Commit Graph

579 Commits

Author SHA1 Message Date
Rob Winch c94a5cf8e2 SEC-2916: disable-url-rewriting=true by default 2015-03-25 13:14:15 -05:00
Rob Winch 0a2e496a84 SEC-2915: groovy/gradle spaces->tabs 2015-03-25 13:08:59 -05:00
Rob Winch cf9f58a4ac SEC-2915: XML spaces->tabs 2015-03-25 13:08:52 -05:00
Rob Winch 8105b05dd0 SEC-2782: Migrate guide links include "current" in URL 2015-03-23 09:33:00 -05:00
Rob Winch b262c198d8 SEC-2782: Polish Migrating from 3 to 4 Guide 2015-03-20 14:14:55 -05:00
Rob Winch a18fa3f1db saving updates to migrate 2015-03-16 12:32:58 -05:00
Rob Winch 1da1b8b12f SEC-2892: Added Guides Back to dist 2015-03-11 13:29:18 -05:00
Rob Winch 9169186d48 SEC-2889: Update documentation to use sameOriginDisabled 2015-03-10 14:48:19 -05:00
Rob Winch 5e2720723a SEC-2884: Fix WebSocket reference link text 2015-03-10 10:51:53 -05:00
Rob Winch dea5723ecc SEC-2782: Finish Migration Guide from 3.x to 4.x 2015-03-09 17:09:00 -05:00
Rob Winch 9b4cbff58c SEC-2782: Additional Updates to Migration Guide from 3.x to 4.x 2015-03-06 17:10:06 -06:00
Rob Winch ff4e9e6ad4 SEC-2782: Started Migration Guide from 3.x to 4.x 2015-02-27 16:18:18 -06:00
drdamour ff5a176675 trivial docs fixed a few typos and grammatical errors
I have signed and agree to the terms of the SpringSource Individual Contributor License Agreement.
2015-02-25 00:04:15 -06:00
Eugene Wolfson 4ca99ef88c SEC-2877: Fix doc typo in index.adoc
Replace "a`" with "a `"
2015-02-24 22:28:07 -06:00
Rob Winch 5f57e5b0c3 SEC-2873: Remember Me XML Configuration Defaults Should Match Java Config 2015-02-24 20:49:56 -06:00
Kazuki Shimizu 67cd8465c3 SEC-2826: Add remember-me-cookie attribute in xml namespace 2015-02-24 17:54:54 -06:00
Rob Winch 9ffd5db466 SEC-2584: Add What's New in 4.0 2015-02-24 16:14:15 -06:00
Rob Winch bfa12ade40 SEC-2870: Add Spring Data Documentation 2015-02-24 16:14:08 -06:00
Rob Winch 37740cd020 SEC-2861: Add WebSocket Documentation & Sample 2015-02-24 10:29:47 -06:00
Rob Winch b9563f6102 SEC-2830: Cleanup disabling Same Origin SockJS
- Defaults for properties false
- Add XML Namespace support
2015-02-24 10:28:33 -06:00
Rob Winch b9e2a57131 SEC-2854: Add intercept-message@message-type 2015-02-20 11:43:16 -06:00
Rob Winch fea03536d6 SEC-2853: Rename WebSocket XML Namespace elements 2015-02-20 11:43:15 -06:00
Rob Winch 6a8475adbb SEC-2830: Provide Same Origin support for SockJS 2015-02-18 11:21:02 -06:00
Rob Winch a27c33754c SEC-2859: Add CsrfTokenArgumentResolver 2015-02-18 10:51:30 -06:00
Rob Winch c4fe630f8e SEC-2846: Security HTTP Response Headers Configuration Cleanup 2015-02-10 10:36:00 -06:00
Rob Winch 6627f76df7 SEC-2758: Make ROLE_ consistent 2015-01-29 17:08:43 -06:00
Rob Winch 081f84844c SEC-2777: Fix <header> attributes in doc 2015-01-20 16:28:02 -06:00
Rob Winch c30c97005b SEC-2572: Document Spring Test 2015-01-20 16:20:14 -06:00
Christopher Pelloux aab0eea9cf SEC-2800 Documentation typo in class name 2014-12-22 19:22:26 -05:00
