Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,560 Commits 33 Branches 333 Tags 109 MiB
Commit Graph

613 Commits

Author SHA1 Message Date
Rob Winch 2f4610e8b7 Update HttpSecurity.requestMatcher() Javadoc 
Fixes gh-3365
 2016-03-09 16:45:29 -06:00
Billy Korando 71d4ce96ad Convert to assertj 
Fixes gh-3175
 2016-03-09 14:30:17 -06:00
Rob Winch bb600a473e Start AssertJ Migration 
Issue gh-3175
 2016-03-09 14:26:30 -06:00
Rob Winch 3164bd6f8d Polish Sorting ObjectPostProcessor 
* Add Test
* Only sort on adding new entry

Issue gh-3572
 2016-03-08 15:51:13 -06:00
Wallace Wadge a366489c3c Sort ObjectPostProcessors prior to invoking them 
Fixes gh-3572
 2016-03-08 10:39:56 -06:00
Rob Winch db81977a1a Polish HPKP 
* Javadoc polish
* Whitespace cleanup

Issue gh-3706
 2016-03-03 15:11:40 -06:00
Tim Ysewyn 331c7e91b7 HTTP Public Key Pinning 
HTTP Public Key Pinning (HPKP) is a security mechanism which allows HTTPS websites
to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.
(For example, sometimes attackers can compromise certificate authorities,
 and then can mis-issue certificates for a web origin.)
The HTTPS web server serves a list of public key hashes, and on subsequent connections
clients expect that server to use 1 or more of those public keys in its certificate chain.

This commit will add this new functionality.

Fixes gh-3706
 2016-03-03 14:21:46 -06:00
Rob Winch 337f1885ea SEC-3170: Polish 
* Prevent a null LogoutHandler from being set when RememberMeServices
does not implement LogoutHandler
* Fix test which invoked Mock from outside spock which failed
* Add explicit test for adding null LogoutHandler to
RememberMeConfigurer
 2015-12-15 09:50:54 -06:00
Nikos Kastamoulas b28c62a6fe SEC-3170: Null check for Java Config of RememberMeServices 
Added a null check in LogoutConfigurer.addLogoutHandler() method to
ensure that a logout handler is always provided..
 2015-12-15 09:50:54 -06:00
William Gorder 1182d35d3c SEC-3159: Fix Javadoc 
The HttpSecurity#headers() Javadoc did not accurately reflect changes made to the
HeadersConfigurer in Spring Security 4.x.
 2015-11-21 19:39:15 -05:00
Kazuki Shimizu 205ef42cfb SEC-3147: Add error parameter for default authentication-failure-url 2015-11-12 15:00:21 -06:00
Rob Winch 53f85e2151 SEC-2848: LogoutConfigurer allows setting clearAuthentication 2015-10-30 13:54:01 -05:00
Rob Winch 15b4406015 SEC-3135: antMatchers(<method>,new String[0]) now passive 2015-10-30 10:08:42 -05:00
Rob Winch 6f1bb705ac SEC-3135: antMatchers now allows method and no pattern 
Previously, antMatchers(POST).authenticated() was not allowed. Instead
users had to use antMatchers(POST, "/**").authenticated().

Now we default the patterns to be "/**" if it is null or empty.
 2015-10-29 12:48:29 -05:00
Rob Winch f76bf96e14 SEC-3132: securityBuilder cannot be null 
If a custom SecurityConfiguererAdapter applies another
SecurityConfigurerAdapter it caused an error securityBuilder cannot be null.

This commit fixes this.
 2015-10-23 10:27:09 -05:00
Rob Winch b9f8af3096 SEC-3063: rm ConditionalOnMissingBean for @Primary 
ConditionalOnMissingBean can only work in a Spring Boot environment. This
means this approach is flawed.

