Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-21 22:05:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,279 Commits 33 Branches 337 Tags
Commit Graph

5279 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
getvictor
6de138c2f2 SEC-2511: Remove double ALLOW-FROM from X-Frame-Options header. 
The interface documentation for getAllowFromValue states: Gets the value for ALLOW-FROM excluding the ALLOW-FROM.
 2014-03-06 22:01:23 -06:00
Rob Winch
4cdeacc277 SEC-2499: Allow MethodSecurityExpressionHandler in parent context 
Previously a NoSuchBeanDefintionException was thrown when the
MethodSecurityExpressionHandler was defined in the parent context. This
happened due to trying to work around ordering issues related to SEC-2136

This commit resolves this by not marking the
MethodSecurityExpressionHandler bean as lazy unless it exists.
 2014-03-06 21:14:35 -06:00
Rob Winch
9988fa141c Update Spring Security version in pom.xml 2014-03-06 08:13:52 -06:00
Rob Winch
8afa8d8588 Fix integration tests 2014-03-06 07:56:40 -06:00
Rob Winch
6dfdb10e31 Fix move to 4.0 2014-03-05 16:52:19 -06:00
Rob Winch
6be4e3a9fc SEC-2506: Remove Bundlor Support 2014-03-05 13:32:16 -06:00
Rob Winch
04a527d4ec SEC-2495: CSRF disables logout on GET 2014-02-20 09:40:00 -06:00
Rob Winch
de4ed136ea Fix spring4 test 2014-02-19 16:13:30 -06:00
Rob Winch
4a1a2dfed4 Update min Spring version of 4.0.2.REELASE 2014-02-19 11:16:57 -06:00
Rob Winch
3fc9dd82f3 Start Spring Security 4.0.x 2014-02-19 11:05:27 -06:00
Spring Buildmaster
551f600073 Next development version 2014-02-19 08:10:01 -08:00
Rob Winch
f2cde4ffa3 SEC-2486: Update tests to Spring LDAP 2.0.1.RELEASE 2014-02-19 09:32:37 -06:00
Rob Winch
9810768186 SEC-2485: Update test to Spring 4.0.2.RELEASE 2014-02-19 09:31:46 -06:00
Rob Winch
7f99a2dfbb SEC-2487: Update to Spring 3.2.8.RELEASE 2014-02-19 09:30:40 -06:00
Rob Winch
85305050c0 SEC-2455: Fix XML default login generation 2014-02-18 13:52:05 -06:00
Rob Winch
8a3a7961cb SEC-2492: ExpressionUrlAuthorizationConfigurer private interceptUrl to void 2014-02-15 14:41:26 -06:00
Rob Winch
fc8e4868ce SEC-2468: Fix tests 2014-02-15 14:25:46 -06:00
Rob Winch
65367e6547 SEC-2468: JdbcUserDetailsManager#createNewAuthentication uses null credentials 2014-02-14 16:53:26 -06:00
Rob Winch
bf2df220ca SEC-2490: LdapAuthenticationProviderConfigurer allows custom LdapAuthoritiesPopulator 2014-02-13 16:37:33 -06:00
Rob Winch
152f41f61e SEC-2392: KeyBasedPersistenceTokenService uses bytes instead of bits 
The method setPseudoRandomNumberBits actually sets the number of bytes. This
commit deprecates setPseudoRandomNumberBits and adds
setPseudoRandomNumberBytes. The default value is still 256 to remain passive
but will be updated in 4.x.
