Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-07 12:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,484 Commits 51 Branches 345 Tags
Commit Graph

5484 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Spring Buildmaster
7be99ff7fa Next development version 2016-02-25 14:10:11 -08:00
Spring Buildmaster
0e9d9da46b Release version 4.0.4.RELEASE 4.0.4.RELEASE 2016-02-25 14:09:54 -08:00
Rob Winch
a3a78e50cb Update to Spring 4.2.5 
Fixes gh-3716
 2016-02-25 11:33:55 -06:00
Rob Winch
8c8f499a69 Remove logging for "Skip invoking on" response committed 
Fixes gh-3683
 2016-02-25 11:00:16 -06:00
Rob Winch
80ca441e88 Remove check.dependsOn springSnapshotTest 2015-12-21 17:00:20 -06:00
Rob Winch
cfd576316f SEC-3179: Set springIoVersion to explicit version 2015-12-21 17:00:18 -06:00
Alex Panchenko
409a74330e SEC-3158 findRequiredWebApplicationContext() compatibility with spring framework 4.1.x 2015-12-03 22:16:54 -06:00
Kazuki Shimizu
87247318f2 SEC-3152: Add @Retention to @WithMock documentation 2015-11-12 16:22:38 -06:00
petaure
dbf883ba98 SEC-3150: Escape ' character in messages_fr.properties 
Escape ' character, if not format doesn't work fine.
 2015-11-12 15:44:10 -06:00
Kazuki Shimizu
675ac80926 SEC-3147: Add error parameter for default authentication-failure-url 2015-11-12 15:12:38 -06:00
Rob Winch
5f6e3855f1 Next Development Version 2015-10-30 16:41:18 -05:00
Spring Buildmaster
19f88e9179 Release version 4.0.3.RELEASE 4.0.3.RELEASE 2015-10-30 12:35:23 -07:00
Rob Winch
cf9b6bc0de SEC-2848: LogoutConfigurer allows setting clearAuthentication 2015-10-30 13:54:30 -05:00
Rob Winch
fc67550ff2 SEC-3135: antMatchers(<method>,new String[0]) now passive 2015-10-30 10:09:03 -05:00
Rob Winch
af2a431f23 SEC-3120: Remove .and() from httpStrictTransportSecurity() doc 2015-10-30 09:10:57 -05:00
Rob Winch
8d9b06afb4 SEC-3082: make SavedRequest parameters case sensitive 2015-10-29 16:46:33 -05:00
Rob Winch
0ecdd0e856 SEC-3120: Reference hsts() -> httpStrictTransportSecurity() 2015-10-29 15:10:16 -05:00
Rob Winch
edd2751ff1 SEC-3128: RoleVoter supports null Authentication 2015-10-29 14:03:47 -05:00
Rob Winch
8663ac4173 SEC-3135: antMatchers now allows method and no pattern 
Previously, antMatchers(POST).authenticated() was not allowed. Instead
users had to use antMatchers(POST, "/**").authenticated().

Now we default the patterns to be "/**" if it is null or empty.
 2015-10-29 12:48:56 -05:00
Rob Winch
72213b5c69 SEC-2190: Fix Javadoc 2015-10-29 11:42:03 -05:00
Rob Winch
2bbe70501b SEC-2190: Support WebApplicationContext in ServletContext attribute 2015-10-28 15:26:16 -05:00
Rob Winch
da606d50c0 SEC-3108: DigestAuthenticationFilter should use SecurityContextHolder.createEmptyContext() 2015-10-27 13:57:18 -05:00
Rob Winch
d648a56e16 SEC-2521: Improve StandardPasswordEncoder performance 2015-10-27 11:21:05 -05:00
Rob Winch
9c39a0e83e SEC-3109: Fix web tests 2015-10-26 21:31:40 -05:00
Rob Winch
c8692b6d0b SEC-3109: DelegatingSecurityContextExecutor fails with same Thread 
Previously DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable
would not setup the SecurityContext if it was on the same thread as it was created.
This was intended to fix SEC-3031 but simply caused more problems.

