Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-07 20:52:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,772 Commits 51 Branches 345 Tags
Commit Graph

629 Commits

Author SHA1 Message Date
Spring Operator
4e61de0ef9 URL Cleanup 
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

# Fixed URLs

## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://www.apache.org/licenses/ with 1 occurrences migrated to:
  https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 with 1777 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.html with 1 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.txt with 1 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0.txt ([https](https://www.apache.org/licenses/LICENSE-2.0.txt) result 200).
 2019-03-14 20:21:48 -05:00
Rob Winch
c8e4ffb5b9 Polish URLs 
We have performed some polish on your URLs. We do not follow redirects to avoid expanding intentionally shorter URLs (i.e. URL shortened URLs)

# Fixed URLs

## Fixed But Review Recommended
These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request, so we migrated them. Your review is recommended.

| HTTP URL | Result URL | HTTPS Result | HTTP Result | Count |
| --- | --- | --- | --- | --- |
| http://repo.terracotta.org/maven2/ | https://repo.terracotta.org/maven2/ | HttpResponse(httpStatus = 403 FORBIDDEN) | HttpResponse(httpStatus = 403 FORBIDDEN) | 1 |
| http://repository.springsource.com/maven/bundles/external | https://repository.springsource.com/maven/bundles/external | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
| http://repository.springsource.com/maven/bundles/release | https://repository.springsource.com/maven/bundles/release | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
## Fixed Success
These URLs were fixed successfully.

| HTTP URL | Result URL | HTTPS Result | HTTP Result | Count |
| --- | --- | --- | --- | --- |
| http://docs.spring.io/spring-ldap/docs/1.3.x/apidocs/ | https://docs.spring.io/spring-ldap/docs/1.3.x/apidocs/ | HttpResponse(httpStatus = 200 OK) | null | 2 |
| http://docs.spring.io/spring/docs/3.2.x/javadoc-api | https://docs.spring.io/spring/docs/3.2.x/javadoc-api | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = http://docs.spring.io/spring/docs/3.2.x/javadoc-api/) | null | 1 |
| http://docs.spring.io/spring/docs/3.2.x/javadoc-api/ | https://docs.spring.io/spring/docs/3.2.x/javadoc-api/ | HttpResponse(httpStatus = 200 OK) | null | 1 |
| http://download.oracle.com/javase/6/docs/api/ | https://download.oracle.com/javase/6/docs/api/ | HttpResponse(httpStatus = 302 FOUND redirectUrl = https://docs.oracle.com/javase/6/docs/api/) | null | 2 |
| http://spring.io/ | https://spring.io/ | HttpResponse(httpStatus = 200 OK) | null | 54 |
| http://spring.io/spring-security | https://spring.io/spring-security | HttpResponse(httpStatus = 302 FOUND redirectUrl = https://projects.spring.io/spring-security) | null | 54 |
| http://www.apache.org/licenses/LICENSE-2.0.txt | https://www.apache.org/licenses/LICENSE-2.0.txt | HttpResponse(httpStatus = 200 OK) | null | 54 |
| http://forums.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property | https://discuss.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = https://discuss.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property) | 1 |
| http://forums.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided | https://discuss.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = https://discuss.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided) | 1 |

# Ignored
These URLs were intentionally ignored so we didn't migrate them.

| HTTP URL |
| --- |
| http://maven.apache.org/POM/4.0.0 |
| http://maven.apache.org/xsd/maven-4.0.0.xsd |
| http://www.w3.org/2001/XMLSchema-instance |
 2019-03-01 17:35:15 -06:00
Spring Buildmaster
45421d63ac Release version 4.1.5.RELEASE 2018-01-25 18:32:00 +00:00
Rob Winch
65da28e4bf Add StrictHttpFirewall 2018-01-25 11:26:51 -06:00
Spring Buildmaster
57ed7ddf3c Release version 4.1.4.RELEASE 2016-12-21 16:50:16 +00:00
Rob Winch
5574fd2029 Update to Spring 4.3.5.RELEASE 
Fixes gh-4168
 2016-12-21 10:14:33 -06:00
Rob Winch
ed2ae21074 Block URL Encoded "/" in DefaultHttpFirewall 
Fixes gh-4170
 2016-12-21 09:32:35 -06:00
Spring Buildmaster
325b814d49 Release version 4.1.3.RELEASE 2016-08-23 01:05:48 +00:00
Joe Grandja
e0d9487e6b Remove unused MvcReqestMatcher.getMvcPattern (#4034) 2016-08-19 14:38:19 -05:00
Rob Winch
9dc3242db3 Remove MvcRequestMatcher.afterPropertiesSet() 
The validation does not work due to restrictions within the servlet
container. Specifically we cannot access the servlets that are registered.

