Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-24 13:02:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,458 Commits 55 Branches 348 Tags
Commit Graph

5458 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
43fbeab106 SEC-3133: Correct test doc username parameter 2015-10-26 13:00:27 -05:00
Rob Winch
b719e0fbcc SEC-3132: securityBuilder cannot be null 
If a custom SecurityConfiguererAdapter applies another
SecurityConfigurerAdapter it caused an error securityBuilder cannot be null.

This commit fixes this.
 2015-10-23 10:28:27 -05:00
Rob Winch
09bf290583 SEC-3129: Update Spring 2015-10-22 10:04:52 -05:00
Rob Winch
9a6f026dff SEC-3052: Doc DEFAULT_MATCHER->DEFAULT_CSRF_MATCHER 2015-10-21 16:22:53 -05:00
Rob Winch
269127c2c6 SEC-2941: Default RequestPostProcessor overrides 
Previously a default RequestPostProcessor overrode additional
RequestPostProcessor instances added to the request. This was due to
SPR-12945. Now that SPR-12945 is fixed, this commit adds a test to
ensure this stays fixed.
 2015-10-21 16:09:15 -05:00
Rob Winch
7074daac0e SEC-3063: rm ConditionalOnMissingBean for @Primary 
ConditionalOnMissingBean can only work in a Spring Boot environment. This
means this approach is flawed.

Instead users that wish to override requestDataValueProcessor can use
@Primary.
 2015-10-21 15:41:32 -05:00
Rob Winch
69446ab80f SEC-3070: Logout invalidate-session=false and Spring Session doesn't 
work
 2015-10-20 15:13:01 -05:00
izeye
48bc0ad5f9 SEC-3124: Fix broken Javadoc related to < and > 2015-10-13 13:33:51 -05:00
Rob Winch
db9584104c Add Gitter to README 2015-08-11 11:49:46 -05:00
Rob Winch
b0701ea770 SEC-3068: Update Tutorial to use POST /logout 2015-08-10 09:53:07 -05:00
Rob Winch
8cc9108601 Merge pull request #209 from raindev/patch-1 
Remove unused imports from SecureRandomBytesKeyGenerator
 2015-08-06 08:54:09 -05:00
Rob Winch
41c9431fcc Test that form log in requires CSRF 2015-08-03 12:24:37 -05:00
Rob Winch
453e6332da Fix indentation of CsrfConfigTests 2015-08-03 12:03:05 -05:00
Rob Winch
969f3a7d1b Update pom.xml to latest snapshots 2015-08-03 09:46:01 -05:00
Rob Winch
4c19768e54 Update to jacoco 0.7.5.201505241946 2015-08-03 09:45:42 -05:00
Thomas Darimont
ad1d858e2b SEC-3056 - Fix JavaDoc errors. 
Fixed JavaDoc errors accross multiple modules in order to make javadoc happy with Java 8.
 2015-08-03 08:02:24 -05:00
Rob Winch
7317c090cc SEC-2963: Disable appengineRun if contains functional tests 2015-07-29 09:57:57 -05:00
Rob Winch
485fbdc1ee SEC-2963: Select Available Port for appengine 2015-07-28 22:47:21 -05:00
Spring Buildmaster
22aa91c8e1 Next development version 2015-07-22 22:08:15 -07:00
Rob Winch
ea873fb1b8 SEC-2963: Disable appengineFunctionalTest 2015-07-22 21:27:28 -05:00
Rob Winch
117f892c91 SEC-3031: DelegatingSecurityContext(Runnable|Callable) only modify SecurityContext on new Thread 
Modifying the SecurityContext on the same Thread can cause issues. For example, with a
RejectedExecutionHandler the SecurityContext may be cleared out on the original Thread.

