Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,780 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

4780 Commits

Author SHA1 Message Date
Rob Winch 686a7a8d62 SEC-2223: Correct FirewalledRequest#reset() javadoc 2013-07-21 14:30:20 -05:00
Rob Winch 04b7d5ca08 SEC-2156: Only configures COOKIE instead of SSL 
Configuring SSL is only allowed for SSL enabled applications and should
be configured on its own (not in conjuction with other modes).
 2013-07-20 10:29:54 -05:00
Rob Winch cf0fdc2d66 SEC-2222: Use auth parameter name instead of registry 2013-07-20 07:49:07 -05:00
Rob Winch ac053dbda7 SEC-2156: AbstractSecurityWebApplicationInitializer configures SessionTrackingMode 
It also allows customization by overriding a method.
 2013-07-19 17:09:58 -05:00
Rob Winch 90bd241ce2 SEC-2199: Support multiple AuthenticationEntryPoint defaults 2013-07-19 17:09:58 -05:00
Rob Winch 87c9a14bff SEC-2198: http.httpBasic() defaults AuthenticationEntryPoint 2013-07-19 17:09:58 -05:00
Rob Winch 4411ae3ff6 SEC-2221: Add MediaTypeRequestMatcher 2013-07-19 17:09:31 -05:00
Rob Winch eb15b19e50 SEC-2195: Update Groovy version on web module 2013-07-16 22:44:51 -05:00
Rob Winch 0f281f9575 SEC-2215: ServletApiConfigurer populates properties on SecurityContextHolderAwareRequestFilter 
Previously ServletApiConfigurer left the following properties null:
authenticationManager, logoutHandlers, and authenticationEntryPoint
 2013-07-16 22:43:53 -05:00
Rob Winch 59e8551279 Fix package tangles 2013-07-16 17:08:03 -05:00
Rob Winch 5e6ca12b01 SEC-2097: Update integrationTestCompile to use optional and provided 
Also update slf4j version and remove explicit commons-logging from pom generation
 2013-07-16 15:59:06 -05:00
Rob Winch 955a60cf49 SEC-2208: Use std docbook plugin and workspace cleanup 2013-07-16 15:15:47 -05:00
Rob Winch 7d9f0d688a SEC-2207: Workaround for GRADLE-1116 2013-07-16 15:15:47 -05:00
Rob Winch 00ed77af20 SEC-2207: Trick Gradle Eclipse to import project and not the build folders 2013-07-16 15:15:47 -05:00
Rob Winch 41b64e05d0 SEC-2211: check.dependsOn integrationTest 2013-07-16 15:15:47 -05:00
Rob Winch 02551e1b7a SEC-2214: Update Spring Version 2013-07-16 15:15:47 -05:00
Rob Winch faa8b354b7 SEC-2209: add pom.xml 2013-07-16 15:15:47 -05:00
Rob Winch e5fc063680 SEC-2206: Gradle Propdeps 2013-07-16 15:15:42 -05:00
Rob Winch 01230c76ef SEC-2217: Sonar Runner 2013-07-16 15:13:22 -05:00
Rob Winch 3c9a80433f SEC-2207: AspectJPlugin uses compileAspect and compileTestAspect 2013-07-16 15:02:39 -05:00
Rob Winch 07c3fdf8a7 SEC-2195: Update Groovy, Geb, Spock, httpcomponents, and Jetty 2013-07-16 15:02:39 -05:00
Rob Winch 1705c5d796 SEC-2207: Update Gradle to 1.6 2013-07-16 15:02:39 -05:00
Rob Winch fb45db11e9 SEC-2191: Remove AuthenticationManagerBuilder default constructor 
This ensures that users must choose what ObjectPostProcessor is being used
with AuthenticationManagerBuilder. To make things easier for users, we now
automatically add an AuthenticationManagerBuilder object that can be used
for creating an AuthenticationManager with @Autowired.
 2013-07-05 12:10:03 -05:00
Rob Winch e88800cd9b SEC-2187: Polish 
Create private utf8UrlEncode method to improve readability
 2013-07-05 10:24:10 -05:00
Tom Boettcher 54c1c20c69 SEC-2187: Encode query parameter names and values in return_to URL 2013-07-05 09:47:18 -05:00
Rob Winch e5c450a14c Merge in AbstractSecurityWebApplicationInitializerTests.groovy 2013-07-05 09:42:19 -05:00
Keesun Baik cf80cc88b5 SEC-2192: Create DEFAULT_FILTER_NAME 2013-07-05 09:41:53 -05:00
Rob Winch cd34c47643 Next development version 2013-07-01 14:05:22 -05:00
Spring Buildmaster b45f7b9585 [artifactory-release] Release version 3.2.0.M2 2013-07-01 11:42:45 -07:00
Rob Winch 3c178a339e remove snapshot repo references 2013-07-01 13:00:57 -05:00
Rob Winch 70b3a330ef #137 WebSecurityConfigurerAdapter no longer uses getClass() for logger 
Previously it was difficult to change log levels due to CGLIB proxying of
the class which impacted the logger name.
 2013-07-01 10:07:38 -05:00
Rob Winch 17bef05c3c #138 WebInvocationPrivilegeEvaluator has default value 2013-07-01 08:46:57 -05:00
Rob Winch d8ed429370 #138 Tests for WebSecurityExpressionHandler bean existing 2013-07-01 08:37:12 -05:00
Rob Winch 4d282cbe0d SEC-1953: Polish 2013-06-30 21:51:25 -05:00
Rob Winch 7412fe0748 SEC-1953: Polish bundlor warnings 2013-06-30 21:45:45 -05:00
Rob Winch d0c4e6ca72 SEC-1953: Spring Security Java Config support 
This is the initial migration of Spring Security Java Config from the
external project at
https://github.com/SpringSource/spring-security-javaconfig
 2013-06-30 17:28:33 -05:00
Luke Taylor fba4fec84b SEC-2175: Correct XSD docs on auto-config. 2013-06-09 14:51:58 +01:00
Rob Winch 7bc87cf13b SEC-2002: Polishing 2013-06-06 15:05:00 -05:00
Nicholas Williams d89ace26ab SEC-2002: Added events to notify of session ID change 
Session fixation protection, whether by clean new session or
migrated session, now publishes an event when a session is
migrated or its ID is changed. This enables application developers
to keep track of the session ID of a particular authentication
from the time the authentication is successful until the time
of logout. Previously this was not possible since session
migration changed the session ID and there was no way to
reliably detect that.

