Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 07:37:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,798 Commits 34 Branches 337 Tags
Commit Graph

691 Commits

Author SHA1 Message Date
Marten Deinum
67c9f12964 Configuration of session management strategies 
This commit adds the possibility to configure the AuthenticationFailureHandler
of the SessionManagementFilter.

Fixes gh-3794
 2016-09-15 11:10:36 -05:00
Marten Deinum
b88418b94a Configuration of session management strategies 
This commit adds an ExpiredSessionStrategy for the ConcurrentSessionFilter
analogous to the InvalidSessionStrategy for the SessionManagementFilter. It also
adds a configuration option for both the InvalidSessionStrategy and
ExpiredSessionStrategy to the XML namespace and Java configuration.

Fixes gh-3794
Fixes gh-3795
 2016-09-15 11:10:17 -05:00
Rob Winch
4d02a5c0a0 Update pom.xml dependencies 2016-08-30 11:27:29 -05:00
Rob Winch
c6366baee2 Remove MvcRequestMatcher.afterPropertiesSet() 
The validation does not work due to restrictions within the servlet
container. Specifically we cannot access the servlets that are registered.

This commit reverts the validation logic for MvcRequestMatcher to determine
if servletPath is required.

Fixes gh-4027
 2016-08-19 14:18:07 -04:00
novotnyr
f8bfe19a98 Fix typo in autowiring warning (#4026) 
Fixes a misleading message that warns about
PermissionEvaluator when MethodSecurityExpressionHandler
should be mentioned instead.

Fixes gh-3402
 2016-08-16 08:39:49 -05:00
Rob Winch
bb997eecde Fix defaultMethodExpressionHandler autowiring 
Previously if a Bean for GlobalMethodSecurityConfiguration's
defaultMethodExpressionHandler was found on a Configuration that also
@Autowired a Bean that enabled method security, the Bean that was
@Autowired would not have security enabled.

This fixes the issue by delaying the lookup of Beans populated on
GlobalMethodSecurityConfiguration's defaultMethodExpressionHandler.

Fixes gh-4020
 2016-08-10 23:48:07 -05:00
Joe Grandja
e080905a79 MvcRequestMatcher servletPath Polish / XML Config 
Fixes gh-4014
 2016-08-09 16:29:30 -05:00
Rob Winch
3befb1c8a6 MvcRequestMatcher servletPath / JavaConfig 
Issue: gh-3987
 2016-08-09 16:29:30 -05:00
Rob Winch
519c15efb3 Logout is 204 for XMLHttpRequest 
Fixes gh-3997
 2016-08-02 11:26:52 -07:00
Rob Winch
c23c7982ca Add ObjectPostProcessor support for SmartInitializingSingleton 2016-07-21 08:59:17 -05:00
Rob Winch
ca170f8479 DummyRequest supports methods for MvcRequestMatcher 
To support MvcRequestMatcher DummyRequest needs to support
getCharacterEncoding() and getAttribute(String)
 2016-07-14 14:18:31 -05:00
Rob Winch
ada146244e Add HttpSecurity.mvcMatcher 
Fixes gh-3970
 2016-07-14 10:50:49 -04:00
Rob Winch
945e2e2ad4 Fix NPE requestMatchers().mvcMatchers 
Fixes gh-3969
 2016-07-14 10:50:49 -04:00
Marten Deinum
80ff267749 Check RememberMe in ExceptionTranslationFilter 
This commit adds a check for rememberme to the ExceptionTranslationFilter.
Using this when someone isn't fully authenticated he will be prompted with a
login screen and after that will be redirected to the original requested URI.

Fixes gh-2427
 2016-07-13 16:58:00 -04:00
Eddú Meléndez
1effc1882a Add CompositeLogoutHandler 
Fixes gh-3895
 2016-07-08 13:30:38 -05:00
Rob Winch
885f074ddf Fix XsdDocumentedTests 2016-07-07 15:05:04 -05:00
Rob Winch
e297706e8b Polish allow unlimitted sessions 
Update the rnc file

Issue gh-3900
 2016-07-07 14:31:40 -05:00
Michael J. Simons
e3ff4130a5 Allow negative values to configure unlimited sessions 2016-07-07 14:29:18 -05:00
Rob Winch
50d7d3287f Add spring-security-4.2.xsd 2016-07-07 14:19:01 -05:00
Eddú Meléndez
13b0ddb7e6 Fix test assertions 2016-07-07 13:29:00 -05:00
Spring Buildmaster
919f000c80 Release version 4.1.1.RELEASE 2016-07-07 00:57:35 +00:00
Johnny Lim
310bb39a0d Fix typo 2016-07-06 16:22:33 -05:00
Rob Winch
764a4d8414 Fix Error Message typo 
Fixes gh-3953
 2016-07-06 16:19:29 -05:00
Jakob Englisch
b17870ee07 LogoutConfigurer: only allow suitable http methods 2016-07-06 16:17:11 -05:00
Rob Winch
e4c13e3c0e Add MvcRequestMatcher 
Fixes gh-3964
 2016-07-06 15:47:23 -05:00
Rob Winch
13bc70f693 Add CorsFilter support 2016-07-05 14:28:04 -05:00
Rob Winch
c935d857eb Add mvc namespace to XmlApplicationContext 2016-07-01 22:04:55 -05:00
Rob Winch
7f3b3a8b59 Polish 
Issue gh-180
 2016-07-01 13:17:52 -05:00
Rob Winch
bd5f71bb0d Polish 
Fix checkstyle for LDAP JavaConfig Authority mapping