This commit reverts the validation logic for MvcRequestMatcher to determine
if servletPath is required.

Fixes gh-4027
 2016-08-19 11:12:38 -05:00
Spring Buildmaster
e412fb7ac0 Release version 4.1.2.RELEASE 2016-08-11 19:14:32 +00:00
Joe Grandja
dabcc5416a MvcRequestMatcher servletPath Polish / XML Config 
Fixes gh-4014
 2016-08-09 15:47:41 -05:00
Rob Winch
8a6d0cd16d MvcRequestMatcher servletPath / JavaConfig 
Issue: gh-3987
 2016-08-09 15:47:01 -05:00
Rob Winch
6649d46896 DummyRequest supports methods for MvcRequestMatcher 
To support MvcRequestMatcher DummyRequest needs to support
getCharacterEncoding() and getAttribute(String)
 2016-07-14 16:02:08 -04:00
Spring Buildmaster
919f000c80 Release version 4.1.1.RELEASE 2016-07-07 00:57:35 +00:00
Rob Winch
9d50944cb2 AntPathRequestMatcher implements RequestVariableExtractor 
Issue gh-3964
 2016-07-06 15:47:34 -05:00
Rob Winch
e4c13e3c0e Add MvcRequestMatcher 
Fixes gh-3964
 2016-07-06 15:47:23 -05:00
Rob Winch
2a73f3cdf7 Remove abigious import 2016-06-20 15:03:09 -05:00
Eddú Meléndez
a2ead4cf7a Polish 
Fixes gh-3892
 2016-06-20 12:35:43 -05:00
Ruben Dijkstra
364db6762e Add failing test for #3905 Fix Assert usage 2016-06-20 09:24:04 -05:00
Ruben Dijkstra
e8f4ee8a39 Fix Assert usage 2016-06-20 09:23:51 -05:00
Ruben Dijkstra
ca76e8d784 Remove null-check inside afterPropertiesSet() since it's never null 2016-06-17 16:40:39 -05:00
Rob Winch
2d6051625f Update pom.xml 2016-06-17 14:30:11 -05:00
Adrien SAUVEZ
c261975be0 Set cookie domain for cancel remember-me 
Fixes gh-3871
 2016-05-13 13:34:43 -05:00
Rob Winch
d4218c70f1 Update CookieCsrfTokenRepository docs to cookiHttpOnly=false 
Currently CookieCsrfTokenRepository does not specify that the httpOnly
flag needs set to false. We should update the reference to include this
setting (and a comment about it) since it states that the settings will
work with AngularJS.

This commit updates the documentation and provides a convenience factory
method to create a CookieCsrfTokenRepository with cookiHttpOnly=false

Fixes gh-3865
 2016-05-06 16:28:04 -04:00
Spring Buildmaster
001b05569a Release version 4.1.0.RELEASE 2016-05-05 04:25:46 +00:00
Rob Winch
9745de9510 Add @AuthenticationPrincipal expression 
It is now possible to provide a SpEL expression for
@AuthenticationPrincipal. This allows invoking custom logic including
methods on the principal object.

Fixes gh-3859
 2016-05-03 18:08:52 -04:00
bartolom
3ca8273a95 Improve GC for OnCommittedResponseWrapper 
Only track content length if disableOnCommitted is false. This improves object creation and thus GC.

