Commit Graph

462 Commits

Author SHA1 Message Date
Rob Winch 6c35c33abe SEC-2447: Fix AuthenticationManagerBuilder ordering issues 2014-02-09 21:17:51 -06:00
Rob Winch c42e13c966 loginProcessing test 2014-02-07 17:01:11 -06:00
Rob Winch 6b42a2eae1 SEC-2461: Multi WebSecurityConfiguration does not create null springSecurityFilterChain 2014-02-07 17:01:11 -06:00
Rob Winch ec8b48150d SEC-2474: Update poms 2014-02-07 17:01:11 -06:00
Rob Winch 8d8475deb1 SEC-2455: form-login@login-processing-url & logout@logout-url use matchers
Remove the deprecation warnings of using setFilterProcessingUrl by invoking
the matcher methods instead.
2014-01-29 15:35:18 -06:00
Rob Winch 1f833b0d6b Add ExpressionUrlAuthorizationCOnfigurer tests
- Demo custom expression root
- Demo @Bean in expression example
2014-01-23 11:21:21 -06:00
Rob Winch 994117ad75 SEC-2436: Fix CsrfConfigurerNoWebMvcTests 2013-12-14 14:48:47 -06:00
Rob Winch b7041ed00e SEC-2436: Add @EnableWebMvcSecurity 2013-12-14 14:40:01 -06:00
Rob Winch 053c890a69 SEC-2450: WebSecurityConfigurerAdapter have default Order of 100 2013-12-14 13:00:48 -06:00
Rob Winch 2df5541905 SEC-2448: Update to HSQL 2.3.1 2013-12-14 10:19:06 -06:00
Rob Winch 04fac30d75 SEC-2449: <ldap-server> default port should fallback to dynamic value 2013-12-14 10:19:06 -06:00
Rob Winch 54ffa28bde remove apacheDSWorkDir since custom tmp dir is created 2013-12-13 16:38:35 -06:00
Rob Winch a34178bc40 SEC-2434: Update to Spring 3.2.6 and Spring 4.0 GA 2013-12-12 08:16:59 -06:00
Rob Winch aaa7cec32e SEC-2326: CsrfRequestDataValueProcessor implements RequestDataValueProcessor
Previously there was unecessary complexity in CsrfRequestDataValueProcessor
due to the non-passive changes in RequestDataValueProcessor. Now it simply
implements the interface with the methods for both versions of the interface.
This works since linking happens at runtime.
2013-12-12 08:07:22 -06:00
Rob Winch 7f714ebb23 SEC-2422: Session timeout detection with CSRF protection 2013-12-11 17:38:17 -06:00
Rob Winch 00d668dc5c SEC-2431: UrlAuthorizationConfigurer missing <HttpSecurity> in doc 2013-12-11 11:07:05 -06:00
Rob Winch 4460e84b29 Updates to pom.xml author and repo 2013-12-09 08:57:30 -06:00
Rob Winch 8e8bdad8e6 SEC-2386: Remove stack for AuthenticationManagerBuilder with no authenticationProviders 2013-12-04 15:53:32 -06:00
Rob Winch f2fdc9d1f5 SEC-2425: Add Test for EnableGlobalMethodSecurity works on parent config 2013-12-04 14:54:56 -06:00
Rob Winch 595b16d836 SEC-2377: Fix tests 2013-12-03 11:48:25 -06:00
Rob Winch 2a632a061e SEC-2377: Hhandle EnableWebSecurity in both child & parent ApplicationContext 2013-12-03 10:45:25 -06:00
Rob Winch 0b996c669f SEC-2424: Document ObjectPostProcessor 2013-12-02 10:17:08 -06:00
Rob Winch 13c5af5b91 SEC-2407: Better error message for missing securityFilterChainBuilders 2013-11-26 10:12:55 -06:00
Rob Winch c7b93e6cee SEC-2404: Fix CSRF config tests 2013-11-21 15:35:26 -06:00
Rob Winch 9dbe30c81d SEC-2165: remember-me@token-validity-seconds can be parameterized 2013-11-15 14:58:53 -06:00
