Spring Operator
11a61dc8cc
URL Cleanup
...
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).
# Fixed URLs
## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.
* http://www.apache.org/licenses/ with 1 occurrences migrated to:
https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/ ) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 with 924 occurrences migrated to:
https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0 ) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.html with 1 occurrences migrated to:
https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html ) result 200).
2019-03-14 20:21:25 -05:00
Rob Winch
2288d50f0e
Polish URLs
...
We have performed some polish on your URLs. We do not follow redirects to avoid expanding intentionally shorter URLs (i.e. URL shortened URLs)
# Fixed URLs
## Fixed But Review Recommended
These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request, so we migrated them. Your review is recommended.
| HTTP URL | Result URL | HTTPS Result | HTTP Result | Count |
| --- | --- | --- | --- | --- |
| http://repo.terracotta.org/maven2/ | https://repo.terracotta.org/maven2/ | HttpResponse(httpStatus = 403 FORBIDDEN) | HttpResponse(httpStatus = 403 FORBIDDEN) | 1 |
| http://maven-gae-plugin.googlecode.com/svn/repository | https://maven-gae-plugin.googlecode.com/svn/repository | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
| http://repository.springsource.com/maven/bundles/external | https://repository.springsource.com/maven/bundles/external | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
| http://repository.springsource.com/maven/bundles/release | https://repository.springsource.com/maven/bundles/release | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
## Fixed Success
These URLs were fixed successfully.
| HTTP URL | Result URL | HTTPS Result | HTTP Result | Count |
| --- | --- | --- | --- | --- |
| http://docs.spring.io/spring-ldap/docs/1.3.x/apidocs/ | https://docs.spring.io/spring-ldap/docs/1.3.x/apidocs/ | HttpResponse(httpStatus = 200 OK) | null | 2 |
| http://docs.spring.io/spring/docs/3.2.x/javadoc-api | https://docs.spring.io/spring/docs/3.2.x/javadoc-api | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = http://docs.spring.io/spring/docs/3.2.x/javadoc-api/ ) | null | 1 |
| http://docs.spring.io/spring/docs/3.2.x/javadoc-api/ | https://docs.spring.io/spring/docs/3.2.x/javadoc-api/ | HttpResponse(httpStatus = 200 OK) | null | 1 |
| http://download.oracle.com/javase/6/docs/api/ | https://download.oracle.com/javase/6/docs/api/ | HttpResponse(httpStatus = 302 FOUND redirectUrl = https://docs.oracle.com/javase/6/docs/api/ ) | null | 2 |
| http://spring.io/ | https://spring.io/ | HttpResponse(httpStatus = 200 OK) | null | 42 |
| http://spring.io/spring-security | https://spring.io/spring-security | HttpResponse(httpStatus = 302 FOUND redirectUrl = https://projects.spring.io/spring-security ) | null | 42 |
| http://www.apache.org/licenses/LICENSE-2.0.txt | https://www.apache.org/licenses/LICENSE-2.0.txt | HttpResponse(httpStatus = 200 OK) | null | 42 |
| http://forums.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property | https://discuss.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = https://discuss.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property ) | 1 |
| http://forums.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided | https://discuss.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = https://discuss.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided ) | 1 |
# Ignored
These URLs were intentionally ignored so we didn't migrate them.
| HTTP URL |
| --- |
| http://maven.apache.org/POM/4.0.0 |
| http://maven.apache.org/xsd/maven-4.0.0.xsd |
| http://www.w3.org/2001/XMLSchema-instance |
2019-03-01 15:49:15 -06:00
Spring Buildmaster
7f246e1c0e
Release version 3.2.10.RELEASE
2016-12-22 20:05:14 +00:00
Rob Winch
53ccda1549
Fix pom.xml
2016-12-22 13:08:51 -06:00
Rob Winch
55a25fa213
Use BUILD-SNAPSHOT
...
See if this avoids the conflict resolution
2016-12-20 20:44:14 -06:00
Rob Winch
cdc485d121
Update to spring 3.2.17
2016-12-20 20:24:59 -06:00
Rob Winch
5e19ac5e7e
Update pom.xml
2016-12-20 20:24:59 -06:00
Rob Winch
f75ebb22d8
Next Development Version
2015-10-30 16:38:34 -05:00
Spring Buildmaster
980edebefa
Release version 3.2.9.RELEASE
2015-10-30 16:37:59 -05:00
Rob Winch
90f230cbfa
SEC-2521: Improve StandardPasswordEncoder performance
2015-10-27 11:25:31 -05:00
Rob Winch
704b114842
SEC-3002: Add JUnit Assume to GCM encryption tests
...
