d2524eadfc
Update poms to new to SNAPSHOT version
2017-03-02 09:20:34 -06:00
081f0c4d94
Release version 4.2.2.RELEASE
2017-03-02 07:29:42 +00:00
f99fe36e02
Refer to SimpleGrantedAuthority instead of GrantedAuthorityImpl
...
GrantedAuthorityImpl has been replaced a couple of years ago with
SimpleGrantedAuthority and this commit fixes the documentation items
which weren’t updated to reflect this change.
Fixes gh-4163.
2017-03-02 00:09:14 -06:00
901a4e183a
Update SecurityContextHolder.java
...
Use StringUtils.hasText
2017-03-01 23:54:04 -06:00
b64cdb5765
Fix RoleHiearchyUtilsTests on Windows
...
Fixes gh-4228
2017-03-01 23:27:11 -06:00
9c03571bbb
Use message in all Assert
...
This ensures compatibility with Spring 5.
Fixes gh-4193
2017-01-30 19:58:24 -06:00
7a7ce11ebb
Release version 4.2.1.RELEASE
2016-12-21 17:23:28 +00:00
6bec625e68
Update to Spring 4.3.5.RELEASE
...
Fixes gh-4167
2016-12-21 09:04:16 -06:00
24fcb6c45a
Release version 4.2.0.RELEASE
2016-11-09 23:42:11 +00:00
a9024de734
Polish Spring Version Update
...
Fix related tests.
Issue gh-4123
2016-11-09 17:05:25 -06:00
f97f38fd57
jacksonDatavindVersion->jacksonDatabindVersion
...
Issue gh-4122
2016-11-09 16:46:38 -06:00
f0a9421aa4
SecurityJacksonModules->SecurityJackson2Modules
...
Fixes gh-4121
2016-11-09 16:42:41 -06:00
97b4cb0b73
Release version 4.2.0.RC1
2016-10-26 02:49:23 +00:00
e62596f36d
Polish PasswordEncoderUtils do not leak length
...
Fix possible / 0 if expected is empty String.
Issue gh-255
2016-10-24 12:50:46 -05:00
d3685d89c5
Polish PasswordEncoderUtils do not leak length
...
Issue gh-255
2016-10-24 11:26:43 -05:00
a98389fa98
PasswordEncoderUtils do not leak length
...
Enforce constant time even when expectedLength != actualLength.
Fixes gh-255
2016-10-24 11:26:34 -05:00
dc9f9b140f
Polish PasswordEncoderUtilsTests
...
* Add more tests
* Smaller tests
* Follow new naming convention
2016-10-24 11:24:24 -05:00
f432c04111
Create UserBuilder
...
This commit creates a UserBuilder and updates samples to use it. We do not
leverate it for JdbcUserDetailsManager because it requires the schema to
be created which is difficult with a single bean definition and
unpredicatble ordering. For this, it is still advised to use
AuthenticationManagerBuilder
Fixes gh-4095
2016-10-21 16:42:03 -05:00
08c1f500a7
Version bumps for Spring 5
...
Issue gh-4080
2016-10-17 17:00:17 -05:00
48ff518a41
Fix Jackson 2.7+
...
UnmodifiableSetDeserializer added which will ensure
Collection$UnmodifiableSet deserialize properly with jackson-databind 2.7+
Fixes gh-4073
2016-10-13 07:42:07 -05:00
c1b8150439
Release version 4.2.0.M1
2016-09-23 19:39:33 +00:00
b443baef04
Polish GrantedAuthorityDefaults
...
* Move GrantedAuthorityDefaults to config module
* Move setting of default role into config module vs
ApplicationContextAware
Issue gh-3701
2016-09-22 15:13:05 -05:00
eabeaf35d6
Make single definition of `defaultRolePrefix` and `rolePrefix`
...
Previous to this commit, role prefix had to be set in every class
causing repetition. Now, bean `GrantedAuthorityDefaults` can be used to
define the role prefix in a single point.
