Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-23 06:58:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,991 Commits 33 Branches 337 Tags
Commit Graph

4991 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
f6587c8697 SEC-2312: Update javadoc link to Spring 3.2.x 2013-09-13 15:34:30 -07:00
Rob Winch
32e9239fd2 SEC-2320: AuthenticationPrincipal can be null on invalid type 
Previously a ClassCastException was thrown if the type was invalid. Now
a flag exists on AuthenticationPrincipal which indicates if a
ClassCastException should be thrown or not with the default being no error.
 2013-09-13 15:21:13 -07:00
Rob Winch
b22acd0768 SEC-2314: AbstractSecurityWebApplicationInitializer.getSessionTrackingModes() uses EnumSet 2013-09-13 14:44:44 -07:00
Rob Winch
53a0db6be1 SEC-2313: Gradle javadoc hotfix 2013-09-11 15:30:50 -07:00
Rob Winch
662bb24370 SEC-1937: Added test to demonstrate SEC-1937 was invalid 2013-09-11 15:10:42 -07:00
Rob Winch
3c82e63ded Formatting cleanup 2013-09-11 15:10:20 -07:00
Rob Winch
8e74407381 SEC-2296: HttpServletRequest.login should throw ServletException if already authenticated 
See throws documentation at
http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login%28java.lang.String,%20java.lang.String%29
 2013-08-31 11:55:24 -05:00
Rob Winch
e8ac11641b SEC-2297: Add DispatchType.ASYNC as default for AbstractSecurityWebApplicationInitializer 2013-08-31 11:39:57 -05:00
Rob Winch
7203faf34f SEC-2300: Update Spring LDAP version to 1.3.2.RELEASE 2013-08-31 11:26:43 -05:00
Rob Winch
3d2f23602f SEC-2294: Update Spring Version to 3.2.4.RELEASE 2013-08-31 11:26:43 -05:00
Rob Winch
43f4d01cf3 SEC-2292: Add test to assert CSRF bypass of methods is case sensitive 
HTTP methods should be case sensitive, so add test to ensure that this is
the case http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.1
 2013-08-31 10:40:49 -05:00
Rob Winch
6e9fb7930b SEC-2298: Add AuthenticationPrincipalArgumentResolver 2013-08-30 17:06:40 -05:00
Rob Winch
98fe2322cd SEC-2095: Fix Servlet API doc ids 2013-08-30 13:10:32 -05:00
Scott Andrews
fc16450344 Demonstrate rest.js CSRF support in reference docs 
rest.js 0.9.4 added support for applying the CSRF header and token to
Ajax requests.
 2013-08-30 12:21:32 -05:00
Rob Winch
246c632f3a SEC-2095: Document Servlet API support 2013-08-30 12:20:35 -05:00
Rob Winch
664220f304 SEC-2295: Remove error logging when Spring version equals Spring Security 2013-08-29 16:48:49 -05:00
Rob Winch
86340b8016 SEC-2283: Polish headers doc 2013-08-29 13:47:54 -05:00
Rob Winch
ae368829f4 Tweak PermGen for tests 2013-08-28 13:30:25 -05:00
Rob Winch
d89cf6db29 SEC-2283: Update headers documentation and tests 2013-08-28 12:35:40 -05:00
Rob Winch
4761614c9f SEC-2291: Fix internal links within reference 
Instead of using xlink:href="# use linkend="
 2013-08-28 09:12:27 -05:00
Rob Winch
69aac09e1d SEC-2285: Added headers to to reference 2013-08-28 08:58:45 -05:00
Rob Winch
9483226d02 SEC-2282: Polish CSRF doc 2013-08-27 17:16:32 -05:00
Rob Winch
aca2e4ff3a SEC-2289: Add spring4Test 2013-08-27 16:43:10 -05:00
Rob Winch
086056f191 SEC-2289: Make compatible with Spring 4 as well 
There are a few subtle changes in Spring 4 that this commit addresses
 2013-08-27 16:43:10 -05:00
Rob Winch
26166ef6e8 SEC-2272: CsrfRequestDataValueProcessor support Spring 4 and Spring 3 2013-08-27 16:26:16 -05:00
Rob Winch
3f69847a4e SEC-2286: Log invalid CSRF tokens at debug level 2013-08-25 22:35:20 -05:00
Rob Winch
d60108eaf6 SEC-2229: Add optional dependencies to spring-security-config 
spring-tx and spring-jdbc aren't pulled in transitively from
spring-security-web now, so we must include them as optional dependencies.
