37740cd020
SEC-2861: Add WebSocket Documentation & Sample
2015-02-24 10:29:47 -06:00
b9563f6102
SEC-2830: Cleanup disabling Same Origin SockJS
...
- Defaults for properties false
- Add XML Namespace support
2015-02-24 10:28:33 -06:00
b9e2a57131
SEC-2854: Add intercept-message@message-type
2015-02-20 11:43:16 -06:00
fea03536d6
SEC-2853: Rename WebSocket XML Namespace elements
2015-02-20 11:43:15 -06:00
6a8475adbb
SEC-2830: Provide Same Origin support for SockJS
2015-02-18 11:21:02 -06:00
a27c33754c
SEC-2859: Add CsrfTokenArgumentResolver
2015-02-18 10:51:30 -06:00
c4fe630f8e
SEC-2846: Security HTTP Response Headers Configuration Cleanup
2015-02-10 10:36:00 -06:00
6627f76df7
SEC-2758: Make ROLE_ consistent
2015-01-29 17:08:43 -06:00
081f84844c
SEC-2777: Fix <header> attributes in doc
2015-01-20 16:28:02 -06:00
c30c97005b
SEC-2572: Document Spring Test
2015-01-20 16:20:14 -06:00
aab0eea9cf
SEC-2800 Documentation typo in class name
2014-12-22 19:22:26 -05:00
d5ff80011b
Polish Documentation
2014-12-11 20:36:55 -06:00
1677836d53
SEC-2790: Deprecate @EnableWebMvcConfig
2014-12-10 21:10:27 -06:00
3171cc4364
SEC-2788: Add @Configuration as meta annotation to @Enable* annotations
2014-12-10 21:10:15 -06:00
c67ff42b8a
SEC-2783: XML Configuration Defaults Should Match JavaConfig
...
* j_username -> username
* j_password -> password
* j_spring_security_check -> login
* j_spring_cas_security_check -> login/cas
* j_spring_cas_security_proxyreceptor -> login/cas/proxyreceptor
* j_spring_openid_security_login -> login/openid
* j_spring_security_switch_user -> login/impersonate
* j_spring_security_exit_user -> logout/impersonate
* login_error -> error
* use-expressions=true by default
2014-12-08 15:09:15 -06:00
5f5e7e7265
SEC-2785: Reference outputs PDF, Html Multi, & epub
2014-12-08 13:29:15 -06:00
87a52ffbfd
SEC-2784: Update to Gradle 2.2.1
2014-12-08 13:29:07 -06:00
6e204fff72
SEC-2781: Remove deprecations
2014-12-04 15:28:40 -06:00
2cb2657f5b
SEC-2702: Clean WebSocket Namespace documentation
2014-11-25 12:27:29 -06:00
3c487c0348
SEC-2348: Update doc headers enabled by default with XML
2014-11-21 21:55:03 -06:00
4392205f63
SEC-2347: CSRF Enabled by default w/ XML Config
2014-11-21 21:32:56 -06:00
eedbf44235
SEC-2348: Security HTTP Response Headers enabled by default w/ XML
2014-11-21 16:06:29 -06:00
4dcc89fab0
SEC-2674: Documentation refers to httpStrictTransportSecurity() instead of hsts()
2014-11-19 13:31:09 -06:00
55d6d5a86a
SEC-2615: accesscontrollist tag hasPermission performs OR not AND
...
In 3.1 the accesscontrollist tag began performing an and on the
permissions. This may have been accidental, but I think that it is more
intuitive & secure for it to behave this way. When compared to hasAnyRole
and hasRoles the hasPermission tag implies it is an and. If users end up
needing OR support, then the authorize tag can be used along with the
hasPermission expression. For example:
<sec:authorize access="hasPermission(#domain, 'read') or hasPermission(#domain, 'write') ">
In general, the authorize tag should be preferred as it is the more
powerful way of performing authorization checks.
2014-11-18 16:59:46 -06:00
e7edb77cae
SEC-2716: Fix doc spelling of AbstractPreAuthenticatedProcessingFilter
2014-09-16 10:56:52 -05:00
bd322542ca
Fixed broken url to Clickjacking description.
2014-08-20 10:11:21 +04:00
934937d9c1
SEC-2688: CAS Proxy Ticket Authentication uses Service for host & port
2014-08-15 16:41:33 -05:00
b97b84063a
SEC-2665: Fix samples/ldap-jc link in reference
2014-07-21 14:20:14 -05:00
d9efd08bfd
SEC-2577: Add missing whitespace in reference
2014-04-28 16:24:48 -05:00
5b216bd0b2
Revert "SEC-2547: Consistent CAS client version"
...
