Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-03 01:02:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,597 Commits 38 Branches 348 Tags
Commit Graph

2866 Commits

Author SHA1 Message Date
Mirko Zeibig
75df42cb7c SEC-2656: Fix <frame-options> with whitelist strategy 2014-06-18 09:10:28 -05:00
Rob Winch
c3d05bea62 SEC-2657: Test for multi dynamic ports for LDAP Java Config 2014-06-17 17:25:08 -05:00
Rob Winch
a3fd706335 SEC-2660: Move config integration-test *.groovy to groovy source folder 2014-06-17 17:22:42 -05:00
Rob Winch
b255478b14 SEC-2658: Java Config triggers usePasswordAttrCompare to be set 2014-06-17 17:10:16 -05:00
Rob Winch
a2b53fabce SEC-2657: LdapAuthenticationProviderConfigurer find available port 2014-06-17 16:54:42 -05:00
Rob Winch
63d1b531a1 SEC-2618: LdapAuthenticationProviderConfigurer passwordAttribute null check 
If LdapAuthenticationProviderConfigurer passwordAttribute is null, do not
set on the PasswordComparisonAuthenticator
 2014-06-17 16:51:01 -05:00
Rob Winch
e6e35932ed SEC-2603: Fix config groovy integration tests 2014-05-20 23:15:39 -05:00
Rob Winch
cbd06a4994 SEC-2472: Support LDAP crypto PasswordEncoder 2014-05-20 23:15:36 -05:00
Andy Wilkinson
d95640d3e5 SEC-2600: Remove unused import 2014-05-19 12:29:04 -05:00
Rob Winch
f73b579ad9 SEC-2543: Logout with CSRF enabled requires POST by default 2014-05-02 11:24:02 -05:00
Rob Winch
1d7402e0cd SEC-2532: Add disclaimer about jdbcAuthentication() with persistent data stores 2014-04-28 15:06:52 -05:00
Rob Winch
37bb350883 SEC-2549: Remove LazyBean marker interface 2014-04-24 14:34:35 -05:00
Rob Winch
c411014c24 SEC-2533: Global AuthenticationManagerBuilder disables clearing child credentials 2014-03-25 13:05:44 -05:00
Rob Winch
cb0549a609 SEC-2498: RequestCache allows POST when CSRF is disabled 2014-03-25 10:50:59 -05:00
Rob Winch
d079044592 SEC-2531: AuthenticationConfiguration#lazyBean should use BeanClassLoader 2014-03-24 14:58:19 -05:00
Rob Winch
e4a58375cc SEC-2515: Detect object cycle for AuthenticationManager configuration 2014-03-10 14:33:35 -05:00
Rob Winch
4cdeacc277 SEC-2499: Allow MethodSecurityExpressionHandler in parent context 
Previously a NoSuchBeanDefintionException was thrown when the
MethodSecurityExpressionHandler was defined in the parent context. This
happened due to trying to work around ordering issues related to SEC-2136