Instead users that wish to override requestDataValueProcessor can use
@Primary.
 2015-10-21 15:40:43 -05:00
izeye 8baafbb2f2 SEC-3116: Polish WebSecurity Javadoc 2015-10-01 15:50:22 -05:00
zhanhb 29f2cc0ab1 snasphot -> snapshot 2015-09-25 15:28:39 -05:00
Rob Winch bac980cbcb SEC-2868: Simplify custom UserDetailsService Java Config 
Exposing a UserDetailsService as a bean is now all that is necessary
for Java based configuration. Additionally, an optional PasswordEncoder
bean can be used to configure password encoding.
 2015-08-27 20:41:15 -05:00
Rob Winch 6b05b298ff SEC-2059: Support Path Variables in Web Expressions 2015-08-20 17:11:01 -05:00
Rob Winch cbed1d75ee SEC-3076: Add Method Level Security Meta Annotations 2015-08-19 16:07:03 -05:00
Rob Winch 41c9431fcc Test that form log in requires CSRF 2015-08-03 12:24:37 -05:00
Rob Winch 453e6332da Fix indentation of CsrfConfigTests 2015-08-03 12:03:05 -05:00
Rob Winch 969f3a7d1b Update pom.xml to latest snapshots 2015-08-03 09:46:01 -05:00
Thomas Darimont ad1d858e2b SEC-3056 - Fix JavaDoc errors. 
Fixed JavaDoc errors accross multiple modules in order to make javadoc happy with Java 8.
 2015-08-03 08:02:24 -05:00
Rob Winch dab4cf18b8 SEC-3032: Correct documented logout-success-url default 2015-07-22 13:48:07 -05:00
Rob Winch e8c9f75f9c Update pom.xml to latest versions 2015-07-22 12:51:04 -05:00
Rob Winch 07fb2af74b SEC-3011: AbstractUrlAuthorizationConfigurer postProcess default AccessDecisionManager 2015-07-21 08:52:36 -05:00
Rob Winch ab1b7a1eb6 Remove unnecessary @SuppressWarnings 2015-07-21 08:51:32 -05:00
Rob Winch 9654df2cc3 SEC-3045: Conditionally add MethodSecurityMetadataSourceAdvisor 2015-07-17 15:16:09 -05:00
Rob Winch a3df41b380 Clean Import Statements 2015-07-17 14:52:23 -05:00
Rob Winch 0e36f85dab SEC-3019: Java Config for Http Basic supports Rememberme 2015-07-16 11:12:44 -05:00
Rob Winch 474d624e8e SEC-2988: Renamed OnBeanCondition.java to OnMissingBeanCondition.java 2015-07-13 22:51:45 -05:00
Rob Winch 64938ebcfc SEC-2996: Suport configuring SecurityExpressionHandler<Message<Object>> 2015-07-13 22:45:35 -05:00
Stijn ca0ffb8b5d SEC-2948: Fix error message for wrong xsd schema 
When using the wrong xsd schema < 4.0 a message was shown that the
schema needed to be version 3.2.

In reality this schema had to be version 4.0.
 2015-07-09 23:17:16 -05:00
Rob Winch 1f74ac811e Fix Spring IO Tests 2015-07-08 11:09:29 -05:00
Rob Winch 197ddb3cd1 SEC-3029: Fix Compatibility with Spring 4.2.x 2015-07-07 22:46:31 -05:00
Alex Panchenko 0a118336d4 SEC-2955: Convert to "static" for inner classes 2015-04-30 12:54:52 -05:00
Rob Winch f1352ba492 SEC-2942: Add test EnableWebSecurity supports AuthenticationPrincipal 2015-04-23 16:34:04 -05:00
Rob Winch f548d89b27 SEC-2932: SecurityContextConfigurer defaults SecurityContextRepository 2015-04-22 16:50:51 -05:00
Rob Winch 09acc2b7a5 SEC-2962: SecurityContextHolderAwareRequestFilter default rolePrefix 2015-04-21 11:42:48 -05:00
Rob Winch 38e2e23b86 Fix indentation of InterceptUrlConfigTests 2015-04-21 09:38:17 -05:00
Rob Winch d5dfeeca49 SEC-2927: Update chat-jc pom so Maven Builds 
Previously there were some incorrect dependency versions. This commit fixes
that.

We added dependencyManagement for Spring Framework and corrected
Thymeleaf and embedded redis versions.
 2015-04-20 15:53:26 -05:00
Rob Winch 0bfbd2923a SEC-2915: Fix defaut login page tests with tabs 2015-04-17 12:13:44 -05:00
Rob Winch 4fdfb8caba SEC-2915: More Tabs -> Spaces 2015-04-17 11:34:34 -05:00
Rob Winch 5fa5630bc3 Polish ordering of Config and test in NamespaceRememberMeTests 
The convention is to put the config just below the test.

This commit fixes the convention for NamespaceRememberMeTests
 2015-04-17 11:20:39 -05:00
Kazuki Shimizu 0c77c2071b SEC-2880: Add a setter method to override the cookie name of remember-me 2015-04-17 11:14:58 -05:00
Rob Winch ec89fdcfaa SEC-2919: Polish 
Remove now unnecessary AuthenticationConfig.Builder#getLoginFormUrl
method.
 2015-04-17 11:12:08 -05:00
Rob Winch 052bd32f40 SEC-2919: DefaultLoginPageGeneratingFilter disabled when login-page specified 2015-04-17 11:12:08 -05:00
Rob Winch 4ca936bb76 SEC-2913: Polish 2015-03-25 21:18:12 -05:00