Rob Winch d5ff80011b Polish Documentation 2014-12-11 20:36:55 -06:00
Rob Winch 1677836d53 SEC-2790: Deprecate @EnableWebMvcConfig 2014-12-10 21:10:27 -06:00
Rob Winch 3171cc4364 SEC-2788: Add @Configuration as meta annotation to @Enable* annotations 2014-12-10 21:10:15 -06:00
Rob Winch c67ff42b8a SEC-2783: XML Configuration Defaults Should Match JavaConfig
* j_username -> username
* j_password -> password
* j_spring_security_check -> login
* j_spring_cas_security_check -> login/cas
* j_spring_cas_security_proxyreceptor -> login/cas/proxyreceptor
* j_spring_openid_security_login -> login/openid
* j_spring_security_switch_user -> login/impersonate
* j_spring_security_exit_user -> logout/impersonate
* login_error -> error
* use-expressions=true by default
2014-12-08 15:09:15 -06:00
Rob Winch 5f5e7e7265 SEC-2785: Reference outputs PDF, Html Multi, & epub 2014-12-08 13:29:15 -06:00
Rob Winch 87a52ffbfd SEC-2784: Update to Gradle 2.2.1 2014-12-08 13:29:07 -06:00
Rob Winch 6e204fff72 SEC-2781: Remove deprecations 2014-12-04 15:28:40 -06:00
Rob Winch 2cb2657f5b SEC-2702: Clean WebSocket Namespace documentation 2014-11-25 12:27:29 -06:00
Rob Winch 3c487c0348 SEC-2348: Update doc headers enabled by default with XML 2014-11-21 21:55:03 -06:00
Rob Winch 4392205f63 SEC-2347: CSRF Enabled by default w/ XML Config 2014-11-21 21:32:56 -06:00
Rob Winch eedbf44235 SEC-2348: Security HTTP Response Headers enabled by default w/ XML 2014-11-21 16:06:29 -06:00
Rob Winch 4dcc89fab0 SEC-2674: Documentation refers to httpStrictTransportSecurity() instead of hsts() 2014-11-19 13:31:09 -06:00
Rob Winch 55d6d5a86a SEC-2615: accesscontrollist tag hasPermission performs OR not AND
In 3.1 the accesscontrollist tag began performing an and on the
permissions. This may have been accidental, but I think that it is more
intuitive & secure for it to behave this way. When compared to hasAnyRole
and hasRoles the hasPermission tag implies it is an and. If users end up
needing OR support, then the authorize tag can be used along with the
hasPermission expression. For example:

  <sec:authorize access="hasPermission(#domain, 'read') or hasPermission(#domain, 'write') ">

In general, the authorize tag should be preferred as it is the more
powerful way of performing authorization checks.
2014-11-18 16:59:46 -06:00
Rob Winch e7edb77cae SEC-2716: Fix doc spelling of AbstractPreAuthenticatedProcessingFilter 2014-09-16 10:56:52 -05:00
Bloshchetsov Andrey Evgenyevich bd322542ca Fixed broken url to Clickjacking description. 2014-08-20 10:11:21 +04:00
Rob Winch 934937d9c1 SEC-2688: CAS Proxy Ticket Authentication uses Service for host & port 2014-08-15 16:41:33 -05:00
Rob Winch b97b84063a SEC-2665: Fix samples/ldap-jc link in reference 2014-07-21 14:20:14 -05:00
Alexander Grüneberg d9efd08bfd SEC-2577: Add missing whitespace in reference 2014-04-28 16:24:48 -05:00
Rob Winch 5b216bd0b2 Revert "SEC-2547: Consistent CAS client version"
This reverts commit f6cc9d87d5.
