1c50a86661
SEC-2173: Override toString method in SystemWideSaltSource
...
Now prints the saltSource string instead of the object memory signature.
2014-03-14 08:59:24 -05:00
7325b97c76
SEC-2519: RememberMeAuthenticationException supports root cause
...
Added a constructor which keeps the root cause of the exception, and
added some documentation
2014-03-11 16:11:52 -05:00
91a074c744
Merge pull request #62 from dalbertom/typo
...
Correct typo in AbstractRememberMeServices assertion
2014-03-11 15:40:23 -05:00
50637d4451
SEC-2518: UserDetailsService javadoc repeats "insensitive"
...
Typo in javadoc, "case insensitive" was repeated twice.
2014-03-11 15:36:47 -05:00
a7005bd742
SEC-2500: Prevent anonymous bind for ActiveDirectoryLdapAuthenticator
2014-03-10 14:33:39 -05:00
ea902e5829
SEC-2507: WebExpressionVoter.supports support subclasses of FilterInvocation
2014-03-10 14:33:37 -05:00
e4a58375cc
SEC-2515: Detect object cycle for AuthenticationManager configuration
2014-03-10 14:33:35 -05:00
32d3e29c65
SEC-2325: Polish CSRF Tag support
...
- Rename csrfField to csrfInput
- Make AbstractCsrfTag package scope
- rename FormFieldTag to CsrfInputTag
- rename MetaTagsTag to CsrfMetaTagsTag
- removed whitespace from tag output so output is
minimized & improving browser performance
- Update @since
- changed test names to be more meaningful
2014-03-07 15:28:52 -06:00
a3e0475998
SEC-2325 Added JSP tags for CSRF meta tags and form fields
2014-03-07 15:28:48 -06:00
26cee61b98
SEC-2335 Added ACL schema files for MySQL, SQL Server, Oracle
2014-03-07 15:28:45 -06:00
56bb331760
SEC-2514: Fix typo in hellomvc.asc
...
packags -> packages
2014-03-07 10:27:23 -06:00
1e3cdaf8a9
SEC-2513: Add link to SpringSource CLA form
2014-03-07 10:27:18 -06:00
1d6536fa71
SEC-2512: Fix typo in reference`
...
udates -> updates
2014-03-06 22:22:34 -06:00
e15cee62f4
SEC-2511: Remove double ALLOW-FROM in X-Frame-Options header
2014-03-06 22:01:25 -06:00
6de138c2f2
SEC-2511: Remove double ALLOW-FROM from X-Frame-Options header.
...
The interface documentation for getAllowFromValue states: Gets the value for ALLOW-FROM excluding the ALLOW-FROM.
2014-03-06 22:01:23 -06:00
4cdeacc277
SEC-2499: Allow MethodSecurityExpressionHandler in parent context
...
Previously a NoSuchBeanDefintionException was thrown when the
MethodSecurityExpressionHandler was defined in the parent context. This
happened due to trying to work around ordering issues related to SEC-2136
This commit resolves this by not marking the
MethodSecurityExpressionHandler bean as lazy unless it exists.
