Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-23 06:58:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,229 Commits 33 Branches 337 Tags
Commit Graph

507 Commits

Author SHA1 Message Date
Rob Winch
05882b5f24 SEC-2574: Polish 
Handle null DelegatingApplicationListener
 2014-11-19 17:09:24 -06:00
Rob Winch
5810681b06 SEC-2574: JavaConfig default SessionRegistry processes SessionDestroyedEvents 2014-11-19 16:48:19 -06:00
Rob Winch
24dec7ec3e SEC-2737: Remove WebSocket Outbound Authorization 2014-10-10 15:56:25 -05:00
Rob Winch
5ba8f000a7 SEC-2714: Add AuthenticationPrincipal resolver for messaging support 2014-09-23 16:28:48 -05:00
Rob Winch
d2fa019fe5 SEC-2704: Separation of inbound and outbound security rules 2014-09-19 16:39:43 -05:00
Rob Winch
28446284a6 SEC-2713: Support authorization by SimpMessageType 2014-09-19 16:38:56 -05:00
Rob Winch
02c3565e22 Fix compiling in Eclipse 2014-09-16 10:18:46 -05:00
Nándor István Krácser
a932d6ecf3 Removed unnecessary params from anyRequest()'s javadoc 2014-08-20 11:24:15 +02:00
Rob Winch
b9df7ba01f SEC-2179: Allow customize PathMatcher for SimpDestinationMessageMatcher 2014-08-18 11:04:04 -05:00
Rob Winch
6321665353 SEC-2676: Update to Spring Data Evans RC1 2014-08-15 20:46:59 -05:00
Rob Winch
3f30529039 SEC-2179: Add Spring Security Messaging Support 2014-08-15 20:46:58 -05:00
Rob Winch
3187ee8bf3 SEC-2700: Register WithSecurityContextTestExecutionListener by default 2014-08-15 16:41:33 -05:00
Rob Winch
1f861f512a SEC-2676: Add SpEL Spring Security Integration 2014-07-29 20:04:37 -05:00
Rob Winch
8a2a1b7a5b SEC-2595: Polish 2014-07-25 16:27:19 -05:00
Rob Winch
b2d66e2a78 SEC-2595: @EnableGlobalMethodSecurity AspectJ fixes 2014-07-25 16:03:18 -05:00
Rob Winch
b72c1ad314 SEC-2686: Create SecurityMockMvcConfigurer 2014-07-22 15:11:37 -05:00
Rob Winch
ecb4296540 SEC-2588: Javadoc fix channelSecurity->requiresChannel 2014-07-21 14:23:40 -05:00
Mirko Zeibig
75df42cb7c SEC-2656: Fix <frame-options> with whitelist strategy 2014-06-18 09:10:28 -05:00
Rob Winch
c3d05bea62 SEC-2657: Test for multi dynamic ports for LDAP Java Config 2014-06-17 17:25:08 -05:00
Rob Winch
a3fd706335 SEC-2660: Move config integration-test *.groovy to groovy source folder 2014-06-17 17:22:42 -05:00
Rob Winch
b255478b14 SEC-2658: Java Config triggers usePasswordAttrCompare to be set 2014-06-17 17:10:16 -05:00
Rob Winch
a2b53fabce SEC-2657: LdapAuthenticationProviderConfigurer find available port 2014-06-17 16:54:42 -05:00
Rob Winch
63d1b531a1 SEC-2618: LdapAuthenticationProviderConfigurer passwordAttribute null check 
If LdapAuthenticationProviderConfigurer passwordAttribute is null, do not
set on the PasswordComparisonAuthenticator
 2014-06-17 16:51:01 -05:00
Rob Winch
e6e35932ed SEC-2603: Fix config groovy integration tests 2014-05-20 23:15:39 -05:00
Rob Winch
cbd06a4994 SEC-2472: Support LDAP crypto PasswordEncoder 2014-05-20 23:15:36 -05:00
Andy Wilkinson
d95640d3e5 SEC-2600: Remove unused import 2014-05-19 12:29:04 -05:00
Rob Winch
f73b579ad9 SEC-2543: Logout with CSRF enabled requires POST by default 2014-05-02 11:24:02 -05:00
Rob Winch
1d7402e0cd SEC-2532: Add disclaimer about jdbcAuthentication() with persistent data stores 2014-04-28 15:06:52 -05:00
Rob Winch
37bb350883 SEC-2549: Remove LazyBean marker interface 2014-04-24 14:34:35 -05:00
Rob Winch
00e1094178 Add springio-platform plugin 2014-04-23 14:35:22 -05:00
Rob Winch
ccf96a4d69 SEC-2542: Polish dependency exclusions 
This cleans up exclusions so the pom.xml are not as cluttered.
 2014-04-02 09:47:29 -05:00
Rob Winch
3118e39de8 SEC-2542: Use exclusions to remove duplicate dependencies 
A number of projects had duplicate dependencies on their classpaths
as a result of the same classes being available in more than one
artifact, each with different Maven coordinates. Typically this only
affected the tests, but meant that the actual classes that were
loaded was somewhat unpredictable and had the potential to vary
between an IDE and the command line depending on the order in which
the aritfacts appeared on the classpath. This commit adds a number of
exclusions to remove such duplicates.

