Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,654 Commits 34 Branches 334 Tags 109 MiB
Commit Graph

599 Commits

Author SHA1 Message Date
Spring Buildmaster 24d0069668 Release version 4.1.0.RC2 2016-04-21 01:47:25 +00:00
Rob Winch 7fe0a135ec Default AntPathRequestMatcher to be case sensitive 
Issue gh-3831
 2016-04-20 13:29:18 -05:00
Rob Winch 6fa1588de9 Disable AntPathRequestMatcher trim tokens 
Issue gh-3831
 2016-04-20 13:29:17 -05:00
Rob Winch 4093690322 Polish Logout Content Negotiation 
* Rename to DelegatingLogoutSuccessHandler for consistency
* Remove JavascriptOriginRequestMatcher in favor of
RequestHeaderRequestMatcher

Issue gh-3282
 2016-04-20 10:49:37 -05:00
Shazin Sadakath f0d1700ad6 Content Negotiating LogoutSuccessHandler 
Issue gh-3282
 2016-04-20 10:42:13 -05:00
Rob Winch 1dbd3f5906 Fix NPE in OnCommittedResponseWrapper trackContentLength (#3824) 
OnCommittedResponseWrapper trackContentLength will throw a
NullPointerException when the content length passed in is null.

This commit properly tracks the null value as a length of 4.

Fixes gh-3823
 2016-04-19 14:58:56 -04:00
Johnny Lim 933a7e8363 Remove duplicate words 
Fixes gh-3826
 2016-04-18 23:21:20 -05:00
Rob Winch fb5776cb5c Support Camel case URI variables (#3814) 
Perviously there were issues with case insenstive patterns and URI
variables that contained upper case characters. For example, the pattern
"/user/{userId}" could not resolve the variable #userId Instead it was
forced to lowercase and #userid was used.

Now if the pattern is case insensitive then so is the variable. This means
that #userId will work as will #userid.

Fixes gh-3786
 2016-04-18 17:54:48 -04:00
Simon Olofsson 337a7ed35e Fix HeaderWriterFilter Javadoc 
Fixes the formatting and spelling in HeaderWriterFilter Javadoc

Issue gh-3813
 2016-04-15 08:56:58 -05:00
Andrew NS Yeow eb26095ca9 Fix HpkpHeaderWriter Javadoc format 2016-04-15 08:41:43 -05:00
Joe Grandja 2ef3da1b47 Documents the new @AuthenticationPrincipal in more detail. 
Fixes gh-3771
 2016-04-13 12:27:23 -04:00
Rob Winch d3a9cc6eae Add CsrfTokenRepository (#3805) 
* Create LazyCsrfTokenRepository

Fixes gh-3790

* Add CookieCsrfTokenRepository

Fixes gh-3009
 2016-04-12 17:26:53 -04:00
Johnny Lim fe94d654ed Fix typos (#228) 2016-04-12 11:11:51 -05:00
Joe Grandja b90242f2fa Updates all POM versions to 4.1.0 snapshot build. 
Fixes gh-3804
 2016-04-12 10:35:43 -04:00
izeye 2c85fb05d0 Remove duplicate test. 
Remove duplicate test with `trailingWildcardWithVariableMatchesCorrectly()`.

Fixes gh-183
 2016-04-08 13:36:45 -05:00
Rob Winch f49cd5faba Polish Codestyle 2016-04-01 09:53:32 -05:00
Rob Winch d900c78f11 Perform null check on super.getAsyncContext() 
Fixes gh-3780
 2016-04-01 09:53:32 -05:00
Shazin Sadakath 1bc7060c93 Add AuthenticationSuccessHandler support to AbstractPreAuthenticatedProcessingFilter 
Fixes gh-3389
 2016-03-25 09:46:16 -05:00
Spring Buildmaster 044acf7e27 Release version 4.1.0.RC1 2016-03-23 07:15:15 -07:00
Joe Grandja 2f7f2ff589 Adds support for Content Security Policy 
Fixes gh-2342
 2016-03-22 21:59:13 -05:00
Rob Winch 7bf014f678 Path Variables fail with different case 
Fixes gh-3329
 2016-03-21 10:09:50 -05:00
Eddú Meléndez 41c6a797c3 Add RememberMeConfigurer set domain 
Fixes gh-3408
 2016-03-17 08:30:18 -05:00
Rob Winch 242b831f20 Cache Control only written if not set 
Previously Spring Security always wrote cache control headers and relied
on the application to override the values. This can cause problems with
cache control. For example, applications may only set cache control if
the header is not already set. Additionally, setting of Cache-Control
should disable writing of Pragma.

This commit delays writing headers until just before the response is
committed and only writes the Cache Control headers if they do not exist.

