Commit Graph

5972 Commits

Author SHA1 Message Date
Joe Grandja 447fb70f1d Add Hello World Xml guide
Issue gh-3850
2016-05-04 21:05:31 -04:00
Joe Grandja f6a95333d1 Add Hello World Spring Boot sample
Issue gh-3850
2016-05-04 17:26:42 -04:00
Rob Winch 9745de9510 Add @AuthenticationPrincipal expression
It is now possible to provide a SpEL expression for
@AuthenticationPrincipal. This allows invoking custom logic including
methods on the principal object.

Fixes gh-3859
2016-05-03 18:08:52 -04:00
Rob Winch 78bf6e2bd5 WithSecurityContextTestExecutionListener supports generic Annotation
Previously Spring Security's WithSecurityContextTestExecutionListener
allowed a WithSecurityContextFactory<Annotation> to be used. This
was broken in SEC-3074.

This commit ensures that WithSecurityContextFactory<Annotation> is
supported again.

Fixes gh-3837
2016-05-03 15:41:25 -04:00
Jens Goldhammer 04a12f49b1 Provide editor config for spring-security
This commit provides following editor config:
- Tabs, not spaces
- Unix (LF), not dos (CRLF) line endings
- Eliminate all trailing whitespace
- Latin-1 (ISO-8859-1) encoding for Java sources; use native2ascii to convert if necessary

Following convention cannot be set by editorconfig (only vim and emacs support maxline length of editorconfig):
- Aim to wrap code at 120 characters, but favor readability over wrapping

Fixes gh-3845
2016-05-03 12:26:56 -04:00
bartolom 3ca8273a95 Improve GC for OnCommittedResponseWrapper
Only track content length if disableOnCommitted is false. This improves object creation and thus GC.

Fixes gh-3842
2016-05-02 16:19:21 -05:00
Joe Grandja 2bdb0231c2 CookieCsrfTokenRepository supports HttpOnly
CookieCsrfTokenRepository supports HttpOnly

Fixes gh-3835

* Add Servlet 3 tests and javadocs

Issue gh-3835

* Add copyright header

Issue gh-3835
2016-05-02 15:49:37 -05:00
Joe Grandja e68d8bfaea Clarifies sessionAuthenticationStrategy setter
Fixes gh-234
2016-05-02 13:21:58 -05:00
Joe Grandja 491abf2600 Revert "Fix test for SessionManagementConfigurer"
This reverts commit 17b25d1477.

Issue gh-234
2016-05-02 13:21:58 -05:00
Joe Grandja 0d2b797c2a Revert "Fix sessionAuthenticationStrategy setter"
This reverts commit 8f5d46ad68.

Issue gh-234
2016-05-02 13:21:58 -05:00
Dmitrii Volykhin 7e2dd3bcb9 Fix File separator in settings.gradle script
Fixes gh-3852
2016-04-28 09:23:36 -04:00
Jens Goldhammer ceef70946b Resolve springSecurityFilterChain to Filter
When enabling debug for spring security, the FilterChainProxy will be wrapped by the DebugFilter.
This DebugFilter will be registered as bean springSecurityFilterChain. The WebTestUtils will now search for the bean by name instead of FilterChainProxy class.
In this case we have to cast to a Java ServletFilter to support both filter...

Fixes gh-3836
2016-04-26 15:53:38 -04:00
Patrick Cornelißen eaf8729941 Fixes RC1/RC2 URLs
Fixes gh-3838
2016-04-22 13:45:21 -04:00
Joe Grandja 17b25d1477 Fix test for SessionManagementConfigurer
Fixes gh-234
2016-04-21 16:50:03 -04:00
didiez 8f5d46ad68 Fix sessionAuthenticationStrategy setter
sessionAuthenticationStrategy was setting sessionFixationAuthenticationStrategy instead

Fixes gh-234
2016-04-21 16:21:54 -04:00
Wim Deblauwe 85786824af Fix logout url in doc
The default for logout is to redirect to `/login?logout`

