Uploaded image for project: 'Spring Security'
  • 3.1.0.M1

Release

Version 3.1.0.M1

RELEASED

Start date not set

Released: 21/Aug/10

Release Notes

PTKeySummaryAssigneeStatus
CriticalBugSEC-1373UsernamePasswordAuthenticationToken retains password in cleartext even after authentication has succeededLuke TaylorClosed
MajorImprovementSEC-593org.acegisecurity.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider is slowLuke TaylorClosed
MajorImprovementSEC-1140ace masks are not being compared as bitmasks.Luke TaylorClosed
MajorImprovementSEC-1166Provide strategy interface for AclImpl isGranted() method. Luke TaylorClosed
MajorNew FeatureSEC-1171Allow multiple namespace <http> elements to support multiple filter chain configurationsLuke TaylorClosed
MajorBugSEC-1174Race condition with stateless ticket cacheLuke TaylorClosed
MajorImprovementSEC-1183allow default role in ldap-authentication-providerLuke TaylorClosed
MajorImprovementSEC-1262Aspectj(LTW) JoinPoints are not handled by PreInvocationAuthorizationAdviceVoter Luke TaylorClosed
MajorImprovementSEC-1294Support bean access in expression languageLuke TaylorClosed
MajorNew FeatureSEC-1383Add namespace support for creating a MethodSecurityMetadataSourceLuke TaylorClosed
MajorImprovementSEC-1407Refactor URL Matching to use RequestMatcher interfaceLuke TaylorClosed
MajorNew FeatureSEC-1420Add htmlEscape option to allow disabling of character escaping in authentication tagLuke TaylorClosed
MajorImprovementSEC-1424Add new option create-session="stateless"Luke TaylorClosed
MajorBugSEC-1434Google App Engine - 'org.springframework.security.filterChainProxy': Initialization of bean failed (java.security.AccessControlException)Luke TaylorClosed
MajorImprovementSEC-1440Allow setting of separate entry-point-ref for http-basic namespace elementLuke TaylorClosed
MajorBugSEC-1443Jsr250Voter will return access denied for allowed rolesLuke TaylorClosed
MajorBugSEC-1444BindAuthentiator Fails for Active Directory DN Containing Special CharsLuke TaylorClosed
MajorBugSEC-1450Pointcuts are incorrectly evaluated in case of generic methodsLuke TaylorClosed
MajorNew FeatureSEC-1460Add strategy for defining OpenID fetch attributes based on the identifierLuke TaylorClosed
MajorNew FeatureSEC-1469Add a Debug/Monitoring FilterLuke TaylorClosed
MajorBugSEC-1480LdapUserDetailsImpl does not override equals/hashCodeLuke TaylorClosed
MajorImprovementSEC-1485Setting the `authenticationDetailsSource` from a form-login or open-id-loginLuke TaylorClosed
MajorNew FeatureSEC-1490Google App Engine authentication supportLuke TaylorClosed
MajorNew FeatureSEC-1493Add support for erasing credentials after authenticationLuke TaylorClosed
MajorImprovementSEC-1495UserDetails hashcode and equals methods should be based on static dataLuke TaylorClosed
MajorBugSEC-1499SessionFixationProtectionStrategy reused destroyed Spring session bean as session attribute when migrateSessionAttributes is trueLuke TaylorClosed
MajorBugSEC-1500Target-URL changes while switching between secure and insecure channel, when it was encoded according to RFC 3986Luke TaylorClosed
MajorBugSEC-1507NullPointerException in RoleVoter if original UserDetails#getAuthorities() is empty and if RoleHierarchy is enabledLuke TaylorClosed
MajorImprovementSEC-1510BindAuthenticator should work with less user privilegesLuke TaylorClosed
MajorBugSEC-1511Spring security ldap sample fails with Jetty 7.1.4Luke TaylorClosed
MajorImprovementSEC-1517Proper returnToUrlParameters cannot be set easily for OpenIDAuthenticationFilterLuke TaylorClosed
MajorBugSEC-1518Tag library parsing error.Luke TaylorClosed
MajorBugSEC-1519Uninitialized auditLogger and aclAuthorizationStrategy fields in EhCacheBasedAclCache Luke TaylorClosed
MajorBugSEC-1520Enumerator not closed or fully-enumeratedLuke TaylorClosed
MajorBugSEC-1528HttpSession.setAttribute() must be called if the SecurityContext is modified during a requestLuke TaylorClosed
MajorDefectSEC-1532ProtectPointcutPostProcessor should not re-attempt to match the pointcuts against methods when used with prototype beansLuke TaylorClosed
