Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-07 20:52:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,241 Commits 51 Branches 345 Tags
Commit Graph

148 Commits

Author SHA1 Message Date
Spring Operator
11a61dc8cc URL Cleanup 
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

# Fixed URLs

## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://www.apache.org/licenses/ with 1 occurrences migrated to:
  https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 with 924 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.html with 1 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html) result 200).
 2019-03-14 20:21:25 -05:00
Rob Winch
2288d50f0e Polish URLs 
We have performed some polish on your URLs. We do not follow redirects to avoid expanding intentionally shorter URLs (i.e. URL shortened URLs)

# Fixed URLs

## Fixed But Review Recommended
These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request, so we migrated them. Your review is recommended.

| HTTP URL | Result URL | HTTPS Result | HTTP Result | Count |
| --- | --- | --- | --- | --- |
| http://repo.terracotta.org/maven2/ | https://repo.terracotta.org/maven2/ | HttpResponse(httpStatus = 403 FORBIDDEN) | HttpResponse(httpStatus = 403 FORBIDDEN) | 1 |
| http://maven-gae-plugin.googlecode.com/svn/repository | https://maven-gae-plugin.googlecode.com/svn/repository | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
| http://repository.springsource.com/maven/bundles/external | https://repository.springsource.com/maven/bundles/external | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
| http://repository.springsource.com/maven/bundles/release | https://repository.springsource.com/maven/bundles/release | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
## Fixed Success
These URLs were fixed successfully.

| HTTP URL | Result URL | HTTPS Result | HTTP Result | Count |
| --- | --- | --- | --- | --- |
| http://docs.spring.io/spring-ldap/docs/1.3.x/apidocs/ | https://docs.spring.io/spring-ldap/docs/1.3.x/apidocs/ | HttpResponse(httpStatus = 200 OK) | null | 2 |
| http://docs.spring.io/spring/docs/3.2.x/javadoc-api | https://docs.spring.io/spring/docs/3.2.x/javadoc-api | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = http://docs.spring.io/spring/docs/3.2.x/javadoc-api/) | null | 1 |
| http://docs.spring.io/spring/docs/3.2.x/javadoc-api/ | https://docs.spring.io/spring/docs/3.2.x/javadoc-api/ | HttpResponse(httpStatus = 200 OK) | null | 1 |
| http://download.oracle.com/javase/6/docs/api/ | https://download.oracle.com/javase/6/docs/api/ | HttpResponse(httpStatus = 302 FOUND redirectUrl = https://docs.oracle.com/javase/6/docs/api/) | null | 2 |
| http://spring.io/ | https://spring.io/ | HttpResponse(httpStatus = 200 OK) | null | 42 |
| http://spring.io/spring-security | https://spring.io/spring-security | HttpResponse(httpStatus = 302 FOUND redirectUrl = https://projects.spring.io/spring-security) | null | 42 |
| http://www.apache.org/licenses/LICENSE-2.0.txt | https://www.apache.org/licenses/LICENSE-2.0.txt | HttpResponse(httpStatus = 200 OK) | null | 42 |
| http://forums.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property | https://discuss.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = https://discuss.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property) | 1 |
| http://forums.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided | https://discuss.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = https://discuss.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided) | 1 |

