e15cee62f4
SEC-2511: Remove double ALLOW-FROM in X-Frame-Options header
2014-03-06 22:01:25 -06:00
6de138c2f2
SEC-2511: Remove double ALLOW-FROM from X-Frame-Options header.
...
The interface documentation for getAllowFromValue states: Gets the value for ALLOW-FROM excluding the ALLOW-FROM.
2014-03-06 22:01:23 -06:00
4cdeacc277
SEC-2499: Allow MethodSecurityExpressionHandler in parent context
...
Previously a NoSuchBeanDefintionException was thrown when the
MethodSecurityExpressionHandler was defined in the parent context. This
happened due to trying to work around ordering issues related to SEC-2136
This commit resolves this by not marking the
MethodSecurityExpressionHandler bean as lazy unless it exists.
2014-03-06 21:14:35 -06:00
9988fa141c
Update Spring Security version in pom.xml
2014-03-06 08:13:52 -06:00
8afa8d8588
Fix integration tests
2014-03-06 07:56:40 -06:00
6dfdb10e31
Fix move to 4.0
2014-03-05 16:52:19 -06:00
6be4e3a9fc
SEC-2506: Remove Bundlor Support
2014-03-05 13:32:16 -06:00
04a527d4ec
SEC-2495: CSRF disables logout on GET
2014-02-20 09:40:00 -06:00
de4ed136ea
Fix spring4 test
2014-02-19 16:13:30 -06:00
4a1a2dfed4
Update min Spring version of 4.0.2.REELASE
2014-02-19 11:16:57 -06:00
3fc9dd82f3
Start Spring Security 4.0.x
2014-02-19 11:05:27 -06:00
551f600073
Next development version
2014-02-19 08:10:01 -08:00
f2cde4ffa3
SEC-2486: Update tests to Spring LDAP 2.0.1.RELEASE
2014-02-19 09:32:37 -06:00
9810768186
SEC-2485: Update test to Spring 4.0.2.RELEASE
2014-02-19 09:31:46 -06:00
7f99a2dfbb
SEC-2487: Update to Spring 3.2.8.RELEASE
2014-02-19 09:30:40 -06:00
85305050c0
SEC-2455: Fix XML default login generation
2014-02-18 13:52:05 -06:00
8a3a7961cb
SEC-2492: ExpressionUrlAuthorizationConfigurer private interceptUrl to void
2014-02-15 14:41:26 -06:00
fc8e4868ce
SEC-2468: Fix tests
2014-02-15 14:25:46 -06:00
65367e6547
SEC-2468: JdbcUserDetailsManager#createNewAuthentication uses null credentials
2014-02-14 16:53:26 -06:00
bf2df220ca
SEC-2490: LdapAuthenticationProviderConfigurer allows custom LdapAuthoritiesPopulator
2014-02-13 16:37:33 -06:00
152f41f61e
SEC-2392: KeyBasedPersistenceTokenService uses bytes instead of bits
...
The method setPseudoRandomNumberBits actually sets the number of bytes. This
commit deprecates setPseudoRandomNumberBits and adds
setPseudoRandomNumberBytes. The default value is still 256 to remain passive
but will be updated in 4.x.
2014-02-13 15:36:47 -06:00
7a3da28987
SEC-2479: Search parent context for AuthenticationManager
2014-02-12 08:11:26 -06:00
e17adad878
SEC-2469: Support Spring LDAP 2.0.1+
2014-02-12 08:11:26 -06:00
058b9debef
Minor slapd config changes
2014-02-11 14:23:54 +00:00
6c35c33abe
SEC-2447: Fix AuthenticationManagerBuilder ordering issues
2014-02-09 21:17:51 -06:00
c42e13c966
loginProcessing test
2014-02-07 17:01:11 -06:00
6b42a2eae1
SEC-2461: Multi WebSecurityConfiguration does not create null springSecurityFilterChain
2014-02-07 17:01:11 -06:00
ec8b48150d
SEC-2474: Update poms
2014-02-07 17:01:11 -06:00
4eff50b48b
SEC-2474: Update tests against Spring 4.0.1
2014-01-30 09:44:26 -06:00
087b56da96
SEC-2473: Update to Spring 3.2.7
2014-01-30 09:44:26 -06:00
8d8475deb1
SEC-2455: form-login@login-processing-url & logout@logout-url use matchers
...
Remove the deprecation warnings of using setFilterProcessingUrl by invoking
the matcher methods instead.
2014-01-29 15:35:18 -06:00
b5f5665ea6
SEC-2463: CSRF documentation includes EnableWebMvcSecurity
2014-01-29 09:28:51 -06:00
3b05fd6fed
SEC-2466: Add link to MultipartFilter in CSRF multipart section
2014-01-28 22:04:35 -06:00
4c84805ac9
SEC-2466: CSRF MutipartFilter doc now uses <url-pattern>
2014-01-28 16:51:05 -06:00
a99c6db327
SEC-2467: Fix Small errors in itest-web's jsps
2014-01-28 16:03:59 -06:00
1f833b0d6b
Add ExpressionUrlAuthorizationCOnfigurer tests
...
- Demo custom expression root
- Demo @Bean in expression example
2014-01-23 11:21:21 -06:00
add3aae6ef
Next development version
2013-12-16 11:27:25 -08:00
f09ce267b3
Polish MVC doc
2013-12-16 12:30:25 -06:00
374aceed2b
Polish form.asc
2013-12-16 11:13:23 -06:00
df703e0189
Polish hellomvc.asc
2013-12-16 10:39:18 -06:00
8c580dc170
SEC-2444: Polish Thymeleaf for samples
2013-12-16 09:51:00 -06:00
5205bf57c6
SEC-2453: Create 403 CSRF FAQ Entry
2013-12-16 09:02:02 -06:00
994117ad75
SEC-2436: Fix CsrfConfigurerNoWebMvcTests
2013-12-14 14:48:47 -06:00
b7041ed00e
SEC-2436: Add @EnableWebMvcSecurity
2013-12-14 14:40:01 -06:00
053c890a69
SEC-2450: WebSecurityConfigurerAdapter have default Order of 100
2013-12-14 13:00:48 -06:00
7838e3eeca
SEC-2447: JdbcMutableAclServiceTests should invoke aclCache.clearCache()
2013-12-14 10:19:06 -06:00
2df5541905
SEC-2448: Update to HSQL 2.3.1
2013-12-14 10:19:06 -06:00
04fac30d75
SEC-2449: <ldap-server> default port should fallback to dynamic value
2013-12-14 10:19:06 -06:00
54ffa28bde
remove apacheDSWorkDir since custom tmp dir is created
2013-12-13 16:38:35 -06:00
ca1080fb96
SEC-2439: HttpSessionCsrfTokenRepository setHeaderName sets header instead of parameter
2013-12-13 15:47:28 -06:00
Rob Winch
getvictor
Spring Buildmaster
Luke Taylor
james