Rob Winch
0978c12c47
SEC-2361: Java Config Sampels use @Autowired AuthenticationManagerBuilder
2013-10-15 12:35:32 -05:00
Adrien be
e50b587d60
SEC-2360: AbstractRememberMeServices provide message for Assert on key fieldd
2013-10-14 15:06:11 -05:00
Rob Winch
0b0e7dbea9
SEC-2359: Merge DefaultLoginPageViewFilter w/ DefaultLoginPageGeneratingFilter
2013-10-14 15:00:24 -05:00
Rob Winch
51171efa7a
SEC-2357: Move *RequestMatcher to .matcher package
2013-10-14 11:55:56 -05:00
Rob Winch
45ad74a0bd
SEC-2357: Fix package cycles
2013-10-14 11:15:16 -05:00
Rob Winch
14b9050616
SEC-2357: Move *RequestMatchers to .matchers package
2013-10-14 10:36:31 -05:00
Rob Winch
f2b44e6beb
Fix javadoc whitespace issue in HttpBasicConfigurer
2013-10-11 14:53:11 -05:00
Rob Winch
4ef0460ef6
SEC-2321: Improve Java Config defaults for JavaScript clients
2013-10-11 14:53:11 -05:00
Rob Winch
7d99436740
SEC-2358: Add RequestHeaderRequestMatcher
2013-10-11 14:53:11 -05:00
Rob Winch
0ac1176152
Polish RequestMatcher logging and toString
2013-10-07 15:45:42 -05:00
Rob Winch
76a8bbe98d
SEC-2354: Add failOnMissingWebXml=false to sample pom.xml
2013-10-07 08:12:35 -05:00
Rob Winch
cffbefadd1
SEC-2306: Fix Session Fixation logging race condition
...
Previously session fixation protection could output an incorrect warning
that session fixation protection did not work.
The code now synchronizes on WebUtils.getSessionMutex(..).
2013-10-06 17:13:40 -05:00
kazuki43zoo
611a97023d
SEC-2352: HttpSessionCsrfTokenRepository lazy session creation
2013-10-06 16:44:18 -05:00
Rob Winch
5f10d84bf5
SEC-2303: WebSecurity sets the Bean resolver
2013-10-06 13:37:51 -05:00
Rob Winch
d28058303b
SEC-2349: Move FAQ into reference
2013-10-03 21:28:55 -05:00
Rob Winch
dd1c2483b5
SEC-2349: Fix documentation tests
2013-10-03 17:03:17 -05:00
Rob Winch
4b43cf3f50
SEC-2349: Convert Reference to Asciidoctor
2013-10-03 14:15:09 -05:00
Rob Winch
df5e034fc3
SEC-2282: Polish CSRF Documentation
2013-09-27 17:14:21 -05:00
Rob Winch
8087cde628
SEC-2331: Include Expires: 0 in xsd and appendix
2013-09-27 17:10:42 -05:00
Rob Winch
8fed90c26c
SEC-2282: Add links for AccessDeniedHandler in CSRF doc
2013-09-27 16:44:34 -05:00
Rob Winch
3e95f1c12e
SEC-2282: Polish CSRF Documentation
2013-09-27 16:41:06 -05:00
Rob Winch
ee33a6deeb
SEC-2285: Headers doc explicitly state default headers
2013-09-27 16:29:10 -05:00
Rob Winch
17efd25717
SEC-2331: Include Expires: 0 in security headers documentation
2013-09-27 16:13:40 -05:00
Rob Winch
06a0ec1a9f
SEC-2285: Polish Security Headers Documentation
...
Explain why (passivity) XML Namespace doesn't enable security headers by
default.
2013-09-27 16:13:18 -05:00
Rob Winch
9bb283044f
SEC-2282: Polish CSRF Documentation
...
Explain why (passivity) XML Namespace doesn't enable csrf protection by
default.
2013-09-27 16:06:25 -05:00
Rob Winch
614c94187e
SEC-2305: GlobalMethodSecurityConfiguration autowire PermissionEvaluator
...
If a single PermissionEvaluator bean is found the
DefaultMethodSecurityExpressionHandler is configured with the
PermissionEvaluator. If multiple PermissionEvaluator beans are found, the
beans are ignored.
2013-09-27 15:46:45 -05:00
Rob Winch
e696890e8e
SEC-2151: Fix spring4Test
2013-09-27 12:36:43 -05:00
Rob Winch
61e6acb3f4
SEC-2151: AnnotationParameterNameDiscoverer support single annotated param
...
