Issue gh-3736
* ClassLoader argument - this is required because we do not want to assume
the ClassLoader that should be used
* Clean up logging - logging is now at debug level because we don't expect
all of the modules are loaded (they are quite possibly off the ClassPath)
* Remove ObjectUtils as it was being used on methods that expect a
Collection or Array with non collection based objects
* Polish Javadoc warnings
Previously the JSON modules didn't use Spring's Assert.
This commit changes the assertions to use Spring's Assert and does
some minor restructuring.
Issue gh-3736
According to the SpringSecurityMessageSource documentation class which uses
SpringSecurityMessageSource should also implement MessageSourceAware interface
in order to support alternative message source.
Issue gh-4048
The validation does not work due to restrictions within the servlet
container. Specifically we cannot access the servlets that are registered.
This commit reverts the validation logic for MvcRequestMatcher to determine
if servletPath is required.
Fixes gh-4027
Previously if a Bean for GlobalMethodSecurityConfiguration's
defaultMethodExpressionHandler was found on a Configuration that also
@Autowired a Bean that enabled method security, the Bean that was
@Autowired would not have security enabled.
This fixes the issue by delaying the lookup of Beans populated on
GlobalMethodSecurityConfiguration's defaultMethodExpressionHandler.
Fixes gh-4020
Previously if csrf() was used and subsequently not used, the
TestCsrfTokenRepository was still used. This makes it difficult to test
the actual CsrfTokenRepository implementation.
Now the TestCsrfTokenRepository is only used if explicitly enabled.
Fixes gh-4016
This commit adds a check for rememberme to the ExceptionTranslationFilter.
Using this when someone isn't fully authenticated he will be prompted with a
login screen and after that will be redirected to the original requested URI.
Fixes gh-2427
Direct changes to XSD schemas will be overwritten by the build, it is necessary that the developer updates the RELAX NG schema instead.
See discussion on commit e297706e8bfda38117a99fd06dace74c5a8cc5f1.
