Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 07:37:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,736 Commits 34 Branches 337 Tags
Commit Graph

669 Commits

Author SHA1 Message Date
Rob Winch
764a4d8414 Fix Error Message typo 
Fixes gh-3953
 2016-07-06 16:19:29 -05:00
Jakob Englisch
b17870ee07 LogoutConfigurer: only allow suitable http methods 2016-07-06 16:17:11 -05:00
Rob Winch
e4c13e3c0e Add MvcRequestMatcher 
Fixes gh-3964
 2016-07-06 15:47:23 -05:00
Rob Winch
13bc70f693 Add CorsFilter support 2016-07-05 14:28:04 -05:00
Rob Winch
c935d857eb Add mvc namespace to XmlApplicationContext 2016-07-01 22:04:55 -05:00
Rob Winch
7f3b3a8b59 Polish 
Issue gh-180
 2016-07-01 13:17:52 -05:00
Rob Winch
bd5f71bb0d Polish 
Fix checkstyle for LDAP JavaConfig Authority mapping

Issue gh-2768
 2016-06-21 17:08:37 -05:00
Tony Dalbrekt
b76e3be822 LDAP Java Config supports GrantedAuthoritiesMapper 
Fixes gh-2768
 2016-06-21 16:43:13 -05:00
Rob Winch
26ad1cb4a5 Polish RememberMe Validation 
Issue gh-3909
 2016-06-21 14:57:15 -05:00
Eddú Meléndez
87224f62e4 RememberMe JavaConfig Validation 
Add validation when rememberMeServices and rememberMeCookieName are
provided

Fixes gh-3909
 2016-06-21 14:57:01 -05:00
Rob Winch
66858e22ad Disable XMLHttpRequest for formLogin entry point 
Previously the following:

http http://localhost:8080/user \
  "X-Requested-With:XMLHttpRequest" "Accept:text/plain"

Produced a 302 instead of a 401

Fixes gh-3887
 2016-06-20 15:30:00 -05:00
Eddú Meléndez
39ed7d0eca Propagate rolePrefix to LdapAuthoritiesPopulator 
Previous to this commit, custom rolePrefix was not propagated to
LdapAuthoritiesPopulator populating  a wrong authority. Now, rolePrefix
is propagated and the authority is as expected.

Fixes gh-3921
 2016-06-20 12:44:02 -05:00
Eddú Meléndez
a2ead4cf7a Polish 
Fixes gh-3892
 2016-06-20 12:35:43 -05:00
Rob Winch
2d6051625f Update pom.xml 2016-06-17 14:30:11 -05:00
Rob Winch
477573b3bc Fix @EnableGlobalAuthentication & method seucrity on @Configuration class 
Fixes gh-3934
 2016-06-17 14:05:11 -05:00
Rob Winch
fa1c484587 AuthenticationConfiguration.getAuthenticationManager() supports recursion 
AuthenticationConfiguration.getAuthenticationManager() now supports
recursion. This is necessary in instances where something using
@EnableGlobalAuthentication requires an object using method level security.

Fixes gh-3935
 2016-06-17 14:02:36 -05:00
Rob Winch
9e3d2e2d99 HTTP Basic default logout ignores text/html 
This fixes an issue where Chrome sends an accept header of application/xml
which triggers an HTTP 204 to be returned

Fixes gh-3902
 2016-06-14 16:27:56 -05:00
Sola
d3b3f8e004 Fix WebSecurityConfigurerAdapter Javadoc 
The constructor's Javadoc was incorrect. This commit
fixes it.
 2016-05-23 08:12:50 -05:00
Spring Buildmaster
001b05569a Release version 4.1.0.RELEASE 2016-05-05 04:25:46 +00:00
Joe Grandja
e68d8bfaea Clarifies sessionAuthenticationStrategy setter 
Fixes gh-234
 2016-05-02 13:21:58 -05:00
Joe Grandja
491abf2600 Revert "Fix test for SessionManagementConfigurer" 
This reverts commit 17b25d14779af5de9cb0f391f4dc0af7a620a646.

Issue gh-234
 2016-05-02 13:21:58 -05:00
Joe Grandja
0d2b797c2a Revert "Fix sessionAuthenticationStrategy setter" 
This reverts commit 8f5d46ad68d3a28f6c118000a8fcfb9aab71c3a5.

Issue gh-234
 2016-05-02 13:21:58 -05:00
Joe Grandja
17b25d1477 Fix test for SessionManagementConfigurer 
Fixes gh-234
 2016-04-21 16:50:03 -04:00
didiez
8f5d46ad68 Fix sessionAuthenticationStrategy setter 
sessionAuthenticationStrategy was setting sessionFixationAuthenticationStrategy instead

Fixes gh-234
 2016-04-21 16:21:54 -04:00
Spring Buildmaster
24d0069668 Release version 4.1.0.RC2 2016-04-21 01:47:25 +00:00
Rob Winch
7fe0a135ec Default AntPathRequestMatcher to be case sensitive 
Issue gh-3831
 2016-04-20 13:29:18 -05:00
Rob Winch
510cd59980 Default logout negotiation in Java Configuration 
This commit adds content negotiation for log out.

