Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-07 20:52:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,241 Commits 51 Branches 345 Tags
Commit Graph

5241 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Spring Operator
11a61dc8cc URL Cleanup 
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

# Fixed URLs

## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://www.apache.org/licenses/ with 1 occurrences migrated to:
  https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 with 924 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.html with 1 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html) result 200).
 2019-03-14 20:21:25 -05:00
Rob Winch
2288d50f0e Polish URLs 
We have performed some polish on your URLs. We do not follow redirects to avoid expanding intentionally shorter URLs (i.e. URL shortened URLs)

# Fixed URLs

## Fixed But Review Recommended
These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request, so we migrated them. Your review is recommended.

| HTTP URL | Result URL | HTTPS Result | HTTP Result | Count |
| --- | --- | --- | --- | --- |
| http://repo.terracotta.org/maven2/ | https://repo.terracotta.org/maven2/ | HttpResponse(httpStatus = 403 FORBIDDEN) | HttpResponse(httpStatus = 403 FORBIDDEN) | 1 |
| http://maven-gae-plugin.googlecode.com/svn/repository | https://maven-gae-plugin.googlecode.com/svn/repository | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
| http://repository.springsource.com/maven/bundles/external | https://repository.springsource.com/maven/bundles/external | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
| http://repository.springsource.com/maven/bundles/release | https://repository.springsource.com/maven/bundles/release | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
## Fixed Success
These URLs were fixed successfully.

| HTTP URL | Result URL | HTTPS Result | HTTP Result | Count |
| --- | --- | --- | --- | --- |
| http://docs.spring.io/spring-ldap/docs/1.3.x/apidocs/ | https://docs.spring.io/spring-ldap/docs/1.3.x/apidocs/ | HttpResponse(httpStatus = 200 OK) | null | 2 |
| http://docs.spring.io/spring/docs/3.2.x/javadoc-api | https://docs.spring.io/spring/docs/3.2.x/javadoc-api | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = http://docs.spring.io/spring/docs/3.2.x/javadoc-api/) | null | 1 |
| http://docs.spring.io/spring/docs/3.2.x/javadoc-api/ | https://docs.spring.io/spring/docs/3.2.x/javadoc-api/ | HttpResponse(httpStatus = 200 OK) | null | 1 |
| http://download.oracle.com/javase/6/docs/api/ | https://download.oracle.com/javase/6/docs/api/ | HttpResponse(httpStatus = 302 FOUND redirectUrl = https://docs.oracle.com/javase/6/docs/api/) | null | 2 |
| http://spring.io/ | https://spring.io/ | HttpResponse(httpStatus = 200 OK) | null | 42 |
| http://spring.io/spring-security | https://spring.io/spring-security | HttpResponse(httpStatus = 302 FOUND redirectUrl = https://projects.spring.io/spring-security) | null | 42 |
| http://www.apache.org/licenses/LICENSE-2.0.txt | https://www.apache.org/licenses/LICENSE-2.0.txt | HttpResponse(httpStatus = 200 OK) | null | 42 |
| http://forums.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property | https://discuss.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = https://discuss.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property) | 1 |
| http://forums.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided | https://discuss.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = https://discuss.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided) | 1 |