Fixes gh-3701
2016-09-21 14:55:41 -05:00
c75a5b7279
Polish RoleHierarchyUtils and add tests
2016-09-19 14:07:34 -04:00
06c67070a6
Add convenience method for constructing RoleHierarchy from Map.
...
Introduced `RoleHierarchyUtils` which enables convenient
construction of `RoleHierarchy` from map based representation.
Where the map key is the role name and the map value is a list
of implied role names.
Here is a small example for that in action:
https://gist.github.com/thomasdarimont/ee9fffdef1adb9243b12ad247478aad4
Fixes #3990 .
Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-09-19 14:07:34 -04:00
92a59e0df7
Fix checkstyle
...
Issue gh-3736
2016-09-02 12:02:39 -05:00
8ad0003456
Polish Whitespace
...
Issue gh-3736
2016-09-02 11:37:21 -05:00
3531cc93c2
JSON tests ObjectMapper Cleanup
...
* Move to @Setup
* Consistently extend from AbstractMixinTests and reuse ObjectMapper
Issue gh-3736
2016-09-02 11:37:20 -05:00
bd925313af
Improve Readablility of JSON test strings
...
This improves the readability of the JSON strings used for
testing JSON serialize / deserialize of Spring Security
Issue gh-3736
2016-09-02 11:37:20 -05:00
d4c48dd3e1
Remove MockitoJUnitRunner from JSON tests
...
Previously the JSON tests unnecessarily had MockitoJUnitRunner.
This commit removes MockitoJUnitRunner from the JSON tests.
Issue gh-3736
2016-09-02 11:37:20 -05:00
df613ed4cc
JSON UserDetails deserializes null
...
JSON UserDetails null use to be treated as "".
This changes null to be treated as a null
Issue gh-3736
2016-09-02 11:37:16 -05:00
3fb77f3b59
Polish SecurityJacksonModules
...
Issue gh-3736
* ClassLoader argument - this is required because we do not want to assume
the ClassLoader that should be used
* Clean up logging - logging is now at debug level because we don't expect
all of the modules are loaded (they are quite possibly off the ClassPath)
* Remove ObjectUtils as it was being used on methods that expect a
Collection or Array with non collection based objects
* Polish Javadoc warnings
2016-09-02 11:37:13 -05:00
c2d8ea92d0
SimpleGrantedAuthorityMixin role->authority
...
Issue gh-3736
2016-09-02 11:36:33 -05:00
6f2b24a62b
Polish JSON warnings / javadoc
...
Issue gh-3736
2016-09-02 11:36:23 -05:00
6d2003722e
Polish JSON class scope
...
Use package scope when possible
Issue gh-3736
2016-09-02 11:36:06 -05:00
03d8904a03
Polish constructor assertions
...
Previously the JSON modules didn't use Spring's Assert.
This commit changes the assertions to use Spring's Assert and does
some minor restructuring.
Issue gh-3736
2016-09-02 11:34:57 -05:00
d77ca17e95
Add JSON Serialization
...
Fixes gh-3812
2016-09-02 11:29:53 -05:00
4d02a5c0a0
Update pom.xml dependencies
2016-08-30 11:27:29 -05:00
53352e336d
Polish gh-4048
2016-08-30 09:42:28 -05:00
422bc37115
Suppurt custom messages
...
According to the SpringSecurityMessageSource documentation class which uses
SpringSecurityMessageSource should also implement MessageSourceAware interface
in order to support alternative message source.
Issue gh-4048
2016-08-30 09:41:37 -05:00
c266930483
Update Dependency Versions ( #4035 ) ( #4036 )
2016-08-19 16:10:46 -05:00
d2a37cb1d6
Improve field visibility in DefaultMethodSecurityExpressionHandler
...
Fixes gh-210
2016-07-26 09:56:00 -04:00
13b0ddb7e6
Fix test assertions
2016-07-07 13:29:00 -05:00
b4ab0483b1
Update version to 4.2.0.BUILD-SNAPSHOT
2016-07-07 12:56:20 -05:00
919f000c80
Release version 4.1.1.RELEASE
2016-07-07 00:57:35 +00:00
310bb39a0d
Fix typo
2016-07-06 16:22:33 -05:00
5f6312c5be
Update to Spring 4.3.1
...
