17efd25717
SEC-2331: Include Expires: 0 in security headers documentation
2013-09-27 16:13:40 -05:00
614c94187e
SEC-2305: GlobalMethodSecurityConfiguration autowire PermissionEvaluator
...
If a single PermissionEvaluator bean is found the
DefaultMethodSecurityExpressionHandler is configured with the
PermissionEvaluator. If multiple PermissionEvaluator beans are found, the
beans are ignored.
2013-09-27 15:46:45 -05:00
a09756745f
SEC-2151: Support binding method arguments with Annotations
...
This allow utilizing method arguments for method access control on
interfaces prior to JDK 8.
2013-09-27 11:18:37 -05:00
cea0cf9260
SEC-2243: Remove additional Debug Filter
2013-09-26 11:38:16 -05:00
56ce7d284c
SEC-2336: WebSecurityConfigurerAdapter#registerAuthentication javadoc fixes
2013-09-26 09:08:25 -05:00
88f41cdf62
SEC-2341: Update to Gradle 1.8
...
Some dependencies were necessary to update due to issues with JUnit
integration.
2013-09-24 15:35:51 -05:00
a888ddf8b3
SEC-2307: JavaConfig RequestCache ignores favicon.ico
2013-09-24 11:30:37 -05:00
ddc0ef7ab3
SEC-2339: Added Logical (Or, And, Negated) RequestMatchers
2013-09-23 20:55:49 -05:00
28fb6ba14b
SEC-2328: Add hasAnyRole to ExpressionUrlAuthorizationConfiguration
2013-09-23 10:51:08 -05:00
b16c17f70b
SEC-2301: Remove invalid import
2013-09-20 16:09:23 -05:00
a3d112979f
SEC-2301: GlobalMethodSecurityConfiguration sets DefaultWebSecurityExpressionHandler BeanResolver
2013-09-20 15:53:58 -05:00
f294480e6b
SEC-2329: JC @Autowire(required=false) AuthenticationTrustResolver
...
Java Configuration now allows optional @Autowire of
AuthenticationTrustResolver. In the WebSecurityConfigurerAdapter this is
done by populating AuthenticationTrustResolver as a sharedObject.
2013-09-20 15:28:50 -05:00
7537dfc33a
SEC-2304: rm duplicate MethodExpressionHandler from GlobalMethodSecurityConfiguration
2013-09-20 15:13:02 -05:00
5082a04626
SEC-2311: LogoutConfigurer allows other HTTP methods if CSRF is disabled
2013-09-19 16:05:26 -05:00
8f8c6169e8
SEC-2331: Cache Control now includes Expires: 0
2013-09-19 14:06:37 -05:00
c5c1419521
SEC-2332: GlobalMethodSecurityConfiguration includes proper voters
...
Previously GlobalMethodSecurityConfiguration did not include the correct
voters. This updates the code and the tests to ensure that the proper
voters are added. Note this got past testing previously due to all the
voters abstaining, so tests were added for ensuring that methods could also
be invoked sucessfully using the configured annotation.
2013-09-18 18:27:12 -05:00
0114b457c0
SEC-2330: CacheControlHeadersWriter use a single header
2013-09-18 16:12:34 -05:00
05a7c58daa
SEC-2228: Change openid4j to optional in template.mf
2013-09-13 22:06:42 -07:00
be8aad8306
SEC-2196: Demonstrate Method Security works on Generic methods
2013-09-13 16:20:43 -07:00
662bb24370
SEC-1937: Added test to demonstrate SEC-1937 was invalid
2013-09-11 15:10:42 -07:00
3c82e63ded
Formatting cleanup
2013-09-11 15:10:20 -07:00
7203faf34f
SEC-2300: Update Spring LDAP version to 1.3.2.RELEASE
2013-08-31 11:26:43 -05:00
3d2f23602f
SEC-2294: Update Spring Version to 3.2.4.RELEASE
2013-08-31 11:26:43 -05:00
6e9fb7930b
SEC-2298: Add AuthenticationPrincipalArgumentResolver
2013-08-30 17:06:40 -05:00
ae368829f4
Tweak PermGen for tests
2013-08-28 13:30:25 -05:00
d89cf6db29
SEC-2283: Update headers documentation and tests
2013-08-28 12:35:40 -05:00
4761614c9f
SEC-2291: Fix internal links within reference
...
