Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-22 14:24:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,006 Commits 33 Branches 337 Tags
Commit Graph

5006 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
f294480e6b SEC-2329: JC @Autowire(required=false) AuthenticationTrustResolver 
Java Configuration now allows optional @Autowire of
AuthenticationTrustResolver. In the WebSecurityConfigurerAdapter this is
done by populating AuthenticationTrustResolver as a sharedObject.
 2013-09-20 15:28:50 -05:00
Rob Winch
788ba9a1fa SEC-2329: Allow injecting of AuthenticationTrustResolver 2013-09-20 15:26:52 -05:00
Rob Winch
7537dfc33a SEC-2304: rm duplicate MethodExpressionHandler from GlobalMethodSecurityConfiguration 2013-09-20 15:13:02 -05:00
Rob Winch
5082a04626 SEC-2311: LogoutConfigurer allows other HTTP methods if CSRF is disabled 2013-09-19 16:05:26 -05:00
Rob Winch
9133c33f1d SEC-2246: HttpSessionRequestCache.getRequest casts to RequestCache 
The method getRequest use to cast to DefaultRequestCache, but this
is not necessary.

Now the cast is to SavedRequest.
 2013-09-19 15:08:32 -05:00
Rob Winch
8f8c6169e8 SEC-2331: Cache Control now includes Expires: 0 2013-09-19 14:06:37 -05:00
Rob Winch
c5c1419521 SEC-2332: GlobalMethodSecurityConfiguration includes proper voters 
Previously GlobalMethodSecurityConfiguration did not include the correct
voters. This updates the code and the tests to ensure that the proper
voters are added. Note this got past testing previously due to all the
voters abstaining, so tests were added for ensuring that methods could also
be invoked sucessfully using the configured annotation.
 2013-09-18 18:27:12 -05:00
Rob Winch
d33b9e2854 SEC-2324: Update Spring Security tld version 2013-09-18 17:40:00 -05:00
Rob Winch
c156716be8 Ensure single version of org.slf4j 2013-09-18 16:13:03 -05:00
Rob Winch
0114b457c0 SEC-2330: CacheControlHeadersWriter use a single header 2013-09-18 16:12:34 -05:00
Rob Winch
05a7c58daa SEC-2228: Change openid4j to optional in template.mf 2013-09-13 22:06:42 -07:00
Rob Winch
e5804d323b SEC-2256: Fix intercept-url doc precidence statement 
Previously the documentation incorrectly stated "If a request matches
multiple patterns, the method-specific match will take precedence
regardless of ordering."

