Rob Winch
dd1c2483b5
SEC-2349: Fix documentation tests
2013-10-03 17:03:17 -05:00
Rob Winch
4b43cf3f50
SEC-2349: Convert Reference to Asciidoctor
2013-10-03 14:15:09 -05:00
Rob Winch
df5e034fc3
SEC-2282: Polish CSRF Documentation
2013-09-27 17:14:21 -05:00
Rob Winch
8087cde628
SEC-2331: Include Expires: 0 in xsd and appendix
2013-09-27 17:10:42 -05:00
Rob Winch
8fed90c26c
SEC-2282: Add links for AccessDeniedHandler in CSRF doc
2013-09-27 16:44:34 -05:00
Rob Winch
3e95f1c12e
SEC-2282: Polish CSRF Documentation
2013-09-27 16:41:06 -05:00
Rob Winch
ee33a6deeb
SEC-2285: Headers doc explicitly state default headers
2013-09-27 16:29:10 -05:00
Rob Winch
17efd25717
SEC-2331: Include Expires: 0 in security headers documentation
2013-09-27 16:13:40 -05:00
Rob Winch
06a0ec1a9f
SEC-2285: Polish Security Headers Documentation
...
Explain why (passivity) XML Namespace doesn't enable security headers by
default.
2013-09-27 16:13:18 -05:00
Rob Winch
9bb283044f
SEC-2282: Polish CSRF Documentation
...
Explain why (passivity) XML Namespace doesn't enable csrf protection by
default.
2013-09-27 16:06:25 -05:00
Rob Winch
614c94187e
SEC-2305: GlobalMethodSecurityConfiguration autowire PermissionEvaluator
...
If a single PermissionEvaluator bean is found the
DefaultMethodSecurityExpressionHandler is configured with the
PermissionEvaluator. If multiple PermissionEvaluator beans are found, the
beans are ignored.
2013-09-27 15:46:45 -05:00
Rob Winch
e696890e8e
SEC-2151: Fix spring4Test
2013-09-27 12:36:43 -05:00
Rob Winch
61e6acb3f4
SEC-2151: AnnotationParameterNameDiscoverer support single annotated param
...
This makes sense since often times only a single argument is necessary in
the expression.
2013-09-27 11:53:39 -05:00
Rob Winch
e5f034bdef
SEC-2151: Fix tests
2013-09-27 11:52:32 -05:00
Rob Winch
a09756745f
SEC-2151: Support binding method arguments with Annotations
...
This allow utilizing method arguments for method access control on
interfaces prior to JDK 8.
2013-09-27 11:18:37 -05:00
Rob Winch
fb0a8d19e8
SEC-2322: Support StandardReflectionParameterNameDiscoverer
2013-09-26 15:55:11 -05:00
Rob Winch
cea0cf9260
SEC-2243: Remove additional Debug Filter
2013-09-26 11:38:16 -05:00
Rob Winch
56ce7d284c
SEC-2336: WebSecurityConfigurerAdapter#registerAuthentication javadoc fixes
2013-09-26 09:08:25 -05:00
Rob Winch
1f3b812a66
SEC-2282: Polish CSRF Documentation
2013-09-26 08:58:39 -05:00
Rob Winch
ef7cc40389
SEC-2282: Polish CSRF Documentation
2013-09-25 17:30:50 -05:00
Rob Winch
d16106ef56
SEC-2309: Document CSRF multipart/form-data
2013-09-25 15:14:32 -05:00
Rob Winch
b591881e95
SEC-2302: Provide beforeSpringSecurityFilterChain hook
...
This allows inserting filters before the springSecurityFilterChain.
2013-09-25 14:52:40 -05:00
Rob Winch
88f41cdf62
SEC-2341: Update to Gradle 1.8
...
Some dependencies were necessary to update due to issues with JUnit
integration.
2013-09-24 15:35:51 -05:00
Rob Winch
a888ddf8b3
SEC-2307: JavaConfig RequestCache ignores favicon.ico
2013-09-24 11:30:37 -05:00
Rob Winch
ddc0ef7ab3
SEC-2339: Added Logical (Or, And, Negated) RequestMatchers
2013-09-23 20:55:49 -05:00
Rob Winch
28fb6ba14b
SEC-2328: Add hasAnyRole to ExpressionUrlAuthorizationConfiguration
2013-09-23 10:51:08 -05:00
Rob Winch
b16c17f70b
SEC-2301: Remove invalid import
2013-09-20 16:09:23 -05:00
Rob Winch
a3d112979f
SEC-2301: GlobalMethodSecurityConfiguration sets DefaultWebSecurityExpressionHandler BeanResolver
2013-09-20 15:53:58 -05:00
Rob Winch
f294480e6b
SEC-2329: JC @Autowire(required=false) AuthenticationTrustResolver
...
