Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-07 20:52:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,772 Commits 51 Branches 345 Tags
Commit Graph

5772 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Spring Operator
4e61de0ef9 URL Cleanup 
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

# Fixed URLs

## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://www.apache.org/licenses/ with 1 occurrences migrated to:
  https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 with 1777 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.html with 1 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.txt with 1 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0.txt ([https](https://www.apache.org/licenses/LICENSE-2.0.txt) result 200).
 2019-03-14 20:21:48 -05:00
Rob Winch
c8e4ffb5b9 Polish URLs 
We have performed some polish on your URLs. We do not follow redirects to avoid expanding intentionally shorter URLs (i.e. URL shortened URLs)

# Fixed URLs

## Fixed But Review Recommended
These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request, so we migrated them. Your review is recommended.

| HTTP URL | Result URL | HTTPS Result | HTTP Result | Count |
| --- | --- | --- | --- | --- |
| http://repo.terracotta.org/maven2/ | https://repo.terracotta.org/maven2/ | HttpResponse(httpStatus = 403 FORBIDDEN) | HttpResponse(httpStatus = 403 FORBIDDEN) | 1 |
| http://repository.springsource.com/maven/bundles/external | https://repository.springsource.com/maven/bundles/external | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
| http://repository.springsource.com/maven/bundles/release | https://repository.springsource.com/maven/bundles/release | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
## Fixed Success
These URLs were fixed successfully.

| HTTP URL | Result URL | HTTPS Result | HTTP Result | Count |
| --- | --- | --- | --- | --- |
| http://docs.spring.io/spring-ldap/docs/1.3.x/apidocs/ | https://docs.spring.io/spring-ldap/docs/1.3.x/apidocs/ | HttpResponse(httpStatus = 200 OK) | null | 2 |
| http://docs.spring.io/spring/docs/3.2.x/javadoc-api | https://docs.spring.io/spring/docs/3.2.x/javadoc-api | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = http://docs.spring.io/spring/docs/3.2.x/javadoc-api/) | null | 1 |
| http://docs.spring.io/spring/docs/3.2.x/javadoc-api/ | https://docs.spring.io/spring/docs/3.2.x/javadoc-api/ | HttpResponse(httpStatus = 200 OK) | null | 1 |
| http://download.oracle.com/javase/6/docs/api/ | https://download.oracle.com/javase/6/docs/api/ | HttpResponse(httpStatus = 302 FOUND redirectUrl = https://docs.oracle.com/javase/6/docs/api/) | null | 2 |
| http://spring.io/ | https://spring.io/ | HttpResponse(httpStatus = 200 OK) | null | 54 |
| http://spring.io/spring-security | https://spring.io/spring-security | HttpResponse(httpStatus = 302 FOUND redirectUrl = https://projects.spring.io/spring-security) | null | 54 |
| http://www.apache.org/licenses/LICENSE-2.0.txt | https://www.apache.org/licenses/LICENSE-2.0.txt | HttpResponse(httpStatus = 200 OK) | null | 54 |
| http://forums.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property | https://discuss.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = https://discuss.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property) | 1 |
| http://forums.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided | https://discuss.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = https://discuss.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided) | 1 |

# Ignored
These URLs were intentionally ignored so we didn't migrate them.

| HTTP URL |
| --- |
| http://maven.apache.org/POM/4.0.0 |
| http://maven.apache.org/xsd/maven-4.0.0.xsd |
| http://www.w3.org/2001/XMLSchema-instance |
 2019-03-01 17:35:15 -06:00
Spring Buildmaster
2fdef0455b Next development version 2018-01-25 18:32:07 +00:00
Spring Buildmaster
45421d63ac Release version 4.1.5.RELEASE 4.1.5.RELEASE 2018-01-25 18:32:00 +00:00
Rob Winch
976ce05373 DelegatingApplicationListener uses CopyOnWriteArrayList 
Fixes: gh-4979
 2018-01-25 11:28:01 -06:00
Rob Winch
a898415c65 Update .gitignore 
- ignore classes/
- ignore s101plugin.state
 2018-01-25 11:28:01 -06:00
Joris Portegies Zwart
01910419f0 JavaDoc for Pbkdf2PasswordEncoder refer to constants 
Fix Javadoc so that it uses the actual values for default hash width and number of iterations