Fixes gh-251
2016-04-21 14:25:44 -04:00
Li Weinan 70bd7d1bbc Include AuthenticationException in logs
Fixes gh-3705
2016-04-21 11:17:47 -04:00
Spring Buildmaster 4004ce2808 Next development version 2016-04-21 01:47:49 +00:00
Spring Buildmaster 24d0069668 Release version 4.1.0.RC2 2016-04-21 01:47:25 +00:00
Joe Grandja 4ee46a5f58 Add What's new in 4.1 RC2
Add What's new in 4.1 RC2

Fixes gh-3830
2016-04-20 19:26:54 -05:00
Rob Winch 7fe0a135ec Default AntPathRequestMatcher to be case sensitive
Issue gh-3831
2016-04-20 13:29:18 -05:00
Rob Winch 6fa1588de9 Disable AntPathRequestMatcher trim tokens
Issue gh-3831
2016-04-20 13:29:17 -05:00
Rob Winch 510cd59980 Default logout negotiation in Java Configuration
This commit adds content negotiation for log out.

Fixes gh-3282
2016-04-20 10:59:14 -05:00
Rob Winch 4093690322 Polish Logout Content Negotiation
* Rename to DelegatingLogoutSuccessHandler for consistency
* Remove JavascriptOriginRequestMatcher in favor of
RequestHeaderRequestMatcher

Issue gh-3282
2016-04-20 10:49:37 -05:00
Shazin Sadakath f0d1700ad6 Content Negotiating LogoutSuccessHandler
Issue gh-3282
2016-04-20 10:42:13 -05:00
Rob Winch 51995dc187 Add Java Configuration InvalidSessionStrategy (#3827)
Allow configuring the InvalidSessionStrategy in Java Configuration.

Fixes gh-3371
2016-04-20 09:59:27 -04:00
Joe Grandja b0028d4155 Merge pull request #3818 from rwinch/gh-3409-unauthenticated
Fix unauthenitcated() and AnonymousAuthenticationToken
2016-04-19 16:14:00 -04:00
Rob Winch b2b53f7a81 Fix unauthenitcated() and AnonymousAuthenticationToken
Previously if unauthenticated() experienced an AnonymousAuthenticationToken
it would not match.

This commit ensures that if the user is anonymous (not just null)
unauthenticated() works.

Fixes gh-3409
2016-04-19 15:08:47 -05:00
Rob Winch 8a28a27225 Formatting Polish 2016-04-19 14:24:11 -05:00
Rob Winch 1dbd3f5906 Fix NPE in OnCommittedResponseWrapper trackContentLength (#3824)
OnCommittedResponseWrapper trackContentLength will throw a
NullPointerException when the content length passed in is null.

This commit properly tracks the null value as a length of 4.

Fixes gh-3823
2016-04-19 14:58:56 -04:00
Rob Winch a5a8aeb550 Message SecurityExpressionHandler is post processed (#3820)
Previously the SecurityExpressionHandler for message based configuration
did not have a beanResolver set.

This commit post processes the default message SecurityExpressionHandler
to ensure the beanResolver is set.

Fixes gh-3797
2016-04-19 13:21:58 -04:00
Rob Winch c872a77ad1 RoleHiearchy Bean used in GlobalMethodSecurity (#3394)
Previously it required quite a bit of extra work to use RoleHiearchy
within Java Based Spring Security configuration.

Now if a single RoleHiearchy Bean is defined it will automatically
be picked up and used by method security.

Fixes gh-3394
2016-04-19 12:47:38 -04:00
Johnny Lim 933a7e8363 Remove duplicate words
Fixes gh-3826
2016-04-18 23:21:20 -05:00
Rob Winch fb5776cb5c Support Camel case URI variables (#3814)
Perviously there were issues with case insenstive patterns and URI
variables that contained upper case characters. For example, the pattern
"/user/{userId}" could not resolve the variable #userId Instead it was
forced to lowercase and #userid was used.