# Ignored
These URLs were intentionally ignored so we didn't migrate them.

| HTTP URL |
| --- |
| http://maven.apache.org/POM/4.0.0 |
| http://maven.apache.org/xsd/maven-4.0.0.xsd |
| http://www.w3.org/2001/XMLSchema-instance |
 2019-03-01 15:49:15 -06:00
Spring Buildmaster
7f246e1c0e Release version 3.2.10.RELEASE 2016-12-22 20:05:14 +00:00
Rob Winch
53ccda1549 Fix pom.xml 2016-12-22 13:08:51 -06:00
Rob Winch
55a25fa213 Use BUILD-SNAPSHOT 
See if this avoids the conflict resolution
 2016-12-20 20:44:14 -06:00
Rob Winch
cdc485d121 Update to spring 3.2.17 2016-12-20 20:24:59 -06:00
Rob Winch
5e19ac5e7e Update pom.xml 2016-12-20 20:24:59 -06:00
Rob Winch
f75ebb22d8 Next Development Version 2015-10-30 16:38:34 -05:00
Spring Buildmaster
980edebefa Release version 3.2.9.RELEASE 2015-10-30 16:37:59 -05:00
Rob Winch
d467146e49 SEC-2190: Support WebApplicationContext in ServletContext 2015-10-28 15:52:05 -05:00
Rob Winch
13cb51c15f SEC-2918: Update Spring Version 3.2.13 2015-03-25 21:43:11 -05:00
Rob Winch
cdac4d990b SEC-2747: Remove spring-core dependency from spring-security-crypto 2014-11-20 16:28:06 -06:00
Rob Winch
9a27f9f778 SEC-2579: Add springio-platform plugin 2014-04-29 16:59:32 -05:00
Rob Winch
79fa1c70eb SEC-2542: Polish dependency exclusions 
This cleans up exclusions so the pom.xml are not as cluttered.
 2014-04-02 08:49:25 -05:00
Rob Winch
fd6f9da184 SEC-2542: Use exclusions to remove duplicate dependencies 
A number of projects had duplicate dependencies on their classpaths
as a result of the same classes being available in more than one
artifact, each with different Maven coordinates. Typically this only
affected the tests, but meant that the actual classes that were
loaded was somewhat unpredictable and had the potential to vary
between an IDE and the command line depending on the order in which
the aritfacts appeared on the classpath. This commit adds a number of
exclusions to remove such duplicates.

In addition to the new exclusions, notable other changes are:

 - Spring Data JPA has been updated to 1.4.1. This brings its
   transitive dependency upon spring-data-commons into line with
   Spring LDAP's and prevents both spring-data-commons-core and
   spring-data-commons from being on the classpath
 - All Servlet API dependencies have been updated to use the official
   artifact with all transitive dependencies on unofficial servlet API
   artifacts being excluded.
 - In places, groovy has been replaced with groovy-all. This removes
   some duplicates caused by groovy's transitive dependencies.
 - JUnit has been updated to 4.11 which brings its transitive Hamcrest
   dependency into line with other components.

There appears to be a bug in Gradle which means that some exclusions
applied to an artifact do not work reliably. To work around this
problem it has been necessary to apply some exclusions at the
configuration level

Conflicts:
	samples/messages-jc/pom.xml
 2014-04-02 08:48:55 -05:00
Rob Winch
ea0466d666 Next developmenet version in pom.xml 2014-04-02 08:44:06 -05:00
Rob Winch
2cad2f401b SEC-2325: Polish CSRF Tag support 
- Rename csrfField to csrfInput
- Make AbstractCsrfTag package scope
- rename FormFieldTag to CsrfInputTag
- rename MetaTagsTag to CsrfMetaTagsTag
- removed whitespace from tag output so output is
  minimized & improving browser performance
- Update @since
- changed test names to be more meaningful
 2014-03-07 15:25:57 -06:00
beamerblvd
3048e2c6e7 SEC-2325 Added JSP tags for CSRF meta tags and form fields 2014-03-07 13:18:46 -06:00
Rob Winch
7f99a2dfbb SEC-2487: Update to Spring 3.2.8.RELEASE 2014-02-19 09:30:40 -06:00
Rob Winch
ec8b48150d SEC-2474: Update poms 2014-02-07 17:01:11 -06:00
Rob Winch
a34178bc40 SEC-2434: Update to Spring 3.2.6 and Spring 4.0 GA 2013-12-12 08:16:59 -06:00
Rob Winch
4460e84b29 Updates to pom.xml author and repo 2013-12-09 08:57:30 -06:00
Rob Winch
2c8946c406 Next development version 2013-11-01 14:20:55 -05:00
Spring Buildmaster
9c703a3051 Release version 3.2.0.RC2 2013-11-01 14:20:49 -05:00
Rob Winch
88f41cdf62 SEC-2341: Update to Gradle 1.8 
Some dependencies were necessary to update due to issues with JUnit
integration.
 2013-09-24 15:35:51 -05:00
Rob Winch
d33b9e2854 SEC-2324: Update Spring Security tld version 2013-09-18 17:40:00 -05:00
Rob Winch
3d2f23602f SEC-2294: Update Spring Version to 3.2.4.RELEASE 2013-08-31 11:26:43 -05:00
Rob Winch
976d9a9016 SEC-2194: Polish java config sample apps 2013-08-08 14:33:54 -05:00
Rob Winch
5e6ca12b01 SEC-2097: Update integrationTestCompile to use optional and provided 
Also update slf4j version and remove explicit commons-logging from pom generation
 2013-07-16 15:59:06 -05:00
Rob Winch
02551e1b7a SEC-2214: Update Spring Version 2013-07-16 15:15:47 -05:00
Rob Winch
faa8b354b7 SEC-2209: add pom.xml 2013-07-16 15:15:47 -05:00
Rob Winch
1ed643ca1f SEC-1998: Provide integration with WebAsyncManager#startCallableProcessing 
Support integration of the Spring SecurityContext on Callable's used with
WebAsyncManager by registering SecurityContextCallableProcessingInterceptor.
 2012-11-28 17:56:03 -06:00
Rob Winch
f38df99730 SEC-2045: AbstractAuthorizeTag supports custom WebInvocationPrivilegeEvaluator 2012-10-04 11:34:36 -05:00
Rob Winch
f441c352f6 Clean up warnings in AccessControlListTagTests 2012-08-02 09:49:19 -05:00
Rob Winch
4b86d49a9a SEC-2023: AccessControlListTag again supports bitmasks 
Spring Security 3.1 has a regression i the AccessControlListTag
which should support using the bitmask in hasPermission.

