Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-13 15:42:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,748 Commits 44 Branches 345 Tags
Commit Graph

5748 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
28278eab89 Fix defaultMethodExpressionHandler autowiring 
Previously if a Bean for GlobalMethodSecurityConfiguration's
defaultMethodExpressionHandler was found on a Configuration that also
@Autowired a Bean that enabled method security, the Bean that was
@Autowired would not have security enabled.

This fixes the issue by delaying the lookup of Beans populated on
GlobalMethodSecurityConfiguration's defaultMethodExpressionHandler.

Fixes gh-4020
 2016-08-10 23:48:49 -05:00
Rob Winch
a93fb1e0e7 Fix csrf() when used then not used 
Previously if csrf() was used and subsequently not used, the
TestCsrfTokenRepository was still used. This makes it difficult to test
the actual CsrfTokenRepository implementation.

Now the TestCsrfTokenRepository is only used if explicitly enabled.

Fixes gh-4016
 2016-08-09 17:28:33 -04:00
Joe Grandja
dabcc5416a MvcRequestMatcher servletPath Polish / XML Config 
Fixes gh-4014
 2016-08-09 15:47:41 -05:00
Rob Winch
8a6d0cd16d MvcRequestMatcher servletPath / JavaConfig 
Issue: gh-3987
 2016-08-09 15:47:01 -05:00
Rob Winch
edb7ef567a Logout is 204 for XMLHttpRequest 
Fixes gh-3997
 2016-08-02 14:14:44 -07:00
Rob Winch
d002681bec Add ObjectPostProcessor support for SmartInitializingSingleton 2016-07-21 10:46:55 -05:00
Rob Winch
6649d46896 DummyRequest supports methods for MvcRequestMatcher 
To support MvcRequestMatcher DummyRequest needs to support
getCharacterEncoding() and getAttribute(String)
 2016-07-14 16:02:08 -04:00
Rob Winch
1d97ee8dd6 Add HttpSecurity.mvcMatcher 
Fixes gh-3970
 2016-07-14 11:46:29 -04:00
Rob Winch
7d1344fca8 Fix NPE requestMatchers().mvcMatchers 
Fixes gh-3969
 2016-07-14 11:45:45 -04:00
Spring Buildmaster
cc04392d9a Next development version 2016-07-07 00:57:53 +00:00
Spring Buildmaster
919f000c80 Release version 4.1.1.RELEASE 4.1.1.RELEASE 2016-07-07 00:57:35 +00:00
Johnny Lim
310bb39a0d Fix typo 2016-07-06 16:22:33 -05:00
Rob Winch
764a4d8414 Fix Error Message typo 
Fixes gh-3953
 2016-07-06 16:19:29 -05:00
Jakob Englisch
b17870ee07 LogoutConfigurer: only allow suitable http methods 2016-07-06 16:17:11 -05:00
Rob Winch
8ad91ef6a5 WithSecurityContextTestExecutionListener > SqlScriptsTestExecutionListener 
WithSecurityContextTestExecutionListener should order after
SqlScriptsTestExecutionListener so sql can setup the current user's info
in the database.

Fixes gh-3962
 2016-07-06 16:09:17 -05:00
Rob Winch
5f6312c5be Update to Spring 4.3.1 
Fixes gh-3963
 2016-07-06 15:47:44 -05:00
Rob Winch
9d50944cb2 AntPathRequestMatcher implements RequestVariableExtractor 
Issue gh-3964
 2016-07-06 15:47:34 -05:00
Rob Winch
e4c13e3c0e Add MvcRequestMatcher 
Fixes gh-3964
 2016-07-06 15:47:23 -05:00
Rob Winch
13bc70f693 Add CorsFilter support 2016-07-05 14:28:04 -05:00
Rob Winch
c935d857eb Add mvc namespace to XmlApplicationContext 2016-07-01 22:04:55 -05:00
Rob Winch
843ed3e437 Update to Spring 4.3.1.BUILD-SNAPSHOT 2016-07-01 22:04:55 -05:00
Rob Winch
7f3b3a8b59 Polish 
Issue gh-180
 2016-07-01 13:17:52 -05:00
Jakob Englisch
261c932b8e Upgrade Gradle to 2.14 
Issue gh-3946
 2016-06-28 13:13:08 -04:00
Rob Winch
1b4e20e97f Fix InsecureApplicationTests package 
Fixes gh-3951
 2016-06-28 10:17:17 -05:00
Rob Winch
bd5f71bb0d Polish 
Fix checkstyle for LDAP JavaConfig Authority mapping