Fixes gh-3842
 2016-05-02 16:19:21 -05:00
Joe Grandja
2bdb0231c2 CookieCsrfTokenRepository supports HttpOnly 
CookieCsrfTokenRepository supports HttpOnly

Fixes gh-3835

* Add Servlet 3 tests and javadocs

Issue gh-3835

* Add copyright header

Issue gh-3835
 2016-05-02 15:49:37 -05:00
Li Weinan
70bd7d1bbc Include AuthenticationException in logs 
Fixes gh-3705
 2016-04-21 11:17:47 -04:00
Spring Buildmaster
24d0069668 Release version 4.1.0.RC2 2016-04-21 01:47:25 +00:00
Rob Winch
7fe0a135ec Default AntPathRequestMatcher to be case sensitive 
Issue gh-3831
 2016-04-20 13:29:18 -05:00
Rob Winch
6fa1588de9 Disable AntPathRequestMatcher trim tokens 
Issue gh-3831
 2016-04-20 13:29:17 -05:00
Rob Winch
4093690322 Polish Logout Content Negotiation 
* Rename to DelegatingLogoutSuccessHandler for consistency
* Remove JavascriptOriginRequestMatcher in favor of
RequestHeaderRequestMatcher

Issue gh-3282
 2016-04-20 10:49:37 -05:00
Shazin Sadakath
f0d1700ad6 Content Negotiating LogoutSuccessHandler 
Issue gh-3282
 2016-04-20 10:42:13 -05:00
Rob Winch
1dbd3f5906 Fix NPE in OnCommittedResponseWrapper trackContentLength (#3824) 
OnCommittedResponseWrapper trackContentLength will throw a
NullPointerException when the content length passed in is null.

This commit properly tracks the null value as a length of 4.

Fixes gh-3823
 2016-04-19 14:58:56 -04:00
Johnny Lim
933a7e8363 Remove duplicate words 
Fixes gh-3826
 2016-04-18 23:21:20 -05:00
Rob Winch
fb5776cb5c Support Camel case URI variables (#3814) 
Perviously there were issues with case insenstive patterns and URI
variables that contained upper case characters. For example, the pattern
"/user/{userId}" could not resolve the variable #userId Instead it was
forced to lowercase and #userid was used.

Now if the pattern is case insensitive then so is the variable. This means
that #userId will work as will #userid.

Fixes gh-3786
 2016-04-18 17:54:48 -04:00
Simon Olofsson
337a7ed35e Fix HeaderWriterFilter Javadoc 
Fixes the formatting and spelling in HeaderWriterFilter Javadoc

Issue gh-3813
 2016-04-15 08:56:58 -05:00
Andrew NS Yeow
eb26095ca9 Fix HpkpHeaderWriter Javadoc format 2016-04-15 08:41:43 -05:00
Joe Grandja
2ef3da1b47 Documents the new @AuthenticationPrincipal in more detail. 
Fixes gh-3771
 2016-04-13 12:27:23 -04:00
Rob Winch
d3a9cc6eae Add CsrfTokenRepository (#3805) 
* Create LazyCsrfTokenRepository

Fixes gh-3790

* Add CookieCsrfTokenRepository

Fixes gh-3009
 2016-04-12 17:26:53 -04:00
Johnny Lim
fe94d654ed Fix typos (#228) 2016-04-12 11:11:51 -05:00
Joe Grandja
b90242f2fa Updates all POM versions to 4.1.0 snapshot build. 
Fixes gh-3804
 2016-04-12 10:35:43 -04:00
izeye
2c85fb05d0 Remove duplicate test. 
Remove duplicate test with `trailingWildcardWithVariableMatchesCorrectly()`.

Fixes gh-183
 2016-04-08 13:36:45 -05:00
Rob Winch
f49cd5faba Polish Codestyle 2016-04-01 09:53:32 -05:00
Rob Winch
d900c78f11 Perform null check on super.getAsyncContext() 
Fixes gh-3780
 2016-04-01 09:53:32 -05:00
Shazin Sadakath
1bc7060c93 Add AuthenticationSuccessHandler support to AbstractPreAuthenticatedProcessingFilter 
Fixes gh-3389
 2016-03-25 09:46:16 -05:00
Spring Buildmaster
044acf7e27 Release version 4.1.0.RC1 2016-03-23 07:15:15 -07:00
Joe Grandja
2f7f2ff589 Adds support for Content Security Policy 
Fixes gh-2342
 2016-03-22 21:59:13 -05:00