Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-23 15:20:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,952 Commits 33 Branches 337 Tags
Commit Graph

256 Commits

Author SHA1 Message Date
Rob Winch
730dcffe6d Fix crossrefs in footnotes 2013-10-15 16:50:26 -05:00
Rob Winch
bf3b5459cd Fix Authors of manual 2013-10-15 16:22:27 -05:00
Rob Winch
51171efa7a SEC-2357: Move *RequestMatcher to .matcher package 2013-10-14 11:55:56 -05:00
Rob Winch
14b9050616 SEC-2357: Move *RequestMatchers to .matchers package 2013-10-14 10:36:31 -05:00
Rob Winch
d28058303b SEC-2349: Move FAQ into reference 2013-10-03 21:28:55 -05:00
Rob Winch
4b43cf3f50 SEC-2349: Convert Reference to Asciidoctor 2013-10-03 14:15:09 -05:00
Rob Winch
df5e034fc3 SEC-2282: Polish CSRF Documentation 2013-09-27 17:14:21 -05:00
Rob Winch
8087cde628 SEC-2331: Include Expires: 0 in xsd and appendix 2013-09-27 17:10:42 -05:00
Rob Winch
8fed90c26c SEC-2282: Add links for AccessDeniedHandler in CSRF doc 2013-09-27 16:44:34 -05:00
Rob Winch
3e95f1c12e SEC-2282: Polish CSRF Documentation 2013-09-27 16:41:06 -05:00
Rob Winch
ee33a6deeb SEC-2285: Headers doc explicitly state default headers 2013-09-27 16:29:10 -05:00
Rob Winch
17efd25717 SEC-2331: Include Expires: 0 in security headers documentation 2013-09-27 16:13:40 -05:00
Rob Winch
06a0ec1a9f SEC-2285: Polish Security Headers Documentation 
Explain why (passivity) XML Namespace doesn't enable security headers by
default.
 2013-09-27 16:13:18 -05:00
Rob Winch
9bb283044f SEC-2282: Polish CSRF Documentation 
Explain why (passivity) XML Namespace doesn't enable csrf protection by
default.
 2013-09-27 16:06:25 -05:00
Rob Winch
a09756745f SEC-2151: Support binding method arguments with Annotations 
This allow utilizing method arguments for method access control on
interfaces prior to JDK 8.
 2013-09-27 11:18:37 -05:00
Rob Winch
1f3b812a66 SEC-2282: Polish CSRF Documentation 2013-09-26 08:58:39 -05:00
Rob Winch
ef7cc40389 SEC-2282: Polish CSRF Documentation 2013-09-25 17:30:50 -05:00
Rob Winch
d16106ef56 SEC-2309: Document CSRF multipart/form-data 2013-09-25 15:14:32 -05:00
Rob Winch
e5804d323b SEC-2256: Fix intercept-url doc precidence statement 
Previously the documentation incorrectly stated "If a request matches
multiple patterns, the method-specific match will take precedence
regardless of ordering."

