Rob Winch
53f85e2151
SEC-2848: LogoutConfigurer allows setting clearAuthentication
2015-10-30 13:54:01 -05:00
Rob Winch
15b4406015
SEC-3135: antMatchers(<method>,new String[0]) now passive
2015-10-30 10:08:42 -05:00
Rob Winch
c93d6bc823
SEC-3120: Remove .and() from httpStrictTransportSecurity() doc
2015-10-30 09:11:47 -05:00
Rob Winch
4144de9376
SEC-3082: make SavedRequest parameters case sensitive
2015-10-29 16:46:11 -05:00
Rob Winch
0981cd975f
SEC-3120: Reference hsts() -> httpStrictTransportSecurity()
2015-10-29 15:07:44 -05:00
Rob Winch
be303b15d1
SEC-3128: RoleVoter supports null Authentication
2015-10-29 14:03:18 -05:00
Rob Winch
6f1bb705ac
SEC-3135: antMatchers now allows method and no pattern
...
Previously, antMatchers(POST).authenticated() was not allowed. Instead
users had to use antMatchers(POST, "/**").authenticated().
Now we default the patterns to be "/**" if it is null or empty.
2015-10-29 12:48:29 -05:00
Rob Winch
8f13beccb7
SEC-2190: Fix Javadoc
2015-10-29 11:41:39 -05:00
Rob Winch
8b641e5f79
SEC-2190: Support WebApplicationContext in ServletContext attribute
2015-10-28 15:12:35 -05:00
Rob Winch
5c73816a1a
SEC-3108: DigestAuthenticationFilter should use SecurityContextHolder.createEmptyContext()
2015-10-27 13:56:51 -05:00
Rob Winch
69274d9aa8
SEC-2521: Improve StandardPasswordEncoder performance
2015-10-27 11:20:24 -05:00
Rob Winch
a88ac0fcc1
SEC-3109: Fix web tests
2015-10-26 21:31:07 -05:00
Rob Winch
bd221739c7
SEC-3109: DelegatingSecurityContextExecutor fails with same Thread
...
Previously DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable
would not setup the SecurityContext if it was on the same thread as it was created.
This was intended to fix SEC-3031 but simply caused more problems.
This commit changes the strategy to keep track of the previous SecurityContext
and restore it (or clear it out if it was originally empty).
2015-10-26 17:16:54 -05:00
Rob Winch
95ea86b48d
SEC-3057: Include all *.txt & *.jar in dist zip
2015-10-26 14:04:17 -05:00
Rob Winch
861ec76991
SEC-3133: Correct test doc username parameter
2015-10-26 12:59:44 -05:00
Rob Winch
f76bf96e14
SEC-3132: securityBuilder cannot be null
...
If a custom SecurityConfiguererAdapter applies another
SecurityConfigurerAdapter it caused an error securityBuilder cannot be null.
This commit fixes this.
2015-10-23 10:27:09 -05:00
Rob Winch
8858419696
SEC-3052: Doc DEFAULT_MATCHER->DEFAULT_CSRF_MATCHER
2015-10-21 16:22:37 -05:00
Rob Winch
dd092431a0
SEC-2941: Default RequestPostProcessor overrides
...
Previously a default RequestPostProcessor overrode additional
RequestPostProcessor instances added to the request. This was due to
SPR-12945. Now that SPR-12945 is fixed, this commit adds a test to
ensure this stays fixed.
2015-10-21 16:06:49 -05:00
Rob Winch
b9f8af3096
SEC-3063: rm ConditionalOnMissingBean for @Primary
...
ConditionalOnMissingBean can only work in a Spring Boot environment. This
means this approach is flawed.
Instead users that wish to override requestDataValueProcessor can use
@Primary.
2015-10-21 15:40:43 -05:00
Rob Winch
cda6532c43
SEC-3070: Logout invalidate-session=false and Spring Session doesn't
...
work
2015-10-20 14:58:57 -05:00
izeye
3925ed90c4
SEC-3124: Fix broken Javadoc related to `<` and `>`
2015-10-13 13:33:28 -05:00
Rob Winch
81d61c2715
Merge pull request #227 from zshift/master
...
Fixed incorrect dn.
2015-10-01 16:22:33 -05:00
Peter David Faria
21c0542487
SEC-3117: Update users.ldif
...
Fixed incorrect dn.
