Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-08 19:42:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,469 Commits 38 Branches 348 Tags
Commit Graph

5469 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
8d9b06afb4 SEC-3082: make SavedRequest parameters case sensitive 2015-10-29 16:46:33 -05:00
Rob Winch
0ecdd0e856 SEC-3120: Reference hsts() -> httpStrictTransportSecurity() 2015-10-29 15:10:16 -05:00
Rob Winch
edd2751ff1 SEC-3128: RoleVoter supports null Authentication 2015-10-29 14:03:47 -05:00
Rob Winch
8663ac4173 SEC-3135: antMatchers now allows method and no pattern 
Previously, antMatchers(POST).authenticated() was not allowed. Instead
users had to use antMatchers(POST, "/**").authenticated().

Now we default the patterns to be "/**" if it is null or empty.
 2015-10-29 12:48:56 -05:00
Rob Winch
72213b5c69 SEC-2190: Fix Javadoc 2015-10-29 11:42:03 -05:00
Rob Winch
2bbe70501b SEC-2190: Support WebApplicationContext in ServletContext attribute 2015-10-28 15:26:16 -05:00
Rob Winch
da606d50c0 SEC-3108: DigestAuthenticationFilter should use SecurityContextHolder.createEmptyContext() 2015-10-27 13:57:18 -05:00
Rob Winch
d648a56e16 SEC-2521: Improve StandardPasswordEncoder performance 2015-10-27 11:21:05 -05:00
Rob Winch
9c39a0e83e SEC-3109: Fix web tests 2015-10-26 21:31:40 -05:00
Rob Winch
c8692b6d0b SEC-3109: DelegatingSecurityContextExecutor fails with same Thread 
Previously DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable
would not setup the SecurityContext if it was on the same thread as it was created.
This was intended to fix SEC-3031 but simply caused more problems.

This commit changes the strategy to keep track of the previous SecurityContext
and restore it (or clear it out if it was originally empty).
 2015-10-26 17:17:31 -05:00
Rob Winch
45bbabd485 SEC-3057: Include all *.txt & *.jar in dist zip 2015-10-26 14:04:48 -05:00
Rob Winch
43fbeab106 SEC-3133: Correct test doc username parameter 2015-10-26 13:00:27 -05:00
Rob Winch
b719e0fbcc SEC-3132: securityBuilder cannot be null 
If a custom SecurityConfiguererAdapter applies another
SecurityConfigurerAdapter it caused an error securityBuilder cannot be null.

This commit fixes this.
 2015-10-23 10:28:27 -05:00
Rob Winch
09bf290583 SEC-3129: Update Spring 2015-10-22 10:04:52 -05:00
Rob Winch
9a6f026dff SEC-3052: Doc DEFAULT_MATCHER->DEFAULT_CSRF_MATCHER 2015-10-21 16:22:53 -05:00
Rob Winch
269127c2c6 SEC-2941: Default RequestPostProcessor overrides 
Previously a default RequestPostProcessor overrode additional
RequestPostProcessor instances added to the request. This was due to
SPR-12945. Now that SPR-12945 is fixed, this commit adds a test to
ensure this stays fixed.
 2015-10-21 16:09:15 -05:00
Rob Winch
7074daac0e SEC-3063: rm ConditionalOnMissingBean for @Primary 
ConditionalOnMissingBean can only work in a Spring Boot environment. This
means this approach is flawed.

