0b14664a8c
Fix typos in reference ( #3979 )
2016-07-19 15:42:23 -05:00
ca170f8479
DummyRequest supports methods for MvcRequestMatcher
...
To support MvcRequestMatcher DummyRequest needs to support
getCharacterEncoding() and getAttribute(String)
2016-07-14 14:18:31 -05:00
ada146244e
Add HttpSecurity.mvcMatcher
...
Fixes gh-3970
2016-07-14 10:50:49 -04:00
945e2e2ad4
Fix NPE requestMatchers().mvcMatchers
...
Fixes gh-3969
2016-07-14 10:50:49 -04:00
80ff267749
Check RememberMe in ExceptionTranslationFilter
...
This commit adds a check for rememberme to the ExceptionTranslationFilter.
Using this when someone isn't fully authenticated he will be prompted with a
login screen and after that will be redirected to the original requested URI.
Fixes gh-2427
2016-07-13 16:58:00 -04:00
69306a8b46
Fix typo ( #3968 )
...
Fixes typo `advantadge`
2016-07-13 12:37:26 -05:00
8a17c23277
Bump PermGen
2016-07-12 10:08:01 -05:00
0f608d59b6
Default to Spring IO Athens-SNAPSHOT
2016-07-12 10:07:49 -05:00
70787fc548
Polish CompositeLogoutHandler
...
Issue gh-3895
2016-07-08 14:39:35 -05:00
1effc1882a
Add CompositeLogoutHandler
...
Fixes gh-3895
2016-07-08 13:30:38 -05:00
e5b1cb842e
Document schema changes in CONTRIBUTING.md ( #3965 )
...
Direct changes to XSD schemas will be overwritten by the build, it is necessary that the developer updates the RELAX NG schema instead.
See discussion on commit e297706e8b
2016-07-08 13:27:23 -05:00
885f074ddf
Fix XsdDocumentedTests
2016-07-07 15:05:04 -05:00
e297706e8b
Polish allow unlimitted sessions
...
Update the rnc file
Issue gh-3900
2016-07-07 14:31:40 -05:00
e3ff4130a5
Allow negative values to configure unlimited sessions
2016-07-07 14:29:18 -05:00
50d7d3287f
Add spring-security-4.2.xsd
2016-07-07 14:19:01 -05:00
26fa4a4bf0
Prevent HTTP response splitting
...
Evaluate if http header value contains CR/LF.
Reference: https://www.owasp.org/index.php/HTTP_Response_Splitting
Fixes gh-3910
2016-07-07 13:42:52 -05:00
13b0ddb7e6
Fix test assertions
2016-07-07 13:29:00 -05:00
b4ab0483b1
Update version to 4.2.0.BUILD-SNAPSHOT
2016-07-07 12:56:20 -05:00
cc04392d9a
Next development version
2016-07-07 00:57:53 +00:00
919f000c80
Release version 4.1.1.RELEASE
2016-07-07 00:57:35 +00:00
310bb39a0d
Fix typo
2016-07-06 16:22:33 -05:00
764a4d8414
Fix Error Message typo
...
Fixes gh-3953
2016-07-06 16:19:29 -05:00
b17870ee07
LogoutConfigurer: only allow suitable http methods
2016-07-06 16:17:11 -05:00
8ad91ef6a5
WithSecurityContextTestExecutionListener > SqlScriptsTestExecutionListener
...
WithSecurityContextTestExecutionListener should order after
SqlScriptsTestExecutionListener so sql can setup the current user's info
in the database.
Fixes gh-3962
2016-07-06 16:09:17 -05:00
5f6312c5be
Update to Spring 4.3.1
...
Fixes gh-3963
2016-07-06 15:47:44 -05:00
9d50944cb2
AntPathRequestMatcher implements RequestVariableExtractor
...
Issue gh-3964
2016-07-06 15:47:34 -05:00
e4c13e3c0e
Add MvcRequestMatcher
...
