Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,852 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

2327 Commits

Author SHA1 Message Date
Rob Winch e62596f36d Polish PasswordEncoderUtils do not leak length 
Fix possible / 0 if expected is empty String.

Issue gh-255
 2016-10-24 12:50:46 -05:00
Rob Winch d3685d89c5 Polish PasswordEncoderUtils do not leak length 
Issue gh-255
 2016-10-24 11:26:43 -05:00
avri-schneider a98389fa98 PasswordEncoderUtils do not leak length 
Enforce constant time even when expectedLength != actualLength.

Fixes gh-255
 2016-10-24 11:26:34 -05:00
Rob Winch dc9f9b140f Polish PasswordEncoderUtilsTests 
* Add more tests
* Smaller tests
* Follow new naming convention
 2016-10-24 11:24:24 -05:00
Rob Winch f432c04111 Create UserBuilder 
This commit creates a UserBuilder and updates samples to use it. We do not
leverate it for JdbcUserDetailsManager because it requires the schema to
be created which is difficult with a single bean definition and
unpredicatble ordering. For this, it is still advised to use
AuthenticationManagerBuilder

Fixes gh-4095
 2016-10-21 16:42:03 -05:00
Rob Winch 08c1f500a7 Version bumps for Spring 5 
Issue gh-4080
 2016-10-17 17:00:17 -05:00
Jitendra Singh 48ff518a41 Fix Jackson 2.7+ 
UnmodifiableSetDeserializer added which will ensure
Collection$UnmodifiableSet deserialize properly with jackson-databind 2.7+

Fixes gh-4073
 2016-10-13 07:42:07 -05:00
Spring Buildmaster c1b8150439 Release version 4.2.0.M1 2016-09-23 19:39:33 +00:00
Rob Winch b443baef04 Polish GrantedAuthorityDefaults 
* Move GrantedAuthorityDefaults to config module
* Move setting of default role into config module vs
  ApplicationContextAware

Issue gh-3701
 2016-09-22 15:13:05 -05:00
Eddú Meléndez eabeaf35d6 Make single definition of `defaultRolePrefix` and `rolePrefix` 
Previous to this commit, role prefix had to be set in every class
causing repetition. Now, bean `GrantedAuthorityDefaults` can be used to
define the role prefix in a single point.

Fixes gh-3701
 2016-09-21 14:55:41 -05:00
Joe Grandja c75a5b7279 Polish RoleHierarchyUtils and add tests 2016-09-19 14:07:34 -04:00
Thomas Darimont 06c67070a6 Add convenience method for constructing RoleHierarchy from Map. 
Introduced `RoleHierarchyUtils` which enables convenient
construction of `RoleHierarchy` from map based representation.
Where the map key is the role name and the map value is a list
of implied role names.

Here is a small example for that in action:
https://gist.github.com/thomasdarimont/ee9fffdef1adb9243b12ad247478aad4

Fixes #3990.

Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>

Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
 2016-09-19 14:07:34 -04:00
Rob Winch 92a59e0df7 Fix checkstyle 
Issue gh-3736
 2016-09-02 12:02:39 -05:00
Rob Winch 8ad0003456 Polish Whitespace 
Issue gh-3736
 2016-09-02 11:37:21 -05:00
Rob Winch 3531cc93c2 JSON tests ObjectMapper Cleanup 
* Move to @Setup
* Consistently extend from AbstractMixinTests and reuse ObjectMapper

Issue gh-3736
 2016-09-02 11:37:20 -05:00
Rob Winch bd925313af Improve Readablility of JSON test strings 
This improves the readability of the JSON strings used for
testing JSON serialize / deserialize of Spring Security

Issue gh-3736
 2016-09-02 11:37:20 -05:00
Rob Winch d4c48dd3e1 Remove MockitoJUnitRunner from JSON tests 
Previously the JSON tests unnecessarily had MockitoJUnitRunner.

This commit removes MockitoJUnitRunner from the JSON tests.

Issue gh-3736
 2016-09-02 11:37:20 -05:00
Rob Winch df613ed4cc JSON UserDetails deserializes null 
JSON UserDetails null use to be treated as "".

This changes null to be treated as a null

Issue gh-3736
 2016-09-02 11:37:16 -05:00
Rob Winch 3fb77f3b59 Polish SecurityJacksonModules 
Issue gh-3736
* ClassLoader argument - this is required because we do not want to assume
the ClassLoader that should be used
* Clean up logging - logging is now at debug level because we don't expect
all of the modules are loaded (they are quite possibly off the ClassPath)
* Remove ObjectUtils as it was being used on methods that expect a
Collection or Array with non collection based objects
* Polish Javadoc warnings
 2016-09-02 11:37:13 -05:00
Rob Winch c2d8ea92d0 SimpleGrantedAuthorityMixin role->authority 
Issue gh-3736
 2016-09-02 11:36:33 -05:00
Rob Winch 6f2b24a62b Polish JSON warnings / javadoc 
Issue gh-3736
 2016-09-02 11:36:23 -05:00
Rob Winch 6d2003722e Polish JSON class scope 
Use package scope when possible

Issue gh-3736
 2016-09-02 11:36:06 -05:00
Rob Winch 03d8904a03 Polish constructor assertions 
Previously the JSON modules didn't use Spring's Assert.

