Commit Graph

494 Commits

Author SHA1 Message Date
Rob Winch 8a2a1b7a5b SEC-2595: Polish 2014-07-25 16:27:19 -05:00
Rob Winch b2d66e2a78 SEC-2595: @EnableGlobalMethodSecurity AspectJ fixes 2014-07-25 16:03:18 -05:00
Rob Winch b72c1ad314 SEC-2686: Create SecurityMockMvcConfigurer 2014-07-22 15:11:37 -05:00
Rob Winch ecb4296540 SEC-2588: Javadoc fix channelSecurity->requiresChannel 2014-07-21 14:23:40 -05:00
Mirko Zeibig 75df42cb7c SEC-2656: Fix <frame-options> with whitelist strategy 2014-06-18 09:10:28 -05:00
Rob Winch c3d05bea62 SEC-2657: Test for multi dynamic ports for LDAP Java Config 2014-06-17 17:25:08 -05:00
Rob Winch a3fd706335 SEC-2660: Move config integration-test *.groovy to groovy source folder 2014-06-17 17:22:42 -05:00
Rob Winch b255478b14 SEC-2658: Java Config triggers usePasswordAttrCompare to be set 2014-06-17 17:10:16 -05:00
Rob Winch a2b53fabce SEC-2657: LdapAuthenticationProviderConfigurer find available port 2014-06-17 16:54:42 -05:00
Rob Winch 63d1b531a1 SEC-2618: LdapAuthenticationProviderConfigurer passwordAttribute null check
If LdapAuthenticationProviderConfigurer passwordAttribute is null, do not
set on the PasswordComparisonAuthenticator
2014-06-17 16:51:01 -05:00
Rob Winch e6e35932ed SEC-2603: Fix config groovy integration tests 2014-05-20 23:15:39 -05:00
Rob Winch cbd06a4994 SEC-2472: Support LDAP crypto PasswordEncoder 2014-05-20 23:15:36 -05:00
Andy Wilkinson d95640d3e5 SEC-2600: Remove unused import 2014-05-19 12:29:04 -05:00
Rob Winch f73b579ad9 SEC-2543: Logout with CSRF enabled requires POST by default 2014-05-02 11:24:02 -05:00
Rob Winch 1d7402e0cd SEC-2532: Add disclaimer about jdbcAuthentication() with persistent data stores 2014-04-28 15:06:52 -05:00
Rob Winch 37bb350883 SEC-2549: Remove LazyBean marker interface 2014-04-24 14:34:35 -05:00
Rob Winch 00e1094178 Add springio-platform plugin 2014-04-23 14:35:22 -05:00
Rob Winch ccf96a4d69 SEC-2542: Polish dependency exclusions
This cleans up exclusions so the pom.xml are not as cluttered.
2014-04-02 09:47:29 -05:00
Rob Winch 3118e39de8 SEC-2542: Use exclusions to remove duplicate dependencies
A number of projects had duplicate dependencies on their classpaths
as a result of the same classes being available in more than one
artifact, each with different Maven coordinates. Typically this only
affected the tests, but meant that the actual classes that were
loaded was somewhat unpredictable and had the potential to vary
between an IDE and the command line depending on the order in which
the aritfacts appeared on the classpath. This commit adds a number of
exclusions to remove such duplicates.

In addition to the new exclusions, notable other changes are:

 - Spring Data JPA has been updated to 1.4.1. This brings its
   transitive dependency upon spring-data-commons into line with
   Spring LDAP's and prevents both spring-data-commons-core and
   spring-data-commons from being on the classpath
 - All Servlet API dependencies have been updated to use the official
   artifact with all transitive dependencies on unofficial servlet API
   artifacts being excluded.
 - In places, groovy has been replaced with groovy-all. This removes
   some duplicates caused by groovy's transitive dependencies.
 - JUnit has been updated to 4.11 which brings its transitive Hamcrest
   dependency into line with other components.

There appears to be a bug in Gradle which means that some exclusions
applied to an artifact do not work reliably. To work around this
problem it has been necessary to apply some exclusions at the
configuration level

Conflicts:
	samples/messages-jc/pom.xml
2014-04-02 09:47:26 -05:00
Rob Winch c411014c24 SEC-2533: Global AuthenticationManagerBuilder disables clearing child credentials 2014-03-25 13:05:44 -05:00
Rob Winch cb0549a609 SEC-2498: RequestCache allows POST when CSRF is disabled 2014-03-25 10:50:59 -05:00
Rob Winch d079044592 SEC-2531: AuthenticationConfiguration#lazyBean should use BeanClassLoader 2014-03-24 14:58:19 -05:00
Rob Winch e4a58375cc SEC-2515: Detect object cycle for AuthenticationManager configuration 2014-03-10 14:33:35 -05:00
Rob Winch 4cdeacc277 SEC-2499: Allow MethodSecurityExpressionHandler in parent context
Previously a NoSuchBeanDefintionException was thrown when the
MethodSecurityExpressionHandler was defined in the parent context. This
happened due to trying to work around ordering issues related to SEC-2136

