Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,575 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

5575 Commits

Author SHA1 Message Date
Rob Winch 36c381a06a Update to Java 1.6 
Fixes gh-3756
 2016-03-15 08:37:00 -05:00
Rob Winch e945c19d7a Update to latest Tomcat Gradle Plugin 
Fixes gh-3754
 2016-03-15 08:37:00 -05:00
Eddú Meléndez df65662bf0 Upgrade to Sonarqube plugin 2016-03-14 13:56:49 -05:00
Rob Winch d85c0395bb Fix checkstyle import into Eclipse 
Issue gh-3747
 2016-03-14 09:19:55 -05:00
Rob Winch ec4e6c7453 Update pom.xml to 4.1.0.BUILD-SNAPSHOT 2016-03-14 00:51:35 -05:00
Rob Winch 7de4e59167 Auto Import Eclipse Settings 
Fixes gh-3747
 2016-03-14 00:15:15 -05:00
Rob Winch 6bd16fc686 Extract ide.gradle 
Issue gh-3747
 2016-03-14 00:15:14 -05:00
Rob Winch b52ffe038e Add Checkstyle 
Fixes gh-3746
 2016-03-14 00:15:13 -05:00
Rob Winch f221920a19 Clean up code to conform to basic checkstyle 
Issue gh-3746
 2016-03-14 00:15:12 -05:00
Rob Winch 5775f7bd80 Update to Gradle 2.10 
Do not use Gradle 2.11 as it causes issues with
Eclipse import

Fixes gh-3745
 2016-03-13 20:11:29 -05:00
Rob Winch 35eff94e3d Add Both Config names to duplicate WebSecurityConfigurer order 
Previously the error message when multiple WebSecurityConfigurer with the
same Order did not include both WebSecurityConfigurer classes that were
involved in the duplicate Order. This made resolving errors difficult.

This commit ensures both WebSecurityConfigurers are include in the error
message.

Fixes gh-3380
 2016-03-11 12:12:55 -06:00
Shazin Sadakath e33e21fe6b Add Forward after authentication attempt config support 
Fixes gh-3728
 2016-03-11 10:49:30 -06:00
Rob Winch dbf73c4692 Update spring-security-config module description 
Include Java Configuration in the description.

Fixes gh-3298
 2016-03-10 10:45:15 -06:00
Rob Winch 5d6e8bc3c8 Remove SPR-11251 workaround from WebSecurityConfiguration 
Fixes gh-3348
 2016-03-09 16:48:24 -06:00
Rob Winch be36ddb614 Some formatting fixes for HttpSecurity Javadoc 2016-03-09 16:45:43 -06:00
Rob Winch 2f4610e8b7 Update HttpSecurity.requestMatcher() Javadoc 
Fixes gh-3365
 2016-03-09 16:45:29 -06:00
Rob Winch df5e3ba6ee Polish Imports 2016-03-09 16:24:50 -06:00
Rob Winch 835ac0a217 Add @WithUserDetails userDetailsServiceBeanName 
Fixes gh-3346
 2016-03-09 15:59:23 -06:00
Rob Winch 618b8a2d83 Fix WebTestUtils when no matching HttpSecurity found 
Previously a NullPointerException would be thrown if no HttpSecurity
matched on the request passed in. This was because findFilters would
return null rather than an empty List.

This commit returns null if findFilters gets a null result.

Fixes gh-3343
 2016-03-09 15:20:10 -06:00
Martin Macko dd8ba8c07e Fix formatting error in documentation 
Fixes gh-3279
 2016-03-09 15:00:52 -06:00
Rob Winch 40f687aa78 Improve CSRF missing error message 
Fixes gh-3738
 2016-03-09 14:52:21 -06:00
Rob Winch f73357927f Merge pull request #199 from npcode/fix-broken-link 
Fix a broken link to a blog posting on the Spring website
 2016-03-09 14:44:13 -06:00
Billy Korando 71d4ce96ad Convert to assertj 
Fixes gh-3175
 2016-03-09 14:30:17 -06:00
Rob Winch bb600a473e Start AssertJ Migration 
Issue gh-3175
 2016-03-09 14:26:30 -06:00
Michael Osipov 6cbb439701 Use XML namespace for PreAuth Sample 
Fixes gh-3399
 2016-03-09 11:08:06 -06:00
Karol Lewandowski a1df8e5379 Fix keys in messages bundle 
Fixes gh-2971
 2016-03-09 10:43:37 -06:00
Alex Baxanean a1c4c2039b Rename HeaderWriter loop variable 2016-03-09 10:36:03 -06:00
Rob Winch 6cbb1dc881 Polish ForwardAuthenticationSuccessHandler 
* Whitespace cleanup
* Add @since