Fixes gh-3963
2016-07-06 15:47:44 -05:00
843ed3e437
Update to Spring 4.3.1.BUILD-SNAPSHOT
2016-07-01 22:04:55 -05:00
a2ead4cf7a
Polish
...
Fixes gh-3892
2016-06-20 12:35:43 -05:00
d2b909e7c5
Doc InteractiveAuthenticationEvent doesn't extend AuthentcationEvent
...
Document why InteractiveAuthenticationEvent doesn't extend
AuthentcationEvent. This is to avoid multiple AuthenticationSuccessEvent
from being sent to any listeners.
Fixes gh-3857
2016-06-17 17:16:54 -05:00
2d6051625f
Update pom.xml
2016-06-17 14:30:11 -05:00
001b05569a
Release version 4.1.0.RELEASE
2016-05-05 04:25:46 +00:00
9745de9510
Add @AuthenticationPrincipal expression
...
It is now possible to provide a SpEL expression for
@AuthenticationPrincipal. This allows invoking custom logic including
methods on the principal object.
Fixes gh-3859
2016-05-03 18:08:52 -04:00
24d0069668
Release version 4.1.0.RC2
2016-04-21 01:47:25 +00:00
933a7e8363
Remove duplicate words
...
Fixes gh-3826
2016-04-18 23:21:20 -05:00
2ef3da1b47
Documents the new @AuthenticationPrincipal in more detail.
...
Fixes gh-3771
2016-04-13 12:27:23 -04:00
b90242f2fa
Updates all POM versions to 4.1.0 snapshot build.
...
Fixes gh-3804
2016-04-12 10:35:43 -04:00
044acf7e27
Release version 4.1.0.RC1
2016-03-23 07:15:15 -07:00
36c381a06a
Update to Java 1.6
...
Fixes gh-3756
2016-03-15 08:37:00 -05:00
ec4e6c7453
Update pom.xml to 4.1.0.BUILD-SNAPSHOT
2016-03-14 00:51:35 -05:00
f221920a19
Clean up code to conform to basic checkstyle
...
Issue gh-3746
2016-03-14 00:15:12 -05:00
71d4ce96ad
Convert to assertj
...
Fixes gh-3175
2016-03-09 14:30:17 -06:00
bb600a473e
Start AssertJ Migration
...
Issue gh-3175
2016-03-09 14:26:30 -06:00
a1df8e5379
Fix keys in messages bundle
...
Fixes gh-2971
2016-03-09 10:43:37 -06:00
b248eae416
Javadoc on ProviderManager.authenticate clarification
...
Fixes gh-3722
2016-03-03 15:32:03 -06:00
65a00751a7
Update to Spring 4.2.5
...
Fixes gh-3715
2016-02-25 11:35:17 -06:00
cf76e3c65e
SEC-3150: Escape ' character in messages_fr.properties
...
Escape ' character, if not format doesn't work fine.
2015-11-12 15:42:52 -06:00
be303b15d1
SEC-3128: RoleVoter supports null Authentication
2015-10-29 14:03:18 -05:00
bd221739c7
SEC-3109: DelegatingSecurityContextExecutor fails with same Thread
...
Previously DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable
would not setup the SecurityContext if it was on the same thread as it was created.
This was intended to fix SEC-3031 but simply caused more problems.
This commit changes the strategy to keep track of the previous SecurityContext
and restore it (or clear it out if it was originally empty).
2015-10-26 17:16:54 -05:00
29f2cc0ab1
snasphot -> snapshot
2015-09-25 15:28:39 -05:00
e6ed4441c4
Update messages_it.properties
2015-09-17 17:31:32 +02:00
a9a5377e4a
Unused import
...
An import unsued
2015-09-02 00:21:39 -05:00
5edfeb4091
Unused import
...
