 Luke Taylor
|
594ee9515e
Taglib test fixes to take latest SFW changes into account.
|
il y a 14 ans |
|
Luke Taylor
|
a087e828a6
SEC-1790: Disable use of spring-security-redirect by default for SimpleUrlLogoutSuccesshandler.
|
il y a 14 ans |
|
Luke Taylor
|
5238ba0e26
SEC-1790: Reject redirect locations containing CR or LF.
|
il y a 14 ans |
|
Luke Taylor
|
887e3361d2
SEC-1750: Make sure RunAs replacement is constrained to the SecurityContext of the current thread.
|
il y a 14 ans |
|
Luke Taylor
|
a24570ae06
SEC-1744: Do not trust authorities contained in the authentication request in JaasAuthenticationProvider.
|
il y a 14 ans |
|
Luke Taylor
|
ba719dc0e1
SEC-1741: Modify ContextPropagatingRemoteInvocation to pass a simple combination of principal/credentials as Strings, rather than serializing the whole SecurityContext object from the client.
|
il y a 14 ans |
|
Luke Taylor
|
28e70db8f2
SEC-1742: Deprecate use of extraInformation field in AuthenticationException, making it transient and removing any sensitive data in UserDetails objects which are stored in it.
|
il y a 14 ans |
 Rob Winch
|
84031c6001
SEC-1792: Fixed NullPointerException in RunAsUserToken#toString()
|
il y a 14 ans |
|
Luke Taylor
|
ca2af8bc59
SEC-1770: Call refreshLastRequest on the session registry rather than the SessionInformation object to make sure it works with alternative SessionRegistry implementations.
|
il y a 14 ans |
|
Luke Taylor
|
6f59805ef3
SEC-1782: Javadoc correction for LdapAuthenticationProvider.
|
il y a 14 ans |
|
Rob Winch
|
f359bed596
SEC-1777: Corrected log in HttpSessionSecurityContextRepository to reference itself instead of HttpSessionContextIntegrationFilter
|
il y a 14 ans |
 Florian Fankhauser
|
0f1ae574ab
SEC-1776: Corrected typo in manual
|
il y a 14 ans |
|
Luke Taylor
|
cb7a94af88
SEC-1768: Use AopProxyUtils.ultimateTargetClass to cater for situation where security interceptor is applied to a proxy.
|
il y a 14 ans |
|
Luke Taylor
|
9b8d2719a6
SEC-1686: Up required minimum version to 3.0.6 in version check.
|
il y a 14 ans |
|
Luke Taylor
|
73b67da3a8
SEC-1762: Fix input value assertion check for targetUrlParameter.
|
il y a 14 ans |
|
Luke Taylor
|
b5546d1d29
SEC-1764: Remove use of Java 6 method Arrays.copyOfRange.
|
il y a 14 ans |
|
Luke Taylor
|
70ca0d1a39
SEC-1764: Ensure password encoders use UTF-8 charset when creating strings from byte arrays.
|
il y a 14 ans |
|
Luke Taylor
|
7a5a062cd0
SEC-1764: Backport Utf8 encoder to 3.0.x
|
il y a 14 ans |
|
Luke Taylor
|
977da0da1f
SEC-1733: Support explicit zero netmask correctly.
|
il y a 14 ans |
|
Luke Taylor
|
dfbc938e99
Added note in namespace docs on mismatch between using filters="none" and other attributes.
|
il y a 14 ans |
|
Rob Winch
|
d5f1f6cbff
SEC-1757: Updated tutorial sample to state that listing of accounts is allowed by anyone and to display accounts for the different types of access to posting to Accounts
|
il y a 14 ans |
|
Luke Taylor
|
a2cdbab50c
SEC-1747: Upgrade to Spring LDAP 1.3.1
|
il y a 14 ans |
|
Luke Taylor
|
1833b234a5
SEC-1722: Correct javadoc
|
il y a 14 ans |
|
Luke Taylor
|
6c97fccc91
SEC-1700: Allow for case where JAAS config is not a simple file, but may be a jar resource, for example.
|
il y a 14 ans |
|
Luke Taylor
|
2888f2b86f
SEC-1720: Avoid bean-creation side-effects in ContextSourceSettingPostProcessor.
|
il y a 14 ans |
|
Luke Taylor
|
04d42211b1
SEC-1705: Make sure a single OpenIDAuthenticationFilter bean is created by the namespace. Likewise for UsernamePasswordAuthenticationFilter.
|
il y a 14 ans |
|
Rob Winch
|
6a87a5f1a1
SEC-1703: Updated namespace for intercept-url
|
il y a 14 ans |
|
Rob Winch
|
f6b21880a2
SEC-1703: Updated cas custom-filter@ref to match example bean id and custom-filter@position to be CAS_FILTER
|
il y a 14 ans |
|
Luke Taylor
|
198d5d0482
SEC-1701: Trim claimed identity parameter value before submitting to OpenID4Java.
|
il y a 14 ans |
|
Rob Winch
|
acee3e2593
SEC-1698: Update documentation to use correct package for RequestHeaderAuthenticationFilter
|
il y a 14 ans |
