Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-02-14 01:14:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,943 Commits 49 Branches 373 Tags
Commit Graph

52 Commits

Author SHA1 Message Date
Spring Operator
6cf279f52e URL Cleanup 
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

# Fixed URLs

## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://www.apache.org/licenses/ with 1 occurrences migrated to:
  https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 with 2118 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.html with 1 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html) result 200).
 2019-03-14 20:23:37 -05:00
Johnny Lim
b6895e6359 Apply Checkstyle WhitespaceAfterCheck module 2017-11-16 11:18:31 -06:00
Johnny Lim
d900f2a623 Remove unused imports 
This commit also adds UnusedImportsCheck Checkstyle module.
 2017-11-14 14:41:08 -06:00
Rob Winch
23f56f568c Update MockitJunitRunner import 
Issue: gh-4608
 2017-10-09 16:13:33 -05:00
Rob Winch
445834784a Update to Mockito 2.10.0 
Issue: gh-4608
 2017-10-09 16:13:11 -05:00
Rob Winch
e16b8e7976 Fix logback-test.xml 2017-08-17 16:42:01 -05:00
Rob Winch
f221920a19 Clean up code to conform to basic checkstyle 
Issue gh-3746
 2016-03-14 00:15:12 -05:00
Billy Korando
71d4ce96ad Convert to assertj 
Fixes gh-3175
 2016-03-09 14:30:17 -06:00
Rob Winch
bb600a473e Start AssertJ Migration 
Issue gh-3175
 2016-03-09 14:26:30 -06:00
Rob Winch
8b641e5f79 SEC-2190: Support WebApplicationContext in ServletContext attribute 2015-10-28 15:12:35 -05:00
Rob Winch
ae6af5d73c SEC-2915: Updated Java Code Formatting 2015-03-25 13:09:18 -05:00
Rob Winch
0a2e496a84 SEC-2915: groovy/gradle spaces->tabs 2015-03-25 13:08:59 -05:00
Rob Winch
6e204fff72 SEC-2781: Remove deprecations 2014-12-04 15:28:40 -06:00
Rob Winch
55d6d5a86a SEC-2615: accesscontrollist tag hasPermission performs OR not AND 
In 3.1 the accesscontrollist tag began performing an and on the
permissions. This may have been accidental, but I think that it is more
intuitive & secure for it to behave this way. When compared to hasAnyRole
and hasRoles the hasPermission tag implies it is an and. If users end up
needing OR support, then the authorize tag can be used along with the
hasPermission expression. For example:

  <sec:authorize access="hasPermission(#domain, 'read') or hasPermission(#domain, 'write') ">

In general, the authorize tag should be preferred as it is the more
powerful way of performing authorization checks.
 2014-11-18 16:59:46 -06:00
Rob Winch
32d3e29c65 SEC-2325: Polish CSRF Tag support 
- Rename csrfField to csrfInput
- Make AbstractCsrfTag package scope
- rename FormFieldTag to CsrfInputTag
- rename MetaTagsTag to CsrfMetaTagsTag
- removed whitespace from tag output so output is
  minimized & improving browser performance
- Update @since
- changed test names to be more meaningful
 2014-03-07 15:28:52 -06:00
beamerblvd
a3e0475998 SEC-2325 Added JSP tags for CSRF meta tags and form fields 2014-03-07 15:28:48 -06:00
Rob Winch
d33b9e2854 SEC-2324: Update Spring Security tld version 2013-09-18 17:40:00 -05:00
Rob Winch
f38df99730 SEC-2045: AbstractAuthorizeTag supports custom WebInvocationPrivilegeEvaluator 2012-10-04 11:34:36 -05:00
Rob Winch
f441c352f6 Clean up warnings in AccessControlListTagTests 2012-08-02 09:49:19 -05:00
Rob Winch
4b86d49a9a SEC-2023: AccessControlListTag again supports bitmasks 
Spring Security 3.1 has a regression i the AccessControlListTag
which should support using the bitmask in hasPermission.

Now hasPermission supports bit masks again.
 2012-08-02 09:48:01 -05:00
Rob Winch
b481a6c1ad SEC-2022: AccessControlListTag again supports , separated list of permissions 
Spring Security 3.0.x allowed developers to pass in a , separated list of permissions.
However, this functionality was accidentally removed in SEC-1560.

