73345e7434
Add Cross Site Tracing (XST) & HTTP Method Tampering Protection
...
Fixes: gh-5377
2018-05-24 09:35:40 -05:00
4bfce2a591
Fixed typo in acl database schema appendix.
...
Fixes gh-5204
2018-05-07 16:44:32 -05:00
fddc28ba3b
Fixed typo in CSRF documentation.
...
Fixes gh-4792
2018-05-07 16:44:32 -05:00
2a0f529ee4
Use spring-projects for organization in GitHub URLs
2018-05-04 21:01:39 -05:00
44b22e7208
Fix 'attributes' deprecation warning in spring-security-docs-guides
2018-05-04 14:12:14 -05:00
f8247fa346
Remove Default URLs and Parameters Commentary
...
This paragraph was originally there to explain why Spring Security was
moving from the old default URLs and parameters to new ones.
Now that the defaults are the same in XML and well as Java Config, the
explanation is now no longer relevant.
Fixes: gh-5242
2018-04-19 08:53:23 -06:00
526e0fdd4f
Add OAuth2 Client HandlerMethodArgumentResolver
...
Fixes gh-4651
2018-04-02 12:13:52 -04:00
6e5105f899
Extract appendix subsections
...
Issue: gh-2567
2018-03-09 16:34:46 -06:00
40bb73124c
Move data to data/index
...
Issue: gh-2567
2018-03-09 16:34:42 -06:00
780e6aefd2
Extract additional-topics subsections
...
Issue: gh-2567
2018-03-09 16:34:38 -06:00
35345fac70
Extract authorization subsections
...
Issue: gh-2567
2018-03-09 16:34:35 -06:00
8cf51032e0
Extract Subsections of Web
...
Issue: gh-2567
2018-03-09 16:34:31 -06:00
ae9075c023
Extract test subsections
...
Issue: gh-2567
2018-03-09 16:34:30 -06:00
cf4272ff64
Extract architecture subsections
...
Issue: gh-2567
2018-03-09 16:34:24 -06:00
4152530e69
Fix new lines
...
Issue: gh-2567
2018-03-09 16:34:20 -06:00
73cec43842
Extract subsections for preface
...
Issue: gh-2567
2018-03-09 16:34:12 -06:00
86465026a1
Extract top level section of reference
...
Issue: gh-2567
2018-03-09 16:33:54 -06:00
e799f13ae2
Consistent new lines in referenche
...
Issue: gh-2567
2018-03-09 16:33:54 -06:00
d21338d212
Support errorOnInvalidType for Reactive AuthenticationPrincipal
...
Fixes: gh-5096
2018-03-09 12:05:55 -06:00
a2073b2b91
Support BeanResolver for Reactive AuthenticationPrincipal
...
Fixes: gh-4326
2018-03-09 12:05:55 -06:00
d816af2337
Add BadCredentials Jackson Support to What's New
...
Issue: gh-5087
2018-03-09 12:05:55 -06:00
7fafd899ee
Add Reactive WithUserDetails to What's new
...
Issue: gh-4888
2018-03-09 12:05:55 -06:00
abae2f3e87
Allow WithSecurityContextTestExecutionListener to execute after @Before
...
Fixes: gh-2935
2018-03-08 14:13:07 -06:00
210a510bba
Use HttpFirewall Bean
...
Fixes: gh-5022
2018-02-15 17:18:28 -06:00
6f48afbfe6
Format HttpFirewall Reference
...
Put each sentence on a newline.
Issue: gh-5022
2018-02-15 17:18:28 -06:00
964a14b224
Document Reactive Method security requires Publisher return types
...
Fixes: gh-4988
2018-02-07 16:43:18 -06:00
4fbfb710f5
fix typo in documentation: index.adoc
...
1) for more on information on how the Spring Security `AuthenticationManager` is -> for more information on how the Spring Security `AuthenticationManager` is`
2) all the sames things -> all the same things
2018-02-07 10:48:00 -06:00
e1a8d250de
Add authenticated().withAuthentication(Consumer<Authentication>)
...
This allows arbitrary assertions of the authenticated user
Fixes: gh-4996
2018-02-02 16:56:45 -06:00
cd88c739e0
Add Guides to docsZip
...