This change modifies both the DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable to,
by default, only modify the SecurityContext if they are invoked on a new Thread. The behavior can be changed
by setting the property enableOnOrigionalThread to true.
 2015-07-22 16:07:21 -05:00
Rob Winch
113b61e3a0 SEC-2957: Polish 2015-07-22 13:57:28 -05:00
Rob Winch
dab4cf18b8 SEC-3032: Correct documented logout-success-url default 2015-07-22 13:48:07 -05:00
Rob Winch
be27ede0e9 SEC-2957: Add missing provided dependencies to samples 2015-07-22 13:33:52 -05:00
Rob Winch
e8c9f75f9c Update pom.xml to latest versions 2015-07-22 12:51:04 -05:00
Rob Winch
bc53945d89 Remove unused import in WithSecurityContextTestExecutionListenerTests 2015-07-22 12:44:34 -05:00
Rob Winch
432123daa2 SEC-2964: Fix CsrfTokenArgumentResolver Javadoc 2015-07-22 11:32:36 -05:00
Rob Winch
92ae45a04d SEC-3051: Add AbstractPreAuthenticatedProcessingFilter#principalChanged 2015-07-22 08:41:33 -05:00
Rob Winch
a50d297f3a SEC-2953: Add index-docinfo.xml 
This removes the "please define title in your docbook file"
 2015-07-21 11:48:44 -05:00
Rob Winch
54dabb6433 SEC-2993: OpenID Sample now uses me.yahoo.com 2015-07-21 10:44:54 -05:00
Rob Winch
cd4a7e95cc SEC-2991: Add CSRF Token to OpenID XML Sample 2015-07-21 10:42:24 -05:00
Rob Winch
07fb2af74b SEC-3011: AbstractUrlAuthorizationConfigurer postProcess default AccessDecisionManager 2015-07-21 08:52:36 -05:00
Rob Winch
ab1b7a1eb6 Remove unnecessary @SuppressWarnings 2015-07-21 08:51:32 -05:00
Rob Winch
7c725a60e2 SEC-3047: SecurityContextHolderAwareRequestFactory update RequestFactory 2015-07-20 14:06:44 -05:00
Rob Winch
9b92d5a1e7 SEC-2963: Fix tests 2015-07-20 12:53:21 -05:00
Rob Winch
e25b84c902 SEC-2963: Update to latest Google AppEngine 2015-07-20 12:36:29 -05:00
Rob Winch
9654df2cc3 SEC-3045: Conditionally add MethodSecurityMetadataSourceAdvisor 2015-07-17 15:16:09 -05:00
Rob Winch
a3df41b380 Clean Import Statements 2015-07-17 14:52:23 -05:00
Rob Winch
abc445d5a7 SEC-2965: Polish 2015-07-16 15:52:00 -05:00
Rob Winch
518a1c3c08 SEC-2965: Fix invalid formatted links in reference documentation 2015-07-16 15:27:04 -05:00
Rob Winch
1ca5946d74 SEC-3003: Document invalid intercept-url attributes for filter-security-metadata-source 2015-07-16 15:03:51 -05:00
Rob Winch
76a2fb9488 SEC-3020: SecurityContextHolderAwareRequestWrapper conditional rolePrefix 
Previously SecurityContextHolderAwareRequestWrapper always prefixed with
rolePrefix. This meant the defaults would never return true for a role
that started with the prefix (i.e. ROLE_).

We no longer apply the rolePrefix if the value passed in already starts
with rolePrefix.
 2015-07-16 14:49:32 -05:00
Rob Winch
2d448658cd SEC-3042: Add SecurityTestExecutionListeners 2015-07-16 13:51:37 -05:00
Rob Winch
4cafd575c0 SEC-3041: Fix WithSecurityContextTestExecutionListener w/ no ApplicationContext 2015-07-16 13:13:46 -05:00
Rob Winch
0e36f85dab SEC-3019: Java Config for Http Basic supports Rememberme 2015-07-16 11:12:44 -05:00
Rob Winch
b96cee7950 SEC-2984: WithMockUser authorities doc 2015-07-16 08:48:53 -05:00
Rob Winch
e4517016ca SEC-2984: Add @WithMockUser authorities property 2015-07-16 08:41:40 -05:00
Rob Winch
08b1b56e2c SEC-2973: Add OnCommittedResponseWrapper 
This ensures that Spring Session & Security's logic for performing
a save on the response being committed can easily be kept in synch.
Further this ensures that the SecurityContext is now persisted when
the response body meets the content length.
 2015-07-14 14:48:41 -05:00
Rob Winch
316886affc SEC-2931: Fix CsrfFilter Javadoc 2015-07-14 13:40:59 -05:00
Rob Winch
75f57b96cb SEC-2493: Fix javadoc for DefaultLdapAuthoritiesPopulator 2015-07-14 13:20:05 -05:00