Now if the pattern is case insensitive then so is the variable. This means
that #userId will work as will #userid.

Fixes gh-3786
2016-04-18 17:54:48 -04:00
Will Tran b01437281d Bouncy Castle 1.47 Support
This forces us to avoid using CipherOutputStream, and instead use the
BlockCiphers directly. As an extra measure for correctness, test the
equivalence of the BC implementations against data sizes from 1 to 2048
bytes.

Fixes gh-2917
2016-04-18 08:35:57 -05:00
Joe Grandja 81c9fa805f Fix AuthenticationPrincipalArgumentResolver xml doc
Fixes gh-3771
2016-04-15 16:06:17 -05:00
Simon Olofsson 337a7ed35e Fix HeaderWriterFilter Javadoc
Fixes the formatting and spelling in HeaderWriterFilter Javadoc

Issue gh-3813
2016-04-15 08:56:58 -05:00
Marten Deinum cad81d0e18 Update TestNG
This commit updates the TestNG dependency to 6.8.21. This
is the last JDK 1.6 supporting version. The update of TestNG
makes it possible to run the integration tests from within
Intellij allowing for easier debugging and troubleshooting.

Issue gh-3811
2016-04-15 08:55:15 -05:00
Andrew NS Yeow eb26095ca9 Fix HpkpHeaderWriter Javadoc format 2016-04-15 08:41:43 -05:00
Will Tran 44fa624b6b Refactor test assumptions about JCE to common class. (#3817)
Apply assumptions directly to test methods instead of checking for key
length in crypto.gradle.
2016-04-14 17:02:31 -05:00
Matthias Merdes b6800bdb4d Update ExpressionUrlAuthorizationConfigurer Error Message
Update error message
2016-04-14 15:33:48 -05:00
Will Tran 40208127e8 Skip tests when AesBytesEncryptor can't be created in CBC or GCM mode. (#3816)
Tests would fail in cases where JCE unlimited strength was available but
GCM wasn't, like on JDK7.
2016-04-14 15:21:20 -05:00
Rob Winch 59db9413aa Add SpEL Bean reference test (#3815)
Issue gh-3797
2016-04-14 12:11:40 -05:00
Will Tran 63b2cfe1cf Bouncy Castle implementations of AES-256
Adds "AES/CBC/PKCS5Padding" and "AES/GCM/NoPadding"

Fixes gh-2917
2016-04-13 16:28:55 -05:00
Rob Winch 6f169267c4 HttpSecurity comparitor->comparator
Rename HttpSecurity's comparitor to comparator

Fixes gh-3810
2016-04-13 15:04:22 -05:00
Rob Winch a7fb6d2e58 Add HttpSecurity.addFilterAt (#3809)
Fixes gh-3784
2016-04-13 16:01:25 -04:00
Joe Grandja 2ef3da1b47 Documents the new @AuthenticationPrincipal in more detail.
Fixes gh-3771
2016-04-13 12:27:23 -04:00
Rob Winch 95a3e30d9f Polish Pbkdf2PasswordEncoder
Fixes gh-2158
Fixes gh-51
2016-04-12 17:16:38 -05:00
Rob Worsnop 0ab7126e64 Added PBKDF2PasswordEncoder.
- Also moved some logic into a new class, AbstractPasswordEncoder.
Both PBKDF2PasswordEncoder and the now-simplified
StandardPasswordEncoder extend AbstractPasswordEncoder.
 - Added tests for PBKDF2PasswordEncoder

Issue gh-2158
2016-04-12 17:16:38 -05:00
Rob Winch d3a9cc6eae Add CsrfTokenRepository (#3805)
* Create LazyCsrfTokenRepository

Fixes gh-3790

* Add CookieCsrfTokenRepository

Fixes gh-3009
2016-04-12 17:26:53 -04:00