Spring Operator
11a61dc8cc
URL Cleanup
...
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).
# Fixed URLs
## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.
* http://www.apache.org/licenses/ with 1 occurrences migrated to:
https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/ ) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 with 924 occurrences migrated to:
https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0 ) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.html with 1 occurrences migrated to:
https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html ) result 200).
2019-03-14 20:21:25 -05:00
Rob Winch
2288d50f0e
Polish URLs
...
We have performed some polish on your URLs. We do not follow redirects to avoid expanding intentionally shorter URLs (i.e. URL shortened URLs)
# Fixed URLs
## Fixed But Review Recommended
These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request, so we migrated them. Your review is recommended.
| HTTP URL | Result URL | HTTPS Result | HTTP Result | Count |
| --- | --- | --- | --- | --- |
| http://repo.terracotta.org/maven2/ | https://repo.terracotta.org/maven2/ | HttpResponse(httpStatus = 403 FORBIDDEN) | HttpResponse(httpStatus = 403 FORBIDDEN) | 1 |
| http://maven-gae-plugin.googlecode.com/svn/repository | https://maven-gae-plugin.googlecode.com/svn/repository | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
| http://repository.springsource.com/maven/bundles/external | https://repository.springsource.com/maven/bundles/external | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
| http://repository.springsource.com/maven/bundles/release | https://repository.springsource.com/maven/bundles/release | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
## Fixed Success
These URLs were fixed successfully.
| HTTP URL | Result URL | HTTPS Result | HTTP Result | Count |
| --- | --- | --- | --- | --- |
| http://docs.spring.io/spring-ldap/docs/1.3.x/apidocs/ | https://docs.spring.io/spring-ldap/docs/1.3.x/apidocs/ | HttpResponse(httpStatus = 200 OK) | null | 2 |
| http://docs.spring.io/spring/docs/3.2.x/javadoc-api | https://docs.spring.io/spring/docs/3.2.x/javadoc-api | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = http://docs.spring.io/spring/docs/3.2.x/javadoc-api/ ) | null | 1 |
| http://docs.spring.io/spring/docs/3.2.x/javadoc-api/ | https://docs.spring.io/spring/docs/3.2.x/javadoc-api/ | HttpResponse(httpStatus = 200 OK) | null | 1 |
| http://download.oracle.com/javase/6/docs/api/ | https://download.oracle.com/javase/6/docs/api/ | HttpResponse(httpStatus = 302 FOUND redirectUrl = https://docs.oracle.com/javase/6/docs/api/ ) | null | 2 |
| http://spring.io/ | https://spring.io/ | HttpResponse(httpStatus = 200 OK) | null | 42 |
| http://spring.io/spring-security | https://spring.io/spring-security | HttpResponse(httpStatus = 302 FOUND redirectUrl = https://projects.spring.io/spring-security ) | null | 42 |
| http://www.apache.org/licenses/LICENSE-2.0.txt | https://www.apache.org/licenses/LICENSE-2.0.txt | HttpResponse(httpStatus = 200 OK) | null | 42 |
| http://forums.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property | https://discuss.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = https://discuss.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property ) | 1 |
| http://forums.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided | https://discuss.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = https://discuss.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided ) | 1 |
# Ignored
These URLs were intentionally ignored so we didn't migrate them.
| HTTP URL |
| --- |
| http://maven.apache.org/POM/4.0.0 |
| http://maven.apache.org/xsd/maven-4.0.0.xsd |
| http://www.w3.org/2001/XMLSchema-instance |
2019-03-01 15:49:15 -06:00
Spring Buildmaster
7f246e1c0e
Release version 3.2.10.RELEASE
2016-12-22 20:05:14 +00:00
Rob Winch
53ccda1549
Fix pom.xml
2016-12-22 13:08:51 -06:00
Rob Winch
55a25fa213
Use BUILD-SNAPSHOT
...
