521 Commits

Author SHA1 Message Date
Spring Operator
11a61dc8cc URL Cleanup
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

# Fixed URLs

## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://www.apache.org/licenses/ with 1 occurrences migrated to:
  https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 with 924 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.html with 1 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html) result 200).
2019-03-14 20:21:25 -05:00
Rob Winch
2288d50f0e Polish URLs
We have performed some polish on your URLs. We do not follow redirects to avoid expanding intentionally shorter URLs (i.e. URL shortened URLs)

# Fixed URLs

## Fixed But Review Recommended
These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request, so we migrated them. Your review is recommended.

| HTTP URL | Result URL | HTTPS Result | HTTP Result | Count |
| --- | --- | --- | --- | --- |
| http://repo.terracotta.org/maven2/ | https://repo.terracotta.org/maven2/ | HttpResponse(httpStatus = 403 FORBIDDEN) | HttpResponse(httpStatus = 403 FORBIDDEN) | 1 |
| http://maven-gae-plugin.googlecode.com/svn/repository | https://maven-gae-plugin.googlecode.com/svn/repository | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
| http://repository.springsource.com/maven/bundles/external | https://repository.springsource.com/maven/bundles/external | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
| http://repository.springsource.com/maven/bundles/release | https://repository.springsource.com/maven/bundles/release | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
## Fixed Success
These URLs were fixed successfully.

| HTTP URL | Result URL | HTTPS Result | HTTP Result | Count |
| --- | --- | --- | --- | --- |
| http://docs.spring.io/spring-ldap/docs/1.3.x/apidocs/ | https://docs.spring.io/spring-ldap/docs/1.3.x/apidocs/ | HttpResponse(httpStatus = 200 OK) | null | 2 |
| http://docs.spring.io/spring/docs/3.2.x/javadoc-api | https://docs.spring.io/spring/docs/3.2.x/javadoc-api | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = http://docs.spring.io/spring/docs/3.2.x/javadoc-api/) | null | 1 |
| http://docs.spring.io/spring/docs/3.2.x/javadoc-api/ | https://docs.spring.io/spring/docs/3.2.x/javadoc-api/ | HttpResponse(httpStatus = 200 OK) | null | 1 |
| http://download.oracle.com/javase/6/docs/api/ | https://download.oracle.com/javase/6/docs/api/ | HttpResponse(httpStatus = 302 FOUND redirectUrl = https://docs.oracle.com/javase/6/docs/api/) | null | 2 |
| http://spring.io/ | https://spring.io/ | HttpResponse(httpStatus = 200 OK) | null | 42 |
| http://spring.io/spring-security | https://spring.io/spring-security | HttpResponse(httpStatus = 302 FOUND redirectUrl = https://projects.spring.io/spring-security) | null | 42 |
| http://www.apache.org/licenses/LICENSE-2.0.txt | https://www.apache.org/licenses/LICENSE-2.0.txt | HttpResponse(httpStatus = 200 OK) | null | 42 |
| http://forums.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property | https://discuss.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = https://discuss.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property) | 1 |
| http://forums.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided | https://discuss.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = https://discuss.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided) | 1 |

# Ignored
These URLs were intentionally ignored so we didn't migrate them.

| HTTP URL |
| --- |
| http://maven.apache.org/POM/4.0.0 |
| http://maven.apache.org/xsd/maven-4.0.0.xsd |
| http://www.w3.org/2001/XMLSchema-instance |
2019-03-01 15:49:15 -06:00
Spring Buildmaster
7f246e1c0e Release version 3.2.10.RELEASE 2016-12-22 20:05:14 +00:00
Rob Winch
53ccda1549 Fix pom.xml 2016-12-22 13:08:51 -06:00
Rob Winch
55a25fa213 Use BUILD-SNAPSHOT
See if this avoids the conflict resolution
2016-12-20 20:44:14 -06:00
Rob Winch
cdc485d121 Update to spring 3.2.17 2016-12-20 20:24:59 -06:00
Rob Winch
5e19ac5e7e Update pom.xml 2016-12-20 20:24:59 -06:00
Rob Winch
9e56424567 SEC-2784: Update to Gradle 2.2.1 2016-12-20 20:24:58 -06:00
Rob Winch
f75ebb22d8 Next Development Version 2015-10-30 16:38:34 -05:00
Spring Buildmaster
980edebefa Release version 3.2.9.RELEASE 2015-10-30 16:37:59 -05:00
Rob Winch
07848a1060 SEC-2848: LogoutConfigurer allows setting clearAuthentication 2015-10-30 13:56:07 -05:00
Rob Winch
8207a29e52 SEC-3135: antMatchers(<method>,new String[0]) now passive 2015-10-30 10:55:45 -05:00
Rob Winch
f232f5ef05 SEC-3135: antMatchers now allows method and no pattern
Previously, antMatchers(POST).authenticated() was not allowed. Instead
users had to use antMatchers(POST, "/**").authenticated().