The AcessControlListTag now splits the permissions using , as a delimiter
which fixes this passivity issue.
 2012-08-02 09:47:48 -05:00
Rob Winch
b626a63b85 Suppress warnings in AbstractAuthorizeTag and AuthorizeTagCustomGrantedAuthorityTests 2012-04-22 21:54:44 -05:00
Christian Hilmersson
d57f1d56d5 SEC-1900: AbstractAuthorizeTag now compares using getAuthority() 
This avoids backwards compatibility issues with other GrantedAuthority
implementations.
 2012-04-22 21:54:43 -05:00
Rob Winch
8ca2927761 Renamed **/Test.java to **/Tests.java to better follow conventions 2011-12-28 17:39:29 -06:00
Luke Taylor
503ac9ae7c SEC-1798: Remove internal evaluation of EL in JSP tag implementations. 2011-08-12 19:44:27 +01:00
Luke Taylor
74daa68691 SEC-1796: Check for annotated annotations at class/interface level. Previously only the specific security annotation was checked for. By delegating to Spring's AnnotationUtils, custom annotations carrying the security annotation are also detected. 2011-08-12 14:29:55 +01:00
Luke Taylor
63f160dc72 SEC-1749: Add support for PageContext lookup of objects and use of PermissionEvaluator when using web access expressions. 2011-05-19 15:27:35 +01:00
Luke Taylor
ce19b470e2 SEC-1560: Change AccessControlListTag to use PermissionEvaluator rather than explicit ACL classes. 2011-05-17 22:55:20 +01:00
Luke Taylor
4a40d80da1 SEC-1418: Deprecate GrantedAuthorityImpl in favour of final SimpleGrantedAuthority. 
It should be noted that equality checks or lookups with Strings or other authority types will now fail where they would have succeeded before.
 2010-12-03 16:41:46 +00:00
Luke Taylor
4ad0652787 Removed array of authorities constructor from TestingAuthenticationToken and RunAsUserToken. 2010-12-01 20:52:37 +00:00
Rossen Stoyanchev
70600a0277 SEC-1552 Refactor AuthorizeTag and LegacyAuthorize tag to make them independent of JSP tag rendering. 2010-10-26 12:33:51 +01:00
Luke Taylor
3c02989d67 Removal of jmock test dependency and upgrading of mockito version to 1.8.5. Minor adjustments to other build deps and configurations (e.g. prevent groovy from being used as a transitive dep, since we only use it for tests). 2010-08-18 02:32:43 +01:00
Luke Taylor
bf91f2ca67 SEC-524: Added "var" attribute to authorize and accesscontrollist JSP tags. 
Allows the result of the boolean condition granting/denying access to be stored in the page context for later use, without having to duplicate the tag.
 2010-03-24 18:35:17 +00:00
Luke Taylor
0551dd89ac SEC-1420: Add htmlEscape attribute to authentication JSP tag. 
This allows HTML escaping to be disabled if required.
 2010-03-04 00:47:22 +00:00
Luke Taylor
052537c8b0 Removing $Id$ markers and stripping trailing whitespace from the codebase. 2010-01-08 21:05:13 +00:00
Luke Taylor
893f212fa5 Tidying 2010-01-02 19:53:19 +00:00
Luke Taylor
2b99c6331e Javadoc. 2009-10-07 19:07:22 +00:00
Luke Taylor
9374bddceb Added test class for AccessControlListTag. 2009-09-16 19:20:07 +00:00
Luke Taylor
731402e9f5 SEC-525: [PATCH] Add AccessCheckerTag based on URL resource access permissions. Added functionality to "authorize" tag to allow evaluation of whether a particual url is accessible to the user. Uses a WebInvocationPrivilegeEvaluator registered in the application context. 2009-09-16 00:23:13 +00:00
Luke Taylor
b531a81176 SEC-1246: Introduce EL-based authorization tag. Added optional access expression to authorize tag. 2009-09-15 16:34:05 +00:00
Luke Taylor
e94baf38b3 Tidying up to remove warnings (generics, use of deprecated test classes etc). 2009-04-28 06:49:43 +00:00
Luke Taylor
93bdcccaee SEC-1132: Moved userdetails into core and added core/authority sub-package 2009-04-15 07:39:21 +00:00
Luke Taylor
ca7d055c2b SEC-1132: Created core and authentication packages within core module. 2009-04-13 13:43:23 +00:00
Luke Taylor
4a41416c9b Tidying up and removing compiler warnings. 2008-12-21 16:36:16 +00:00
Luke Taylor
cc5966bc7e Tidying up, removing compiler warnings etc. 2008-12-20 00:16:49 +00:00
Luke Taylor
8154161ef5 SEC-1035: Updated build to use Spring 3.0.0.M1 Release 2008-12-18 02:37:00 +00:00
Luke Taylor
0ba690fb0e SEC-1015: Removed acl package from core and also related taglib declaration and implementation class (AclTag). 2008-11-11 09:21:51 +00:00
Luke Taylor
514bca669f SEC-999: Introduced custom SecurityExpressionEvaluationContext which is responsible for lazy initialization of parameter values in the context. Also some further conversion of code using GrantedAuthority arrays. 2008-10-31 11:40:11 +00:00
Luke Taylor
ec44f2bdfe SEC-1012: Refactoring of use of GrantedAuthority[] to generified collections 2008-10-31 03:53:00 +00:00
Luke Taylor
8f7b216de3 Import cleaning, removal of unnecessary constructors etc based on eclipse warnings 2008-03-17 14:10:22 +00:00