Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-31 22:58:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,801 Commits 48 Branches 362 Tags
Commit Graph

815 Commits

Author SHA1 Message Date
Johnny Lim
69306a8b46 Fix typo (#3968) 
Fixes typo `advantadge`
 2016-07-13 12:37:26 -05:00
Johnny Lim
310bb39a0d Fix typo 2016-07-06 16:22:33 -05:00
Rob Winch
e4c13e3c0e Add MvcRequestMatcher 
Fixes gh-3964
 2016-07-06 15:47:23 -05:00
Rob Winch
13bc70f693 Add CorsFilter support 2016-07-05 14:28:04 -05:00
Rob Winch
dd9b59ba31 Document Digest is insecure 
Fixes gh-3894
 2016-06-20 14:10:36 -05:00
Shannon Carey
9fa2c64737 Documentation SecurityConfig->WebSecurityConfig 
Rename SecurityConfig to WebSecurityConfig in the documentation.

Fixes gh-153
 2016-06-17 16:55:46 -05:00
Pedro Vilaça
208f898403 Improve csrf login caveats 
Add a suggestion to retrieve a fresh csrf token right before the
form submission in order to avoid problems with invalid csrf tokens
due session timeouts.

Fixes gh-3925
 2016-06-13 16:26:16 +01:00
Ryan W. Moore
8aea83011d Docs: Remove broken link 
I think the originally intended destination no longer exists in the
documentation.
 2016-05-28 21:09:15 -04:00
Ryan W. Moore
fd65652bbe Docs: Fix broken link to security database schema 2016-05-28 21:09:15 -04:00
Ryan W. Moore
38e9f6a851 Docs: Fix broken link to csrfInput tag info 
ID names are case sensitive.
 2016-05-28 21:09:15 -04:00
Ryan W. Moore
cdb04c50e8 Docs: Fix broken link to websocket security info 2016-05-28 21:09:15 -04:00
Ryan W. Moore
057ea4fb17 Docs: Make 'Getting Started' a level 1 section heading 
This fixes the following build error:

  asciidoctor: ERROR: index.adoc: line 26: invalid part, must have at least one
  section (e.g., chapter, appendix, etc.)
 2016-05-28 21:09:01 -04:00
David Kane
503828c994 Add FAQ for JSP taglib & method security 
Updated FAQ to clarify how the url attribute of the authorize tag
interacts with method security
 2016-05-23 08:39:54 -05:00
Pedro Vilaça
ea2b5dd412 Fix wrong class name reference in the docs 
In the documentation, there was a reference to a class called CsrfTokenResolver
and it should CsrfTokenArgumentResolver

Fixes gh-3890
 2016-05-18 20:26:20 +01:00
Rob Winch
f363c62afd Document spring-security-test dependency 
Fixes gh-3873
 2016-05-16 10:56:50 -04:00
Joe Grandja
66980e827c Add Spring Boot Hello World guide 
Add Spring Boot Hello World Guide

Fixes gh-3866
 2016-05-13 14:05:29 -05:00
Rob Winch
ede521dc8d authorizeUrls -> authorizeRequests 
Replace remaining authorizeUrls with authorizeRequests

Fixes gh-3875
 2016-05-09 10:34:36 -05:00
Rob Winch
d4218c70f1 Update CookieCsrfTokenRepository docs to cookiHttpOnly=false 
Currently CookieCsrfTokenRepository does not specify that the httpOnly
flag needs set to false. We should update the reference to include this
setting (and a comment about it) since it states that the settings will
work with AngularJS.

This commit updates the documentation and provides a convenience factory
method to create a CookieCsrfTokenRepository with cookiHttpOnly=false

Fixes gh-3865
 2016-05-06 16:28:04 -04:00
Rob Winch
9745de9510 Add @AuthenticationPrincipal expression 
It is now possible to provide a SpEL expression for
@AuthenticationPrincipal. This allows invoking custom logic including
methods on the principal object.

Fixes gh-3859
 2016-05-03 18:08:52 -04:00
Patrick Cornelißen
eaf8729941 Fixes RC1/RC2 URLs 
Fixes gh-3838
 2016-04-22 13:45:21 -04:00
Wim Deblauwe
85786824af Fix logout url in doc 
The default for logout is to redirect to `/login?logout`

Fixes gh-251
 2016-04-21 14:25:44 -04:00
Joe Grandja
4ee46a5f58 Add What's new in 4.1 RC2 
Add What's new in 4.1 RC2