And import is unused
2015-09-02 00:21:39 -05:00
adfeb96e2f
Update to Spring 4.2.1
2015-09-01 09:53:26 -05:00
c79bceab03
SEC-2956: Improve AnnotationParameterNameDiscoverer Performance
2015-08-19 16:07:03 -05:00
55dd247660
SEC-3078: Update Spring 4.2
2015-08-19 16:05:40 -05:00
26ab012b57
Start 4.1.0
2015-08-18 13:58:01 -05:00
969f3a7d1b
Update pom.xml to latest snapshots
2015-08-03 09:46:01 -05:00
ad1d858e2b
SEC-3056 - Fix JavaDoc errors.
...
Fixed JavaDoc errors accross multiple modules in order to make javadoc happy with Java 8.
2015-08-03 08:02:24 -05:00
117f892c91
SEC-3031: DelegatingSecurityContext(Runnable|Callable) only modify SecurityContext on new Thread
...
Modifying the SecurityContext on the same Thread can cause issues. For example, with a
RejectedExecutionHandler the SecurityContext may be cleared out on the original Thread.
This change modifies both the DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable to,
by default, only modify the SecurityContext if they are invoked on a new Thread. The behavior can be changed
by setting the property enableOnOrigionalThread to true.
2015-07-22 16:07:21 -05:00
e8c9f75f9c
Update pom.xml to latest versions
2015-07-22 12:51:04 -05:00
821333434d
SEC-3013: Add messages_en.properties
2015-07-13 23:18:45 -05:00
197ddb3cd1
SEC-3029: Fix Compatibility with Spring 4.2.x
2015-07-07 22:46:31 -05:00
0a118336d4
SEC-2955: Convert to "static" for inner classes
2015-04-30 12:54:52 -05:00
b433cdda7e
SEC-2930: Update SecurityExpressionOperations javadoc
2015-04-21 09:21:29 -05:00
d5dfeeca49
SEC-2927: Update chat-jc pom so Maven Builds
...
Previously there were some incorrect dependency versions. This commit fixes
that.
We added dependencyManagement for Spring Framework and corrected
Thymeleaf and embedded redis versions.
2015-04-20 15:53:26 -05:00
4fdfb8caba
SEC-2915: More Tabs -> Spaces
2015-04-17 11:34:34 -05:00
db531d9100
SEC-2917: Update to Spring 4.1.6
2015-03-25 15:18:59 -05:00
ae6af5d73c
SEC-2915: Updated Java Code Formatting
2015-03-25 13:09:18 -05:00
0a2e496a84
SEC-2915: groovy/gradle spaces->tabs
2015-03-25 13:08:59 -05:00
cf9f58a4ac
SEC-2915: XML spaces->tabs
2015-03-25 13:08:52 -05:00
706e7fd7a2
SEC-2863: Update to Spring 4.1.5
2015-02-20 11:43:04 -06:00
9b5f76f3d6
SEC-2833: Rossen's feedback on WebSocket
2015-02-04 10:43:12 -06:00
6627f76df7
SEC-2758: Make ROLE_ consistent
2015-01-29 17:08:43 -06:00
e8ac402dfc
SEC-2812: Fix german translations
2015-01-12 13:59:48 +01:00
8f0001f59a
Next Development Version
2014-12-11 20:39:26 -06:00
49b69196de
Release version 4.0.0.RC1
2014-12-11 20:36:55 -06:00
11116c2b80
SEC-2787: Update Versions
2014-12-10 16:37:19 -06:00
b56e5edbbd
SEC-2784: Fix build plugins
2014-12-08 14:24:34 -06:00
6e204fff72
SEC-2781: Remove deprecations
2014-12-04 15:28:40 -06:00
dfa17bdb98
SEC-2747: Remove spring-core dependency from spring-security-crypto
2014-11-20 16:16:22 -06:00
30c5788b8b
SEC-1897: Remove raw types from AbstractAccessDecisionManager
2014-11-20 15:36:53 -06:00
4d738d8576
SEC-2491: KeyBasedPersistenceTokenService defaults to 32 bytes
2014-11-20 14:40:07 -06:00
0704f88e99
SEC-2344: Remove check for DefaultParamterNameDiscoverer
...