2014-03-06 21:14:35 -06:00
9988fa141c
Update Spring Security version in pom.xml
2014-03-06 08:13:52 -06:00
8afa8d8588
Fix integration tests
2014-03-06 07:56:40 -06:00
6dfdb10e31
Fix move to 4.0
2014-03-05 16:52:19 -06:00
6be4e3a9fc
SEC-2506: Remove Bundlor Support
2014-03-05 13:32:16 -06:00
04a527d4ec
SEC-2495: CSRF disables logout on GET
2014-02-20 09:40:00 -06:00
de4ed136ea
Fix spring4 test
2014-02-19 16:13:30 -06:00
4a1a2dfed4
Update min Spring version of 4.0.2.REELASE
2014-02-19 11:16:57 -06:00
3fc9dd82f3
Start Spring Security 4.0.x
2014-02-19 11:05:27 -06:00
551f600073
Next development version
2014-02-19 08:10:01 -08:00
f2cde4ffa3
SEC-2486: Update tests to Spring LDAP 2.0.1.RELEASE
2014-02-19 09:32:37 -06:00
9810768186
SEC-2485: Update test to Spring 4.0.2.RELEASE
2014-02-19 09:31:46 -06:00
7f99a2dfbb
SEC-2487: Update to Spring 3.2.8.RELEASE
2014-02-19 09:30:40 -06:00
85305050c0
SEC-2455: Fix XML default login generation
2014-02-18 13:52:05 -06:00
8a3a7961cb
SEC-2492: ExpressionUrlAuthorizationConfigurer private interceptUrl to void
2014-02-15 14:41:26 -06:00
fc8e4868ce
SEC-2468: Fix tests
2014-02-15 14:25:46 -06:00
65367e6547
SEC-2468: JdbcUserDetailsManager#createNewAuthentication uses null credentials
2014-02-14 16:53:26 -06:00
bf2df220ca
SEC-2490: LdapAuthenticationProviderConfigurer allows custom LdapAuthoritiesPopulator
2014-02-13 16:37:33 -06:00
152f41f61e
SEC-2392: KeyBasedPersistenceTokenService uses bytes instead of bits
...
The method setPseudoRandomNumberBits actually sets the number of bytes. This
commit deprecates setPseudoRandomNumberBits and adds
setPseudoRandomNumberBytes. The default value is still 256 to remain passive
but will be updated in 4.x.
2014-02-13 15:36:47 -06:00
7a3da28987
SEC-2479: Search parent context for AuthenticationManager
2014-02-12 08:11:26 -06:00
e17adad878
SEC-2469: Support Spring LDAP 2.0.1+
2014-02-12 08:11:26 -06:00
058b9debef
Minor slapd config changes
2014-02-11 14:23:54 +00:00
6c35c33abe
SEC-2447: Fix AuthenticationManagerBuilder ordering issues
2014-02-09 21:17:51 -06:00
c42e13c966
loginProcessing test
2014-02-07 17:01:11 -06:00
6b42a2eae1
SEC-2461: Multi WebSecurityConfiguration does not create null springSecurityFilterChain
2014-02-07 17:01:11 -06:00
ec8b48150d
SEC-2474: Update poms
2014-02-07 17:01:11 -06:00
4eff50b48b
SEC-2474: Update tests against Spring 4.0.1
2014-01-30 09:44:26 -06:00
087b56da96
SEC-2473: Update to Spring 3.2.7
2014-01-30 09:44:26 -06:00
8d8475deb1
SEC-2455: form-login@login-processing-url & logout@logout-url use matchers
...
Remove the deprecation warnings of using setFilterProcessingUrl by invoking
the matcher methods instead.
2014-01-29 15:35:18 -06:00
b5f5665ea6
SEC-2463: CSRF documentation includes EnableWebMvcSecurity
2014-01-29 09:28:51 -06:00
3b05fd6fed
SEC-2466: Add link to MultipartFilter in CSRF multipart section
2014-01-28 22:04:35 -06:00
4c84805ac9
SEC-2466: CSRF MutipartFilter doc now uses <url-pattern>
2014-01-28 16:51:05 -06:00
a99c6db327
SEC-2467: Fix Small errors in itest-web's jsps
2014-01-28 16:03:59 -06:00
1f833b0d6b
Add ExpressionUrlAuthorizationCOnfigurer tests
...
- Demo custom expression root
- Demo @Bean in expression example
2014-01-23 11:21:21 -06:00
add3aae6ef
Next development version
2013-12-16 11:27:25 -08:00
Gamal Shaban
Julien Dubois
Rob Winch
Alexander Kjäll
Rob Winch
beamerblvd
John Tims
Manimaran Selvan
getvictor
Spring Buildmaster
Luke Taylor
james