Fixes gh-3830
 2016-04-20 19:26:54 -05:00
Johnny Lim
933a7e8363 Remove duplicate words 
Fixes gh-3826
 2016-04-18 23:21:20 -05:00
Joe Grandja
81c9fa805f Fix AuthenticationPrincipalArgumentResolver xml doc 
Fixes gh-3771
 2016-04-15 16:06:17 -05:00
Joe Grandja
2ef3da1b47 Documents the new @AuthenticationPrincipal in more detail. 
Fixes gh-3771
 2016-04-13 12:27:23 -04:00
Rob Winch
95a3e30d9f Polish Pbkdf2PasswordEncoder 
Fixes gh-2158
Fixes gh-51
 2016-04-12 17:16:38 -05:00
Rob Winch
d3a9cc6eae Add CsrfTokenRepository (#3805) 
* Create LazyCsrfTokenRepository

Fixes gh-3790

* Add CookieCsrfTokenRepository

Fixes gh-3009
 2016-04-12 17:26:53 -04:00
Art O Cathain
1d271184c9 Fix Documentation Formatting 
Fix corrupted character and add formatting per the duplicated text
block

Fixes gh-193
 2016-04-12 13:07:07 -05:00
Soeun Park
8f7cf28435 Fix typos in documentation 
Fixes gh-196
Fixes gh-3109
 2016-04-12 12:59:21 -05:00
Johnny Lim
fe94d654ed Fix typos (#228) 2016-04-12 11:11:51 -05:00
Joe Grandja
945a21a3fb Use xml / javaconfig folders for samples 
Fixes gh-3752
 2016-04-11 09:47:06 -05:00
Kamill Sokol
9c3db557dd Add missing # in SpEL expression doc 
SpEL variables can be referenced in the expression using the syntax
23.2.2 Path Variables in Web Security Expressions.

Fixes gh-3781
 2016-04-01 10:21:17 -05:00
Joe Grandja
9e5cdbd133 Includes a reference to the https://report-uri.io/ service in the CSP and HPKP documentation. 
Fixes gh-3772
 2016-03-30 12:12:43 -04:00
Rob Winch
b3d26ed5d6 Add changelog in What's New 
Issue gh-3768
 2016-03-22 22:40:58 -05:00
Rob Winch
bf9a837b9a Polish What's New 
Issue gh-3768
 2016-03-22 22:37:52 -05:00
Rob Winch
40b7fa5b72 Update Issues Link 
Issue gh-3333
 2016-03-22 22:37:52 -05:00
Rob Winch
3e47531b19 Polish CSP reference 
Issue gh-3763
 2016-03-22 22:37:51 -05:00
Rob Winch
e04f685747 Fix Typo in @WithUserDetails reference 
Issue gh-3346
 2016-03-22 22:37:41 -05:00
Joe Grandja
2f7f2ff589 Adds support for Content Security Policy 
Fixes gh-2342
 2016-03-22 21:59:13 -05:00
Rob Winch
4cb9b202f8 Remove subversion from reference 
Fixes gh-3766
 2016-03-22 16:37:39 -05:00
Rob Winch
683d751902 Polish What's New 
Fixes gh-3768
 2016-03-22 16:33:25 -05:00
Rob Winch
4b650dc58d Allow AuthenticationProvider Bean in Java Config 
This commit adds support for defaulting java configuration's
authentication by providing an AuthenticationProvider Bean.

Fixes gh-3091
 2016-03-22 16:17:25 -05:00
Rob Winch
988b54ec3d Remove invalid ` from docs 
Fixes gh-3751
 2016-03-15 14:38:23 -05:00
Rob Winch
134a0a7f96 Move FAQ to appendix 
Fixes gh-3761
 2016-03-15 14:37:35 -05:00
Shazin Sadakath
e33e21fe6b Add Forward after authentication attempt config support 
Fixes gh-3728
 2016-03-11 10:49:30 -06:00
Rob Winch
dbf73c4692 Update spring-security-config module description 
Include Java Configuration in the description.

Fixes gh-3298
 2016-03-10 10:45:15 -06:00
Rob Winch
835ac0a217 Add @WithUserDetails userDetailsServiceBeanName 
Fixes gh-3346
 2016-03-09 15:59:23 -06:00
Martin Macko
dd8ba8c07e Fix formatting error in documentation 
Fixes gh-3279
 2016-03-09 15:00:52 -06:00
Rob Winch
db81977a1a Polish HPKP 
* Javadoc polish
* Whitespace cleanup

Issue gh-3706
 2016-03-03 15:11:40 -06:00
Tim Ysewyn
331c7e91b7 HTTP Public Key Pinning 
HTTP Public Key Pinning (HPKP) is a security mechanism which allows HTTPS websites
to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.
(For example, sometimes attackers can compromise certificate authorities,
 and then can mis-issue certificates for a web origin.)
The HTTPS web server serves a list of public key hashes, and on subsequent connections
clients expect that server to use 1 or more of those public keys in its certificate chain.

This commit will add this new functionality.

Fixes gh-3706
 2016-03-03 14:21:46 -06:00