Not all JDKs have GCM installed on them.
2015-07-14 14:58:21 -05:00
Rob Winch
4e6b12f8b4
SEC-3002: Add new option for AES encryption with GCM
...
The Galois Counter Mode (GCM) is held to be superior than the current
default CBC. This change adds an extra parameter to the constructor
of AesBytesEncryptor and a new convenience method in Encryptors.
2015-07-10 00:01:13 -05:00
Rob Winch
13cb51c15f
SEC-2918: Update Spring Version 3.2.13
2015-03-25 21:43:11 -05:00
Rob Winch
cdac4d990b
SEC-2747: Remove spring-core dependency from spring-security-crypto
2014-11-20 16:28:06 -06:00
Rob Winch
9a27f9f778
SEC-2579: Add springio-platform plugin
2014-04-29 16:59:32 -05:00
Rob Winch
fd6f9da184
SEC-2542: Use exclusions to remove duplicate dependencies
...
A number of projects had duplicate dependencies on their classpaths
as a result of the same classes being available in more than one
artifact, each with different Maven coordinates. Typically this only
affected the tests, but meant that the actual classes that were
loaded was somewhat unpredictable and had the potential to vary
between an IDE and the command line depending on the order in which
the aritfacts appeared on the classpath. This commit adds a number of
exclusions to remove such duplicates.
In addition to the new exclusions, notable other changes are:
- Spring Data JPA has been updated to 1.4.1. This brings its
transitive dependency upon spring-data-commons into line with
Spring LDAP's and prevents both spring-data-commons-core and
spring-data-commons from being on the classpath
- All Servlet API dependencies have been updated to use the official
artifact with all transitive dependencies on unofficial servlet API
artifacts being excluded.
- In places, groovy has been replaced with groovy-all. This removes
some duplicates caused by groovy's transitive dependencies.
- JUnit has been updated to 4.11 which brings its transitive Hamcrest
dependency into line with other components.
There appears to be a bug in Gradle which means that some exclusions
applied to an artifact do not work reliably. To work around this
problem it has been necessary to apply some exclusions at the
configuration level
Conflicts:
samples/messages-jc/pom.xml
2014-04-02 08:48:55 -05:00
Rob Winch
ea0466d666
Next developmenet version in pom.xml
2014-04-02 08:44:06 -05:00
Rob Winch
7f99a2dfbb
SEC-2487: Update to Spring 3.2.8.RELEASE
2014-02-19 09:30:40 -06:00
Rob Winch
ec8b48150d
SEC-2474: Update poms
2014-02-07 17:01:11 -06:00
Rob Winch
a34178bc40
SEC-2434: Update to Spring 3.2.6 and Spring 4.0 GA
2013-12-12 08:16:59 -06:00
Rob Winch
4460e84b29
Updates to pom.xml author and repo
2013-12-09 08:57:30 -06:00
Rob Winch
2c8946c406
Next development version
2013-11-01 14:20:55 -05:00
Spring Buildmaster
9c703a3051
Release version 3.2.0.RC2
2013-11-01 14:20:49 -05:00
Rob Winch
88f41cdf62
SEC-2341: Update to Gradle 1.8
...
Some dependencies were necessary to update due to issues with JUnit
integration.
2013-09-24 15:35:51 -05:00
Rob Winch
3d2f23602f
SEC-2294: Update Spring Version to 3.2.4.RELEASE
2013-08-31 11:26:43 -05:00
Rob Winch
aca2e4ff3a
SEC-2289: Add spring4Test
2013-08-27 16:43:10 -05:00
Rob Winch
976d9a9016
SEC-2194: Polish java config sample apps
2013-08-08 14:33:54 -05:00
Rob Winch
5e6ca12b01
SEC-2097: Update integrationTestCompile to use optional and provided
...