 2013-08-25 19:47:57 -05:00
Rob Winch
98bdd32ca0 SEC-2282: Add CSRF documentation to the reference manual 2013-08-25 19:00:04 -05:00
Rob Winch
33db440961 SEC-2129: AntPathRequestMatcher also supports case sensitive comparisions 2013-08-25 16:26:18 -05:00
Rob Winch
7d1d856729 SEC-2229: spring-security-web dependency polish 
- remove direct dependency on spring-aop
- spring-tx and spring-jdbc optional
 2013-08-25 15:52:17 -05:00
Rob Winch
18bd82e7d4 SEC-2131: Update doc to state session authentication sends 401 if no page 2013-08-25 11:37:23 -05:00
Rob Winch
cd7055f725 SEC-2171: Include Information about pooling in Spring LDAP documentation 2013-08-25 11:27:50 -05:00
Rob Winch
7f2308f46c SEC-2146: Document AspectJ does not inherit annotations 2013-08-25 11:06:36 -05:00
Rob Winch
534989c8ea SEC-2103: Fix tests to verify debug logging instead of info 2013-08-25 10:05:22 -05:00
Rob Winch
acb2b680d0 SEC-2103: Change log of no results to debug 2013-08-24 23:39:56 -05:00
Nick Williams
f29505d657 SEC-2280: Fix SessionFixationConfigurer#changeSessionId Javadoc 
The Javadoc for SessionFixationConfigurer#changeSessionId() was copied and pasted from
SessionFixationConfigurer#none() and never updated. It is incorrect. This commit fixes that.
 2013-08-24 23:31:05 -05:00
Rob Winch
48283ec004 SEC-2276: Delay saving CsrfToken until token is accessed 
This also removed the CsrfToken from the response headers to prevent the
token from being saved. If user's wish to return the CsrfToken in the
response headers, they should use the CsrfToken found on the request.
 2013-08-24 23:31:01 -05:00
Rob Winch
c131fb6379 SEC-2139: named-security-filter are all defined and ordered correctly 2013-08-24 15:18:22 -05:00
Rob Winch
03b235295e SEC-2270: Remove duplicate version from guides index 2013-08-23 14:13:12 -05:00
Rob Winch
efa9f4db93 SEC-2108: Fix typo in ldap section of manual 2013-08-23 14:09:58 -05:00
Rob Winch
379cbd2a8b SEC-2274: Add ApplicationContext as HttpSecurity shared object 2013-08-21 16:50:09 -05:00
Rob Winch
e8788f2657 SEC-2269: Fix markup for CSRF link 2013-08-21 10:08:39 -05:00
Rob Winch
17c2a18fee SEC-2269: Fix CSRF link in appendix 2013-08-21 10:01:19 -05:00
Rob Winch
0247dd124f SEC-2271: LogoutConfigurer#logoutUrl explains about CSRF 2013-08-21 06:58:09 -05:00
Rob Winch
a3a432f7b6 SEC-2269: Fix additional links 2013-08-20 14:02:33 -05:00
Rob Winch
3b2156969d SEC-2269: Fix headers link 2013-08-20 10:06:00 -05:00
Rob Winch
f707101fdb SEC-2269: Fix headers documentation 2013-08-20 10:03:31 -05:00
Rob Winch
eb95c500f5 Remove dockbook-reference from guides 2013-08-20 10:02:55 -05:00
Rob Winch
110e769bd4 SEC-2257: Remove HttpSecurityBuilder#getAuthenticationManager() 
Removed in favor of using shared object.
 2013-08-19 15:22:04 -05:00
Hans-Joachim Kliemeck
8b1ab4e85f SEC-2260 - update pom/gradle to use current cas client library 2013-08-19 15:22:04 -05:00