This has now been removed and InterceptUrlConfigTests was added previously
to ensure this was true.
 2013-09-13 22:02:52 -07:00
Rob Winch
98fe2322cd SEC-2095: Fix Servlet API doc ids 2013-08-30 13:10:32 -05:00
Scott Andrews
fc16450344 Demonstrate rest.js CSRF support in reference docs 
rest.js 0.9.4 added support for applying the CSRF header and token to
Ajax requests.
 2013-08-30 12:21:32 -05:00
Rob Winch
246c632f3a SEC-2095: Document Servlet API support 2013-08-30 12:20:35 -05:00
Rob Winch
86340b8016 SEC-2283: Polish headers doc 2013-08-29 13:47:54 -05:00
Rob Winch
d89cf6db29 SEC-2283: Update headers documentation and tests 2013-08-28 12:35:40 -05:00
Rob Winch
4761614c9f SEC-2291: Fix internal links within reference 
Instead of using xlink:href="# use linkend="
 2013-08-28 09:12:27 -05:00
Rob Winch
69aac09e1d SEC-2285: Added headers to to reference 2013-08-28 08:58:45 -05:00
Rob Winch
9483226d02 SEC-2282: Polish CSRF doc 2013-08-27 17:16:32 -05:00
Rob Winch
98bdd32ca0 SEC-2282: Add CSRF documentation to the reference manual 2013-08-25 19:00:04 -05:00
Rob Winch
18bd82e7d4 SEC-2131: Update doc to state session authentication sends 401 if no page 2013-08-25 11:37:23 -05:00
Rob Winch
cd7055f725 SEC-2171: Include Information about pooling in Spring LDAP documentation 2013-08-25 11:27:50 -05:00
Rob Winch
7f2308f46c SEC-2146: Document AspectJ does not inherit annotations 2013-08-25 11:06:36 -05:00
Rob Winch
efa9f4db93 SEC-2108: Fix typo in ldap section of manual 2013-08-23 14:09:58 -05:00
Rob Winch
e8788f2657 SEC-2269: Fix markup for CSRF link 2013-08-21 10:08:39 -05:00
Rob Winch
17c2a18fee SEC-2269: Fix CSRF link in appendix 2013-08-21 10:01:19 -05:00
Rob Winch
a3a432f7b6 SEC-2269: Fix additional links 2013-08-20 14:02:33 -05:00
Rob Winch
3b2156969d SEC-2269: Fix headers link 2013-08-20 10:06:00 -05:00
Rob Winch
f707101fdb SEC-2269: Fix headers documentation 2013-08-20 10:03:31 -05:00
Rob Winch
e9bb9e766e SEC-1574: Add CSRF Support 2013-08-15 14:49:21 -05:00
beamerblvd
5f35d9e3ec SEC-2135: Document HttpServletRequest.changeSessionId() support 2013-08-15 13:59:16 -05:00
Rob Winch
13da42ca1b SEC-2137: Allow disabling session fixation and enable concurrency control 2013-08-15 12:50:40 -05:00
Asaf David
333a7291a4 SEC-2242: Fixed typo in technical overview 
Changed "source source" to "source"
 2013-08-01 13:02:56 -05:00
Rob Winch
e242aeff3e SEC-2230: Polish and clickjacking demo 2013-08-01 10:19:36 -05:00
Rob Winch
283c906215 SEC-2230: Fix reference PDF 2013-07-31 12:22:41 -05:00
Rob Winch
988e97e366 SEC-2230: Polish headers reference 2013-07-31 10:39:52 -05:00
Rob Winch
c85328c5d1 SEC-2230: HTTP Strict Transport Security (HSTS)Add support for Strict 
This is a distinct filter as apposed to reusing StaticHeaderWriter
since the specification specifies that the "Strict-Transport-Security"
header should only be set on secure requests. It would not make sense to
require DelegatingRequestMatcherHeaderWriter since this requirement is
in the specification.
 2013-07-31 10:39:52 -05:00
Rob Winch
8013cd54d6 SEC-2230: Added Cache Control support 2013-07-31 10:39:45 -05:00
Rob Winch
7b164bb5e1 SEC-2230: Polish pull request 2013-07-26 14:19:53 -05:00
Rob Winch
8acd205486 SEC-2232: HeaderFactory to HeaderWriter 2013-07-26 09:01:12 -05:00
Rob Winch
fd754c5cab SEC-2098, SEC-2099: Fix build 
- hf.doFilter is missing FilterChain argument
  - response.headers does not contain the exact values for the headers so
    should not be used for comparison (note it is a private member so this
    is acceptable)
  - hf does not need non-null check when hf.doFilter is invoked
  - some of the configurations are no longer valid (i.e. ALLOW-FROM
    requires strategy)
  - Some error messages needed updated (some could still use improvement)
  - No validation for missing header name or value
  - rebased off master / merged
  - nsa=frame-options-strategy id should use - not =
  - FramewOptionsHeaderFactory did not produce "ALLOW-FROM " prefix of origin
  - remove @Override on interface overrides to work with JDK5
 2013-07-25 16:23:25 -05:00
Marten Deinum
d0b40cd2ae - Created HeaderFactory abstraction 
- Implemented different ALLOW-FROM strategies as specified in the proposal.

Conflicts:
	config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
	config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy
 2013-07-25 16:22:43 -05:00