 2014-02-13 15:36:47 -06:00
Rob Winch
7a3da28987 SEC-2479: Search parent context for AuthenticationManager 2014-02-12 08:11:26 -06:00
Rob Winch
e17adad878 SEC-2469: Support Spring LDAP 2.0.1+ 2014-02-12 08:11:26 -06:00
Luke Taylor
058b9debef Minor slapd config changes 2014-02-11 14:23:54 +00:00
Rob Winch
6c35c33abe SEC-2447: Fix AuthenticationManagerBuilder ordering issues 2014-02-09 21:17:51 -06:00
Rob Winch
c42e13c966 loginProcessing test 2014-02-07 17:01:11 -06:00
Rob Winch
6b42a2eae1 SEC-2461: Multi WebSecurityConfiguration does not create null springSecurityFilterChain 2014-02-07 17:01:11 -06:00
Rob Winch
ec8b48150d SEC-2474: Update poms 2014-02-07 17:01:11 -06:00
Rob Winch
4eff50b48b SEC-2474: Update tests against Spring 4.0.1 2014-01-30 09:44:26 -06:00
Rob Winch
087b56da96 SEC-2473: Update to Spring 3.2.7 2014-01-30 09:44:26 -06:00
Rob Winch
8d8475deb1 SEC-2455: form-login@login-processing-url & logout@logout-url use matchers 
Remove the deprecation warnings of using setFilterProcessingUrl by invoking
the matcher methods instead.
 2014-01-29 15:35:18 -06:00
Rob Winch
b5f5665ea6 SEC-2463: CSRF documentation includes EnableWebMvcSecurity 2014-01-29 09:28:51 -06:00
Rob Winch
3b05fd6fed SEC-2466: Add link to MultipartFilter in CSRF multipart section 2014-01-28 22:04:35 -06:00
Rob Winch
4c84805ac9 SEC-2466: CSRF MutipartFilter doc now uses <url-pattern> 2014-01-28 16:51:05 -06:00
james
a99c6db327 SEC-2467: Fix Small errors in itest-web's jsps 2014-01-28 16:03:59 -06:00
Rob Winch
1f833b0d6b Add ExpressionUrlAuthorizationCOnfigurer tests 
- Demo custom expression root
- Demo @Bean in expression example
 2014-01-23 11:21:21 -06:00
Spring Buildmaster
add3aae6ef Next development version 2013-12-16 11:27:25 -08:00
Rob Winch
f09ce267b3 Polish MVC doc 2013-12-16 12:30:25 -06:00
Rob Winch
374aceed2b Polish form.asc 2013-12-16 11:13:23 -06:00
Rob Winch
df703e0189 Polish hellomvc.asc 2013-12-16 10:39:18 -06:00
Rob Winch
8c580dc170 SEC-2444: Polish Thymeleaf for samples 2013-12-16 09:51:00 -06:00
Rob Winch
5205bf57c6 SEC-2453: Create 403 CSRF FAQ Entry 2013-12-16 09:02:02 -06:00
Rob Winch
994117ad75 SEC-2436: Fix CsrfConfigurerNoWebMvcTests 2013-12-14 14:48:47 -06:00
Rob Winch
b7041ed00e SEC-2436: Add @EnableWebMvcSecurity 2013-12-14 14:40:01 -06:00
Rob Winch
053c890a69 SEC-2450: WebSecurityConfigurerAdapter have default Order of 100 2013-12-14 13:00:48 -06:00
Rob Winch
7838e3eeca SEC-2447: JdbcMutableAclServiceTests should invoke aclCache.clearCache() 2013-12-14 10:19:06 -06:00
Rob Winch
2df5541905 SEC-2448: Update to HSQL 2.3.1 2013-12-14 10:19:06 -06:00
Rob Winch
04fac30d75 SEC-2449: <ldap-server> default port should fallback to dynamic value 2013-12-14 10:19:06 -06:00
Rob Winch
54ffa28bde remove apacheDSWorkDir since custom tmp dir is created 2013-12-13 16:38:35 -06:00
Rob Winch
ca1080fb96 SEC-2439: HttpSessionCsrfTokenRepository setHeaderName sets header instead of parameter 2013-12-13 15:47:28 -06:00
Rob Winch
4708287ad3 SEC-2444: Convert Java Config samples to thymeleaf and tiles 2013-12-13 15:47:28 -06:00