# Ignored
These URLs were intentionally ignored so we didn't migrate them.

| HTTP URL |
| --- |
| http://maven.apache.org/POM/4.0.0 |
| http://maven.apache.org/xsd/maven-4.0.0.xsd |
| http://www.w3.org/2001/XMLSchema-instance |
 2019-03-01 15:49:15 -06:00
Spring Buildmaster
d0c7fd92de Next development version 2016-12-22 20:05:20 +00:00
Spring Buildmaster
7f246e1c0e Release version 3.2.10.RELEASE 3.2.10.RELEASE 2016-12-22 20:05:14 +00:00
Rob Winch
53ccda1549 Fix pom.xml 2016-12-22 13:08:51 -06:00
Rob Winch
5413251132 Set Default Spring IO to 1.1.5.RELEASE 
Fixes gh-4008
 2016-12-22 09:42:24 -06:00
Rob Winch
0896d22995 Update to Spring 3.2.18 2016-12-22 09:42:24 -06:00
Rob Winch
6d30da2e1f Block URL Encoded "/" in DefaultHttpFirewall 
Fixes gh-4171
 2016-12-22 09:42:21 -06:00
Rob Winch
55a25fa213 Use BUILD-SNAPSHOT 
See if this avoids the conflict resolution
 2016-12-20 20:44:14 -06:00
Rob Winch
cdc485d121 Update to spring 3.2.17 2016-12-20 20:24:59 -06:00
Rob Winch
5e19ac5e7e Update pom.xml 2016-12-20 20:24:59 -06:00
Rob Winch
bab3c8fa33 Gradle 2.14.1 2016-12-20 20:24:58 -06:00
Rob Winch
9e56424567 SEC-2784: Update to Gradle 2.2.1 2016-12-20 20:24:58 -06:00
Rob Winch
f75ebb22d8 Next Development Version 2015-10-30 16:38:34 -05:00
Spring Buildmaster
980edebefa Release version 3.2.9.RELEASE 2015-10-30 16:37:59 -05:00
Rob Winch
07848a1060 SEC-2848: LogoutConfigurer allows setting clearAuthentication 2015-10-30 13:56:07 -05:00
Rob Winch
8207a29e52 SEC-3135: antMatchers(<method>,new String[0]) now passive 2015-10-30 10:55:45 -05:00
Rob Winch
1c22ec19e6 SEC-3082: make SavedRequest parameters case sensitive 2015-10-29 16:52:10 -05:00
Rob Winch
56e41df964 SEC-3128: RoleVoter supports null Authentication 2015-10-29 14:04:55 -05:00
Rob Winch
f232f5ef05 SEC-3135: antMatchers now allows method and no pattern 
Previously, antMatchers(POST).authenticated() was not allowed. Instead
users had to use antMatchers(POST, "/**").authenticated().

Now we default the patterns to be "/**" if it is null or empty.
 2015-10-29 12:58:40 -05:00
Rob Winch
d467146e49 SEC-2190: Support WebApplicationContext in ServletContext 2015-10-28 15:52:05 -05:00
Rob Winch
c64b80564e SEC-3108: DigestAuthenticationFilter should use SecurityContextHolder.createEmptyContext() 2015-10-27 14:00:02 -05:00
Rob Winch
90f230cbfa SEC-2521: Improve StandardPasswordEncoder performance 2015-10-27 11:25:31 -05:00
Rob Winch
4cc2ffaa2d SEC-3109: Fix web tests 2015-10-26 21:45:23 -05:00
Rob Winch
a24065c361 SEC-3109: DelegatingSecurityContextExecutor fails with same Thread 
Previously DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable
would not setup the SecurityContext if it was on the same thread as it was created.
This was intended to fix SEC-3031 but simply caused more problems.

This commit changes the strategy to keep track of the previous SecurityContext
and restore it (or clear it out if it was originally empty).
 2015-10-26 17:23:15 -05:00
Rob Winch
789d29b26b SEC-3057: Add *.txt to dist zip 2015-10-26 14:10:10 -05:00
Rob Winch
29632ee9ea SEC-3132: securityBuilder cannot be null 
If a custom SecurityConfiguererAdapter applies another
SecurityConfigurerAdapter it caused an error securityBuilder cannot be null.

This commit fixes this.
 2015-10-23 13:34:27 -05:00
Rob Winch
37aacc5e02 SEC-3070: Logout invalidate-session=false and Spring Session doesn't 
work
 2015-10-20 13:50:04 -05:00
Rob Winch
0284845289 SEC-3127: Upgrade to Powermock 1.6.2 2015-10-20 11:19:54 -05:00
Spring Buildmaster
e6231584c8 Next development version 2015-07-22 22:00:32 -07:00
Rob Winch
23de257508 SEC-3031: DelegatingSecurityContext(Runnable|Callable) only modify SecurityContext on new Thread 
Modifying the SecurityContext on the same Thread can cause issues. For example, with a
RejectedExecutionHandler the SecurityContext may be cleared out on the original Thread.

