Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Tree: 82d105cbc3
Branches Tags

Commit History

Author SHA1 Message Date
  Luke Taylor 82d105cbc3 SEC-1587: Add explicit call to removeAttribute() to remove the context from the session if the current context is empty or anonymous. 15 years ago
  Luke Taylor e88f47a96a SEC-1561: Add check on whether the security context attribute is set in the current session to make sure it is stored when a new session has been created during the request. 15 years ago
  Luke Taylor 979ea63980 SEC-1613: Corrected preauth docs. 15 years ago
  Rob Winch 0bdc9c176b SEC-1606: Added a FirewalledRequestAwareRequestDispatcher that will call FirewalledRequest.reset() before a forward 15 years ago
  Luke Taylor 80fd238c3a Backport updates to TarUpload for easier uploading of docs to website. 15 years ago
  Luke Taylor 5c597c8cde Update doc version number to 3.0.4 15 years ago
  Luke Taylor ec7b9703a6 Expand message on incorrect Spring version to suggest checking the classpath for unwanted jars. 15 years ago
  Luke Taylor 71b2af31ee SEC-1608: Make sure FirewalledRequest.reset() is called when filter="none" 15 years ago
  Luke Taylor fc75b69ab8 SEC-1607: Report correct version for Spring Security (not Spring version). 15 years ago
  Luke Taylor 6141ef79b3 Remove use of @Override with an interface method 15 years ago
  Luke Taylor 3cfe23f60d Update versions to 3.0.5.CI-SNAPSHOT 15 years ago
  Luke Taylor 82d140ffb1 Version 3.0.4.RELEASE 15 years ago
  Luke Taylor 1563491322 SEC-1600: Added Implementation-Version and Implementation-Title to manifest templates and checking of version numbers in namespace config module and core. Config checks the version of core it is running against and core checks the Spring version, reporting any mismatches or situations where the app is running with less than the recommended Spring version. 15 years ago
  Luke Taylor b688bb69ee SEC-1543: Change IpAddressMatcher to return false when comparing an Inet6Address with an Inet4Address rather than raising an exception. 15 years ago
  Luke Taylor 36f008643d SEC-1598: Removed invalid properties from SessionFixationProtectionStrategy bean declaration in Session Management chapter docbook. 15 years ago
  Luke Taylor cbdf77e991 SEC-1597: Corrected bean class name for RememberMeAuthenticationProvider in docbook source. 15 years ago
  Luke Taylor 399e921d14 SEC-1599: Corrected docbook source. 15 years ago
  Luke Taylor c458311d2d SEC-1548: Added extra logging to Dao-authentication classes to clarify reasons for authentication failure (missing user vs wrong password etc.). 15 years ago
  Luke Taylor d6f408e8bf SEC-1583: Added hasAuthority and hasAnyAuthority imlementations to SecurityExpressionRoot. 15 years ago
  Luke Taylor 1739628e6a SEC-1589: Add support for property placeholder in intercept-methods access attribute. 15 years ago
  Luke Taylor 8e68fa1334 SEC-1584: Added namespace support for injecting custom HttpFirewall instance into FilterChainProxy. 15 years ago
  Luke Taylor 82cd72768d doc updates to be merged with orgininal sec-1584 doc changes 15 years ago
  Luke Taylor 161710cc87 SEC-1584: Doc updates to explain request matching process. 15 years ago
  Luke Taylor dc1b652512 SEC-1584: Additional integration tests. 15 years ago
  Luke Taylor ed9411c660 SEC-1584: Addition of HttpFirewall strategy to FilterChainProxy to reject un-normalized requests and wrap the incoming request object before processing by the security filter chain to provide a more consistent representation of paths than is guaranteed by the servlet spec. The wrapper strips path parameters from pathInfo and servletPath to provide consistency of URL matching across servlet containers and protect against bypassing security constraints by the malicious addition of such parameters to the URL. The paths are canonicalized further by replacing of multiple sequences of "/" characters with a single "/". 15 years ago
  Luke Taylor e58f982351 Updating gitignore and removing unnecessary casts from FilterChainProxyConfigTests. 15 years ago
  Luke Taylor 072b73354f Update namespace handler message to account for later schema versions being used by mistake. 15 years ago
  Rob Winch 443231d1e8 SEC-1578: Use ThreadLocal.remove() instead of ThreadLocal.set(null) 15 years ago
  Luke Taylor 45674a16ea SEC-1540: Apply patch to support HTTP method matching for requires-channel namespace attribute. 15 years ago
  Luke Taylor a1b124def5 SEC-1532: Add cache of previously matched beans to ProtectPointcutPostProcessor to ensure that it doesn't perform pointcut matching every time a new prototype bean is created. 15 years ago

Newer Older