See if this avoids the conflict resolution
2016-12-20 20:44:14 -06:00
Rob Winch
cdc485d121
Update to spring 3.2.17
2016-12-20 20:24:59 -06:00
Rob Winch
5e19ac5e7e
Update pom.xml
2016-12-20 20:24:59 -06:00
Rob Winch
9e56424567
SEC-2784: Update to Gradle 2.2.1
2016-12-20 20:24:58 -06:00
Rob Winch
f75ebb22d8
Next Development Version
2015-10-30 16:38:34 -05:00
Spring Buildmaster
980edebefa
Release version 3.2.9.RELEASE
2015-10-30 16:37:59 -05:00
Rob Winch
07848a1060
SEC-2848: LogoutConfigurer allows setting clearAuthentication
2015-10-30 13:56:07 -05:00
Rob Winch
8207a29e52
SEC-3135: antMatchers(<method>,new String[0]) now passive
2015-10-30 10:55:45 -05:00
Rob Winch
f232f5ef05
SEC-3135: antMatchers now allows method and no pattern
...
Previously, antMatchers(POST).authenticated() was not allowed. Instead
users had to use antMatchers(POST, "/**").authenticated().
Now we default the patterns to be "/**" if it is null or empty.
2015-10-29 12:58:40 -05:00
Rob Winch
29632ee9ea
SEC-3132: securityBuilder cannot be null
...
If a custom SecurityConfiguererAdapter applies another
SecurityConfigurerAdapter it caused an error securityBuilder cannot be null.
This commit fixes this.
2015-10-23 13:34:27 -05:00
Rob Winch
7c62164392
SEC-3011: AbstractUrlAuthorizationConfigurer postProcess default AccessDecisionManager
2015-07-21 09:22:06 -05:00
Rob Winch
63a334317b
SEC-3019: Java Config for Http Basic supports Rememberme
2015-07-16 11:13:12 -05:00
Rob Winch
13cb51c15f
SEC-2918: Update Spring Version 3.2.13
2015-03-25 21:43:11 -05:00
Rob Winch
b0ad8173b0
SEC-2913: Post Process default session fixation AuthenticationStrategy
...
Before the default session fixation AuthenticationStrategy used a
NullEventPublisher when using the Java Configuration. This was due to the
fact that it is not exposed as a Bean and is not post processed.
We now post process the default session fixation AuthenticationStrategy
which initializes the EventPublisher properly.
2015-03-25 21:43:11 -05:00
Romain Fromi
6c185f649b
SEC-2876: HttpSecurityBuilder addFilterAfter javadoc before->after
2015-02-24 22:20:45 -06:00
Rob Winch
1b26d03479
SEC-2832: Fix config tests
2015-02-24 17:53:54 -06:00
Rob Winch
72de17d79a
SEC-2822: Make EnableGlobalAuthenticationAutowiredConfigurer static Bean
...
This ensures that EnableGlobalAuthenticationAutowiredConfigurer is actually
used in newer versions of Spring. See SPR-12646
2015-01-20 14:30:04 -06:00
Rob Winch
e27200a255
SEC-2815: Delay looking up AuthenticationConfiguration
2015-01-20 14:30:04 -06:00
Rob Winch
bf2d2d4597
SEC-2773: Add Test for static delegatingApplicationListener
2014-12-01 12:07:07 -06:00
Oliver Gierke
c05f27af6c
SEC-2773: Prevent premature container initialization in WebSecurityConfiguration.
...
Changed the bean definition method for the DelegatingApplicationListener
to be static to avoid the need to instantiate the configuration class which
caused further premature initializations to satisfy the dependencies
expressed in setFilterChainProxySecurityConfigurer(…).
2014-12-01 12:07:05 -06:00
Rob Winch
cdac4d990b
SEC-2747: Remove spring-core dependency from spring-security-crypto
2014-11-20 16:28:06 -06:00
Rob Winch
db66843e0b
SEC-2749: CsrfConfigurer.requireCsrfProtectionMatcher correct null check
2014-11-20 14:42:53 -06:00
Rob Winch
29a8da4aa6
SEC-2574: Fix Bundlr
2014-11-20 11:10:58 -06:00
Rob Winch
b71989ecde
SEC-2574: JavaConfig default SessionRegistry processes SessionDestroyedEvents
2014-11-19 17:10:14 -06:00
Rob Winch
d85a0a20bc
SEC-2595: @EnableGlobalMethodSecurity AspectJ tweaks for Spring 3.2.x
2014-07-29 09:39:55 -05:00
Rob Winch
0a45d3170c
SEC-2595: @EnableGlobalMethodSecurity AspectJ fixes
2014-07-25 16:27:49 -05:00
Rob Winch
47acf17323
SEC-2588: Javadoc fix channelSecurity->requiresChannel
2014-07-21 14:23:47 -05:00
Mirko Zeibig
85a37bdc02
SEC-2656: Fix <frame-options> with whitelist strategy
2014-06-18 09:07:41 -05:00
Rob Winch
d5842f949b
SEC-2657: Test for multi dynamic ports for LDAP Java Config
2014-06-17 17:25:40 -05:00
Rob Winch
3e3d819526
SEC-2660: Move config integration-test *.groovy to groovy source folder
2014-06-17 17:23:18 -05:00
Rob Winch
8eb89e3f12
SEC-2658: Java Config triggers usePasswordAttrCompare to be set
2014-06-17 17:11:20 -05:00
Rob Winch
bdde468e7d
SEC-2657: LdapAuthenticationProviderConfigurer find available port
2014-06-17 16:55:38 -05:00
Rob Winch
f574f2a2ac
SEC-2618: LdapAuthenticationProviderConfigurer passwordAttribute null check
...
