a1f771251a
Improve exception message on Hex#decode
...
Fixes gh-4043
2016-08-29 15:10:39 -04:00
c266930483
Update Dependency Versions ( #4035 ) ( #4036 )
2016-08-19 16:10:46 -05:00
4d460b2ec9
Remove unused MvcReqestMatcher.getMvcPattern ( #4033 )
2016-08-19 14:21:42 -05:00
c6366baee2
Remove MvcRequestMatcher.afterPropertiesSet()
...
The validation does not work due to restrictions within the servlet
container. Specifically we cannot access the servlets that are registered.
This commit reverts the validation logic for MvcRequestMatcher to determine
if servletPath is required.
Fixes gh-4027
2016-08-19 14:18:07 -04:00
1171e25bc7
LdapUserDetails extends CredentialsContainer
...
LdapUserDetails extends CredentialsContainer in order to clear password when erase-credentials is true.
Fixes gh-4029
2016-08-19 12:26:07 -04:00
f8bfe19a98
Fix typo in autowiring warning ( #4026 )
...
Fixes a misleading message that warns about
PermissionEvaluator when MethodSecurityExpressionHandler
should be mentioned instead.
Fixes gh-3402
2016-08-16 08:39:49 -05:00
2deb722a1f
JavaDoc links in 5.5 Handling Logouts fixed ( #3993 )
...
Fixes gh-3992
2016-08-15 10:13:36 -05:00
fe117bc445
[minor] fix grammar error ( #4013 )
...
add space: that"collects" -> that "collects"
2016-08-15 09:42:36 -05:00
bb997eecde
Fix defaultMethodExpressionHandler autowiring
...
Previously if a Bean for GlobalMethodSecurityConfiguration's
defaultMethodExpressionHandler was found on a Configuration that also
@Autowired a Bean that enabled method security, the Bean that was
@Autowired would not have security enabled.
This fixes the issue by delaying the lookup of Beans populated on
GlobalMethodSecurityConfiguration's defaultMethodExpressionHandler.
Fixes gh-4020
2016-08-10 23:48:07 -05:00
e080905a79
MvcRequestMatcher servletPath Polish / XML Config
...
Fixes gh-4014
2016-08-09 16:29:30 -05:00
3befb1c8a6
MvcRequestMatcher servletPath / JavaConfig
...
Issue: gh-3987
2016-08-09 16:29:30 -05:00
050198e51b
Fix csrf() when used then not used
...
Previously if csrf() was used and subsequently not used, the
TestCsrfTokenRepository was still used. This makes it difficult to test
the actual CsrfTokenRepository implementation.
Now the TestCsrfTokenRepository is only used if explicitly enabled.
Fixes gh-4016
2016-08-09 17:09:16 -04:00
519c15efb3
Logout is 204 for XMLHttpRequest
...
Fixes gh-3997
2016-08-02 11:26:52 -07:00
d2a37cb1d6
Improve field visibility in DefaultMethodSecurityExpressionHandler
...
Fixes gh-210
2016-07-26 09:56:00 -04:00
c23c7982ca
Add ObjectPostProcessor support for SmartInitializingSingleton
2016-07-21 08:59:17 -05:00
0b14664a8c
Fix typos in reference ( #3979 )
2016-07-19 15:42:23 -05:00
ca170f8479
DummyRequest supports methods for MvcRequestMatcher
...
To support MvcRequestMatcher DummyRequest needs to support
getCharacterEncoding() and getAttribute(String)
2016-07-14 14:18:31 -05:00
ada146244e
Add HttpSecurity.mvcMatcher
...
Fixes gh-3970
2016-07-14 10:50:49 -04:00
945e2e2ad4
Fix NPE requestMatchers().mvcMatchers
...
Fixes gh-3969
2016-07-14 10:50:49 -04:00
80ff267749
Check RememberMe in ExceptionTranslationFilter
...
This commit adds a check for rememberme to the ExceptionTranslationFilter.
Using this when someone isn't fully authenticated he will be prompted with a
login screen and after that will be redirected to the original requested URI.
Fixes gh-2427
2016-07-13 16:58:00 -04:00
69306a8b46
Fix typo ( #3968 )
...