Fixes gh-2953
 2016-03-15 12:30:37 -05:00
Rob Winch 1fcc2fcd88 Make OnCommittedResponseWrapper public 
This is preparing for changes in gh-2953

Issues gh-2953
 2016-03-15 11:22:06 -05:00
Rob Winch ec4e6c7453 Update pom.xml to 4.1.0.BUILD-SNAPSHOT 2016-03-14 00:51:35 -05:00
Rob Winch f221920a19 Clean up code to conform to basic checkstyle 
Issue gh-3746
 2016-03-14 00:15:12 -05:00
Rob Winch 40f687aa78 Improve CSRF missing error message 
Fixes gh-3738
 2016-03-09 14:52:21 -06:00
Billy Korando 71d4ce96ad Convert to assertj 
Fixes gh-3175
 2016-03-09 14:30:17 -06:00
Rob Winch bb600a473e Start AssertJ Migration 
Issue gh-3175
 2016-03-09 14:26:30 -06:00
Alex Baxanean a1c4c2039b Rename HeaderWriter loop variable 2016-03-09 10:36:03 -06:00
Rob Winch 6cbb1dc881 Polish ForwardAuthenticationSuccessHandler 
* Whitespace cleanup
* Add @since

Issue gh-3726
 2016-03-09 10:23:53 -06:00
Rob Winch e61bc7e93b Polish ForwardAuthenticationFailureHandler 
* Whitespace cleanup
* Add @since

Issue gh-3727
 2016-03-09 10:23:39 -06:00
Shazin Sadakath 7341da9320 Add ForwardAuthenticationSuccessHandler 
Fixes gh-3726
 2016-03-09 10:22:55 -06:00
Shazin Sadakath b288d24100 Add ForwardAuthenticationFailureHandler 
Fixes gh-3727
 2016-03-09 10:22:41 -06:00
Rob Winch db81977a1a Polish HPKP 
* Javadoc polish
* Whitespace cleanup

Issue gh-3706
 2016-03-03 15:11:40 -06:00
Tim Ysewyn 331c7e91b7 HTTP Public Key Pinning 
HTTP Public Key Pinning (HPKP) is a security mechanism which allows HTTPS websites
to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.
(For example, sometimes attackers can compromise certificate authorities,
 and then can mis-issue certificates for a web origin.)
The HTTPS web server serves a list of public key hashes, and on subsequent connections
clients expect that server to use 1 or more of those public keys in its certificate chain.

This commit will add this new functionality.

Fixes gh-3706
 2016-03-03 14:21:46 -06:00
Rob Winch d0dc47cb66 Remove logging for "Skip invoking on" response committed 
Fixes gh-3683
 2016-02-25 11:01:51 -06:00
Andrei Ivanov 9008a7af1d Allow override of SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR 
Fixes gh-3697
 2016-02-15 09:03:27 -06:00
Rob Winch 56fad169db request.setMethod("POST") 2015-12-21 14:53:13 -06:00
Rob Winch 7d5af63510 Merge pull request #243 from panchenko/SEC-3158 
SEC-3158 findRequiredWebApplicationContext() compatibility with spring framework 4.1
 2015-12-03 22:14:58 -06:00
Rob Winch 81db6abbe0 SEC-3164: JDK6 compatability 2015-12-02 14:16:57 -06:00
Alex Panchenko cfa23b152e SEC-3164 Optimization in DefaultRequiresCsrfMatcher 2015-12-01 13:19:13 +06:00
Alex Panchenko 3af4140742 SEC-3158 findRequiredWebApplicationContext() compatibility with spring framework 4.1.x 2015-12-01 12:54:08 +06:00
Rob Winch 4144de9376 SEC-3082: make SavedRequest parameters case sensitive 2015-10-29 16:46:11 -05:00
Rob Winch 8f13beccb7 SEC-2190: Fix Javadoc 2015-10-29 11:41:39 -05:00
Rob Winch 8b641e5f79 SEC-2190: Support WebApplicationContext in ServletContext attribute 2015-10-28 15:12:35 -05:00
Rob Winch 5c73816a1a SEC-3108: DigestAuthenticationFilter should use SecurityContextHolder.createEmptyContext() 2015-10-27 13:56:51 -05:00
Rob Winch a88ac0fcc1 SEC-3109: Fix web tests 2015-10-26 21:31:07 -05:00
Rob Winch cda6532c43 SEC-3070: Logout invalidate-session=false and Spring Session doesn't 
work
 2015-10-20 14:58:57 -05:00
izeye 3925ed90c4 SEC-3124: Fix broken Javadoc related to `<` and `>` 2015-10-13 13:33:28 -05:00