18bd82e7d4
SEC-2131: Update doc to state session authentication sends 401 if no page
2013-08-25 11:37:23 -05:00
cd7055f725
SEC-2171: Include Information about pooling in Spring LDAP documentation
2013-08-25 11:27:50 -05:00
7f2308f46c
SEC-2146: Document AspectJ does not inherit annotations
2013-08-25 11:06:36 -05:00
534989c8ea
SEC-2103: Fix tests to verify debug logging instead of info
2013-08-25 10:05:22 -05:00
acb2b680d0
SEC-2103: Change log of no results to debug
2013-08-24 23:39:56 -05:00
f29505d657
SEC-2280: Fix SessionFixationConfigurer#changeSessionId Javadoc
...
The Javadoc for SessionFixationConfigurer#changeSessionId() was copied and pasted from
SessionFixationConfigurer#none() and never updated. It is incorrect. This commit fixes that.
2013-08-24 23:31:05 -05:00
48283ec004
SEC-2276: Delay saving CsrfToken until token is accessed
...
This also removed the CsrfToken from the response headers to prevent the
token from being saved. If user's wish to return the CsrfToken in the
response headers, they should use the CsrfToken found on the request.
2013-08-24 23:31:01 -05:00
c131fb6379
SEC-2139: named-security-filter are all defined and ordered correctly
2013-08-24 15:18:22 -05:00
03b235295e
SEC-2270: Remove duplicate version from guides index
2013-08-23 14:13:12 -05:00
efa9f4db93
SEC-2108: Fix typo in ldap section of manual
2013-08-23 14:09:58 -05:00
379cbd2a8b
SEC-2274: Add ApplicationContext as HttpSecurity shared object
2013-08-21 16:50:09 -05:00
e8788f2657
SEC-2269: Fix markup for CSRF link
2013-08-21 10:08:39 -05:00
17c2a18fee
SEC-2269: Fix CSRF link in appendix
2013-08-21 10:01:19 -05:00
0247dd124f
SEC-2271: LogoutConfigurer#logoutUrl explains about CSRF
2013-08-21 06:58:09 -05:00
a3a432f7b6
SEC-2269: Fix additional links
2013-08-20 14:02:33 -05:00
3b2156969d
SEC-2269: Fix headers link
2013-08-20 10:06:00 -05:00
f707101fdb
SEC-2269: Fix headers documentation
2013-08-20 10:03:31 -05:00
eb95c500f5
Remove dockbook-reference from guides
2013-08-20 10:02:55 -05:00
110e769bd4
SEC-2257: Remove HttpSecurityBuilder#getAuthenticationManager()
...
Removed in favor of using shared object.
2013-08-19 15:22:04 -05:00
8b1ab4e85f
SEC-2260 - update pom/gradle to use current cas client library
2013-08-19 15:22:04 -05:00
658a93178c
SEC-2252: Add custom form guide
2013-08-19 15:22:04 -05:00
51b9c4a19a
Hide logout in main.jsp if not logged in
2013-08-17 14:38:39 -05:00
5fe32bb3c8
SEC-2216: Add withObjectPostProcessor
2013-08-16 15:38:58 -05:00
d62c2e0835
SEC-2244: Defaults based on loginPage are now updated when loginPage changes
2013-08-16 14:48:45 -05:00
e0cad0d684
SEC-2230: Fix Header tests
2013-08-15 16:52:58 -05:00
2e852f4613
SEC-2230: Remove stray import
2013-08-15 16:34:31 -05:00
a469f26b10
SEC-2230: Polish Headers JavaConfig
2013-08-15 16:31:43 -05:00
e9bb9e766e
SEC-1574: Add CSRF Support
2013-08-15 14:49:21 -05:00
5f35d9e3ec
SEC-2135: Document HttpServletRequest.changeSessionId() support
2013-08-15 13:59:16 -05:00
797df51264
SEC-2135: Support HttpServletRequest#changeSessionId()
2013-08-15 13:59:16 -05:00
75fb971d23
SEC-2221: Fix the ignored media types to use includes instead of equals
2013-08-15 13:59:15 -05:00
54c2166567
SEC-2194: Remove unnecessary MessageSecurityWebApplicationInitializer from helloworld
2013-08-15 12:50:41 -05:00
fea4d01aad
SEC-2194: hello samples displays username and logout properly
2013-08-15 12:50:41 -05:00
b5ecaf61ed
SEC-2194: Remove samples errors/tabs folders
2013-08-15 12:50:41 -05:00
f036970f8b
SEC-2194: Add margin to links in header of samples
2013-08-15 12:50:41 -05:00
2feded5fc5
SEC-2194: Update samples to have jsp-api
2013-08-15 12:50:40 -05:00
485676be8c
SEC-2251: Polish Hello World guides
...
* Correct how to add username and logout to mvc
* Externalize :revnumber:
2013-08-15 12:50:40 -05:00
22e4d1646a
SEC-2194: Remove login page from hellomvc and insecuremvc
2013-08-15 12:50:40 -05:00
13da42ca1b
SEC-2137: Allow disabling session fixation and enable concurrency control
2013-08-15 12:50:40 -05:00
867f02e8ac
SEC-2249: AbstractSecurityWebApplicationInitializer does not delegate WebApplicationInitializer
...
Previously AbstractSecurityWebApplicationInitializer delegated to a
WebApplicationInitializer, but it caused issues in some instances where
a container would pass the annonymous inner class to
SpringServletContainerInitializer which caused errors on startup.
Now AbstractSecurityWebApplicationInitializer registers the
ContextLoaderListener on its own instead of delegating.
2013-08-15 12:49:44 -05:00
e1dfa81a0f
GRADLE-1116: Add back workaround for depending on test sources
2013-08-13 09:13:02 -05:00
337c3cf96c
SEC-2255: Update to Gradle 1.7
2013-08-08 16:31:36 -05:00
54bf6c846b
SEC-2097: Remove configure() blocks from gradle/*.gradle
2013-08-08 16:29:43 -05:00
e0cb931f69
SEC-2251: Create Hello World Java Configuration guides
2013-08-08 14:34:50 -05:00
e8278f3b9b
SEC-2249: AbstractSecurityWebApplicationInitializer allows register config
2013-08-08 14:33:54 -05:00
976d9a9016
SEC-2194: Polish java config sample apps
2013-08-08 14:33:54 -05:00
d20a8e0373
SEC-2245: Cast to interface instead of implementation
...
Makes our life easier when we want to override the
MethodSecurityExpressionRoot.
2013-08-05 17:07:12 -05:00
1f86d5dad9
SEC-2097: Add Tomcat Gradle plugin
2013-08-05 16:49:34 -05:00
343a76de13
Use eclipse-wtp instead of eclipse in java projects
2013-08-05 16:49:34 -05:00
6a1a6b080f
No longer using Eclipse classpath container, so remove workarounds for it
2013-08-05 16:49:34 -05:00
Rob Winch
Nick Williams
Hans-Joachim Kliemeck
Guillaume Smet