This reverts commit f6cc9d87d5
2014-04-15 10:36:37 -05:00
f6cc9d87d5
SEC-2547: Consistent CAS client version
2014-04-14 22:48:55 -05:00
8e31b66f06
SEC-2556: Fix @Import example in manual
2014-04-14 22:39:37 -05:00
71ba977dad
Fix package name in manual code
2014-03-27 13:08:23 +00:00
32d3e29c65
SEC-2325: Polish CSRF Tag support
...
- Rename csrfField to csrfInput
- Make AbstractCsrfTag package scope
- rename FormFieldTag to CsrfInputTag
- rename MetaTagsTag to CsrfMetaTagsTag
- removed whitespace from tag output so output is
minimized & improving browser performance
- Update @since
- changed test names to be more meaningful
2014-03-07 15:28:52 -06:00
a3e0475998
SEC-2325 Added JSP tags for CSRF meta tags and form fields
2014-03-07 15:28:48 -06:00
26cee61b98
SEC-2335 Added ACL schema files for MySQL, SQL Server, Oracle
2014-03-07 15:28:45 -06:00
56bb331760
SEC-2514: Fix typo in hellomvc.asc
...
packags -> packages
2014-03-07 10:27:23 -06:00
1d6536fa71
SEC-2512: Fix typo in reference`
...
udates -> updates
2014-03-06 22:22:34 -06:00
4a1a2dfed4
Update min Spring version of 4.0.2.REELASE
2014-02-19 11:16:57 -06:00
6c35c33abe
SEC-2447: Fix AuthenticationManagerBuilder ordering issues
2014-02-09 21:17:51 -06:00
b5f5665ea6
SEC-2463: CSRF documentation includes EnableWebMvcSecurity
2014-01-29 09:28:51 -06:00
3b05fd6fed
SEC-2466: Add link to MultipartFilter in CSRF multipart section
2014-01-28 22:04:35 -06:00
4c84805ac9
SEC-2466: CSRF MutipartFilter doc now uses <url-pattern>
2014-01-28 16:51:05 -06:00
f09ce267b3
Polish MVC doc
2013-12-16 12:30:25 -06:00
374aceed2b
Polish form.asc
2013-12-16 11:13:23 -06:00
df703e0189
Polish hellomvc.asc
2013-12-16 10:39:18 -06:00
8c580dc170
SEC-2444: Polish Thymeleaf for samples
2013-12-16 09:51:00 -06:00
5205bf57c6
SEC-2453: Create 403 CSRF FAQ Entry
2013-12-16 09:02:02 -06:00
b7041ed00e
SEC-2436: Add @EnableWebMvcSecurity
2013-12-14 14:40:01 -06:00
4708287ad3
SEC-2444: Convert Java Config samples to thymeleaf and tiles
2013-12-13 15:47:28 -06:00
0d12397662
SEC-2385: Polish Gradle Spring 4 usage doc
2013-12-12 08:20:37 -06:00
035067caf4
SEC-2385: Polish Gradle Spring 4 usage doc
2013-12-11 08:08:51 -06:00
548ed4e14a
Update samples to declare repository already added
2013-12-06 14:46:52 -06:00
feeb380b51
Polish Guides
2013-12-06 11:12:07 -06:00
ec524da6cb
SEC-2416: Fix Hello MVC guide
2013-12-05 15:47:38 -06:00
fc6fc19eed
Fix guides
2013-12-05 13:16:59 -06:00
74a6303b6f
SEC-2385: Document how to use with Spring 4
2013-12-04 12:38:45 -06:00
4308e72573
Polish CSRF log in caveat with link
2013-12-03 09:27:49 -06:00
b8cc42e3a3
SEC-2426: Add CSRF and logout with non-post example
2013-12-03 09:07:54 -06:00
ab08d99a52
SEC-2421: Remove filterProcessUrl from UsernamePasswordAuthenticationFilter doc
2013-12-02 16:47:57 -06:00
135df149a3
SEC-2423: Document differences between defaults in Java & XML Config
2013-12-02 16:37:52 -06:00
0b996c669f
SEC-2424: Document ObjectPostProcessor
2013-12-02 10:17:08 -06:00
5a59c74d02
SEC-2327: Document SecurityExpressionRoot
2013-11-20 16:59:05 -06:00
4944e602cb
SEC-2402: Reference cleanup
...
* Fix link rendering in CSRF section
* Remove static from MultiHttpSecurityConfig sample
* Decrease indention since can render w/ PDF now
* Remove invalid characters
2013-11-15 10:50:08 -06:00
f1f3acdf75
Fix guides spec
2013-11-01 14:21:37 -05:00
c135179029
Update to latest Asciidoctor version
...
We will temporarily remove PDF support until the plugin supports it.