Fixes gh-4978
 2018-01-25 11:27:10 -06:00
Kyle Anderson
e7a15e85a1 Fix Typo in Reference Docs 
Fixes: gh-4976
 2018-01-25 11:26:51 -06:00
Rob Winch
65da28e4bf Add StrictHttpFirewall 2018-01-25 11:26:51 -06:00
Rob Winch
04d14fb6fe Lookup HandlerMappingIntrospector from Bean 2018-01-25 11:26:51 -06:00
Rob Winch
17238707b7 Update to Spring 4.3.14 
Fixes: gh-4977
 2018-01-25 11:26:40 -06:00
Craig Andrews
bf075a2cae Configure permissionEvaluator and roleHierarchy by default 
Implementations of AbstractSecurityExpressionHandler (such as the very commonly used DefaultWebSecurityExpressionHandler) get PermissionEvaluator and RoleHierarchy from the application context (if the application context is provided, and exactly one of such a bean exists in it). This approach matches that used in GlobalMethodSecurityConfiguration, making everything in Spring Security work the same way (including WebSecurity).

Issue gh-4077
 2017-10-30 00:57:37 -05:00
Spring Buildmaster
d0ede98db5 Next development version 2016-12-21 16:50:22 +00:00
Spring Buildmaster
57ed7ddf3c Release version 4.1.4.RELEASE 4.1.4.RELEASE 2016-12-21 16:50:16 +00:00
Rob Winch
5574fd2029 Update to Spring 4.3.5.RELEASE 
Fixes gh-4168
 2016-12-21 10:14:33 -06:00
Rob Winch
ed2ae21074 Block URL Encoded "/" in DefaultHttpFirewall 
Fixes gh-4170
 2016-12-21 09:32:35 -06:00
Rob Winch
d25c4a23ba Remove only master from .travis.yml 2016-08-30 09:14:04 -05:00
Spring Buildmaster
548a542417 Next development version 2016-08-23 01:05:57 +00:00
Spring Buildmaster
325b814d49 Release version 4.1.3.RELEASE 4.1.3.RELEASE 2016-08-23 01:05:48 +00:00
Rob Winch
8f1c977c0d Update Dependency Versions (#4035) 2016-08-19 16:09:10 -05:00
Joe Grandja
e0d9487e6b Remove unused MvcReqestMatcher.getMvcPattern (#4034) 2016-08-19 14:38:19 -05:00
Rob Winch
9dc3242db3 Remove MvcRequestMatcher.afterPropertiesSet() 
The validation does not work due to restrictions within the servlet
container. Specifically we cannot access the servlets that are registered.

This commit reverts the validation logic for MvcRequestMatcher to determine
if servletPath is required.

Fixes gh-4027
 2016-08-19 11:12:38 -05:00
Spring Buildmaster
a070046f26 Next development version 2016-08-11 19:14:39 +00:00
Spring Buildmaster
e412fb7ac0 Release version 4.1.2.RELEASE 4.1.2.RELEASE 2016-08-11 19:14:32 +00:00
Rob Winch
28278eab89 Fix defaultMethodExpressionHandler autowiring 
Previously if a Bean for GlobalMethodSecurityConfiguration's
defaultMethodExpressionHandler was found on a Configuration that also
@Autowired a Bean that enabled method security, the Bean that was
@Autowired would not have security enabled.

This fixes the issue by delaying the lookup of Beans populated on
GlobalMethodSecurityConfiguration's defaultMethodExpressionHandler.

Fixes gh-4020
 2016-08-10 23:48:49 -05:00
Rob Winch
a93fb1e0e7 Fix csrf() when used then not used 
Previously if csrf() was used and subsequently not used, the
TestCsrfTokenRepository was still used. This makes it difficult to test
the actual CsrfTokenRepository implementation.

