Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-02-14 01:14:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,943 Commits 49 Branches 373 Tags
Commit Graph

2472 Commits

Author SHA1 Message Date
Spring Operator
6cf279f52e URL Cleanup 
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

# Fixed URLs

## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://www.apache.org/licenses/ with 1 occurrences migrated to:
  https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 with 2118 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.html with 1 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html) result 200).
 2019-03-14 20:23:37 -05:00
Ankur Pathak
88d57e0b8e fixes setting paramName only when it is not null 
Fixes: gh-6223
 2019-01-10 10:34:32 -06:00
Joe Grandja
aea9ee5f2a AuthenticationFailureEvent should publish once 
Fixes gh-6281
 2018-12-21 08:50:12 -05:00
Zhanwei Wang
78a6c48f84 Improve error message for Chinese. 2018-12-06 13:55:00 -06:00
Robbie Martinus
f6657b7771 SessionRegistryImpl uses computeIfAbsent 
Fixes: gh-5834
 2018-12-05 10:29:20 -06:00
Joe Grandja
d6da4d20b4 Set AuthenticationEventPublisher on each AuthenticationManagerBuilder 
Fixes gh-6009
 2018-10-23 14:49:44 -04:00
Johnny Lim
5e74da9b4f Add a missing space in Secured.value() signature 2018-10-03 14:49:45 -04:00
Rob Winch
a1c381c276 Add JdbcUserDetailsManager(DataSource) constructor 
Fixes: gh-5512
 2018-07-13 15:58:36 -05:00
Rob Winch
8659a4b555 Add UserDetailsRepositoryReactiveAuthenticationManager.setScheduler 
Fixes: gh-5417
 2018-06-11 14:30:11 -05:00
Kazuki Shimizu
8883ec17e5 Fix JdbcDaoImpl Javadoc 
Fix incorrect explanation for customizing query on JdbcDaoImpl

Issue: gh-5306
 2018-05-04 10:48:55 -05:00
Rob Winch
a5dc48f9d9 Improve PasswordEncoder deprecated notices 
Fixes: gh-5296
 2018-05-03 15:13:20 -05:00
Rob Winch
2f441f18e6 Make MIN_SPRING_VERSION Dynamic 
Fixes: gh-5065

# Conflicts:
#	core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
 2018-05-03 11:01:27 -05:00
Joe Grandja
64cb256bb9 Update to Spring Framework 5.0.5 
Fixes gh-5166
 2018-04-04 10:27:43 -04:00
Joe Grandja
55019b2f0b Fix SecuredAnnotationSecurityMetadataSourceTests -> Related SPR-16677 2018-04-03 11:16:50 -04:00
Rob Winch
151b545ed0 Polish Javadoc 
Fixes: gh-5186
 2018-03-29 15:33:31 -05:00
Rob Winch
6729c39905 Fix JDK 9 
Issue: gh-5160
 2018-03-28 15:00:41 -05:00
Josh Cummings
a7f180b2c7 Authorities authenticate TestingAuthenticationToken 
In other extensions of `AbstractAuthenticationToken`, the constructors
that include `authorities` call `setAuthenticated(true)`. This includes
`PreAuthenticated`-, `UsernamePassword`-, and
`RememberMeAuthenticationToken`.

This change brings `TestingAuthenticationToken` in line with that
convention.

Note that this was done once already to one of the constructors
(ee13be4) in `TestingAuthenticationToken` that takes an arity of
`authorities`. It was not propagated to the constructor that takes a
collection, which is what this commit remedies.

Fixes: gh-5098
 2018-03-09 13:26:36 -06:00
Johnny Lim
d316803596 Polish DaoAuthenticationProviderTests 2018-03-02 08:55:37 -06:00
Rob Winch
8d75554b6b Lazily Create Throwables 
Fixes: gh-5040
 2018-02-26 16:24:40 -06:00
Rob Winch
831399be16 Update to Spring Framework 5.0.4 
Fixes: gh-5027
 2018-02-19 22:00:33 -06:00
Rob Winch
7063a9e111 Issue: gh-5018 2018-02-16 16:50:14 -06:00
Rob Winch
964a14b224 Document Reactive Method security requires Publisher return types 
Fixes: gh-4988
 2018-02-07 16:43:18 -06:00
Lóránt Pintér
f7beb537f0 Add included build to JAR 
Instead of copying classes to the compile output, we now add them directly to the JAR.
This allows JavaCompile to be cached, since there are no overlapping outputs anymore.
 2018-02-02 11:50:00 -06:00
Rob Winch
8b7f772761 Update to Jackson 2.9.4 
Fixes: gh-4985
 2018-02-01 13:45:06 -06:00
Rob Winch
994abb0d00 Document User.withDefaultPasswordEncoder unsafe for production 
Fixes: gh-4793
 2018-01-31 16:26:26 -06:00
Rob Winch
f7e49ace9f Add TestAuthentication 2018-01-26 15:13:09 -06:00
Rob Winch
c5e6ee4563 Update Dependencies 
Fixes: gh-4973
 2018-01-24 13:48:14 -06:00
Rob Winch
6ba225b62d Polish userNotFoundEncodedPassword 
Ensure that if passwordEncoder is set that userNotFoundEncodedPassword
is encoded again if already set.