This commit resolves this by not marking the
MethodSecurityExpressionHandler bean as lazy unless it exists.
2014-03-06 21:14:35 -06:00
Rob Winch 9988fa141c Update Spring Security version in pom.xml 2014-03-06 08:13:52 -06:00
Rob Winch 6be4e3a9fc SEC-2506: Remove Bundlor Support 2014-03-05 13:32:16 -06:00
Rob Winch 04a527d4ec SEC-2495: CSRF disables logout on GET 2014-02-20 09:40:00 -06:00
Rob Winch 7f99a2dfbb SEC-2487: Update to Spring 3.2.8.RELEASE 2014-02-19 09:30:40 -06:00
Rob Winch 85305050c0 SEC-2455: Fix XML default login generation 2014-02-18 13:52:05 -06:00
Rob Winch 8a3a7961cb SEC-2492: ExpressionUrlAuthorizationConfigurer private interceptUrl to void 2014-02-15 14:41:26 -06:00
Rob Winch bf2df220ca SEC-2490: LdapAuthenticationProviderConfigurer allows custom LdapAuthoritiesPopulator 2014-02-13 16:37:33 -06:00
Rob Winch 7a3da28987 SEC-2479: Search parent context for AuthenticationManager 2014-02-12 08:11:26 -06:00
Rob Winch 6c35c33abe SEC-2447: Fix AuthenticationManagerBuilder ordering issues 2014-02-09 21:17:51 -06:00
Rob Winch c42e13c966 loginProcessing test 2014-02-07 17:01:11 -06:00
Rob Winch 6b42a2eae1 SEC-2461: Multi WebSecurityConfiguration does not create null springSecurityFilterChain 2014-02-07 17:01:11 -06:00
Rob Winch ec8b48150d SEC-2474: Update poms 2014-02-07 17:01:11 -06:00
Rob Winch 8d8475deb1 SEC-2455: form-login@login-processing-url & logout@logout-url use matchers
Remove the deprecation warnings of using setFilterProcessingUrl by invoking
the matcher methods instead.
2014-01-29 15:35:18 -06:00
Rob Winch 1f833b0d6b Add ExpressionUrlAuthorizationCOnfigurer tests
- Demo custom expression root
- Demo @Bean in expression example
2014-01-23 11:21:21 -06:00
Rob Winch 994117ad75 SEC-2436: Fix CsrfConfigurerNoWebMvcTests 2013-12-14 14:48:47 -06:00
Rob Winch b7041ed00e SEC-2436: Add @EnableWebMvcSecurity 2013-12-14 14:40:01 -06:00
Rob Winch 053c890a69 SEC-2450: WebSecurityConfigurerAdapter have default Order of 100 2013-12-14 13:00:48 -06:00
Rob Winch 2df5541905 SEC-2448: Update to HSQL 2.3.1 2013-12-14 10:19:06 -06:00
Rob Winch 04fac30d75 SEC-2449: <ldap-server> default port should fallback to dynamic value 2013-12-14 10:19:06 -06:00
Rob Winch 54ffa28bde remove apacheDSWorkDir since custom tmp dir is created 2013-12-13 16:38:35 -06:00
Rob Winch a34178bc40 SEC-2434: Update to Spring 3.2.6 and Spring 4.0 GA 2013-12-12 08:16:59 -06:00
Rob Winch aaa7cec32e SEC-2326: CsrfRequestDataValueProcessor implements RequestDataValueProcessor
Previously there was unecessary complexity in CsrfRequestDataValueProcessor
due to the non-passive changes in RequestDataValueProcessor. Now it simply
implements the interface with the methods for both versions of the interface.
This works since linking happens at runtime.
2013-12-12 08:07:22 -06:00
Rob Winch 7f714ebb23 SEC-2422: Session timeout detection with CSRF protection 2013-12-11 17:38:17 -06:00
Rob Winch 00d668dc5c SEC-2431: UrlAuthorizationConfigurer missing <HttpSecurity> in doc 2013-12-11 11:07:05 -06:00
Rob Winch 4460e84b29 Updates to pom.xml author and repo 2013-12-09 08:57:30 -06:00
Rob Winch 8e8bdad8e6 SEC-2386: Remove stack for AuthenticationManagerBuilder with no authenticationProviders 2013-12-04 15:53:32 -06:00