This change modifies both the DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable to,
by default, only modify the SecurityContext if they are invoked on a new Thread. The behavior can be changed
by setting the property enableOnOrigionalThread to true.
 2015-07-22 16:48:04 -05:00
Rob Winch
12ed990aa2 SEC-3051: Add AbstractPreAuthenticatedProcessingFilter#principalChanged 2015-07-22 09:02:25 -05:00
Rob Winch
d7d4ac9dc1 SEC-2993: OpenID Sample now uses me.yahoo.com 2015-07-21 11:12:53 -05:00
Rob Winch
7c62164392 SEC-3011: AbstractUrlAuthorizationConfigurer postProcess default AccessDecisionManager 2015-07-21 09:22:06 -05:00
Rob Winch
eceb6a3587 SEC-2924: Add README.adoc in -dist.zip 2015-07-16 15:34:45 -05:00
Rob Winch
c4a1f1b4a8 SEC-2965: Fix invalid formatted links in reference documentation 2015-07-16 15:26:43 -05:00
Rob Winch
7ecee8e733 SEC-3003: Document invalid intercept-url attributes for filter-security-metadata-source 2015-07-16 15:04:11 -05:00
Rob Winch
63a334317b SEC-3019: Java Config for Http Basic supports Rememberme 2015-07-16 11:13:12 -05:00
Rob Winch
704b114842 SEC-3002: Add JUnit Assume to GCM encryption tests 
Not all JDKs have GCM installed on them.
 2015-07-14 14:58:21 -05:00
Rob Winch
fcc9a34356 SEC-2973: Add OnCommittedResponseWrapper 
This ensures that Spring Session & Security's logic for performing
a save on the response being committed can easily be kept in synch.
Further this ensures that the SecurityContext is now persisted when
the response body meets the content length.
 2015-07-14 14:49:12 -05:00
Rob Winch
00042ff70b SEC-2931: Fix CsrfFilter Javadoc 2015-07-14 13:41:44 -05:00
Rob Winch
fc1450f72c SEC-2493: Fix javadoc for DefaultLdapAuthoritiesPopulator 2015-07-14 13:36:41 -05:00
Rob Winch
a6cd1b6066 SEC-3034: AclPermissionEvaluator specifies Locale.ENGLISH 2015-07-13 23:57:14 -05:00
Rob Winch
567b0ed030 SEC-3013: Add messages_en.properties 2015-07-13 23:26:04 -05:00
Rob Winch
4e6b12f8b4 SEC-3002: Add new option for AES encryption with GCM 
The Galois Counter Mode (GCM) is held to be superior than the current
default CBC. This change adds an extra parameter to the constructor
of AesBytesEncryptor and a new convenience method in Encryptors.
 2015-07-10 00:01:13 -05:00
Rob Winch
ae772294cb SEC-2851: Remove DataAccessException import from Persistent RememberMe 2015-04-21 15:04:51 -05:00
Spring Buildmaster
c01f2d8501 Next development version 2015-03-25 20:56:37 -07:00
Rob Winch
28c6e9a8af SEC-2899: Update Spring OSGi version 2015-03-25 21:47:05 -05:00
Rob Winch
13cb51c15f SEC-2918: Update Spring Version 3.2.13 2015-03-25 21:43:11 -05:00
Rob Winch
b0ad8173b0 SEC-2913: Post Process default session fixation AuthenticationStrategy 
Before the default session fixation AuthenticationStrategy used a
NullEventPublisher when using the Java Configuration. This was due to the
fact that it is not exposed as a Bean and is not post processed.

We now post process the default session fixation AuthenticationStrategy
which initializes the EventPublisher properly.
 2015-03-25 21:43:11 -05:00