Java Configuration now allows optional @Autowire of
AuthenticationTrustResolver. In the WebSecurityConfigurerAdapter this is
done by populating AuthenticationTrustResolver as a sharedObject.
2013-09-20 15:28:50 -05:00
Rob Winch
788ba9a1fa
SEC-2329: Allow injecting of AuthenticationTrustResolver
2013-09-20 15:26:52 -05:00
Rob Winch
7537dfc33a
SEC-2304: rm duplicate MethodExpressionHandler from GlobalMethodSecurityConfiguration
2013-09-20 15:13:02 -05:00
Rob Winch
5082a04626
SEC-2311: LogoutConfigurer allows other HTTP methods if CSRF is disabled
2013-09-19 16:05:26 -05:00
Rob Winch
9133c33f1d
SEC-2246: HttpSessionRequestCache.getRequest casts to RequestCache
...
The method getRequest use to cast to DefaultRequestCache, but this
is not necessary.
Now the cast is to SavedRequest.
2013-09-19 15:08:32 -05:00
Rob Winch
8f8c6169e8
SEC-2331: Cache Control now includes Expires: 0
2013-09-19 14:06:37 -05:00
Rob Winch
c5c1419521
SEC-2332: GlobalMethodSecurityConfiguration includes proper voters
...
Previously GlobalMethodSecurityConfiguration did not include the correct
voters. This updates the code and the tests to ensure that the proper
voters are added. Note this got past testing previously due to all the
voters abstaining, so tests were added for ensuring that methods could also
be invoked sucessfully using the configured annotation.
2013-09-18 18:27:12 -05:00
Rob Winch
d33b9e2854
SEC-2324: Update Spring Security tld version
2013-09-18 17:40:00 -05:00
Rob Winch
c156716be8
Ensure single version of org.slf4j
2013-09-18 16:13:03 -05:00
Rob Winch
0114b457c0
SEC-2330: CacheControlHeadersWriter use a single header
2013-09-18 16:12:34 -05:00
Rob Winch
05a7c58daa
SEC-2228: Change openid4j to optional in template.mf
2013-09-13 22:06:42 -07:00
Rob Winch
e5804d323b
SEC-2256: Fix intercept-url doc precidence statement
...
Previously the documentation incorrectly stated "If a request matches
multiple patterns, the method-specific match will take precedence
regardless of ordering."
This has now been removed and InterceptUrlConfigTests was added previously
to ensure this was true.
2013-09-13 22:02:52 -07:00
Rob Winch
be8aad8306
SEC-2196: Demonstrate Method Security works on Generic methods
2013-09-13 16:20:43 -07:00
Rob Winch
d9c9cd7f84
Remove warnings from defaultSpringSecurityContextSource
2013-09-13 15:54:21 -07:00
Rob Winch
b4cbcee7f0
SEC-2308: DefaultSpringSecurityContextSource allow empty baseUrl
2013-09-13 15:53:35 -07:00
Rob Winch
f6587c8697
SEC-2312: Update javadoc link to Spring 3.2.x
2013-09-13 15:34:30 -07:00
Rob Winch
32e9239fd2
SEC-2320: AuthenticationPrincipal can be null on invalid type
...
Previously a ClassCastException was thrown if the type was invalid. Now
a flag exists on AuthenticationPrincipal which indicates if a
ClassCastException should be thrown or not with the default being no error.
2013-09-13 15:21:13 -07:00
Rob Winch
b22acd0768
SEC-2314: AbstractSecurityWebApplicationInitializer.getSessionTrackingModes() uses EnumSet
2013-09-13 14:44:44 -07:00
Rob Winch
53a0db6be1
SEC-2313: Gradle javadoc hotfix
2013-09-11 15:30:50 -07:00
Rob Winch
662bb24370
SEC-1937: Added test to demonstrate SEC-1937 was invalid
2013-09-11 15:10:42 -07:00
Rob Winch
3c82e63ded
Formatting cleanup
2013-09-11 15:10:20 -07:00
Rob Winch
8e74407381
SEC-2296: HttpServletRequest.login should throw ServletException if already authenticated
...
See throws documentation at
http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login%28java.lang.String,%20java.lang.String%29
2013-08-31 11:55:24 -05:00