MajorSub-taskSEC-1538Reduce number of pre-authenticated AuthenticationDetails implementationsLuke TaylorClosed
MinorNew FeatureSEC-524Taglibs can define a scripting variable based on the logic result of the tag.Luke TaylorClosed
MinorImprovementSEC-1042Simplify AclService configuration based on default Spring implementations of required serviceLuke TaylorClosed
MinorNew FeatureSEC-1093Add namespace support for the J2EE processing filterLuke TaylorClosed
MinorImprovementSEC-1106Document Hierarchical Roles in the Reference GuideLuke TaylorClosed
MinorImprovementSEC-1133Allow setting authenticationDetailsSource ref via form-login namespace URLLuke TaylorClosed
MinorNew FeatureSEC-1232<global-method-security mode="aspectj"/>Luke TaylorClosed
MinorImprovementSEC-1307Investigate optimization of logic in HttpSessionSecurityContextRepository which checks for changes in the SecurityContextLuke TaylorClosed
MinorTaskSEC-1382Remove deprecated LabelBasedVoter and related classesLuke TaylorClosed
MinorImprovementSEC-1391Migration awareness for SessionListenersLuke TaylorClosed
MinorRefactoringSEC-1399Remove AbstractAuthenticationManagerLuke TaylorClosed
MinorImprovementSEC-1413AbstractRetryEntryPoint should use RedirectStrategyLuke TaylorClosed
MinorImprovementSEC-1416 requires-channel should have an xs:restriction / enumeration in the Spring Security XML SchemaLuke TaylorClosed
MinorImprovementSEC-1417Refactor AspectJSecurityInterceptor to remove callbackLuke TaylorClosed
MinorBugSEC-1419BasePasswordEncoder facilities are buggy for password containing '{' and null/empty saltLuke TaylorClosed
MinorImprovementSEC-1421JdbcUserDetailsManager is missing setters for group management sqlsLuke TaylorClosed
MinorImprovementSEC-1423Inefficient Pointcut Expression parsing in ProtectPointcutPostProcessor.javaLuke TaylorClosed
MinorBugSEC-1425AbstractRememberMeServices not handling properly empty cookieLuke TaylorClosed
MinorSub-taskSEC-1426Simplify Request Matching StratgegiesLuke TaylorClosed
MinorBugSEC-1427Inconsistent handling of URL query parts via <url-intercept>Luke TaylorClosed
MinorImprovementSEC-1428Redirects in AbstractAuthenticationTargetUrlRequestHandler should check for committed response before redirectingLuke TaylorClosed
MinorImprovementSEC-1429AuthenticationFailureHandler should be responsible for caching exception, not AbstractAuthenticationFilterLuke TaylorClosed
MinorImprovementSEC-1431Make OpenID sample work with Yahoo and GoogleLuke TaylorClosed
MinorBugSEC-1432UserMap should convert supplied maps to lower caseLuke TaylorClosed
MinorImprovementSEC-1433Reduce APIs dependence on org.springframework.dao.DataAccessExceptionLuke TaylorClosed
MinorImprovementSEC-1438Remove JoinPoint support from AbstractSecurityMetadataSourceLuke TaylorClosed
MinorBugSEC-1439getRequest() / getResponse() is not public in org.springframework.security.web.context.HttpRequestResponseHolderLuke TaylorClosed
MinorNew FeatureSEC-1445Add attributes to <form-login> element to be able to configure the username/password parametersLuke TaylorClosed
MinorBugSEC-1446Malformed Base64 in Basic Authentication header causes BasicAuthenticationFilter to throw a RuntimeExceptionLuke TaylorClosed
MinorBugSEC-1448LocalVariableTableParameterNameDiscoverer doesn't find Generic method parametersLuke TaylorClosed
MinorBugSEC-1454@PreAutorize(#username == principal.username) issues - when target is AOPProxyLuke TaylorClosed
MinorDefectSEC-1455SecurityNamespaceHandler problems in OSGi environment, need to import spring-security-web packagesLuke TaylorClosed
MinorImprovementSEC-1456Allow runtime expressions for security:authorize url-attributeLuke TaylorClosed
MinorImprovementSEC-1457LoginUrlAuthenticationEntryPoint should allow DI of RedirectStrategyUnassignedClosed
MinorBugSEC-1458HttpSessionEventPublisher has static Log. it causes the log4j configuration to happen before Log4jConfigListenerLuke TaylorClosed
MinorImprovementSEC-1459Generify AuthenticationUserDetailsServiceLuke TaylorClosed
MinorImprovementSEC-1461support use UserDetailsServiceLdapAuthoritiesPopulator using security namespaceLuke TaylorClosed
