Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-14 06:13:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,134 Commits 46 Branches 348 Tags
Commit Graph

6134 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
13ccb83d6f Remove java.util.Base64 
java.util.Base64 was not added until JDK8, so we should use
Spring Security's Base64 in 4.x

Issue: gh-5323
 2018-05-10 10:53:18 -05:00
Rob Winch
127d9eece9 Default Spring IO version Brussels-SR9 
Fixes: gh-5326
 2018-05-10 10:53:18 -05:00
Spring Buildmaster
7891787a53 Next development version 2018-05-08 17:14:38 +00:00
Spring Buildmaster
2d8b6650db Release version 4.2.6.RELEASE 4.2.6.RELEASE 2018-05-08 17:14:29 +00:00
Rob Winch
78995ff0a9 Use Spring Boot 1.5.2 to prevent deploy error 2018-05-08 11:35:18 -05:00
Rob Winch
7974f3161d spring-boot-gradle-plugin:1.5.0.RELEASE 2018-05-08 11:27:32 -05:00
Rob Winch
c35c1c0643 Update Dependencies 2018-05-08 10:53:35 -05:00
Trygve Aasjord
2162221589 Pass username as second parameter for search filter. 
Allows the username only (without domain) to be used in custom search filter like "sAMAccountName={1}",
in eg. situations where the userPrincipalName has a different suffix than domain.

Thanks to contributors in issue.

fixes gh-2448

(cherry picked from commit 8d717c62afd5d98b0aba467035389d3011434b51)
 2018-05-04 10:51:14 -05:00
Kazuki Shimizu
040fb6aa3c Fix incorrect explanation for customizing query on JdbcDaoImpl 2018-05-04 10:45:09 -05:00
Rob Winch
b152218ee0 Add InMemoryUserDetailsManager(UserDetails...) 
Fixes: gh-5304
 2018-05-04 10:33:40 -05:00
Rob Winch
544e421157 Add UserBuilder Methods 
Fixes: gh-5303
 2018-05-04 10:33:25 -05:00
Rob Winch
0f612bf637 Add crypto PasswordEncoder from 5.0.x 
Fixes: gh-5302
 2018-05-04 10:32:53 -05:00
Rob Winch
c683bc10bf Fixes: gh-5190 2018-04-16 17:51:51 -05:00
Spring Buildmaster
11ab23f4f4 Next development version 2018-03-30 16:34:47 +00:00
Spring Buildmaster
0065b55a75 Release version 4.2.5.RELEASE 4.2.5.RELEASE 2018-03-30 16:34:39 +00:00
Rob Winch
d6f9d2e34a CookieClearingLogoutHandler adds uses contextPath + "/" 
Fixes: gh-5141
 2018-03-19 16:52:14 -05:00
Rob Winch
5dedbb6283 Update to jackson-databind-2.8.11.1 
Fixes: gh-5101
 2018-03-09 13:55:49 -06:00
Rob Winch
4cad151b57 Fix TestingAuthenticationTokenTests JDK 1.6 compile 
Issue: gh-5097
 2018-03-09 13:46:10 -06:00
Josh Cummings
72080bb5fe Authorities authenticate TestingAuthenticationToken 
In other extensions of `AbstractAuthenticationToken`, the constructors
that include `authorities` call `setAuthenticated(true)`. This includes
`PreAuthenticated`-, `UsernamePassword`-, and
`RememberMeAuthenticationToken`.

This change brings `TestingAuthenticationToken` in line with that
convention.

Note that this was done once already to one of the constructors
(ee13be4) in `TestingAuthenticationToken` that takes an arity of
`authorities`. It was not propagated to the constructor that takes a
collection, which is what this commit remedies.

Fixes: gh-5097
 2018-03-09 13:27:27 -06:00
Rob Winch
5854f00977 Fix StrictHttpFirewall rules 
Fixes: gh-5093
 2018-03-08 21:31:37 -06:00
Rob Winch
93118f4e91 Use HttpFirewall Bean 
Fixes: gh-5025
 2018-02-16 15:45:20 -06:00
Rob Winch
8796850816 Format HttpFirewall Reference 
Put each sentence on a newline.