Fixes gh-3282
 2016-04-20 10:59:14 -05:00
Rob Winch
51995dc187 Add Java Configuration InvalidSessionStrategy (#3827) 
Allow configuring the InvalidSessionStrategy in Java Configuration.

Fixes gh-3371
 2016-04-20 09:59:27 -04:00
Rob Winch
a5a8aeb550 Message SecurityExpressionHandler is post processed (#3820) 
Previously the SecurityExpressionHandler for message based configuration
did not have a beanResolver set.

This commit post processes the default message SecurityExpressionHandler
to ensure the beanResolver is set.

Fixes gh-3797
 2016-04-19 13:21:58 -04:00
Rob Winch
c872a77ad1 RoleHiearchy Bean used in GlobalMethodSecurity (#3394) 
Previously it required quite a bit of extra work to use RoleHiearchy
within Java Based Spring Security configuration.

Now if a single RoleHiearchy Bean is defined it will automatically
be picked up and used by method security.

Fixes gh-3394
 2016-04-19 12:47:38 -04:00
Johnny Lim
933a7e8363 Remove duplicate words 
Fixes gh-3826
 2016-04-18 23:21:20 -05:00
Rob Winch
fb5776cb5c Support Camel case URI variables (#3814) 
Perviously there were issues with case insenstive patterns and URI
variables that contained upper case characters. For example, the pattern
"/user/{userId}" could not resolve the variable #userId Instead it was
forced to lowercase and #userid was used.

Now if the pattern is case insensitive then so is the variable. This means
that #userId will work as will #userid.

Fixes gh-3786
 2016-04-18 17:54:48 -04:00
Matthias Merdes
b6800bdb4d Update ExpressionUrlAuthorizationConfigurer Error Message 
Update error message
 2016-04-14 15:33:48 -05:00
Rob Winch
59db9413aa Add SpEL Bean reference test (#3815) 
Issue gh-3797
 2016-04-14 12:11:40 -05:00
Rob Winch
6f169267c4 HttpSecurity comparitor->comparator 
Rename HttpSecurity's comparitor to comparator

Fixes gh-3810
 2016-04-13 15:04:22 -05:00
Rob Winch
a7fb6d2e58 Add HttpSecurity.addFilterAt (#3809) 
Fixes gh-3784
 2016-04-13 16:01:25 -04:00
Rob Winch
d3a9cc6eae Add CsrfTokenRepository (#3805) 
* Create LazyCsrfTokenRepository

Fixes gh-3790

* Add CookieCsrfTokenRepository

Fixes gh-3009
 2016-04-12 17:26:53 -04:00
Leon Radley
b82df4ecf3 Add alwaysRemember to RememberMe Java Config 
Allow setting alwaysRemember from RememberMeConfigurer

Fixes gh-180
 2016-04-12 13:37:44 -05:00
Jeffrey Walraven
bd0c8a7baa Fix HttpSecurity logout JavaDoc 
Removed error provoking extra logout() from example code
 2016-04-12 13:24:40 -05:00
Johnny Lim
fe94d654ed Fix typos (#228) 2016-04-12 11:11:51 -05:00
Nicolai Ehemann
c57dba6b77 Fix typo in setMessageExpessionHandler (#3803) 2016-04-12 11:08:52 -05:00
Joe Grandja
b90242f2fa Updates all POM versions to 4.1.0 snapshot build. 
Fixes gh-3804
 2016-04-12 10:35:43 -04:00
Quinten De Swaef
d05fe8ec07 Fix typo in xsd 
Fixes gh-3229
 2016-04-05 09:47:48 -05:00
Spring Buildmaster
044acf7e27 Release version 4.1.0.RC1 2016-03-23 07:15:15 -07:00
Joe Grandja
2f7f2ff589 Adds support for Content Security Policy 
Fixes gh-2342
 2016-03-22 21:59:13 -05:00
Rob Winch
4b650dc58d Allow AuthenticationProvider Bean in Java Config 
This commit adds support for defaulting java configuration's
authentication by providing an AuthenticationProvider Bean.

Fixes gh-3091
 2016-03-22 16:17:25 -05:00
Rob Winch
533a5f0905 Fix <password-encoder> when authentication-manager@id specified 
When <authentication-manager> specifies an id, the <password-encoder> is
not used because the parser changes the bean id without aliasing it to
BeanIds.AUTHENTICATION_MANAGER which is used by
AuthenticationManagerBeanDefinitionParser to look up the
AuthenticationManager bean.

This commit updates AuthenticationManagerBeanDefinitionParser to ensure
there is an alias to BeanIds.AUTHENTICATION_MANAGER when the id is
specified.

Fixes gh-3296
 2016-03-21 22:48:49 -05:00
Rob Winch
7bf014f678 Path Variables fail with different case 
Fixes gh-3329
 2016-03-21 10:09:50 -05:00
Rob Winch
cf66487d3a Add Java Configuration Test 
Issue SEC-2256
 2016-03-18 14:03:47 -05:00
Eddú Meléndez
41c6a797c3 Add RememberMeConfigurer set domain 
Fixes gh-3408
 2016-03-17 08:30:18 -05:00