Now we default the patterns to be "/**" if it is null or empty.
2015-10-29 12:58:40 -05:00
Rob Winch
29632ee9ea SEC-3132: securityBuilder cannot be null
If a custom SecurityConfiguererAdapter applies another
SecurityConfigurerAdapter it caused an error securityBuilder cannot be null.

This commit fixes this.
2015-10-23 13:34:27 -05:00
Rob Winch
7c62164392 SEC-3011: AbstractUrlAuthorizationConfigurer postProcess default AccessDecisionManager 2015-07-21 09:22:06 -05:00
Rob Winch
63a334317b SEC-3019: Java Config for Http Basic supports Rememberme 2015-07-16 11:13:12 -05:00
Rob Winch
13cb51c15f SEC-2918: Update Spring Version 3.2.13 2015-03-25 21:43:11 -05:00
Rob Winch
b0ad8173b0 SEC-2913: Post Process default session fixation AuthenticationStrategy
Before the default session fixation AuthenticationStrategy used a
NullEventPublisher when using the Java Configuration. This was due to the
fact that it is not exposed as a Bean and is not post processed.

We now post process the default session fixation AuthenticationStrategy
which initializes the EventPublisher properly.
2015-03-25 21:43:11 -05:00
Romain Fromi
6c185f649b SEC-2876: HttpSecurityBuilder addFilterAfter javadoc before->after 2015-02-24 22:20:45 -06:00
Rob Winch
1b26d03479 SEC-2832: Fix config tests 2015-02-24 17:53:54 -06:00
Rob Winch
72de17d79a SEC-2822: Make EnableGlobalAuthenticationAutowiredConfigurer static Bean
This ensures that EnableGlobalAuthenticationAutowiredConfigurer is actually
used in newer versions of Spring. See SPR-12646
2015-01-20 14:30:04 -06:00
Rob Winch
e27200a255 SEC-2815: Delay looking up AuthenticationConfiguration 2015-01-20 14:30:04 -06:00
Rob Winch
bf2d2d4597 SEC-2773: Add Test for static delegatingApplicationListener 2014-12-01 12:07:07 -06:00
Oliver Gierke
c05f27af6c SEC-2773: Prevent premature container initialization in WebSecurityConfiguration.
Changed the bean definition method for the DelegatingApplicationListener
to be static to avoid the need to instantiate the configuration class which
caused further premature initializations to satisfy the dependencies
expressed in setFilterChainProxySecurityConfigurer(…).
2014-12-01 12:07:05 -06:00
Rob Winch
cdac4d990b SEC-2747: Remove spring-core dependency from spring-security-crypto 2014-11-20 16:28:06 -06:00
Rob Winch
db66843e0b SEC-2749: CsrfConfigurer.requireCsrfProtectionMatcher correct null check 2014-11-20 14:42:53 -06:00
Rob Winch
29a8da4aa6 SEC-2574: Fix Bundlr 2014-11-20 11:10:58 -06:00
Rob Winch
b71989ecde SEC-2574: JavaConfig default SessionRegistry processes SessionDestroyedEvents 2014-11-19 17:10:14 -06:00
Rob Winch
d85a0a20bc SEC-2595: @EnableGlobalMethodSecurity AspectJ tweaks for Spring 3.2.x 2014-07-29 09:39:55 -05:00
Rob Winch
0a45d3170c SEC-2595: @EnableGlobalMethodSecurity AspectJ fixes 2014-07-25 16:27:49 -05:00
Rob Winch
47acf17323 SEC-2588: Javadoc fix channelSecurity->requiresChannel 2014-07-21 14:23:47 -05:00
Mirko Zeibig
85a37bdc02 SEC-2656: Fix <frame-options> with whitelist strategy 2014-06-18 09:07:41 -05:00
Rob Winch
d5842f949b SEC-2657: Test for multi dynamic ports for LDAP Java Config 2014-06-17 17:25:40 -05:00
Rob Winch
3e3d819526 SEC-2660: Move config integration-test *.groovy to groovy source folder 2014-06-17 17:23:18 -05:00
Rob Winch