Rob Winch afddb5eb39 SEC-2373: Update XSD doc to state security="none" 2013-11-15 13:50:49 -06:00
Rob Winch 6382b6341a SEC-2355: Add test to validate intercept-url PATCH works 2013-11-15 11:57:47 -06:00
Collin Peters 85cd5627b6 SEC-2355: Add PATCH to intercept-url xsd 2013-11-15 11:46:34 -06:00
Rob Winch 2c8946c406 Next development version 2013-11-01 14:20:55 -05:00
Spring Buildmaster 9c703a3051 Release version 3.2.0.RC2 2013-11-01 14:20:49 -05:00
Rob Winch dc317b3602 WebSecurityConfigurerAdapter implements WebSecurityConfigurer 2013-11-01 12:26:32 -05:00
Rob Winch cda23443ac XsdDocumentedTests now uses asciidoc instead of asciidoctor 2013-11-01 09:32:05 -05:00
Rob Winch 26be54653b SEC-2382: AutowireBeanFactoryObjectPostProcessor works w/ BeanNameAutoProxyCreator 2013-10-30 11:20:42 -05:00
Rob Winch 9e7fbf8067 SEC-2321: Refine to use X-Requested-With: XMLHttpRequest 2013-10-28 14:00:56 -05:00
Rob Winch 5f290ba10f SEC-2371: Remove ObjectPostProcessor.QUIESENT_POSTPROCESSOR 2013-10-18 14:31:13 -05:00
Rob Winch 604c26eb0d Shis simplifies the class hieararchy significantly.EC-2366: Extract AbstractRequestMatcherRegistry from AbstractRequestMatcherConfigurer
This simplifies the class hierarchy significantly.
2013-10-17 13:37:51 -05:00
Rob Winch 348e3a22b6 SEC-2365: registerAuthentication->configure 2013-10-16 13:59:56 -05:00
Rob Winch 0978c12c47 SEC-2361: Java Config Sampels use @Autowired AuthenticationManagerBuilder 2013-10-15 12:35:32 -05:00
Rob Winch 0b0e7dbea9 SEC-2359: Merge DefaultLoginPageViewFilter w/ DefaultLoginPageGeneratingFilter 2013-10-14 15:00:24 -05:00
Rob Winch 51171efa7a SEC-2357: Move *RequestMatcher to .matcher package 2013-10-14 11:55:56 -05:00
Rob Winch 14b9050616 SEC-2357: Move *RequestMatchers to .matchers package 2013-10-14 10:36:31 -05:00
Rob Winch f2b44e6beb Fix javadoc whitespace issue in HttpBasicConfigurer 2013-10-11 14:53:11 -05:00
Rob Winch 4ef0460ef6 SEC-2321: Improve Java Config defaults for JavaScript clients 2013-10-11 14:53:11 -05:00
Rob Winch 5f10d84bf5 SEC-2303: WebSecurity sets the Bean resolver 2013-10-06 13:37:51 -05:00
Rob Winch dd1c2483b5 SEC-2349: Fix documentation tests 2013-10-03 17:03:17 -05:00
Rob Winch 8087cde628 SEC-2331: Include Expires: 0 in xsd and appendix 2013-09-27 17:10:42 -05:00
Rob Winch 17efd25717 SEC-2331: Include Expires: 0 in security headers documentation 2013-09-27 16:13:40 -05:00
Rob Winch 614c94187e SEC-2305: GlobalMethodSecurityConfiguration autowire PermissionEvaluator
If a single PermissionEvaluator bean is found the
DefaultMethodSecurityExpressionHandler is configured with the
PermissionEvaluator. If multiple PermissionEvaluator beans are found, the
beans are ignored.
2013-09-27 15:46:45 -05:00
Rob Winch a09756745f SEC-2151: Support binding method arguments with Annotations
This allow utilizing method arguments for method access control on
interfaces prior to JDK 8.
2013-09-27 11:18:37 -05:00
Rob Winch cea0cf9260 SEC-2243: Remove additional Debug Filter 2013-09-26 11:38:16 -05:00