Fixes: gh-4327
2018-01-30 15:35:30 -06:00
84679a5d64
Polish #4904 Support GrantedAuthoritiesMapper @Bean for oauth2Login
2018-01-23 12:14:57 -05:00
65c3862da9
Password Troubleshooting Reference Fix
...
Correct the package to NoOpPasswordEncoder within the reference
Fixes: gh-4965
2018-01-18 08:25:52 -06:00
450600cbb8
Polish reference
2018-01-12 09:17:05 -06:00
0991f31613
Document exchange password for short term credential
...
Fixes gh-4959
2018-01-12 09:15:35 -06:00
aa900065b8
Document OAuth2UserService delegation-based strategy for authorities mapping
...
Fixes gh-4909
2018-01-11 10:07:58 -05:00
f3830eec7d
Rename userDetailsRepository to userDetailsService
2018-01-10 16:04:48 -06:00
00e8795adc
Update What's New
2017-11-27 11:50:37 -06:00
cd1a02225b
Document PasswordEncoder
2017-11-27 11:42:56 -06:00
690e22778a
Polish Docs
2017-11-27 11:42:56 -06:00
4f85f3a12f
Polish - Editing pass for OAuth 2.0 Login ref doc
2017-11-22 10:44:50 -05:00
3eb66f37e0
Editing pass for OAuth 2.0 Login ref doc
...
Fixes gh-4850
2017-11-21 22:01:15 -05:00
94a8d9b116
Add OAuth 2.0 Login in reference doc
...
Fixes gh-4849
2017-11-17 11:37:56 -05:00
9e22190198
Remove duplicate eruby option in asciidoctor task
2017-11-16 11:19:20 -06:00
82adf744f5
Polish Docs
2017-10-31 10:27:34 -05:00
e95430fa36
Polish Reactive Method Security reference
...
Issue gh-4757
2017-10-30 16:27:50 -05:00
d664ff2e26
Lookup HandlerMappingIntrospector from Bean
2017-10-30 16:27:50 -05:00
8e6c726fb2
Add WebFlux to What's New 5.0
...
Fixes gh-4757
2017-10-30 15:29:13 -05:00
5280ac40e9
WebMvcConfigurerAdapter->WebMvcConfigurer
...
Fixes gh-4612
2017-10-30 01:30:08 -05:00
a558d408a3
Minor typos PreAuthenticatedAuthenticationProvider
2017-10-29 22:12:04 -05:00
a139a0052d
Fix Typo in Reference Docs
2017-10-29 22:09:46 -05:00
6decf1c8ef
Allow use of non-numeric (e.g. UUID) values for ObjectIdentity.getIdentifier()
...
Prior to this commit, the ObjectIdentity id had to be a number. This
commit allows for domain objects to use UUIDs as their identifier. The
fully qualified class name of the identifier type can be specified
in the acl_object_identity table and a ConversionService can be provided
to BasicLookupStrategy to convert from String to the actual identifier
type.
There are the following other changes:
- BasicLookupStrategy has a new property, aclClassIdSupported, which
is used to retrieve the new column from the database. This preserves
backwards-compatibility, as it is false by default.
- JdbcMutableAclService has the same property, aclClassIdSupported,
which is needed to modify the insert statement to write to the
new column. Defaults to false for backwards-compatibility.
- Tests have been updated to verify both the existing functionality
for backwards-compatibility and the new functionality.
Fixes gh-1224
2017-10-29 21:29:12 -05:00
b91aa19b35
Doc DelegatingPasswordEncoder is default
...
Fixes gh-gh-2775
2017-10-24 07:56:28 -05:00
cdc992b132
Remove SaltSource
...
Fixes gh-4681
2017-10-24 07:56:28 -05:00
6a3e981c80
Remove BaseDigestPasswordEncoder from core
...
Issue: gh-4674
2017-10-24 07:55:40 -05:00
53cb6c17e4
gh-4482 - Updating docs for `ConcurrentSessionFilter` configuration example
2017-10-12 07:41:11 -05:00
9833f0090d
Update to remove extra Header
...
Update to remove extra Ldap Authentication Section Header
2017-10-06 17:07:08 -05:00
9e719bc313
Drop the `aopalliance:aopalliance` dependency
...