Now the TestCsrfTokenRepository is only used if explicitly enabled.

Fixes gh-4016
 2016-08-09 17:28:33 -04:00
Joe Grandja
dabcc5416a MvcRequestMatcher servletPath Polish / XML Config 
Fixes gh-4014
 2016-08-09 15:47:41 -05:00
Rob Winch
8a6d0cd16d MvcRequestMatcher servletPath / JavaConfig 
Issue: gh-3987
 2016-08-09 15:47:01 -05:00
Rob Winch
edb7ef567a Logout is 204 for XMLHttpRequest 
Fixes gh-3997
 2016-08-02 14:14:44 -07:00
Rob Winch
d002681bec Add ObjectPostProcessor support for SmartInitializingSingleton 2016-07-21 10:46:55 -05:00
Rob Winch
6649d46896 DummyRequest supports methods for MvcRequestMatcher 
To support MvcRequestMatcher DummyRequest needs to support
getCharacterEncoding() and getAttribute(String)
 2016-07-14 16:02:08 -04:00
Rob Winch
1d97ee8dd6 Add HttpSecurity.mvcMatcher 
Fixes gh-3970
 2016-07-14 11:46:29 -04:00
Rob Winch
7d1344fca8 Fix NPE requestMatchers().mvcMatchers 
Fixes gh-3969
 2016-07-14 11:45:45 -04:00
Spring Buildmaster
cc04392d9a Next development version 2016-07-07 00:57:53 +00:00
Spring Buildmaster
919f000c80 Release version 4.1.1.RELEASE 4.1.1.RELEASE 2016-07-07 00:57:35 +00:00
Johnny Lim
310bb39a0d Fix typo 2016-07-06 16:22:33 -05:00
Rob Winch
764a4d8414 Fix Error Message typo 
Fixes gh-3953
 2016-07-06 16:19:29 -05:00
Jakob Englisch
b17870ee07 LogoutConfigurer: only allow suitable http methods 2016-07-06 16:17:11 -05:00
Rob Winch
8ad91ef6a5 WithSecurityContextTestExecutionListener > SqlScriptsTestExecutionListener 
WithSecurityContextTestExecutionListener should order after
SqlScriptsTestExecutionListener so sql can setup the current user's info
in the database.

Fixes gh-3962
 2016-07-06 16:09:17 -05:00
Rob Winch
5f6312c5be Update to Spring 4.3.1 
Fixes gh-3963
 2016-07-06 15:47:44 -05:00
Rob Winch
9d50944cb2 AntPathRequestMatcher implements RequestVariableExtractor 
Issue gh-3964
 2016-07-06 15:47:34 -05:00
Rob Winch
e4c13e3c0e Add MvcRequestMatcher 
Fixes gh-3964
 2016-07-06 15:47:23 -05:00
Rob Winch
13bc70f693 Add CorsFilter support 2016-07-05 14:28:04 -05:00
Rob Winch
c935d857eb Add mvc namespace to XmlApplicationContext 2016-07-01 22:04:55 -05:00
Rob Winch
843ed3e437 Update to Spring 4.3.1.BUILD-SNAPSHOT 2016-07-01 22:04:55 -05:00
Rob Winch
7f3b3a8b59 Polish 
Issue gh-180
 2016-07-01 13:17:52 -05:00
Jakob Englisch
261c932b8e Upgrade Gradle to 2.14 
Issue gh-3946
 2016-06-28 13:13:08 -04:00
Rob Winch
1b4e20e97f Fix InsecureApplicationTests package 
Fixes gh-3951
 2016-06-28 10:17:17 -05:00
Rob Winch
bd5f71bb0d Polish 
Fix checkstyle for LDAP JavaConfig Authority mapping

Issue gh-2768
 2016-06-21 17:08:37 -05:00
Tony Dalbrekt
b76e3be822 LDAP Java Config supports GrantedAuthoritiesMapper 
Fixes gh-2768
 2016-06-21 16:43:13 -05:00