Fixes gh-3964
2016-07-06 15:47:23 -05:00
13bc70f693
Add CorsFilter support
2016-07-05 14:28:04 -05:00
c935d857eb
Add mvc namespace to XmlApplicationContext
2016-07-01 22:04:55 -05:00
843ed3e437
Update to Spring 4.3.1.BUILD-SNAPSHOT
2016-07-01 22:04:55 -05:00
7f3b3a8b59
Polish
...
Issue gh-180
2016-07-01 13:17:52 -05:00
261c932b8e
Upgrade Gradle to 2.14
...
Issue gh-3946
2016-06-28 13:13:08 -04:00
1b4e20e97f
Fix InsecureApplicationTests package
...
Fixes gh-3951
2016-06-28 10:17:17 -05:00
bd5f71bb0d
Polish
...
Fix checkstyle for LDAP JavaConfig Authority mapping
Issue gh-2768
2016-06-21 17:08:37 -05:00
b76e3be822
LDAP Java Config supports GrantedAuthoritiesMapper
...
Fixes gh-2768
2016-06-21 16:43:13 -05:00
26ad1cb4a5
Polish RememberMe Validation
...
Issue gh-3909
2016-06-21 14:57:15 -05:00
87224f62e4
RememberMe JavaConfig Validation
...
Add validation when rememberMeServices and rememberMeCookieName are
provided
Fixes gh-3909
2016-06-21 14:57:01 -05:00
8f880aea0e
Polish Pbkdf2PasswordEncoder
...
Issue gh-3930
2016-06-21 11:47:50 -05:00
5f658b3ffc
Remove double salt in Pbkdf2PasswordEncoder
...
Issue gh-3930
2016-06-21 11:44:23 -05:00
77a478ba0d
Fix ApacheDSEmbeddedLdifTests checkstyle
...
Issue gh-54
2016-06-21 09:56:34 -05:00
a3c4a5fde7
SEC-2387 - add ignored failing test case
2016-06-21 09:53:38 -05:00
bbeb7f94d7
Fix checkstyle
...
Issue gh-3920
2016-06-20 19:36:51 -05:00
a2a06d19c1
Add formLogin() Accept Test
...
Issue gh-3920
2016-06-20 16:23:29 -05:00
314828859e
Added accept method call to buildRequest in SecurityMockMvcRequestBuilders with default of MediaType.APPLICATION_FORM_URLENCODED
2016-06-20 15:46:01 -05:00
66858e22ad
Disable XMLHttpRequest for formLogin entry point
...
Previously the following:
http http://localhost:8080/user \
"X-Requested-With:XMLHttpRequest" "Accept:text/plain"
Produced a 302 instead of a 401
Fixes gh-3887
2016-06-20 15:30:00 -05:00
2a73f3cdf7
Remove abigious import
2016-06-20 15:03:09 -05:00
dd9b59ba31
Document Digest is insecure
...
Fixes gh-3894
2016-06-20 14:10:36 -05:00
39ed7d0eca
Propagate rolePrefix to LdapAuthoritiesPopulator
...
Previous to this commit, custom rolePrefix was not propagated to
LdapAuthoritiesPopulator populating a wrong authority. Now, rolePrefix
is propagated and the authority is as expected.
Fixes gh-3921
2016-06-20 12:44:02 -05:00
a2ead4cf7a
Polish
...
Fixes gh-3892
2016-06-20 12:35:43 -05:00
364db6762e
Add failing test for #3905 Fix Assert usage
2016-06-20 09:24:04 -05:00
Artur Owczarek
Rob Winch
Marten Deinum
Johnny Lim
Eddú Meléndez
Michael Simons
Spring Buildmaster
Jakob Englisch
Tony Dalbrekt
vitaliy_kuzmich
Marcin Zajączkowski
Micah Silverman
Ruben Dijkstra