Instead of using xlink:href="# use linkend="
2013-08-28 09:12:27 -05:00
26166ef6e8
SEC-2272: CsrfRequestDataValueProcessor support Spring 4 and Spring 3
2013-08-27 16:26:16 -05:00
d60108eaf6
SEC-2229: Add optional dependencies to spring-security-config
...
spring-tx and spring-jdbc aren't pulled in transitively from
spring-security-web now, so we must include them as optional dependencies.
2013-08-25 19:47:57 -05:00
18bd82e7d4
SEC-2131: Update doc to state session authentication sends 401 if no page
2013-08-25 11:37:23 -05:00
f29505d657
SEC-2280: Fix SessionFixationConfigurer#changeSessionId Javadoc
...
The Javadoc for SessionFixationConfigurer#changeSessionId() was copied and pasted from
SessionFixationConfigurer#none() and never updated. It is incorrect. This commit fixes that.
2013-08-24 23:31:05 -05:00
48283ec004
SEC-2276: Delay saving CsrfToken until token is accessed
...
This also removed the CsrfToken from the response headers to prevent the
token from being saved. If user's wish to return the CsrfToken in the
response headers, they should use the CsrfToken found on the request.
2013-08-24 23:31:01 -05:00
c131fb6379
SEC-2139: named-security-filter are all defined and ordered correctly
2013-08-24 15:18:22 -05:00
379cbd2a8b
SEC-2274: Add ApplicationContext as HttpSecurity shared object
2013-08-21 16:50:09 -05:00
0247dd124f
SEC-2271: LogoutConfigurer#logoutUrl explains about CSRF
2013-08-21 06:58:09 -05:00
110e769bd4
SEC-2257: Remove HttpSecurityBuilder#getAuthenticationManager()
...
Removed in favor of using shared object.
2013-08-19 15:22:04 -05:00
5fe32bb3c8
SEC-2216: Add withObjectPostProcessor
2013-08-16 15:38:58 -05:00
d62c2e0835
SEC-2244: Defaults based on loginPage are now updated when loginPage changes
2013-08-16 14:48:45 -05:00
e0cad0d684
SEC-2230: Fix Header tests
2013-08-15 16:52:58 -05:00
2e852f4613
SEC-2230: Remove stray import
2013-08-15 16:34:31 -05:00
a469f26b10
SEC-2230: Polish Headers JavaConfig
2013-08-15 16:31:43 -05:00
e9bb9e766e
SEC-1574: Add CSRF Support
2013-08-15 14:49:21 -05:00
797df51264
SEC-2135: Support HttpServletRequest#changeSessionId()
2013-08-15 13:59:16 -05:00
13da42ca1b
SEC-2137: Allow disabling session fixation and enable concurrency control
2013-08-15 12:50:40 -05:00
976d9a9016
SEC-2194: Polish java config sample apps
2013-08-08 14:33:54 -05:00
b13b87a1e7
Remove @Override from methods that override interfaces
...
Ensure JDK5 compatibility
2013-08-05 16:49:33 -05:00
2266f0ca3f
SEC-2238: Polish
2013-08-01 11:57:32 -05:00
2fef79f3d2
SEC-2238: WebAsyncManagerIntegrationFilter Java Config
2013-08-01 11:40:34 -05:00
94a73fee37
SEC-2230: Polish scoping and finals
2013-07-31 11:34:35 -05:00
a1bf28a697
SEC-2239: Remove duplicate SessionCreationPolicy
2013-07-31 10:44:22 -05:00
Rob Winch
Nick Williams