Issue gh-2768
 2016-06-21 17:08:37 -05:00
Tony Dalbrekt
b76e3be822 LDAP Java Config supports GrantedAuthoritiesMapper 
Fixes gh-2768
 2016-06-21 16:43:13 -05:00
Rob Winch
26ad1cb4a5 Polish RememberMe Validation 
Issue gh-3909
 2016-06-21 14:57:15 -05:00
Eddú Meléndez
87224f62e4 RememberMe JavaConfig Validation 
Add validation when rememberMeServices and rememberMeCookieName are
provided

Fixes gh-3909
 2016-06-21 14:57:01 -05:00
Rob Winch
8f880aea0e Polish Pbkdf2PasswordEncoder 
Issue gh-3930
 2016-06-21 11:47:50 -05:00
vitaliy_kuzmich
5f658b3ffc Remove double salt in Pbkdf2PasswordEncoder 
Issue gh-3930
 2016-06-21 11:44:23 -05:00
Rob Winch
77a478ba0d Fix ApacheDSEmbeddedLdifTests checkstyle 
Issue gh-54
 2016-06-21 09:56:34 -05:00
Marcin Zajączkowski
a3c4a5fde7 SEC-2387 - add ignored failing test case 2016-06-21 09:53:38 -05:00
Rob Winch
bbeb7f94d7 Fix checkstyle 
Issue gh-3920
 2016-06-20 19:36:51 -05:00
Rob Winch
a2a06d19c1 Add formLogin() Accept Test 
Issue gh-3920
 2016-06-20 16:23:29 -05:00
Micah Silverman
314828859e Added accept method call to buildRequest in SecurityMockMvcRequestBuilders with default of MediaType.APPLICATION_FORM_URLENCODED 2016-06-20 15:46:01 -05:00
Rob Winch
66858e22ad Disable XMLHttpRequest for formLogin entry point 
Previously the following:

http http://localhost:8080/user \
  "X-Requested-With:XMLHttpRequest" "Accept:text/plain"

Produced a 302 instead of a 401

Fixes gh-3887
 2016-06-20 15:30:00 -05:00
Rob Winch
2a73f3cdf7 Remove abigious import 2016-06-20 15:03:09 -05:00
Rob Winch
dd9b59ba31 Document Digest is insecure 
Fixes gh-3894
 2016-06-20 14:10:36 -05:00
Eddú Meléndez
39ed7d0eca Propagate rolePrefix to LdapAuthoritiesPopulator 
Previous to this commit, custom rolePrefix was not propagated to
LdapAuthoritiesPopulator populating  a wrong authority. Now, rolePrefix
is propagated and the authority is as expected.

Fixes gh-3921
 2016-06-20 12:44:02 -05:00
Eddú Meléndez
a2ead4cf7a Polish 
Fixes gh-3892
 2016-06-20 12:35:43 -05:00
Ruben Dijkstra
364db6762e Add failing test for #3905 Fix Assert usage 2016-06-20 09:24:04 -05:00
Ruben Dijkstra
e8f4ee8a39 Fix Assert usage 2016-06-20 09:23:51 -05:00
Rob Winch
d2b909e7c5 Doc InteractiveAuthenticationEvent doesn't extend AuthentcationEvent 
Document why InteractiveAuthenticationEvent doesn't extend
AuthentcationEvent. This is to avoid multiple AuthenticationSuccessEvent
from being sent to any listeners.

Fixes gh-3857
 2016-06-17 17:16:54 -05:00
Shannon Carey
9fa2c64737 Documentation SecurityConfig->WebSecurityConfig 
Rename SecurityConfig to WebSecurityConfig in the documentation.

Fixes gh-153
 2016-06-17 16:55:46 -05:00
Filip Hanik
6b436ff409 Avoid duplicate attribute search. 
When using search-and-bind strategy, the user attributes are already returned in the first search.
If the user happens to not have privileges to perform a search, the second search may fail.
(user only has bind privileges)
See https://github.com/cloudfoundry/uaa/issues/342
 2016-06-17 16:43:06 -05:00
Ruben Dijkstra
ca76e8d784 Remove null-check inside afterPropertiesSet() since it's never null 2016-06-17 16:40:39 -05:00
Rob Winch
2d6051625f Update pom.xml 2016-06-17 14:30:11 -05:00
Rob Winch
477573b3bc Fix @EnableGlobalAuthentication & method seucrity on @Configuration class 
Fixes gh-3934
 2016-06-17 14:05:11 -05:00
Rob Winch
fa1c484587 AuthenticationConfiguration.getAuthenticationManager() supports recursion 
AuthenticationConfiguration.getAuthenticationManager() now supports
recursion. This is necessary in instances where something using
@EnableGlobalAuthentication requires an object using method level security.

Fixes gh-3935
 2016-06-17 14:02:36 -05:00
Rob Winch
9e3d2e2d99 HTTP Basic default logout ignores text/html 
This fixes an issue where Chrome sends an accept header of application/xml
which triggers an HTTP 204 to be returned

Fixes gh-3902
 2016-06-14 16:27:56 -05:00