This commit changes the strategy to keep track of the previous SecurityContext
and restore it (or clear it out if it was originally empty).
 2015-10-26 17:17:31 -05:00
Rob Winch
45bbabd485 SEC-3057: Include all *.txt & *.jar in dist zip 2015-10-26 14:04:48 -05:00
Rob Winch
43fbeab106 SEC-3133: Correct test doc username parameter 2015-10-26 13:00:27 -05:00
Rob Winch
b719e0fbcc SEC-3132: securityBuilder cannot be null 
If a custom SecurityConfiguererAdapter applies another
SecurityConfigurerAdapter it caused an error securityBuilder cannot be null.

This commit fixes this.
 2015-10-23 10:28:27 -05:00
Rob Winch
09bf290583 SEC-3129: Update Spring 2015-10-22 10:04:52 -05:00
Rob Winch
9a6f026dff SEC-3052: Doc DEFAULT_MATCHER->DEFAULT_CSRF_MATCHER 2015-10-21 16:22:53 -05:00
Rob Winch
269127c2c6 SEC-2941: Default RequestPostProcessor overrides 
Previously a default RequestPostProcessor overrode additional
RequestPostProcessor instances added to the request. This was due to
SPR-12945. Now that SPR-12945 is fixed, this commit adds a test to
ensure this stays fixed.
 2015-10-21 16:09:15 -05:00
Rob Winch
7074daac0e SEC-3063: rm ConditionalOnMissingBean for @Primary 
ConditionalOnMissingBean can only work in a Spring Boot environment. This
means this approach is flawed.

Instead users that wish to override requestDataValueProcessor can use
@Primary.
 2015-10-21 15:41:32 -05:00
Rob Winch
69446ab80f SEC-3070: Logout invalidate-session=false and Spring Session doesn't 
work
 2015-10-20 15:13:01 -05:00
izeye
48bc0ad5f9 SEC-3124: Fix broken Javadoc related to < and > 2015-10-13 13:33:51 -05:00
Rob Winch
db9584104c Add Gitter to README 2015-08-11 11:49:46 -05:00
Rob Winch
b0701ea770 SEC-3068: Update Tutorial to use POST /logout 2015-08-10 09:53:07 -05:00
Rob Winch
8cc9108601 Merge pull request #209 from raindev/patch-1 
Remove unused imports from SecureRandomBytesKeyGenerator
 2015-08-06 08:54:09 -05:00
Rob Winch
41c9431fcc Test that form log in requires CSRF 2015-08-03 12:24:37 -05:00
Rob Winch
453e6332da Fix indentation of CsrfConfigTests 2015-08-03 12:03:05 -05:00
Rob Winch
969f3a7d1b Update pom.xml to latest snapshots 2015-08-03 09:46:01 -05:00
Rob Winch
4c19768e54 Update to jacoco 0.7.5.201505241946 2015-08-03 09:45:42 -05:00
Thomas Darimont
ad1d858e2b SEC-3056 - Fix JavaDoc errors. 
Fixed JavaDoc errors accross multiple modules in order to make javadoc happy with Java 8.
 2015-08-03 08:02:24 -05:00
Rob Winch
7317c090cc SEC-2963: Disable appengineRun if contains functional tests 2015-07-29 09:57:57 -05:00
Rob Winch
485fbdc1ee SEC-2963: Select Available Port for appengine 2015-07-28 22:47:21 -05:00
Spring Buildmaster
22aa91c8e1 Next development version 2015-07-22 22:08:15 -07:00
Rob Winch
ea873fb1b8 SEC-2963: Disable appengineFunctionalTest 2015-07-22 21:27:28 -05:00
Rob Winch
117f892c91 SEC-3031: DelegatingSecurityContext(Runnable|Callable) only modify SecurityContext on new Thread 
Modifying the SecurityContext on the same Thread can cause issues. For example, with a
RejectedExecutionHandler the SecurityContext may be cleared out on the original Thread.

This change modifies both the DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable to,
by default, only modify the SecurityContext if they are invoked on a new Thread. The behavior can be changed
by setting the property enableOnOrigionalThread to true.
 2015-07-22 16:07:21 -05:00
Rob Winch
113b61e3a0 SEC-2957: Polish 2015-07-22 13:57:28 -05:00
Rob Winch
dab4cf18b8 SEC-3032: Correct documented logout-success-url default 2015-07-22 13:48:07 -05:00
Rob Winch
be27ede0e9 SEC-2957: Add missing provided dependencies to samples 2015-07-22 13:33:52 -05:00