Spring Security not requires Spring 4, so there is no need to perform a
check if Spring 4 is present.
2014-11-20 12:09:38 -06:00
3089f1603e
SEC-2682: DelegatingSecurityContextRunnable/Callable delegate toString()
2014-11-20 11:51:05 -06:00
5810681b06
SEC-2574: JavaConfig default SessionRegistry processes SessionDestroyedEvents
2014-11-19 16:48:19 -06:00
3b8f7fdd67
SEC-2732: ehcache-core -> ehcache
2014-11-18 17:14:30 -06:00
4e7398eec0
SEC-2150: Support class level annotations on Spring Data Repositories
2014-09-26 13:47:37 -05:00
d429c96253
SEC-2150: Add tests to verify JSR-250 Spec behavior
2014-09-26 13:46:10 -05:00
5ba8f000a7
SEC-2714: Add AuthenticationPrincipal resolver for messaging support
2014-09-23 16:28:48 -05:00
02c3565e22
Fix compiling in Eclipse
2014-09-16 10:18:46 -05:00
3f30529039
SEC-2179: Add Spring Security Messaging Support
2014-08-15 20:46:58 -05:00
f50e058d07
SEC-2697: Fix logging of Spring Version Check
2014-08-15 16:41:33 -05:00
3187ee8bf3
SEC-2700: Register WithSecurityContextTestExecutionListener by default
2014-08-15 16:41:33 -05:00
08d703545c
SEC-2686: Fix SpringSecurityCoreVersion
2014-07-22 22:06:45 -05:00
b72c1ad314
SEC-2686: Create SecurityMockMvcConfigurer
2014-07-22 15:11:37 -05:00
626b521c0e
SEC-2591: Added more user friendly Korean messages_ko_KR.properties
2014-06-13 13:56:40 -05:00
475f25c787
SEC-2571: Failure in UserDetailsService->InternalAuthenticationServiceException
2014-04-24 16:36:36 -05:00
00e1094178
Add springio-platform plugin
2014-04-23 14:35:22 -05:00
3118e39de8
SEC-2542: Use exclusions to remove duplicate dependencies
...
A number of projects had duplicate dependencies on their classpaths
as a result of the same classes being available in more than one
artifact, each with different Maven coordinates. Typically this only
affected the tests, but meant that the actual classes that were
loaded was somewhat unpredictable and had the potential to vary
between an IDE and the command line depending on the order in which
the aritfacts appeared on the classpath. This commit adds a number of
exclusions to remove such duplicates.
In addition to the new exclusions, notable other changes are:
- Spring Data JPA has been updated to 1.4.1. This brings its
transitive dependency upon spring-data-commons into line with
Spring LDAP's and prevents both spring-data-commons-core and
spring-data-commons from being on the classpath
- All Servlet API dependencies have been updated to use the official
artifact with all transitive dependencies on unofficial servlet API
artifacts being excluded.
- In places, groovy has been replaced with groovy-all. This removes
some duplicates caused by groovy's transitive dependencies.
- JUnit has been updated to 4.11 which brings its transitive Hamcrest
dependency into line with other components.
There appears to be a bug in Gradle which means that some exclusions
applied to an artifact do not work reliably. To work around this
problem it has been necessary to apply some exclusions at the
configuration level
Conflicts:
samples/messages-jc/pom.xml
2014-04-02 09:47:26 -05:00
5be4bfd55e
SEC-2173: Polish javadoc
2014-03-14 08:59:24 -05:00
2628be60d1
SEC-2173: Added SystemWideSaltSource.toString() test
2014-03-14 08:59:24 -05:00
1c50a86661
SEC-2173: Override toString method in SystemWideSaltSource
...
Now prints the saltSource string instead of the object memory signature.
2014-03-14 08:59:24 -05:00
50637d4451
SEC-2518: UserDetailsService javadoc repeats "insensitive"
...
Typo in javadoc, "case insensitive" was repeated twice.