Fixes typo `advantadge`
2016-07-13 12:37:26 -05:00
8a17c23277
Bump PermGen
2016-07-12 10:08:01 -05:00
0f608d59b6
Default to Spring IO Athens-SNAPSHOT
2016-07-12 10:07:49 -05:00
70787fc548
Polish CompositeLogoutHandler
...
Issue gh-3895
2016-07-08 14:39:35 -05:00
1effc1882a
Add CompositeLogoutHandler
...
Fixes gh-3895
2016-07-08 13:30:38 -05:00
e5b1cb842e
Document schema changes in CONTRIBUTING.md ( #3965 )
...
Direct changes to XSD schemas will be overwritten by the build, it is necessary that the developer updates the RELAX NG schema instead.
See discussion on commit e297706e8b
2016-07-08 13:27:23 -05:00
885f074ddf
Fix XsdDocumentedTests
2016-07-07 15:05:04 -05:00
e297706e8b
Polish allow unlimitted sessions
...
Update the rnc file
Issue gh-3900
2016-07-07 14:31:40 -05:00
e3ff4130a5
Allow negative values to configure unlimited sessions
2016-07-07 14:29:18 -05:00
50d7d3287f
Add spring-security-4.2.xsd
2016-07-07 14:19:01 -05:00
26fa4a4bf0
Prevent HTTP response splitting
...
Evaluate if http header value contains CR/LF.
Reference: https://www.owasp.org/index.php/HTTP_Response_Splitting
Fixes gh-3910
2016-07-07 13:42:52 -05:00
13b0ddb7e6
Fix test assertions
2016-07-07 13:29:00 -05:00
b4ab0483b1
Update version to 4.2.0.BUILD-SNAPSHOT
2016-07-07 12:56:20 -05:00
cc04392d9a
Next development version
2016-07-07 00:57:53 +00:00
919f000c80
Release version 4.1.1.RELEASE
2016-07-07 00:57:35 +00:00
310bb39a0d
Fix typo
2016-07-06 16:22:33 -05:00
764a4d8414
Fix Error Message typo
...
Fixes gh-3953
2016-07-06 16:19:29 -05:00
b17870ee07
LogoutConfigurer: only allow suitable http methods
2016-07-06 16:17:11 -05:00
8ad91ef6a5
WithSecurityContextTestExecutionListener > SqlScriptsTestExecutionListener
...
WithSecurityContextTestExecutionListener should order after
SqlScriptsTestExecutionListener so sql can setup the current user's info
in the database.
Fixes gh-3962
2016-07-06 16:09:17 -05:00
5f6312c5be
Update to Spring 4.3.1
...
Fixes gh-3963
2016-07-06 15:47:44 -05:00
9d50944cb2
AntPathRequestMatcher implements RequestVariableExtractor
...
Issue gh-3964
2016-07-06 15:47:34 -05:00
e4c13e3c0e
Add MvcRequestMatcher
...
Fixes gh-3964
2016-07-06 15:47:23 -05:00
13bc70f693
Add CorsFilter support
2016-07-05 14:28:04 -05:00
c935d857eb
Add mvc namespace to XmlApplicationContext
2016-07-01 22:04:55 -05:00
843ed3e437
Update to Spring 4.3.1.BUILD-SNAPSHOT
2016-07-01 22:04:55 -05:00
7f3b3a8b59
Polish
...
Issue gh-180
2016-07-01 13:17:52 -05:00
261c932b8e
Upgrade Gradle to 2.14
...
Issue gh-3946
2016-06-28 13:13:08 -04:00
1b4e20e97f
Fix InsecureApplicationTests package
...
Fixes gh-3951
2016-06-28 10:17:17 -05:00
bd5f71bb0d
Polish
...
Fix checkstyle for LDAP JavaConfig Authority mapping
Issue gh-2768
2016-06-21 17:08:37 -05:00
b76e3be822
LDAP Java Config supports GrantedAuthoritiesMapper
...
Fixes gh-2768
2016-06-21 16:43:13 -05:00
Kazuki Shimizu
Rob Winch
Joe Grandja
Rob Winch
Juan Ignacio Barisich
novotnyr
Marek Jeszka
qwazer
Joe Grandja
Kevin Conaway
Artur Owczarek
Marten Deinum
Johnny Lim
Eddú Meléndez
Michael Simons
Spring Buildmaster
Jakob Englisch
Tony Dalbrekt