Revised changes per Rob Winch's suggestions.
 2013-06-05 14:44:17 -05:00
Luke Taylor 743960d2d8 SEC-2122: Fix broken integration tests. 
Modified BCryptPasswordEncoder to no longer throw an
IllegalArgumentException when the encoded password is empty or
the incorrect format for bcrypt. Instead it now logs a warning
that non bcrypt data was found.

The Dms integration tests were failing after being changed to
use bcrypt and this fixes the issue.
 2013-05-21 23:13:08 +01:00
Luke Taylor d8727638ab SEC-1785: Remove auto-config from manual. 
Changed the namespace doc to use an explicit form-login
and logout element and avoid mention of auto-config or its
effects. This makes the intro shorter and simpler.
 2013-05-18 21:25:11 +01:00
Luke Taylor ebba8ac514 SEC-2122: Update namespace to support bcrypt. 
password-encoder now supports hash='bcrypt'.
 2013-05-17 19:17:18 +01:00
Luke Taylor 896339087f SEC-2122: Update samples to use bcrypt. 
Data sources modified to store bcrypt hashes and configs now
use BCryptPassworEncoder.
 2013-05-17 18:44:30 +01:00
Luke Taylor d6524feb62 SEC-2122: Change doc to prioritize bcrypt use 2013-05-17 18:42:47 +01:00
Rob Winch 34893cd53a Remove ApacheDSContainerTests successfulStartupAndShutdown since it was commented out 2013-04-25 11:21:23 -05:00
Rob Winch 407b08956b SEC-2161: <ldap-server> creates unique dir for embedded LDAP 2013-04-25 11:21:21 -05:00
Rob Winch dd554e1842 SEC-2162: ApacheDSContainer throws RuntimeException on failure to start 2013-04-25 11:21:19 -05:00
Rob Winch c0921b9ede SEC-2133: Update doc from ChannelAuthenticationFilter to ChannelProcessingFilter 2013-04-25 08:56:47 -05:00
Rob Winch e469c93f9d SEC-2147: Deprecate .encoding.PasswordEncoding 2013-04-25 08:56:47 -05:00
Rob Winch f594ed76db SEC-2087: GlobalMethodSecurityBeanDefinitionParser uses AuthenticationManager to create AuthenticationManagerDelegator 2013-04-25 08:56:46 -05:00