As of Spring 4.3 RC1 the `org.aopalliance` interfaces are once again bundled
with `spring-aop` [1]. Moreover, all modules with a dependency on
`aopalliance:aopalliance` directly or indirectly also depend on `spring-aop`.
This change drops the `aopalliance:aopalliance` dependency in all places it's
declared. Where applicable an explicit dependency on `spring-aop` was added in
its place. (This dependency was already present in most places; in one case the
module didn't require `aopalliance:aopalliance` in the first place.)
The documentation is updated accordingly.
[1] https://jira.spring.io/browse/SPR-13984
2017-09-22 11:11:04 -05:00
3f58822d4d
Fix MyCustomDsl Reference
...
Fixes gh-4340
2017-09-18 16:07:29 -05:00
dbda7e35a4
Update index.adoc - add missing callout
...
To fix WARNING: index.adoc: line 988: no callouts refer to list item 1
2017-06-15 12:49:20 -05:00
221d4f8fb1
Document WebFlux What Is New
...
Issue gh-4325
2017-05-10 00:28:16 -05:00
829c386756
Add support for OAuth 2.0 Login
...
Fixes gh-3907
2017-04-28 10:58:59 -04:00
dd6fc48dd8
Standardize Build
...
The build now uses spring build conventions to simplify the build
Fixes gh-4284
2017-04-21 10:55:05 -05:00
d59f128210
Fix asciidoc in manual
...
Fixes gh-4301
2017-04-21 10:50:30 -05:00
49719480a8
Fix configuration-source-ref doc
...
Fixes gh-4200
2017-03-02 00:25:51 -06:00
f99fe36e02
Refer to SimpleGrantedAuthority instead of GrantedAuthorityImpl
...
GrantedAuthorityImpl has been replaced a couple of years ago with
SimpleGrantedAuthority and this commit fixes the documentation items
which weren’t updated to reflect this change.
Fixes gh-4163.
2017-03-02 00:09:14 -06:00
72d08a2a5f
Fix index.adoc typo
2017-03-01 23:45:50 -06:00
aa5df61eff
Fix index.adoc typo
2016-12-21 10:19:51 -06:00
6df5b76f24
Fix test.adoc typo
2016-12-21 10:19:51 -06:00
c8ed130008
Fix websocket.adoc typo
2016-12-21 10:19:51 -06:00
f94399cff9
Polish
2016-11-17 09:49:41 -06:00
94fb1893de
fix typo "RemoteIpValve"
2016-11-16 14:13:53 -06:00
fd9f57eb5f
Update What's New changelogs
2016-11-09 17:00:09 -06:00
f0a9421aa4
SecurityJacksonModules->SecurityJackson2Modules
...
Fixes gh-4121
2016-11-09 16:42:41 -06:00
14a656186d
Polish Referrer Header Policy Docs
...
Previously, the Referrer Header Policy was accidentally placed within
the CSP section.
Move Referrer Header Polich outside of the CSP section.
Issue gh-4110
2016-11-09 13:15:06 -06:00
2a197c72eb
Fix typos in the reference
...
Fix typos in the reference documentation
Fixes gh-4113
2016-11-09 10:05:27 -06:00
ab5af87953
Add Referrer Policy to What's New
2016-11-08 16:14:20 -06:00
23294c4c57
Add Referrer-Policy header support
...
Fixes gh-4110
2016-11-08 13:21:35 -06:00
eb2870bf82
Polishing doc in What's New in Spring Security 4.2
2016-11-08 11:19:51 -06:00
cf3d6e7167
Fix Small Typo
...
propoerty->property
2016-10-31 11:31:52 -05:00
8ca4b55d32
Update What's New Section of Reference
...
Fixes gh-4109
2016-10-25 15:03:59 -05:00
f432c04111
Create UserBuilder
...
This commit creates a UserBuilder and updates samples to use it. We do not
leverate it for JdbcUserDetailsManager because it requires the schema to
be created which is difficult with a single bean definition and
unpredicatble ordering. For this, it is still advised to use
AuthenticationManagerBuilder
Fixes gh-4095
2016-10-21 16:42:03 -05:00
94e580fe64
Add Support for Custom Default Configuration in Web Security
...