Issue: gh-4915
 2018-01-24 11:06:08 -06:00
Phillip Webb
fd78d055aa Lazily initialize userNotFoundEncodedPassword 
Update `DaoAuthenticationProvider` so that `userNotFoundEncodedPassword`
is lazily initialized on the first call to `retrieveUser`, rather than
in `doAfterPropertiesSet`.

Since some `PasswordEncoder` implementations can be slow, this change
can help to improve application startup times and the expense of some
delay with the first login.

Note that `userNotFoundEncodedPassword` creation occurs on the first
user retrieval, regardless of whether the user is ultimately found. This
ensures consistent processing times, regardless of the outcome.

First Call:
	Found      = encode(userNotFound) + decode(supplied)
	Not-Found  = encode(userNotFound) + decode(userNotFound)

Subsequent Call:
	Found      = decode(supplied)
	Not-Found  = decode(userNotFound)

Fixes gh-4915
 2018-01-24 11:06:08 -06:00
Johnny Lim
f3830eec7d Rename userDetailsRepository to userDetailsService 2018-01-10 16:04:48 -06:00
Rob Winch
803cdcf01e Test Jackson HashMap in Whitelist 
Issue: gh-4889
 2018-01-03 16:17:23 -06:00
Chris Burrell
cf97e16379 Add HashMap to Jackson whitelist 
Issue: gh-4889
 2018-01-03 16:17:23 -06:00
Rob Winch
b9152701a6 Javadoc Polish 2017-12-21 16:43:11 -06:00
Johnny Lim
921157cdcd Remove explicit super() calls 2017-12-21 15:11:51 -06:00
Johnny Lim
57353d18e5 Use diamond type 2017-12-21 15:09:00 -06:00
Rob Winch
c856c376df Fix UTF-8 in JdbcDaoImplTests 2017-12-20 15:50:23 -06:00
Joe Grandja
e19fdb6cc1 Remove AuthenticatedPrincipal from UserDetails 
Issue gh-4877
 2017-11-30 10:52:24 -05:00
Joe Grandja
50d1a81458 AbstractAuthenticationToken.getName() uses UserDetails.getUsername() 
Fixes gh-4877
 2017-11-30 09:17:42 -05:00
Rob Winch
ee1745b681 Update to Spring Framework 5.0.2.RELEASE 2017-11-27 11:57:03 -06:00
Rob Winch
691bf2e11d PasswordEncoder Bean for AuthenticationManagerBuilder 
Issue: gh-4873
 2017-11-27 11:42:56 -06:00
Johnny Lim
701933c7f7 Fix copyright start years 
See gh-4655
See gh-4725
 2017-11-17 10:14:32 -06:00
Johnny Lim
5f518d00e5 Apply Checkstyle EmptyStatementCheck module 
This commit adds Checkstyle `EmptyStatementCheck` module and aligns code with it.
 2017-11-16 20:18:21 -06:00
Oleg Zhuravlev
563139c469 Fix keys in messages bundle 2017-11-16 11:28:57 -06:00
Benedikt Ritter
fffd781b03 Add localization to error messages from ExceptionTranslationFilter 
Fixes gh-4504
 2017-11-16 11:25:56 -06:00
Johnny Lim
b6895e6359 Apply Checkstyle WhitespaceAfterCheck module 2017-11-16 11:18:31 -06:00
Johnny Lim
d900f2a623 Remove unused imports 
This commit also adds UnusedImportsCheck Checkstyle module.
 2017-11-14 14:41:08 -06:00
Rob Winch
6d4b4bf2c7 Align Dependencies with Spring IO Cairo 
Fixes gh-4821
 2017-11-14 13:45:24 -06:00
Johnny Lim
99df632f24 Add missing @Override annotations 
This commit also adds MissingOverrideCheck module to Checkstyle configuration.
 2017-11-08 13:27:24 -06:00
Rob Winch
d9abd2e443 User.UserBuilder only encodes once 
Fixes gh-4794
 2017-11-06 09:47:37 -06:00
Greg Turnquist
881cd0befb Fix UsernamePasswordAuthenticationTokenMixin to handle null credentials/details 
Resolves #4698
 2017-10-31 16:34:07 -05:00