2013-10-30 16:56:00 -05:00
cf3e2f2c6a
Fix guide index's link to custom form
2013-10-30 16:19:51 -05:00
17b9f33351
SEC-2378: Fix CSRF MultipartFilter doc typo
2013-10-29 13:07:10 -05:00
5427da6b27
Move reference to htmlsingle to match standard Spring reference layout
2013-10-29 12:56:29 -05:00
78f85cc129
SEC-2349: Number the reference
2013-10-23 17:46:57 -05:00
85ec2429d9
SEC-2349: Externalize FAQ
2013-10-23 17:43:32 -05:00
355f884d22
SEC-2093: Document what is new in Spring Security 3.2
2013-10-18 16:39:01 -05:00
4a24c81147
SEC-2299: Document @AuthenticationPrincipal
2013-10-18 15:46:29 -05:00
a3009e303b
SEC-2299: Document Web MVC integration
2013-10-18 11:23:58 -05:00
6ea95cc3a3
SEC-2094: Document Concurrency Support
2013-10-18 09:50:49 -05:00
348e3a22b6
SEC-2365: registerAuthentication->configure
2013-10-16 13:59:56 -05:00
db3c626ac9
SEC-2281: Document Java Configuration
2013-10-16 10:44:35 -05:00
e3f58fd9d3
Polish guide
2013-10-16 10:44:16 -05:00
bbefc62a87
Fix Security Header's link to HttpServletResponse.setHeader
2013-10-15 16:56:44 -05:00
730dcffe6d
Fix crossrefs in footnotes
2013-10-15 16:50:26 -05:00
bf3b5459cd
Fix Authors of manual
2013-10-15 16:22:27 -05:00
0978c12c47
SEC-2361: Java Config Sampels use @Autowired AuthenticationManagerBuilder
2013-10-15 12:35:32 -05:00
51171efa7a
SEC-2357: Move *RequestMatcher to .matcher package
2013-10-14 11:55:56 -05:00
14b9050616
SEC-2357: Move *RequestMatchers to .matchers package
2013-10-14 10:36:31 -05:00
d28058303b
SEC-2349: Move FAQ into reference
2013-10-03 21:28:55 -05:00
4b43cf3f50
SEC-2349: Convert Reference to Asciidoctor
2013-10-03 14:15:09 -05:00
df5e034fc3
SEC-2282: Polish CSRF Documentation
2013-09-27 17:14:21 -05:00
8087cde628
SEC-2331: Include Expires: 0 in xsd and appendix
2013-09-27 17:10:42 -05:00
8fed90c26c
SEC-2282: Add links for AccessDeniedHandler in CSRF doc
2013-09-27 16:44:34 -05:00
3e95f1c12e
SEC-2282: Polish CSRF Documentation
2013-09-27 16:41:06 -05:00
ee33a6deeb
SEC-2285: Headers doc explicitly state default headers
2013-09-27 16:29:10 -05:00
17efd25717
SEC-2331: Include Expires: 0 in security headers documentation
2013-09-27 16:13:40 -05:00
06a0ec1a9f
SEC-2285: Polish Security Headers Documentation
...
Explain why (passivity) XML Namespace doesn't enable security headers by
default.
2013-09-27 16:13:18 -05:00
9bb283044f
SEC-2282: Polish CSRF Documentation
...
Explain why (passivity) XML Namespace doesn't enable csrf protection by
default.
2013-09-27 16:06:25 -05:00
a09756745f
SEC-2151: Support binding method arguments with Annotations
...
This allow utilizing method arguments for method access control on
interfaces prior to JDK 8.
2013-09-27 11:18:37 -05:00
1f3b812a66
SEC-2282: Polish CSRF Documentation
2013-09-26 08:58:39 -05:00
ef7cc40389
SEC-2282: Polish CSRF Documentation
2013-09-25 17:30:50 -05:00
d16106ef56
SEC-2309: Document CSRF multipart/form-data
2013-09-25 15:14:32 -05:00
e5804d323b
SEC-2256: Fix intercept-url doc precidence statement
...
Previously the documentation incorrectly stated "If a request matches
multiple patterns, the method-specific match will take precedence
regardless of ordering."
This has now been removed and InterceptUrlConfigTests was added previously
to ensure this was true.
2013-09-13 22:02:52 -07:00
f6587c8697
SEC-2312: Update javadoc link to Spring 3.2.x
2013-09-13 15:34:30 -07:00
Rob Winch
Christopher Pelloux
Bloshchetsov Andrey Evgenyevich
Alexander Grüneberg
Hans-Joachim Kliemeck
Grzegorz Rożniecki
Luke Taylor
Rob Winch
beamerblvd
John Tims
Manimaran Selvan