This makes sense since often times only a single argument is necessary in
the expression.
2013-09-27 11:53:39 -05:00
Rob Winch
e5f034bdef
SEC-2151: Fix tests
2013-09-27 11:52:32 -05:00
Rob Winch
a09756745f
SEC-2151: Support binding method arguments with Annotations
...
This allow utilizing method arguments for method access control on
interfaces prior to JDK 8.
2013-09-27 11:18:37 -05:00
Rob Winch
fb0a8d19e8
SEC-2322: Support StandardReflectionParameterNameDiscoverer
2013-09-26 15:55:11 -05:00
Rob Winch
cea0cf9260
SEC-2243: Remove additional Debug Filter
2013-09-26 11:38:16 -05:00
Rob Winch
56ce7d284c
SEC-2336: WebSecurityConfigurerAdapter#registerAuthentication javadoc fixes
2013-09-26 09:08:25 -05:00
Rob Winch
1f3b812a66
SEC-2282: Polish CSRF Documentation
2013-09-26 08:58:39 -05:00
Rob Winch
ef7cc40389
SEC-2282: Polish CSRF Documentation
2013-09-25 17:30:50 -05:00
Rob Winch
d16106ef56
SEC-2309: Document CSRF multipart/form-data
2013-09-25 15:14:32 -05:00
Rob Winch
b591881e95
SEC-2302: Provide beforeSpringSecurityFilterChain hook
...
This allows inserting filters before the springSecurityFilterChain.
2013-09-25 14:52:40 -05:00
Rob Winch
88f41cdf62
SEC-2341: Update to Gradle 1.8
...
Some dependencies were necessary to update due to issues with JUnit
integration.
2013-09-24 15:35:51 -05:00
Rob Winch
a888ddf8b3
SEC-2307: JavaConfig RequestCache ignores favicon.ico
2013-09-24 11:30:37 -05:00
Rob Winch
ddc0ef7ab3
SEC-2339: Added Logical (Or, And, Negated) RequestMatchers
2013-09-23 20:55:49 -05:00
Rob Winch
28fb6ba14b
SEC-2328: Add hasAnyRole to ExpressionUrlAuthorizationConfiguration
2013-09-23 10:51:08 -05:00
Rob Winch
b16c17f70b
SEC-2301: Remove invalid import
2013-09-20 16:09:23 -05:00
Rob Winch
a3d112979f
SEC-2301: GlobalMethodSecurityConfiguration sets DefaultWebSecurityExpressionHandler BeanResolver
2013-09-20 15:53:58 -05:00
Rob Winch
f294480e6b
SEC-2329: JC @Autowire(required=false) AuthenticationTrustResolver
...
Java Configuration now allows optional @Autowire of
AuthenticationTrustResolver. In the WebSecurityConfigurerAdapter this is
done by populating AuthenticationTrustResolver as a sharedObject.
2013-09-20 15:28:50 -05:00
Rob Winch
788ba9a1fa
SEC-2329: Allow injecting of AuthenticationTrustResolver
2013-09-20 15:26:52 -05:00
Rob Winch
7537dfc33a
SEC-2304: rm duplicate MethodExpressionHandler from GlobalMethodSecurityConfiguration
2013-09-20 15:13:02 -05:00
Rob Winch
5082a04626
SEC-2311: LogoutConfigurer allows other HTTP methods if CSRF is disabled
2013-09-19 16:05:26 -05:00
Rob Winch
9133c33f1d
SEC-2246: HttpSessionRequestCache.getRequest casts to RequestCache
...
The method getRequest use to cast to DefaultRequestCache, but this
is not necessary.
Now the cast is to SavedRequest.
2013-09-19 15:08:32 -05:00
Rob Winch
8f8c6169e8
SEC-2331: Cache Control now includes Expires: 0
2013-09-19 14:06:37 -05:00
Rob Winch
c5c1419521
SEC-2332: GlobalMethodSecurityConfiguration includes proper voters
...
Previously GlobalMethodSecurityConfiguration did not include the correct
voters. This updates the code and the tests to ensure that the proper
voters are added. Note this got past testing previously due to all the
voters abstaining, so tests were added for ensuring that methods could also
be invoked sucessfully using the configured annotation.
2013-09-18 18:27:12 -05:00