Also update slf4j version and remove explicit commons-logging from pom generation
2013-07-16 15:59:06 -05:00
Rob Winch
02551e1b7a
SEC-2214: Update Spring Version
2013-07-16 15:15:47 -05:00
Rob Winch
faa8b354b7
SEC-2209: add pom.xml
2013-07-16 15:15:47 -05:00
Luke Taylor
743960d2d8
SEC-2122: Fix broken integration tests.
...
Modified BCryptPasswordEncoder to no longer throw an
IllegalArgumentException when the encoded password is empty or
the incorrect format for bcrypt. Instead it now logs a warning
that non bcrypt data was found.
The Dms integration tests were failing after being changed to
use bcrypt and this fixes the issue.
2013-05-21 23:13:08 +01:00
Luke Taylor
d6524feb62
SEC-2122: Change doc to prioritize bcrypt use
2013-05-17 18:42:47 +01:00
Rob Winch
4fabe939d0
SEC-2035: Add template.mf to crypto
2012-08-17 14:13:56 -05:00
Rob Winch
a6bded86c2
SEC-1990: Polishing code cleanup on BCrypt
...
- Formatting
- Renamed test to be BCryptTests to better align with Spring Security's naming conventions
2012-07-05 14:12:14 -05:00
Joseph Walton
14a5135ac3
SEC-1990: Clean up jBCrypt and include its tests.
...
Merge in changes from jBCrypt.
- Use a ByteArrayOutputStream to cache bytes.
- Pass a StringBuilder into encode_base64.
- Refactor string comparison into its own method.
- General clean up.
2012-07-05 14:04:39 -05:00
Luke Taylor
3760d792ea
SEC-1890: Add checks for validity of stored bcrypt hash
...
When checking for a match, the BCryptPasswordEncoder validates
the stored hash against a pattern to check that it actually is
a bcrypt value.
2012-02-22 14:36:13 +00:00
Dave Syer
8565116f20
SEC-1472: Add crypto wrappers for BCrypt
2011-11-02 18:10:19 +00:00
Luke Taylor
45d938566c
Some tests for Base64 encoding.
2011-08-12 19:44:27 +01:00
Luke Taylor
89b7b2b935
SEC-1764: Remove use of Java 6 method Arrays.copyOfRange.
2011-06-15 11:22:17 +01:00
Luke Taylor
e27f655e9d
SEC-1689: Re-instate crypto as separate library (for use in non-Spring Security apps), as well as packaging with core.
2011-06-10 00:01:25 +01:00
Luke Taylor
50828cdd43
SEC-1689: Move crypto module code to core for simplicity.
2011-03-10 18:58:47 +00:00
Rob Winch
8c08eeb57b
SEC-1666: Use constant time comparison for sensitive data.
...
Constant time comparison helps to mitigate timing attacks. See the following link for more information
* http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/
* http://en.wikipedia.org/wiki/Timing_attack for more information.
2011-01-31 23:03:51 -06:00
Rob Winch
2e822e9abe
SEC-1659: Ensure that Digester is returning digest(digest(value)...) instead of digesting the same value multiple times.
...
Make it so that the Digester returns digest(digest(value)...) instead of digesting the same value multiple times. This
alligns with the OWASP recommendations at http://www.owasp.org/index.php/Hashing_Java#Hardening_against_the_attacker.27s_attack
2011-01-30 22:30:01 -06:00
Luke Taylor
6b1b012e2c
Added check for maximum AES key size in crypto.gradle to skip tests if limited strength crypto policy files are in place.
2011-01-20 02:13:33 +00:00
Luke Taylor
594f6694bb
Add logging of jdk version to crypto build file
2011-01-20 01:31:30 +00:00
Luke Taylor
d686f64f26
Skip EncryptorsTests when using <JDK 1.6 as AES isn't available
2011-01-19 23:43:13 +00:00
Luke Taylor
162cb64baa
SEC-1659: Label crypto utils package as only for internal use.
2011-01-19 18:19:58 +00:00
Keith Donald
b646e44646
SEC-1659: fixed bundlor step of build
2011-01-19 18:17:03 +00:00
Keith Donald
ea76efdb2c
SEC-1659: favor AES encryption instead of DES as standard symmetric encryption algorithm
2011-01-19 18:17:02 +00:00
Keith Donald
ffa7301e7f
SEC-1569: initial commit of spring-security-crypto module, consisting of encrypt, keygen, password, and util packages
2011-01-19 18:17:02 +00:00