access attribute. 15 years ago
  Luke Taylor 173537f4f2 SEC-1584: Added namespace support for injecting custom HttpFirewall instance into FilterChainProxy. 15 years ago
  Luke Taylor 0961671772 Reinstated missing 3.0.3 schema file 15 years ago
  Luke Taylor a6d47203db FilterInvocation should set queryString on dummy request. 15 years ago
  Luke Taylor f455e9a5a4 SEC-1584: Documentation of request-checking and matching process. Logging of servletPath and and pathInfo in DebugFilter for comparison. 15 years ago
  Luke Taylor 0fd2c48dfb SEC-1584: Additional integration tests. 15 years ago
  Luke Taylor 7d97adc687 SEC-1584: Addition of HttpFirewall strategy to FilterChainProxy to reject un-normalized requests and wrap the incoming request object before processing by the security filter chain to provide a more consistent representation of paths than is guaranteed by the servlet spec. The wrapper strips path parameters from pathInfo and servletPath to provide consistency of URL matching across servlet containers and protect against bypassing security constraints by the malicious addition of such parameters to the URL. The paths are canonicalized further by replacing of multiple sequences of "/" characters with a single "/". 15 years ago
  Luke Taylor 695c8f4ad6 Import cleaning and suppression of deprecation warnings. 15 years ago
  Rossen Stoyanchev bd84a2bfa1 SWC-1552 Update .tld in integration test to match change in taglib. 15 years ago

Newer Older