Acasă Explorează Ajutor
Înregistrare Autentificare
github
/
spring-security
oglindă de https://github.com/spring-projects/spring-security
2
0
Bifurcare 0
Fisiere Probleme 0 Wiki

Fără Descriere

Arbore: 7d97adc687
Ramuri Etichete
spring-security
ZIP TAR.GZ
Luke Taylor 7d97adc687 SEC-1584: Addition of HttpFirewall strategy to FilterChainProxy to reject un-normalized requests and wrap the incoming request object before processing by the security filter chain to provide a more consistent representation of paths than is guaranteed by the servlet spec. The wrapper strips path parameters from pathInfo and servletPath to provide consistency of URL matching across servlet containers and protect against bypassing security constraints by the malicious addition of such parameters to the URL. The paths are canonicalized further by replacing of multiple sequences of "/" characters with a single "/". 15 ani în urmă
acl f4d57ab5e8 SEC-1456: Remove maven poms as we are now using gradle for the build. 15 ani în urmă
aspects af56f4844d SEC-1562: Created SecurityExpressionHandler interface and AbstractSecurityExpressionHandler. 15 ani în urmă
buildSrc f978814bb1 Improve entry of username and password for scp upload. 15 ani în urmă
cas f4d57ab5e8 SEC-1456: Remove maven poms as we are now using gradle for the build. 15 ani în urmă
config 7d97adc687 SEC-1584: Addition of HttpFirewall strategy to FilterChainProxy to reject un-normalized requests and wrap the incoming request object before processing by the security filter chain to provide a more consistent representation of paths than is guaranteed by the servlet spec. The wrapper strips path parameters from pathInfo and servletPath to provide consistency of URL matching across servlet containers and protect against bypassing security constraints by the malicious addition of such parameters to the URL. The paths are canonicalized further by replacing of multiple sequences of "/" characters with a single "/". 15 ani în urmă
core 695c8f4ad6 Import cleaning and suppression of deprecation warnings. 15 ani în urmă
docs 7258abbbf4 SEC-1585: changed spring-beans-3.1.xsd to spring-beans-3.0.xsd 15 ani în urmă
gradle 7dd8cd2fb9 Make sure ApacheDS work directory is set correctly for separate LDAP test task in config module. 15 ani în urmă
itest bd84a2bfa1 SWC-1552 Update .tld in integration test to match change in taglib. 15 ani în urmă
ldap 7dd8cd2fb9 Make sure ApacheDS work directory is set correctly for separate LDAP test task in config module. 15 ani în urmă
openid f4d57ab5e8 SEC-1456: Remove maven poms as we are now using gradle for the build. 15 ani în urmă
samples 685e0417a7 SEC-1544: Update the tutorial sample to attempt to delete the JSESSIONID cookie on logout. 15 ani în urmă
sandbox f4d57ab5e8 SEC-1456: Remove maven poms as we are now using gradle for the build. 15 ani în urmă
taglibs bd84a2bfa1 SWC-1552 Update .tld in integration test to match change in taglib. 15 ani în urmă
web 7d97adc687 SEC-1584: Addition of HttpFirewall strategy to FilterChainProxy to reject un-normalized requests and wrap the incoming request object before processing by the security filter chain to provide a more consistent representation of paths than is guaranteed by the servlet spec. The wrapper strips path parameters from pathInfo and servletPath to provide consistency of URL matching across servlet containers and protect against bypassing security constraints by the malicious addition of such parameters to the URL. The paths are canonicalized further by replacing of multiple sequences of "/" characters with a single "/". 15 ani în urmă
.gitignore 7d97adc687 SEC-1584: Addition of HttpFirewall strategy to FilterChainProxy to reject un-normalized requests and wrap the incoming request object before processing by the security filter chain to provide a more consistent representation of paths than is guaranteed by the servlet spec. The wrapper strips path parameters from pathInfo and servletPath to provide consistency of URL matching across servlet containers and protect against bypassing security constraints by the malicious addition of such parameters to the URL. The paths are canonicalized further by replacing of multiple sequences of "/" characters with a single "/". 15 ani în urmă
build.gradle 566328fea4 Minor tweaking of IDEA deps. 15 ani în urmă
class_mapping_from_2.0.x.txt 48dcc211e9 SEC-1148: Simple classname mapping from 2.0 to 3.0 15 ani în urmă
gradlew c9b0bc1bd9 Added gradle wrapper support. 15 ani în urmă
gradlew.bat c9b0bc1bd9 Added gradle wrapper support. 15 ani în urmă
license.txt c3507b26c9 Change to Apache License version 2.0. 21 ani în urmă
notice.txt 9cf146ecf1 Broaden list of names used and correct URL. 17 ani în urmă
readme.txt 2c219f7a66 Bringing readme file up to date. 15 ani în urmă
settings.gradle 58d9903ebc SEC-1564: JAAS Configuration can now be injected into DefaultJaasAuthenticationProvider 15 ani în urmă

readme.txt

===============================================================================
SPRING SECURITY - README FILE
===============================================================================

-------------------------------------------------------------------------------
OVERVIEW
-------------------------------------------------------------------------------

Spring Security provides security services for the Spring Framework
(http://www.springframework.org). Spring Security 3.1 requires Spring 3.0.3 as
a minimum and also requires Java 5.

For a detailed list of features and access to the latest release, please visit
http://www.springframework.org/projects/.

Spring Security is released under an Apache 2.0 license. See the accompanying
license.txt file.

-------------------------------------------------------------------------------
BUILDING
-------------------------------------------------------------------------------

Please read the "Building from Source" page at
http://static.springframework.org/spring-security/site/.

-------------------------------------------------------------------------------
DOCUMENTATION
-------------------------------------------------------------------------------

Be sure to read the Reference Guide (docs/reference/html/springsecurity.html).
Extensive JavaDoc for the Spring Security code is also available (in docs/apidocs).
Both can also be found on the website.

-------------------------------------------------------------------------------
QUICK START
-------------------------------------------------------------------------------

We recommend you visit http://static.springframework.org/spring-security/site and
read the "Getting Started" page.

-------------------------------------------------------------------------------
MAVEN REPOSITORY DOWNLOADS
-------------------------------------------------------------------------------

Release jars for the project are available from the central maven repository

http://repo1.maven.org/maven2/org/springframework/security/

Note that milestone releases and snapshots are not uploaded to the central
repository, but can be obtained from the Spring milestone repository, using the
maven repository http://maven.springframework.org/snapshot/. You can't browse this
URL directly, but there is a separate browser interface. Check the downloads page
for more information
http://static.springsource.org/spring-security/site/downloads.html


-------------------------------------------------------------------------------
OBTAINING SUPPORT
-------------------------------------------------------------------------------

There are two types of support available, commercial and community. For
commercial support, please contact SpringSource. SpringSource employ the
people who wrote Spring Security, and lead the development of the project:

http://www.springsource.com

For peer help and assistance, please use the Spring Security forum
located at the Spring Community's forum site:

http://forum.springframework.org

Links to the forums, and other useful resources are
available from the web site.