This commit changes the assertions to use Spring's Assert and does
some minor restructuring.

Issue gh-3736
 2016-09-02 11:34:57 -05:00
Jitendra Singh Bisht d77ca17e95 Add JSON Serialization 
Fixes gh-3812
 2016-09-02 11:29:53 -05:00
Rob Winch 4d02a5c0a0 Update pom.xml dependencies 2016-08-30 11:27:29 -05:00
Rob Winch 53352e336d Polish gh-4048 2016-08-30 09:42:28 -05:00
vitalii-dmytruk 422bc37115 Suppurt custom messages 
According to the SpringSecurityMessageSource documentation class which uses
SpringSecurityMessageSource should also implement MessageSourceAware interface
in order to support alternative message source.

Issue gh-4048
 2016-08-30 09:41:37 -05:00
Rob Winch c266930483 Update Dependency Versions (#4035) (#4036) 2016-08-19 16:10:46 -05:00
Kevin Conaway d2a37cb1d6 Improve field visibility in DefaultMethodSecurityExpressionHandler 
Fixes gh-210
 2016-07-26 09:56:00 -04:00
Eddú Meléndez 13b0ddb7e6 Fix test assertions 2016-07-07 13:29:00 -05:00
Rob Winch b4ab0483b1 Update version to 4.2.0.BUILD-SNAPSHOT 2016-07-07 12:56:20 -05:00
Spring Buildmaster 919f000c80 Release version 4.1.1.RELEASE 2016-07-07 00:57:35 +00:00
Johnny Lim 310bb39a0d Fix typo 2016-07-06 16:22:33 -05:00
Rob Winch 5f6312c5be Update to Spring 4.3.1 
Fixes gh-3963
 2016-07-06 15:47:44 -05:00
Rob Winch 843ed3e437 Update to Spring 4.3.1.BUILD-SNAPSHOT 2016-07-01 22:04:55 -05:00
Eddú Meléndez a2ead4cf7a Polish 
Fixes gh-3892
 2016-06-20 12:35:43 -05:00
Rob Winch d2b909e7c5 Doc InteractiveAuthenticationEvent doesn't extend AuthentcationEvent 
Document why InteractiveAuthenticationEvent doesn't extend
AuthentcationEvent. This is to avoid multiple AuthenticationSuccessEvent
from being sent to any listeners.

Fixes gh-3857
 2016-06-17 17:16:54 -05:00
Rob Winch 2d6051625f Update pom.xml 2016-06-17 14:30:11 -05:00
Spring Buildmaster 001b05569a Release version 4.1.0.RELEASE 2016-05-05 04:25:46 +00:00
Rob Winch 9745de9510 Add @AuthenticationPrincipal expression 
It is now possible to provide a SpEL expression for
@AuthenticationPrincipal. This allows invoking custom logic including
methods on the principal object.

Fixes gh-3859
 2016-05-03 18:08:52 -04:00
Spring Buildmaster 24d0069668 Release version 4.1.0.RC2 2016-04-21 01:47:25 +00:00
Johnny Lim 933a7e8363 Remove duplicate words 
Fixes gh-3826
 2016-04-18 23:21:20 -05:00
Joe Grandja 2ef3da1b47 Documents the new @AuthenticationPrincipal in more detail. 
Fixes gh-3771
 2016-04-13 12:27:23 -04:00
Joe Grandja b90242f2fa Updates all POM versions to 4.1.0 snapshot build. 
Fixes gh-3804
 2016-04-12 10:35:43 -04:00
Spring Buildmaster 044acf7e27 Release version 4.1.0.RC1 2016-03-23 07:15:15 -07:00
Rob Winch 36c381a06a Update to Java 1.6 
Fixes gh-3756
 2016-03-15 08:37:00 -05:00
Rob Winch ec4e6c7453 Update pom.xml to 4.1.0.BUILD-SNAPSHOT 2016-03-14 00:51:35 -05:00
Rob Winch f221920a19 Clean up code to conform to basic checkstyle 
Issue gh-3746
 2016-03-14 00:15:12 -05:00
Billy Korando 71d4ce96ad Convert to assertj 
Fixes gh-3175
 2016-03-09 14:30:17 -06:00
Rob Winch bb600a473e Start AssertJ Migration 
Issue gh-3175
 2016-03-09 14:26:30 -06:00