Now hasPermission supports bit masks again.
 2012-08-02 09:48:01 -05:00
Rob Winch
b481a6c1ad SEC-2022: AccessControlListTag again supports , separated list of permissions 
Spring Security 3.0.x allowed developers to pass in a , separated list of permissions.
However, this functionality was accidentally removed in SEC-1560.

The AcessControlListTag now splits the permissions using , as a delimiter
which fixes this passivity issue.
 2012-08-02 09:47:48 -05:00
Rob Winch
b626a63b85 Suppress warnings in AbstractAuthorizeTag and AuthorizeTagCustomGrantedAuthorityTests 2012-04-22 21:54:44 -05:00
Christian Hilmersson
d57f1d56d5 SEC-1900: AbstractAuthorizeTag now compares using getAuthority() 
This avoids backwards compatibility issues with other GrantedAuthority
implementations.
 2012-04-22 21:54:43 -05:00
Rob Winch
8ca2927761 Renamed **/Test.java to **/Tests.java to better follow conventions 2011-12-28 17:39:29 -06:00
Luke Taylor
178765cf83 SEC-1836: Forgot taglib comment update. 2011-11-01 00:19:37 +00:00
Luke Taylor
fc399af136 SEC-1836: use GET as the default method with authorize tag. 2011-10-31 23:23:37 +00:00
Luke Taylor
503ac9ae7c SEC-1798: Remove internal evaluation of EL in JSP tag implementations. 2011-08-12 19:44:27 +01:00
Luke Taylor
74daa68691 SEC-1796: Check for annotated annotations at class/interface level. Previously only the specific security annotation was checked for. By delegating to Spring's AnnotationUtils, custom annotations carrying the security annotation are also detected. 2011-08-12 14:29:55 +01:00
Luke Taylor
63f160dc72 SEC-1749: Add support for PageContext lookup of objects and use of PermissionEvaluator when using web access expressions. 2011-05-19 15:27:35 +01:00
Luke Taylor
ce19b470e2 SEC-1560: Change AccessControlListTag to use PermissionEvaluator rather than explicit ACL classes. 2011-05-17 22:55:20 +01:00
Luke Taylor
ccc548b9e4 Fixing bundlor warnings. 2011-03-08 16:20:37 +00:00
Luke Taylor
94b7868039 SEC-1675: Add missing body-content elements to tag descriptor and update it to use 2.0 tag library schema. 2011-02-14 21:17:16 +00:00
Luke Taylor
b0df1bd1b0 SEC-1673: Use a map to store the range values use in the bundlor templates. 2011-02-07 16:06:23 +00:00
Luke Taylor
00200cecbc SEC-1494: Added system property "spring.security.disableUISecurity" which will prevent authorize tags from hiding content. By default, the property will also cause the area that would normally be hidden to be decorated with a <span class="securityHiddenUI"> tag, thus allowing the area to be rendered with some distinguishing css (e.g. a different background colour). 2011-01-25 13:16:46 +00:00
Luke Taylor
85d685f7d3 SEC-1611: Make access attribute in authorize tag a runtime expression 2010-12-14 16:55:34 +00:00