In addition to the new exclusions, notable other changes are:

 - Spring Data JPA has been updated to 1.4.1. This brings its
   transitive dependency upon spring-data-commons into line with
   Spring LDAP's and prevents both spring-data-commons-core and
   spring-data-commons from being on the classpath
 - All Servlet API dependencies have been updated to use the official
   artifact with all transitive dependencies on unofficial servlet API
   artifacts being excluded.
 - In places, groovy has been replaced with groovy-all. This removes
   some duplicates caused by groovy's transitive dependencies.
 - JUnit has been updated to 4.11 which brings its transitive Hamcrest
   dependency into line with other components.

There appears to be a bug in Gradle which means that some exclusions
applied to an artifact do not work reliably. To work around this
problem it has been necessary to apply some exclusions at the
configuration level

Conflicts:
	samples/messages-jc/pom.xml
 2014-04-02 09:47:26 -05:00
Rob Winch
c411014c24 SEC-2533: Global AuthenticationManagerBuilder disables clearing child credentials 2014-03-25 13:05:44 -05:00
Rob Winch
cb0549a609 SEC-2498: RequestCache allows POST when CSRF is disabled 2014-03-25 10:50:59 -05:00
Rob Winch
d079044592 SEC-2531: AuthenticationConfiguration#lazyBean should use BeanClassLoader 2014-03-24 14:58:19 -05:00
Rob Winch
e4a58375cc SEC-2515: Detect object cycle for AuthenticationManager configuration 2014-03-10 14:33:35 -05:00
Rob Winch
4cdeacc277 SEC-2499: Allow MethodSecurityExpressionHandler in parent context 
Previously a NoSuchBeanDefintionException was thrown when the
MethodSecurityExpressionHandler was defined in the parent context. This
happened due to trying to work around ordering issues related to SEC-2136

This commit resolves this by not marking the
MethodSecurityExpressionHandler bean as lazy unless it exists.
 2014-03-06 21:14:35 -06:00
Rob Winch
9988fa141c Update Spring Security version in pom.xml 2014-03-06 08:13:52 -06:00
Rob Winch
6be4e3a9fc SEC-2506: Remove Bundlor Support 2014-03-05 13:32:16 -06:00
Rob Winch
04a527d4ec SEC-2495: CSRF disables logout on GET 2014-02-20 09:40:00 -06:00
Rob Winch
7f99a2dfbb SEC-2487: Update to Spring 3.2.8.RELEASE 2014-02-19 09:30:40 -06:00
Rob Winch
85305050c0 SEC-2455: Fix XML default login generation 2014-02-18 13:52:05 -06:00
Rob Winch
8a3a7961cb SEC-2492: ExpressionUrlAuthorizationConfigurer private interceptUrl to void 2014-02-15 14:41:26 -06:00
Rob Winch
bf2df220ca SEC-2490: LdapAuthenticationProviderConfigurer allows custom LdapAuthoritiesPopulator 2014-02-13 16:37:33 -06:00
Rob Winch
7a3da28987 SEC-2479: Search parent context for AuthenticationManager 2014-02-12 08:11:26 -06:00
Rob Winch
6c35c33abe SEC-2447: Fix AuthenticationManagerBuilder ordering issues 2014-02-09 21:17:51 -06:00
Rob Winch
c42e13c966 loginProcessing test 2014-02-07 17:01:11 -06:00
Rob Winch
6b42a2eae1 SEC-2461: Multi WebSecurityConfiguration does not create null springSecurityFilterChain 2014-02-07 17:01:11 -06:00
Rob Winch
ec8b48150d SEC-2474: Update poms 2014-02-07 17:01:11 -06:00
Rob Winch
8d8475deb1 SEC-2455: form-login@login-processing-url & logout@logout-url use matchers 
Remove the deprecation warnings of using setFilterProcessingUrl by invoking
the matcher methods instead.
 2014-01-29 15:35:18 -06:00