Fixes gh-4102
2016-10-19 16:15:56 -05:00
af9139b613
Add intercept-url@request-matcher-ref
...
Fixes gh-4097
2016-10-18 22:27:31 -05:00
f019ea89e7
Remove unused lowercase-comparisons from XSD
...
Fixes gh-3932
2016-10-18 22:27:28 -05:00
aaa9708b95
Add BeanResolver to AuthenticationPrincipalArgumentResolver
...
Previously @AuthenticationPrincipal's expression attribute didn't support
bean references because the BeanResolver was not set on the SpEL context.
This commit adds a BeanResolver and ensures that the configuration
sets a BeanResolver.
Fixes gh-3949
2016-10-18 19:45:54 -05:00
df9e6c973c
linked to java configuration sample applications
...
removed outdated description and linked directly to java configuration sample applications
2016-10-17 21:12:17 -05:00
1da9c06f3b
Fix Reference (test.adoc) Typo
...
@SpringExecutionListeners -> @SpringTestExecutionListeners
2016-10-17 21:11:19 -05:00
0c35209d77
Document Proxy Server
...
Issue gh-4076
2016-10-17 21:07:57 -05:00
5e35e37a2b
Update to Thymeleaf 3.0.2 and remove tiles
...
Spring 5 removed support for Tiles 2 and Thymeleaf does not support
Tiles 3 yet. This commit updates to Thymeleaf 3.0.2 and uses
Thymeleaf's build in layout support.
Issue gh-4080
2016-10-17 17:00:17 -05:00
0b1e3b4e4a
Fix Reference Typo
...
unlimitted->unlimited
2016-09-23 16:45:08 -05:00
6b4a52715b
Fix Typo in Reference
2016-09-23 14:57:52 -05:00
c0f5aaee78
Adds What's New Spring Security 4.2
...
Fixes gh-4070
2016-09-23 13:02:27 -05:00
d8690a59e2
Fix ??? in reference
2016-09-19 16:29:46 -05:00
7f54c8b8b4
Fix link to CSP in Reference Doc
...
Previously the link in the reference from x-frame-options to the
content security policy section was broken.
This commit fixes the link.
Issue gh-4063
2016-09-19 10:21:04 -05:00
12173c04ee
Fix Typo in Reference Docs
...
Word substitution, it's foolproof, not full proof :-)
Fixes gh-4063
2016-09-19 10:11:16 -05:00
b88418b94a
Configuration of session management strategies
...
This commit adds an ExpiredSessionStrategy for the ConcurrentSessionFilter
analogous to the InvalidSessionStrategy for the SessionManagementFilter. It also
adds a configuration option for both the InvalidSessionStrategy and
ExpiredSessionStrategy to the XML namespace and Java configuration.
Fixes gh-3794
Fixes gh-3795
2016-09-15 11:10:17 -05:00
37c6605062
Add explanation for DelegatingAuthenticationFailureHandler ( #207 )
2016-09-02 13:27:23 -05:00
2deb722a1f
JavaDoc links in 5.5 Handling Logouts fixed ( #3993 )
...
Fixes gh-3992
2016-08-15 10:13:36 -05:00
fe117bc445
[minor] fix grammar error ( #4013 )
...
add space: that"collects" -> that "collects"
2016-08-15 09:42:36 -05:00
3befb1c8a6
MvcRequestMatcher servletPath / JavaConfig
...
Issue: gh-3987
2016-08-09 16:29:30 -05:00
0b14664a8c
Fix typos in reference ( #3979 )
2016-07-19 15:42:23 -05:00
Rob Winch
Robert Roth
Johnny Lim
Josh Cummings
Joe Grandja
Rissy Lin
Jay Bryant
Arend v. Reinersdorff
Kyle Anderson
Paul Wheeler
Hanson, Tristan
Robby Pond
Stephan Schroevers
stonio
Rob Winch
pkovacs
Artyom Kosykh
Dapeng
Eddú Meléndez
Kazuki Shimizu
Joe
Paul Samsotha
Fred Cooke
Marten Deinum
Marek Jeszka
qwazer
Artur Owczarek