Instead users that wish to override requestDataValueProcessor can use
@Primary.
 2015-10-21 15:41:32 -05:00
Rob Winch
69446ab80f SEC-3070: Logout invalidate-session=false and Spring Session doesn't 
work
 2015-10-20 15:13:01 -05:00
izeye
48bc0ad5f9 SEC-3124: Fix broken Javadoc related to < and > 2015-10-13 13:33:51 -05:00
Rob Winch
db9584104c Add Gitter to README 2015-08-11 11:49:46 -05:00
Rob Winch
b0701ea770 SEC-3068: Update Tutorial to use POST /logout 2015-08-10 09:53:07 -05:00
Rob Winch
8cc9108601 Merge pull request #209 from raindev/patch-1 
Remove unused imports from SecureRandomBytesKeyGenerator
 2015-08-06 08:54:09 -05:00
Rob Winch
41c9431fcc Test that form log in requires CSRF 2015-08-03 12:24:37 -05:00
Rob Winch
453e6332da Fix indentation of CsrfConfigTests 2015-08-03 12:03:05 -05:00
Rob Winch
969f3a7d1b Update pom.xml to latest snapshots 2015-08-03 09:46:01 -05:00
Rob Winch
4c19768e54 Update to jacoco 0.7.5.201505241946 2015-08-03 09:45:42 -05:00
Thomas Darimont
ad1d858e2b SEC-3056 - Fix JavaDoc errors. 
Fixed JavaDoc errors accross multiple modules in order to make javadoc happy with Java 8.
 2015-08-03 08:02:24 -05:00
Rob Winch
7317c090cc SEC-2963: Disable appengineRun if contains functional tests 2015-07-29 09:57:57 -05:00
Rob Winch
485fbdc1ee SEC-2963: Select Available Port for appengine 2015-07-28 22:47:21 -05:00
Spring Buildmaster
22aa91c8e1 Next development version 2015-07-22 22:08:15 -07:00
Rob Winch
ea873fb1b8 SEC-2963: Disable appengineFunctionalTest 2015-07-22 21:27:28 -05:00
Rob Winch
117f892c91 SEC-3031: DelegatingSecurityContext(Runnable|Callable) only modify SecurityContext on new Thread 
Modifying the SecurityContext on the same Thread can cause issues. For example, with a
RejectedExecutionHandler the SecurityContext may be cleared out on the original Thread.

This change modifies both the DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable to,
by default, only modify the SecurityContext if they are invoked on a new Thread. The behavior can be changed
by setting the property enableOnOrigionalThread to true.
 2015-07-22 16:07:21 -05:00
Rob Winch
113b61e3a0 SEC-2957: Polish 2015-07-22 13:57:28 -05:00
Rob Winch
dab4cf18b8 SEC-3032: Correct documented logout-success-url default 2015-07-22 13:48:07 -05:00
Rob Winch
be27ede0e9 SEC-2957: Add missing provided dependencies to samples 2015-07-22 13:33:52 -05:00
Rob Winch
e8c9f75f9c Update pom.xml to latest versions 2015-07-22 12:51:04 -05:00
Rob Winch
bc53945d89 Remove unused import in WithSecurityContextTestExecutionListenerTests 2015-07-22 12:44:34 -05:00
Rob Winch
432123daa2 SEC-2964: Fix CsrfTokenArgumentResolver Javadoc 2015-07-22 11:32:36 -05:00
Rob Winch
92ae45a04d SEC-3051: Add AbstractPreAuthenticatedProcessingFilter#principalChanged 2015-07-22 08:41:33 -05:00
Rob Winch
a50d297f3a SEC-2953: Add index-docinfo.xml 
This removes the "please define title in your docbook file"
 2015-07-21 11:48:44 -05:00
Rob Winch
54dabb6433 SEC-2993: OpenID Sample now uses me.yahoo.com 2015-07-21 10:44:54 -05:00
Rob Winch
cd4a7e95cc SEC-2991: Add CSRF Token to OpenID XML Sample 2015-07-21 10:42:24 -05:00
Rob Winch
07fb2af74b SEC-3011: AbstractUrlAuthorizationConfigurer postProcess default AccessDecisionManager 2015-07-21 08:52:36 -05:00
Rob Winch
ab1b7a1eb6 Remove unnecessary @SuppressWarnings 2015-07-21 08:51:32 -05:00
Rob Winch
7c725a60e2 SEC-3047: SecurityContextHolderAwareRequestFactory update RequestFactory 2015-07-20 14:06:44 -05:00
Rob Winch
9b92d5a1e7 SEC-2963: Fix tests 2015-07-20 12:53:21 -05:00
Rob Winch
e25b84c902 SEC-2963: Update to latest Google AppEngine 2015-07-20 12:36:29 -05:00
Rob Winch
9654df2cc3 SEC-3045: Conditionally add MethodSecurityMetadataSourceAdvisor 2015-07-17 15:16:09 -05:00
Rob Winch
a3df41b380 Clean Import Statements 2015-07-17 14:52:23 -05:00
Rob Winch
abc445d5a7 SEC-2965: Polish 2015-07-16 15:52:00 -05:00