Issue gh-3726
 2016-03-09 10:23:53 -06:00
Rob Winch e61bc7e93b Polish ForwardAuthenticationFailureHandler 
* Whitespace cleanup
* Add @since

Issue gh-3727
 2016-03-09 10:23:39 -06:00
Shazin Sadakath 7341da9320 Add ForwardAuthenticationSuccessHandler 
Fixes gh-3726
 2016-03-09 10:22:55 -06:00
Shazin Sadakath b288d24100 Add ForwardAuthenticationFailureHandler 
Fixes gh-3727
 2016-03-09 10:22:41 -06:00
Rob Winch 3164bd6f8d Polish Sorting ObjectPostProcessor 
* Add Test
* Only sort on adding new entry

Issue gh-3572
 2016-03-08 15:51:13 -06:00
Wallace Wadge a366489c3c Sort ObjectPostProcessors prior to invoking them 
Fixes gh-3572
 2016-03-08 10:39:56 -06:00
Justine Tunney 3bbcbaae9c Upgrade Apache Commons Collections to v3.2.2 
Version 3.2.1 has a CVSS 10.0 vulnerability. That's the worst kind of
vulnerability that exists. By merely existing on the classpath, this
library causes the Java serialization parser for the entire JVM process
to go from being a state machine to a turing machine. A turing machine
with an exec() function!

https://commons.apache.org/proper/commons-collections/security-reports.html
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
 2016-03-08 08:56:01 -06:00
hmolsen b248eae416 Javadoc on ProviderManager.authenticate clarification 
Fixes gh-3722
 2016-03-03 15:32:03 -06:00
Rob Winch db81977a1a Polish HPKP 
* Javadoc polish
* Whitespace cleanup

Issue gh-3706
 2016-03-03 15:11:40 -06:00
Rob Winch a7b0f74803 bcprov-jdk15on -> bcpkix-jdk150n 
This fixes the Spring IO checks since bcprov-jdk15on is not part of Spring
IO platform.

Issue gh-3702
 2016-03-03 14:34:23 -06:00
Tim Ysewyn 331c7e91b7 HTTP Public Key Pinning 
HTTP Public Key Pinning (HPKP) is a security mechanism which allows HTTPS websites
to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.
(For example, sometimes attackers can compromise certificate authorities,
 and then can mis-issue certificates for a web origin.)
The HTTPS web server serves a list of public key hashes, and on subsequent connections
clients expect that server to use 1 or more of those public keys in its certificate chain.

This commit will add this new functionality.

Fixes gh-3706
 2016-03-03 14:21:46 -06:00
Rob Winch 8fbc7e0d2c Fix SCryptPasswordEncoder javadoc 
Issue gh-3702
 2016-03-03 14:18:50 -06:00
Rob Winch fc75a679d9 Polish SCryptPasswordEncoder 
* JKD8 Base64 -> Spring Security's Base64 to continue to support older JDKs
* Spaces to tabs
* Javadoc cleanup
* Remove of @Override to compile in Eclipse

Issue gh-3702
 2016-03-03 14:06:08 -06:00
Shazin 7d02e259df Add SCryptPasswordEncoder 
Fixes gh-3702
 2016-03-03 10:24:29 -06:00
Rob Winch e208bdb915 Update CONTRIBUTING to specify tabs 2016-03-03 10:21:15 -06:00
Rob Winch 65a00751a7 Update to Spring 4.2.5 
Fixes gh-3715
 2016-02-25 11:35:17 -06:00
Rob Winch d0dc47cb66 Remove logging for "Skip invoking on" response committed 
Fixes gh-3683
 2016-02-25 11:01:51 -06:00
Andrei Ivanov 9008a7af1d Allow override of SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR 
Fixes gh-3697
 2016-02-15 09:03:27 -06:00
Rob Winch 2fac7dfb15 Update to GitHub issues and Gitter 2016-02-12 08:30:50 -06:00
drdamour 004bb8e577 Fix ` in documentation 
There were a few rendering issues within the documentation
associated with `

This commit fixes those rendering issues

Fixes gh-3699
 2016-02-12 08:22:55 -06:00
Rob Winch cf551f73c7 SEC-3209: Add Code of Conduct 2016-02-01 14:23:59 -06:00
Rob Winch 0deee65eb6 Merge pull request #250 from ziedzaiem/patch-1 
fix typo in doc
 2016-01-07 13:56:33 -06:00
Zied Zaïem 83992a7a27 fix typo in doc 2016-01-05 14:12:04 +01:00