Issue gh-2768
 2016-06-21 17:08:37 -05:00
Tony Dalbrekt
b76e3be822 LDAP Java Config supports GrantedAuthoritiesMapper 
Fixes gh-2768
 2016-06-21 16:43:13 -05:00
Rob Winch
26ad1cb4a5 Polish RememberMe Validation 
Issue gh-3909
 2016-06-21 14:57:15 -05:00
Eddú Meléndez
87224f62e4 RememberMe JavaConfig Validation 
Add validation when rememberMeServices and rememberMeCookieName are
provided

Fixes gh-3909
 2016-06-21 14:57:01 -05:00
Rob Winch
66858e22ad Disable XMLHttpRequest for formLogin entry point 
Previously the following:

http http://localhost:8080/user \
  "X-Requested-With:XMLHttpRequest" "Accept:text/plain"

Produced a 302 instead of a 401

Fixes gh-3887
 2016-06-20 15:30:00 -05:00
Eddú Meléndez
39ed7d0eca Propagate rolePrefix to LdapAuthoritiesPopulator 
Previous to this commit, custom rolePrefix was not propagated to
LdapAuthoritiesPopulator populating  a wrong authority. Now, rolePrefix
is propagated and the authority is as expected.

Fixes gh-3921
 2016-06-20 12:44:02 -05:00
Eddú Meléndez
a2ead4cf7a Polish 
Fixes gh-3892
 2016-06-20 12:35:43 -05:00
Rob Winch
2d6051625f Update pom.xml 2016-06-17 14:30:11 -05:00
Rob Winch
477573b3bc Fix @EnableGlobalAuthentication & method seucrity on @Configuration class 
Fixes gh-3934
 2016-06-17 14:05:11 -05:00
Rob Winch
fa1c484587 AuthenticationConfiguration.getAuthenticationManager() supports recursion 
AuthenticationConfiguration.getAuthenticationManager() now supports
recursion. This is necessary in instances where something using
@EnableGlobalAuthentication requires an object using method level security.

Fixes gh-3935
 2016-06-17 14:02:36 -05:00
Rob Winch
9e3d2e2d99 HTTP Basic default logout ignores text/html 
This fixes an issue where Chrome sends an accept header of application/xml
which triggers an HTTP 204 to be returned

Fixes gh-3902
 2016-06-14 16:27:56 -05:00
Sola
d3b3f8e004 Fix WebSecurityConfigurerAdapter Javadoc 
The constructor's Javadoc was incorrect. This commit
fixes it.
 2016-05-23 08:12:50 -05:00
Spring Buildmaster
001b05569a Release version 4.1.0.RELEASE 2016-05-05 04:25:46 +00:00
Joe Grandja
e68d8bfaea Clarifies sessionAuthenticationStrategy setter 
Fixes gh-234
 2016-05-02 13:21:58 -05:00
Joe Grandja
491abf2600 Revert "Fix test for SessionManagementConfigurer" 
This reverts commit 17b25d14779af5de9cb0f391f4dc0af7a620a646.

Issue gh-234
 2016-05-02 13:21:58 -05:00
Joe Grandja
0d2b797c2a Revert "Fix sessionAuthenticationStrategy setter" 
This reverts commit 8f5d46ad68d3a28f6c118000a8fcfb9aab71c3a5.

Issue gh-234
 2016-05-02 13:21:58 -05:00
Joe Grandja
17b25d1477 Fix test for SessionManagementConfigurer 
Fixes gh-234
 2016-04-21 16:50:03 -04:00
didiez
8f5d46ad68 Fix sessionAuthenticationStrategy setter 
sessionAuthenticationStrategy was setting sessionFixationAuthenticationStrategy instead

Fixes gh-234
 2016-04-21 16:21:54 -04:00
Spring Buildmaster
24d0069668 Release version 4.1.0.RC2 2016-04-21 01:47:25 +00:00
Rob Winch
7fe0a135ec Default AntPathRequestMatcher to be case sensitive 
Issue gh-3831
 2016-04-20 13:29:18 -05:00
Rob Winch
510cd59980 Default logout negotiation in Java Configuration 
This commit adds content negotiation for log out.

Fixes gh-3282
 2016-04-20 10:59:14 -05:00
Rob Winch
51995dc187 Add Java Configuration InvalidSessionStrategy (#3827) 
Allow configuring the InvalidSessionStrategy in Java Configuration.

Fixes gh-3371
 2016-04-20 09:59:27 -04:00