This commit resolves this by not marking the
MethodSecurityExpressionHandler bean as lazy unless it exists.
 2014-03-06 21:14:35 -06:00
Rob Winch
04a527d4ec SEC-2495: CSRF disables logout on GET 2014-02-20 09:40:00 -06:00
Rob Winch
85305050c0 SEC-2455: Fix XML default login generation 2014-02-18 13:52:05 -06:00
Rob Winch
8a3a7961cb SEC-2492: ExpressionUrlAuthorizationConfigurer private interceptUrl to void 2014-02-15 14:41:26 -06:00
Rob Winch
bf2df220ca SEC-2490: LdapAuthenticationProviderConfigurer allows custom LdapAuthoritiesPopulator 2014-02-13 16:37:33 -06:00
Rob Winch
7a3da28987 SEC-2479: Search parent context for AuthenticationManager 2014-02-12 08:11:26 -06:00
Rob Winch
6c35c33abe SEC-2447: Fix AuthenticationManagerBuilder ordering issues 2014-02-09 21:17:51 -06:00
Rob Winch
c42e13c966 loginProcessing test 2014-02-07 17:01:11 -06:00
Rob Winch
6b42a2eae1 SEC-2461: Multi WebSecurityConfiguration does not create null springSecurityFilterChain 2014-02-07 17:01:11 -06:00
Rob Winch
8d8475deb1 SEC-2455: form-login@login-processing-url & logout@logout-url use matchers 
Remove the deprecation warnings of using setFilterProcessingUrl by invoking
the matcher methods instead.
 2014-01-29 15:35:18 -06:00
Rob Winch
1f833b0d6b Add ExpressionUrlAuthorizationCOnfigurer tests 
- Demo custom expression root
- Demo @Bean in expression example
 2014-01-23 11:21:21 -06:00
Rob Winch
994117ad75 SEC-2436: Fix CsrfConfigurerNoWebMvcTests 2013-12-14 14:48:47 -06:00
Rob Winch
b7041ed00e SEC-2436: Add @EnableWebMvcSecurity 2013-12-14 14:40:01 -06:00
Rob Winch
053c890a69 SEC-2450: WebSecurityConfigurerAdapter have default Order of 100 2013-12-14 13:00:48 -06:00
Rob Winch
2df5541905 SEC-2448: Update to HSQL 2.3.1 2013-12-14 10:19:06 -06:00
Rob Winch
04fac30d75 SEC-2449: <ldap-server> default port should fallback to dynamic value 2013-12-14 10:19:06 -06:00
Rob Winch
aaa7cec32e SEC-2326: CsrfRequestDataValueProcessor implements RequestDataValueProcessor 
Previously there was unecessary complexity in CsrfRequestDataValueProcessor
due to the non-passive changes in RequestDataValueProcessor. Now it simply
implements the interface with the methods for both versions of the interface.
This works since linking happens at runtime.
 2013-12-12 08:07:22 -06:00
Rob Winch
7f714ebb23 SEC-2422: Session timeout detection with CSRF protection 2013-12-11 17:38:17 -06:00
Rob Winch
00d668dc5c SEC-2431: UrlAuthorizationConfigurer missing <HttpSecurity> in doc 2013-12-11 11:07:05 -06:00
Rob Winch
8e8bdad8e6 SEC-2386: Remove stack for AuthenticationManagerBuilder with no authenticationProviders 2013-12-04 15:53:32 -06:00
Rob Winch
f2fdc9d1f5 SEC-2425: Add Test for EnableGlobalMethodSecurity works on parent config 2013-12-04 14:54:56 -06:00
Rob Winch
595b16d836 SEC-2377: Fix tests 2013-12-03 11:48:25 -06:00
Rob Winch
2a632a061e SEC-2377: Hhandle EnableWebSecurity in both child & parent ApplicationContext 2013-12-03 10:45:25 -06:00
Rob Winch
0b996c669f SEC-2424: Document ObjectPostProcessor 2013-12-02 10:17:08 -06:00
Rob Winch
13c5af5b91 SEC-2407: Better error message for missing securityFilterChainBuilders 2013-11-26 10:12:55 -06:00
Rob Winch
c7b93e6cee SEC-2404: Fix CSRF config tests 2013-11-21 15:35:26 -06:00
Rob Winch
9dbe30c81d SEC-2165: remember-me@token-validity-seconds can be parameterized 2013-11-15 14:58:53 -06:00
Rob Winch
afddb5eb39 SEC-2373: Update XSD doc to state security="none" 2013-11-15 13:50:49 -06:00
Rob Winch
6382b6341a SEC-2355: Add test to validate intercept-url PATCH works 2013-11-15 11:57:47 -06:00
Collin Peters
85cd5627b6 SEC-2355: Add PATCH to intercept-url xsd 2013-11-15 11:46:34 -06:00
Rob Winch
dc317b3602 WebSecurityConfigurerAdapter implements WebSecurityConfigurer 2013-11-01 12:26:32 -05:00
Rob Winch
cda23443ac XsdDocumentedTests now uses asciidoc instead of asciidoctor 2013-11-01 09:32:05 -05:00
Rob Winch
26be54653b SEC-2382: AutowireBeanFactoryObjectPostProcessor works w/ BeanNameAutoProxyCreator 2013-10-30 11:20:42 -05:00
Rob Winch
9e7fbf8067 SEC-2321: Refine to use X-Requested-With: XMLHttpRequest 2013-10-28 14:00:56 -05:00