If LdapAuthenticationProviderConfigurer passwordAttribute is null, do not
set on the PasswordComparisonAuthenticator
2014-06-17 16:52:04 -05:00
Rob Winch
519d85877c
SEC-2603: Fix config groovy integration tests
2014-05-20 23:14:11 -05:00
Rob Winch
f31a5c5411
SEC-2472: Support LDAP crypto PasswordEncoder
2014-05-20 23:13:07 -05:00
Andy Wilkinson
be687d6a84
SEC-2600: Remove unused import
2014-05-19 12:28:05 -05:00
Rob Winch
bf918df7a3
SEC-2543: Logout with CSRF enabled requires POST by default
2014-05-02 11:17:57 -05:00
Rob Winch
9a27f9f778
SEC-2579: Add springio-platform plugin
2014-04-29 16:59:32 -05:00
Rob Winch
d6f540fdee
SEC-2532: Add disclaimer about jdbcAuthentication() with persistent data stores
2014-04-28 14:45:51 -05:00
Rob Winch
5e88ebef2e
SEC-2549: Remove LazyBean marker interface
2014-04-24 13:55:25 -05:00
Rob Winch
79fa1c70eb
SEC-2542: Polish dependency exclusions
...
This cleans up exclusions so the pom.xml are not as cluttered.
2014-04-02 08:49:25 -05:00
Rob Winch
fd6f9da184
SEC-2542: Use exclusions to remove duplicate dependencies
...
A number of projects had duplicate dependencies on their classpaths
as a result of the same classes being available in more than one
artifact, each with different Maven coordinates. Typically this only
affected the tests, but meant that the actual classes that were
loaded was somewhat unpredictable and had the potential to vary
between an IDE and the command line depending on the order in which
the aritfacts appeared on the classpath. This commit adds a number of
exclusions to remove such duplicates.
In addition to the new exclusions, notable other changes are:
- Spring Data JPA has been updated to 1.4.1. This brings its
transitive dependency upon spring-data-commons into line with
Spring LDAP's and prevents both spring-data-commons-core and
spring-data-commons from being on the classpath
- All Servlet API dependencies have been updated to use the official
artifact with all transitive dependencies on unofficial servlet API
artifacts being excluded.
- In places, groovy has been replaced with groovy-all. This removes
some duplicates caused by groovy's transitive dependencies.
- JUnit has been updated to 4.11 which brings its transitive Hamcrest
dependency into line with other components.
There appears to be a bug in Gradle which means that some exclusions
applied to an artifact do not work reliably. To work around this
problem it has been necessary to apply some exclusions at the
configuration level
Conflicts:
samples/messages-jc/pom.xml
2014-04-02 08:48:55 -05:00
Rob Winch
ea0466d666
Next developmenet version in pom.xml
2014-04-02 08:44:06 -05:00
Rob Winch
32c767a30d
SEC-2533: Global AuthenticationManagerBuilder disables clearing child credentials
2014-03-25 13:00:42 -05:00
Rob Winch
a11746a8d1
SEC-2498: RequestCache allows POST when CSRF is disabled
2014-03-25 10:44:34 -05:00
Rob Winch
a18265a163
SEC-2531: AuthenticationConfiguration#lazyBean should use BeanClassLoader
2014-03-24 14:54:02 -05:00