8eb89e3f12 SEC-2658: Java Config triggers usePasswordAttrCompare to be set 2014-06-17 17:11:20 -05:00
Rob Winch
bdde468e7d SEC-2657: LdapAuthenticationProviderConfigurer find available port 2014-06-17 16:55:38 -05:00
Rob Winch
f574f2a2ac SEC-2618: LdapAuthenticationProviderConfigurer passwordAttribute null check
If LdapAuthenticationProviderConfigurer passwordAttribute is null, do not
set on the PasswordComparisonAuthenticator
2014-06-17 16:52:04 -05:00
Rob Winch
519d85877c SEC-2603: Fix config groovy integration tests 2014-05-20 23:14:11 -05:00
Rob Winch
f31a5c5411 SEC-2472: Support LDAP crypto PasswordEncoder 2014-05-20 23:13:07 -05:00
Andy Wilkinson
be687d6a84 SEC-2600: Remove unused import 2014-05-19 12:28:05 -05:00
Rob Winch
bf918df7a3 SEC-2543: Logout with CSRF enabled requires POST by default 2014-05-02 11:17:57 -05:00
Rob Winch
9a27f9f778 SEC-2579: Add springio-platform plugin 2014-04-29 16:59:32 -05:00
Rob Winch
d6f540fdee SEC-2532: Add disclaimer about jdbcAuthentication() with persistent data stores 2014-04-28 14:45:51 -05:00
Rob Winch
5e88ebef2e SEC-2549: Remove LazyBean marker interface 2014-04-24 13:55:25 -05:00
Rob Winch
79fa1c70eb SEC-2542: Polish dependency exclusions
This cleans up exclusions so the pom.xml are not as cluttered.
2014-04-02 08:49:25 -05:00
Rob Winch
fd6f9da184 SEC-2542: Use exclusions to remove duplicate dependencies
A number of projects had duplicate dependencies on their classpaths
as a result of the same classes being available in more than one
artifact, each with different Maven coordinates. Typically this only
affected the tests, but meant that the actual classes that were
loaded was somewhat unpredictable and had the potential to vary
between an IDE and the command line depending on the order in which
the aritfacts appeared on the classpath. This commit adds a number of
exclusions to remove such duplicates.

In addition to the new exclusions, notable other changes are:

 - Spring Data JPA has been updated to 1.4.1. This brings its
   transitive dependency upon spring-data-commons into line with
   Spring LDAP's and prevents both spring-data-commons-core and
   spring-data-commons from being on the classpath
 - All Servlet API dependencies have been updated to use the official
   artifact with all transitive dependencies on unofficial servlet API
   artifacts being excluded.
 - In places, groovy has been replaced with groovy-all. This removes
   some duplicates caused by groovy's transitive dependencies.
 - JUnit has been updated to 4.11 which brings its transitive Hamcrest
   dependency into line with other components.

There appears to be a bug in Gradle which means that some exclusions
applied to an artifact do not work reliably. To work around this
problem it has been necessary to apply some exclusions at the
configuration level

Conflicts:
	samples/messages-jc/pom.xml
2014-04-02 08:48:55 -05:00
Rob Winch
ea0466d666 Next developmenet version in pom.xml 2014-04-02 08:44:06 -05:00
Rob Winch
32c767a30d SEC-2533: Global AuthenticationManagerBuilder disables clearing child credentials 2014-03-25 13:00:42 -05:00
Rob Winch
a11746a8d1 SEC-2498: RequestCache allows POST when CSRF is disabled 2014-03-25 10:44:34 -05:00
Rob Winch
a18265a163 SEC-2531: AuthenticationConfiguration#lazyBean should use BeanClassLoader 2014-03-24 14:54:02 -05:00