MinorBugSEC-1462SessionFixationProtectionFilter creates new session even when the requested session id is null or invalid.Luke TaylorClosed
MinorNew FeatureSEC-1464Create InMemoryUserDetailsManager and use it to back <user-service>Luke TaylorClosed
MinorImprovementSEC-1466authentication-provider should reject child password-encoder element when used with ref attributeLuke TaylorClosed
MinorBugSEC-1467NPE in DelegatingMethodSecurityMetadataSource when running contacts sampleLuke TaylorClosed
MinorImprovementSEC-1468Allow default-target-url override through form variableLuke TaylorClosed
MinorTaskSEC-1470SCM update in pom.xmlLuke TaylorClosed
MinorImprovementSEC-1471Session-based request playback can fail when multiple windows share the same sessionLuke TaylorClosed
MinorBugSEC-1473ContactSecurityVoter as described in manual page 72 is no where in the actual codeLuke TaylorClosed
MinorBugSEC-1474runall.sh for samples does not work in UbuntuLuke TaylorClosed
MinorBugSEC-1475Namespace configuration clobbers universal intercept-url patternLuke TaylorClosed
MinorImprovementSEC-1476AbstractPreAuthenticatedProcessingFilter should store AuthenticationException in the request rather than the sessionLuke TaylorClosed
MinorImprovementSEC-1478Attribute use-expression does not appear in reference documentation of the http-elementLuke TaylorClosed
MinorBugSEC-1479Different attitude on diverse webcontainersLuke TaylorClosed
MinorRefactoringSEC-1481Improve constructor declaration of AbstractAuthenticationTokenLuke TaylorClosed
MinorImprovementSEC-1483Change org.springframework.security.core.userdetails.User constructor to accept Collection<? extends GrantedAuthority>Luke TaylorClosed
MinorDefectSEC-1484Undocumented attributes in <http> elementUnassignedClosed
MinorImprovementSEC-1486Generify AuthenticationDetailsSourceLuke TaylorClosed
MinorImprovementSEC-1487Remove unused query objects from contact sample DaoLuke TaylorClosed
MinorImprovementSEC-1488all modules depend directly on commons loggingLuke TaylorClosed
MinorImprovementSEC-1489Provide access to x509 certificate on <x509 /> tagLuke TaylorClosed
MinorImprovementSEC-1496Modify DefaultRedirectStrategy to support additional URL schemes other than http and httpsLuke TaylorClosed
MinorImprovementSEC-1498An absolute URL does not work for property loginFormUrl in LoginUrlAuthenticationEntryPointLuke TaylorClosed
MinorBugSEC-1501Documention uses incorrect package in example bean definitionLuke TaylorClosed
MinorBugSEC-1503HTTP request 'method' attribute of intercept-url does not appear to be respectedLuke TaylorClosed
MinorImprovementSEC-1512Facelet TaglibLuke TaylorClosed
MinorTaskSEC-1513Upgrade to the CAS Client 3.1.11Scott BattagliaClosed
MinorBugSEC-1521NullPointerException in SecurityContextPersistenceFilter with null SecurityContextRepositoryLuke TaylorClosed
MinorImprovementSEC-1522Change AbstractSecurityInterceptor to treat an empty attribute collection the same as nullLuke TaylorClosed
MinorBugSEC-1523Outdated documentation about the PermissionEvaluatorLuke TaylorClosed
MinorImprovementSEC-1526Allow easy customization intercept URL: UsernamePasswordAuthenticationFilterLuke TaylorClosed
MinorImprovementSEC-1527Internationalize one of the sample applicationsLuke TaylorClosed
MinorImprovementSEC-1530Simplify access to SessionRegistry.getAllPrincipals()Luke TaylorClosed
MinorImprovementSEC-1534Want BasicAuthenticationFilter to throw InteractiveAuthenticationSuccessEventLuke TaylorClosed
MinorSub-taskSEC-1537Remove use of reflection in AuthenticationDetailsSource implementationsLuke TaylorClosed
MinorBugSEC-1540Namespace improperly handles method attribute when populating ChannelProcessingFilter.securityMetadataSourceLuke TaylorClosed
TrivialBugSEC-1508Remember-Me chapter link invalidLuke TaylorClosed
TrivialBugSEC-1529@PreAuthorize Example CorrectionLuke TaylorClosed
TrivialImprovementSEC-1533Allow AclAuthorizationStrategyImpl to take a single GrantedAuthority rather than requiring threeLuke TaylorClosed
TrivialBugSEC-1535Trivial Documentation UpdatesLuke TaylorClosed
1112 of 112