2014-03-11 15:36:47 -05:00
a7005bd742
SEC-2500: Prevent anonymous bind for ActiveDirectoryLdapAuthenticator
2014-03-10 14:33:39 -05:00
9988fa141c
Update Spring Security version in pom.xml
2014-03-06 08:13:52 -06:00
6dfdb10e31
Fix move to 4.0
2014-03-05 16:52:19 -06:00
6be4e3a9fc
SEC-2506: Remove Bundlor Support
2014-03-05 13:32:16 -06:00
de4ed136ea
Fix spring4 test
2014-02-19 16:13:30 -06:00
7f99a2dfbb
SEC-2487: Update to Spring 3.2.8.RELEASE
2014-02-19 09:30:40 -06:00
fc8e4868ce
SEC-2468: Fix tests
2014-02-15 14:25:46 -06:00
65367e6547
SEC-2468: JdbcUserDetailsManager#createNewAuthentication uses null credentials
2014-02-14 16:53:26 -06:00
152f41f61e
SEC-2392: KeyBasedPersistenceTokenService uses bytes instead of bits
...
The method setPseudoRandomNumberBits actually sets the number of bytes. This
commit deprecates setPseudoRandomNumberBits and adds
setPseudoRandomNumberBytes. The default value is still 256 to remain passive
but will be updated in 4.x.
2014-02-13 15:36:47 -06:00
ec8b48150d
SEC-2474: Update poms
2014-02-07 17:01:11 -06:00
087b56da96
SEC-2473: Update to Spring 3.2.7
2014-01-30 09:44:26 -06:00
2df5541905
SEC-2448: Update to HSQL 2.3.1
2013-12-14 10:19:06 -06:00
a34178bc40
SEC-2434: Update to Spring 3.2.6 and Spring 4.0 GA
2013-12-12 08:16:59 -06:00
4460e84b29
Updates to pom.xml author and repo
2013-12-09 08:57:30 -06:00
fa39ecd719
SEC-2367: ProviderManager rethrows InternalAuthenticationServiceExceptions
2013-12-04 16:19:33 -06:00
7e274ea5b6
Fix typo in InternalAuthenticationServiceException javadoc
2013-12-04 16:18:59 -06:00
5a59c74d02
SEC-2327: Document SecurityExpressionRoot
2013-11-20 16:59:05 -06:00
2d2f91484d
SEC-2350: Fix broken test
2013-11-15 14:01:35 -06:00
1745715865
SEC-2350: Remove warning whe using Spring 4
2013-11-15 13:43:43 -06:00
2c8946c406
Next development version
2013-11-01 14:20:55 -05:00
9c703a3051
Release version 3.2.0.RC2
2013-11-01 14:20:49 -05:00
e696890e8e
SEC-2151: Fix spring4Test
2013-09-27 12:36:43 -05:00
61e6acb3f4
SEC-2151: AnnotationParameterNameDiscoverer support single annotated param
...
This makes sense since often times only a single argument is necessary in
the expression.
2013-09-27 11:53:39 -05:00
e5f034bdef
SEC-2151: Fix tests
2013-09-27 11:52:32 -05:00
a09756745f
SEC-2151: Support binding method arguments with Annotations
...
This allow utilizing method arguments for method access control on
interfaces prior to JDK 8.
2013-09-27 11:18:37 -05:00
fb0a8d19e8
SEC-2322: Support StandardReflectionParameterNameDiscoverer
2013-09-26 15:55:11 -05:00
Rob Winch
Spring Buildmaster
pkovacs
stonio
Rob Winch
avri-schneider
Jitendra Singh
Eddú Meléndez
Joe Grandja
Thomas Darimont
Jitendra Singh Bisht
vitalii-dmytruk
Kevin Conaway
Johnny Lim
Billy Korando
Karol Lewandowski
hmolsen
petaure
zhanhb
/usr/local/ΕΨΗΕΛΩΝ
David Avenante
Alex Panchenko
james
Rob Winch
Gamal Shaban
Alexander Kjäll