Issue: gh-5025
 2018-02-16 15:41:18 -06:00
Rob Winch
cee2ea9c60 Polish StrictHttpFirewall Javadoc 
Also cleanup DefaultHttpFirewall Javadoc

Issue: gh-5009
 2018-02-15 17:32:37 -06:00
Rob Winch
1159c9f302 Fix since on StrictHttpFirewall 
Fixes: gh-5006
 2018-02-08 14:14:52 -06:00
Rob Winch
6c5ce1237d Polish StrictHttpFirewall Javadoc 
Fixes: gh-5009
 2018-02-08 14:12:35 -06:00
Rob Winch
f81b58112b Cache headers only if no cache headers set 
Fixes: gh-5005
 2018-02-07 14:57:20 -06:00
Spring Buildmaster
0e02b489c8 Next development version 2018-01-24 23:19:49 +00:00
Spring Buildmaster
d1669b909f Release 4.2.4.RELEASE 4.2.4.RELEASE 2018-01-24 23:19:40 +00:00
Rob Winch
cb8041ba67 Add StrictHttpFirewall 2018-01-24 16:31:40 -06:00
Rob Winch
6f74162a1f Test Jackson HashMap in Whitelist 
Issue: gh-4889
 2018-01-03 16:08:57 -06:00
Chris Burrell
99a0baadfa Add HashMap to Jackson whitelist 
Issue: gh-4889
 2018-01-03 16:08:28 -06:00
Rob Winch
1f9a0e579f Update Spring Data Ingalls SR8 
Fixes gh-4785
 2017-11-02 16:34:40 -05:00
Rob Winch
9e7d08c9e7 Update to Boot 1.5.8.RELEASE 
Fixes gh-4784
 2017-11-02 16:20:43 -05:00
Rob Winch
82168faf9d Update to jsonassert 1.4.0 
Fixes gh-4783
 2017-11-02 16:19:58 -05:00
Rob Winch
9d0f8977a9 Update to slfj4 1.7.25 
Fixes gh-4782
 2017-11-02 16:19:16 -05:00
Rob Winch
5ae615f3b4 Update Jackson to 2.8.10 
Fixes gh-4781
 2017-11-02 16:18:31 -05:00
Rob Winch
d2b0077392 Update Hibernate Versions 
- Hibernate to 5.0.12.Final
- Hibernate validator to 5.3.6.Final

Fixes gh-4780
 2017-11-02 16:17:46 -05:00
Rob Winch
092c5aecf7 Update to Ehcache 2.10.4 
Fixes gh-4779
 2017-11-02 16:13:43 -05:00
Rob Winch
a5d56d8724 Update to Aspectj 1.8.12 
Fixes gh-4778
 2017-11-02 16:12:39 -05:00
Rob Winch
7c0da854da Update to Spring LDAP 2.3.2 
Fixes gh-4777
 2017-11-02 16:11:03 -05:00
Rob Winch
0f546dcb07 Update to Spring 4.3.12 
Fixes gh-4776
 2017-11-02 16:08:50 -05:00
Rob Winch
cb576d16e1 DelegatingApplicationListener uses CopyOnWriteArrayList 
Fixes gh-4417
 2017-11-02 14:41:20 -05:00
Greg Turnquist
3b4df40f47 Fix UsernamePasswordAuthenticationTokenMixin to handle null credentials/details 
Fixes gh-4773
 2017-11-02 14:41:20 -05:00
Gajendra kumar
6cbf71bd72 Allow inject Map into SessionRegistryImpl 
As principals and sessionIds are set in class itself so one can't share
user session count across nodes(Cluster). Using constructor for setting
principals and sessionIds we can pass Cache map to constructor which can
enable common session count in cluster otherwise user would be allowed to
logged in with multiple sessions. There is no point keeping principals
and sessionIds completely internal.

Fixes gh-4772
 2017-11-02 14:41:20 -05:00
Rob Winch
cd63329b63 Polish XFrameOptionsHeaderWriter 
Fixes: gh-4771
 2017-11-02 14:41:20 -05:00
Nathan Wong
cc7f504f96 Add check to see if return value is DENY 
Originally, if the return from getAllowFromValue(request) is "DENY",
then the X-Frame-Options header's value will proceed to be written as
"ALLOW FROM DENY" - an invalid value.

This commit adds a condition in the if clause that checks whether
allowFromValue is "DENY". This way, the X-Frame-Options header will be
written as "ALLOW FROM origin" or "DENY".

Issue gh-4771
 2017-11-02 14:41:20 -05:00
Antoine
a094563052 Fix leading space characters reported by checkstyle 2017-11-02 14:41:20 -05:00
Rob Winch
da19435f21 Fix assertj 
Fix for 4.2.x
 2017-11-02 14:41:02 -05:00
Antoine
be50cd8ada Polish more AssertJ assertions 
Issue gh-4770
 2017-11-02 14:40:53 -05:00
Antoine
21efbb6ba7 Polish AssertJ assertions 
Fixes gh-4770
 2017-11-02 14:40:53 -05:00