2015-10-01 16:22:05 -05:00
Rob Winch
5f84902e72
Merge pull request #200 from ckarawani/master
...
SEC-2757: Removed assertion of 'sn' when creating LdapUserDetails
2015-10-01 16:18:26 -05:00
izeye
8baafbb2f2
SEC-3116: Polish WebSecurity Javadoc
2015-10-01 15:50:22 -05:00
Peter David Faria
8698161463
Update users.ldif
...
Fixed incorrect dn.
2015-09-29 16:56:35 -04:00
Rob Winch
c8f598778f
Polish snasphot -> snapshot
2015-09-25 15:29:04 -05:00
zhanhb
29f2cc0ab1
snasphot -> snapshot
2015-09-25 15:28:39 -05:00
Rob Winch
79ea541d3e
Merge pull request #224 from djechelon/patch-1
...
Update messages_it.properties
2015-09-25 15:23:46 -05:00
Rob Winch
af363ecc2c
Merge pull request #226 from nivenoct/master
...
Fix reference to Null Object pattern in the manual
2015-09-25 15:21:57 -05:00
Alex Derkach
777431758d
Fix reference to Null Object pattern in the manual
2015-09-24 16:53:35 +03:00
/usr/local/ΕΨΗΕΛΩΝ
e6ed4441c4
Update messages_it.properties
2015-09-17 17:31:32 +02:00
Rob Winch
a00a7dabd8
Merge pull request #221 from codingdiscer/master
...
Fix reference to Spring Security version in the manual (3.0->4.0)
2015-09-07 20:44:17 -05:00
Dan Dowma
09c4765191
Fix reference to Spring Security version in the manual
2015-09-07 00:44:16 -05:00
Rob Winch
50ff81033c
Add coreInstall Task
2015-09-02 00:21:40 -05:00
Rob Winch
81e2778106
SEC-3097: Change CsrfRequestPostProcessor to use TestCsrfTokenRepository
...
This ensures that when using a wrapped HttpServletRequest (i.e. Spring
Session) that the CSRF token test support still works.
2015-09-02 00:21:40 -05:00
Rob Winch
ea94706319
SEC-3097: Use MockMvc for SecurityMockMVcRequestPostProcessorsCsrfTests
...
This is necessary because the changes for this issue are going to make
the mocked version of the tests invalid.
2015-09-02 00:21:39 -05:00
David Avenante
a9a5377e4a
Unused import
...
An import unsued
2015-09-02 00:21:39 -05:00
David Avenante
5edfeb4091
Unused import
...
And import is unused
2015-09-02 00:21:39 -05:00
Rob Winch
97969ea9d2
SEC-2059: Ignore Query String for Resolving Path Variables
2015-09-01 09:53:29 -05:00
Rob Winch
adfeb96e2f
Update to Spring 4.2.1
2015-09-01 09:53:26 -05:00
Rob Winch
bac980cbcb
SEC-2868: Simplify custom UserDetailsService Java Config
...
Exposing a UserDetailsService as a bean is now all that is necessary
for Java based configuration. Additionally, an optional PasswordEncoder
bean can be used to configure password encoding.
2015-08-27 20:41:15 -05:00
Rob Winch
35393098f8
SEC-3094: Add @WithAnonymousUser & anonymous() MockMvcRequestPostProcessor
2015-08-27 15:17:44 -05:00
Rob Winch
6b05b298ff
SEC-2059: Support Path Variables in Web Expressions
2015-08-20 17:11:01 -05:00
Rob Winch
5f328b1178
SEC-2709: Fix WithSecurityContextTestExecutionListener Order
2015-08-20 10:41:09 -05:00
Rob Winch
327695ab0c
SEC-3084: Doc SecurityContextRequestPostProcessorSupport & SecurityContextHolder
2015-08-20 09:30:24 -05:00
Rob Winch
c79bceab03
SEC-2956: Improve AnnotationParameterNameDiscoverer Performance
2015-08-19 16:07:03 -05:00
Rob Winch
cbed1d75ee
SEC-3076: Add Method Level Security Meta Annotations
2015-08-19 16:07:03 -05:00
Rob Winch
7708129aad
SEC-3080: Remove invalid characters from reference
2015-08-19 16:06:56 -05:00
Rob Winch
5ac13eb905
SEC-3079: Update to Gradle 2.6
2015-08-19 16:05:54 -05:00