This has now been removed and InterceptUrlConfigTests was added previously
to ensure this was true.
 2013-09-13 22:02:52 -07:00
Rob Winch
be8aad8306 SEC-2196: Demonstrate Method Security works on Generic methods 2013-09-13 16:20:43 -07:00
Rob Winch
d9c9cd7f84 Remove warnings from defaultSpringSecurityContextSource 2013-09-13 15:54:21 -07:00
Rob Winch
b4cbcee7f0 SEC-2308: DefaultSpringSecurityContextSource allow empty baseUrl 2013-09-13 15:53:35 -07:00
Rob Winch
f6587c8697 SEC-2312: Update javadoc link to Spring 3.2.x 2013-09-13 15:34:30 -07:00
Rob Winch
32e9239fd2 SEC-2320: AuthenticationPrincipal can be null on invalid type 
Previously a ClassCastException was thrown if the type was invalid. Now
a flag exists on AuthenticationPrincipal which indicates if a
ClassCastException should be thrown or not with the default being no error.
 2013-09-13 15:21:13 -07:00
Rob Winch
b22acd0768 SEC-2314: AbstractSecurityWebApplicationInitializer.getSessionTrackingModes() uses EnumSet 2013-09-13 14:44:44 -07:00
Rob Winch
53a0db6be1 SEC-2313: Gradle javadoc hotfix 2013-09-11 15:30:50 -07:00
Rob Winch
662bb24370 SEC-1937: Added test to demonstrate SEC-1937 was invalid 2013-09-11 15:10:42 -07:00
Rob Winch
3c82e63ded Formatting cleanup 2013-09-11 15:10:20 -07:00
Rob Winch
8e74407381 SEC-2296: HttpServletRequest.login should throw ServletException if already authenticated 
See throws documentation at
http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login%28java.lang.String,%20java.lang.String%29
 2013-08-31 11:55:24 -05:00
Rob Winch
e8ac11641b SEC-2297: Add DispatchType.ASYNC as default for AbstractSecurityWebApplicationInitializer 2013-08-31 11:39:57 -05:00
Rob Winch
7203faf34f SEC-2300: Update Spring LDAP version to 1.3.2.RELEASE 2013-08-31 11:26:43 -05:00
Rob Winch
3d2f23602f SEC-2294: Update Spring Version to 3.2.4.RELEASE 2013-08-31 11:26:43 -05:00
Rob Winch
43f4d01cf3 SEC-2292: Add test to assert CSRF bypass of methods is case sensitive 
HTTP methods should be case sensitive, so add test to ensure that this is
the case http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.1
 2013-08-31 10:40:49 -05:00
Rob Winch
6e9fb7930b SEC-2298: Add AuthenticationPrincipalArgumentResolver 2013-08-30 17:06:40 -05:00
Rob Winch
98fe2322cd SEC-2095: Fix Servlet API doc ids 2013-08-30 13:10:32 -05:00
Scott Andrews
fc16450344 Demonstrate rest.js CSRF support in reference docs 
rest.js 0.9.4 added support for applying the CSRF header and token to
Ajax requests.
 2013-08-30 12:21:32 -05:00
Rob Winch
246c632f3a SEC-2095: Document Servlet API support 2013-08-30 12:20:35 -05:00
Rob Winch
664220f304 SEC-2295: Remove error logging when Spring version equals Spring Security 2013-08-29 16:48:49 -05:00
Rob Winch
86340b8016 SEC-2283: Polish headers doc 2013-08-29 13:47:54 -05:00
Rob Winch
ae368829f4 Tweak PermGen for tests 2013-08-28 13:30:25 -05:00
Rob Winch
d89cf6db29 SEC-2283: Update headers documentation and tests 2013-08-28 12:35:40 -05:00
Rob Winch
4761614c9f SEC-2291: Fix internal links within reference 
Instead of using xlink:href="# use linkend="
 2013-08-28 09:12:27 -05:00
Rob Winch
69aac09e1d SEC-2285: Added headers to to reference 2013-08-28 08:58:45 -05:00
Rob Winch
9483226d02 SEC-2282: Polish CSRF doc 2013-08-27 17:16:32 -05:00
Rob Winch
aca2e4ff3a SEC-2289: Add spring4Test 2013-08-27 16:43:10 -05:00
Rob Winch
086056f191 SEC-2289: Make compatible with Spring 4 as well 
There are a few subtle changes in Spring 4 that this commit addresses
 2013-08-27 16:43:10 -05:00
Rob Winch
26166ef6e8 SEC-2272: CsrfRequestDataValueProcessor support Spring 4 and Spring 3 2013-08-27 16:26:16 -05:00
Rob Winch
3f69847a4e SEC-2286: Log invalid CSRF tokens at debug level 2013-08-25 22:35:20 -05:00
Rob Winch
d60108eaf6 SEC-2229: Add optional dependencies to spring-security-config 
spring-tx and spring-jdbc aren't pulled in transitively from
spring-security-web now, so we must include them as optional dependencies.
 2013-08-25 19:47:57 -05:00
Rob Winch
98bdd32ca0 SEC-2282: Add CSRF documentation to the reference manual 2013-08-25 19:00:04 -05:00
Rob Winch
33db440961 SEC-2129: AntPathRequestMatcher also supports case sensitive comparisions 2013-08-25 16:26:18 -05:00
Rob Winch
7d1d856729 SEC-2229: spring-security-web dependency polish 
- remove direct dependency on spring-aop
- spring-tx and spring-jdbc optional
 2013-08-25 15:52:17 -05:00
Rob Winch
18bd82e7d4 SEC-2131: Update doc to state session authentication sends 401 if no page 2013-08-25 11:37:23 -05:00
Rob Winch
cd7055f725 SEC-2171: Include Information about pooling in Spring LDAP documentation 2013-08-25 11:27:50 -05:00
Rob Winch
7f2308f46c SEC-2146: Document AspectJ does not inherit annotations 2013-08-25 11:06:36 -05:00
Rob Winch
534989c8ea SEC-2103: Fix tests to verify debug logging instead of info 2013-08-25 10:05:22 -05:00
Rob Winch
acb2b680d0 SEC-2103: Change log of no results to debug 2013-08-24 23:39:56 -05:00