2014-04-15 10:36:37 -05:00
Hans-Joachim Kliemeck f6cc9d87d5 SEC-2547: Consistent CAS client version 2014-04-14 22:48:55 -05:00
Grzegorz Rożniecki 8e31b66f06 SEC-2556: Fix @Import example in manual 2014-04-14 22:39:37 -05:00
Luke Taylor 71ba977dad Fix package name in manual code 2014-03-27 13:08:23 +00:00
Rob Winch 32d3e29c65 SEC-2325: Polish CSRF Tag support
- Rename csrfField to csrfInput
- Make AbstractCsrfTag package scope
- rename FormFieldTag to CsrfInputTag
- rename MetaTagsTag to CsrfMetaTagsTag
- removed whitespace from tag output so output is
  minimized & improving browser performance
- Update @since
- changed test names to be more meaningful
2014-03-07 15:28:52 -06:00
beamerblvd a3e0475998 SEC-2325 Added JSP tags for CSRF meta tags and form fields 2014-03-07 15:28:48 -06:00
beamerblvd 26cee61b98 SEC-2335 Added ACL schema files for MySQL, SQL Server, Oracle 2014-03-07 15:28:45 -06:00
John Tims 56bb331760 SEC-2514: Fix typo in hellomvc.asc
packags -> packages
2014-03-07 10:27:23 -06:00
Manimaran Selvan 1d6536fa71 SEC-2512: Fix typo in reference`
udates -> updates
2014-03-06 22:22:34 -06:00
Rob Winch 4a1a2dfed4 Update min Spring version of 4.0.2.REELASE 2014-02-19 11:16:57 -06:00
Rob Winch 6c35c33abe SEC-2447: Fix AuthenticationManagerBuilder ordering issues 2014-02-09 21:17:51 -06:00
Rob Winch b5f5665ea6 SEC-2463: CSRF documentation includes EnableWebMvcSecurity 2014-01-29 09:28:51 -06:00
Rob Winch 3b05fd6fed SEC-2466: Add link to MultipartFilter in CSRF multipart section 2014-01-28 22:04:35 -06:00
Rob Winch 4c84805ac9 SEC-2466: CSRF MutipartFilter doc now uses <url-pattern> 2014-01-28 16:51:05 -06:00
Rob Winch f09ce267b3 Polish MVC doc 2013-12-16 12:30:25 -06:00
Rob Winch 374aceed2b Polish form.asc 2013-12-16 11:13:23 -06:00
Rob Winch df703e0189 Polish hellomvc.asc 2013-12-16 10:39:18 -06:00
Rob Winch 8c580dc170 SEC-2444: Polish Thymeleaf for samples 2013-12-16 09:51:00 -06:00
Rob Winch 5205bf57c6 SEC-2453: Create 403 CSRF FAQ Entry 2013-12-16 09:02:02 -06:00
Rob Winch b7041ed00e SEC-2436: Add @EnableWebMvcSecurity 2013-12-14 14:40:01 -06:00
Rob Winch 4708287ad3 SEC-2444: Convert Java Config samples to thymeleaf and tiles 2013-12-13 15:47:28 -06:00
Rob Winch 0d12397662 SEC-2385: Polish Gradle Spring 4 usage doc 2013-12-12 08:20:37 -06:00
Rob Winch 035067caf4 SEC-2385: Polish Gradle Spring 4 usage doc 2013-12-11 08:08:51 -06:00
Rob Winch 548ed4e14a Update samples to declare repository already added 2013-12-06 14:46:52 -06:00
Rob Winch feeb380b51 Polish Guides 2013-12-06 11:12:07 -06:00
Rob Winch ec524da6cb SEC-2416: Fix Hello MVC guide 2013-12-05 15:47:38 -06:00
Rob Winch fc6fc19eed Fix guides 2013-12-05 13:16:59 -06:00
Rob Winch 74a6303b6f SEC-2385: Document how to use with Spring 4 2013-12-04 12:38:45 -06:00
Rob Winch 4308e72573 Polish CSRF log in caveat with link 2013-12-03 09:27:49 -06:00
Rob Winch b8cc42e3a3 SEC-2426: Add CSRF and logout with non-post example 2013-12-03 09:07:54 -06:00
Rob Winch ab08d99a52 SEC-2421: Remove filterProcessUrl from UsernamePasswordAuthenticationFilter doc 2013-12-02 16:47:57 -06:00
Rob Winch 135df149a3 SEC-2423: Document differences between defaults in Java & XML Config 2013-12-02 16:37:52 -06:00
Rob Winch 0b996c669f SEC-2424: Document ObjectPostProcessor 2013-12-02 10:17:08 -06:00
Rob Winch 5a59c74d02 SEC-2327: Document SecurityExpressionRoot 2013-11-20 16:59:05 -06:00
Rob Winch 4944e602cb SEC-2402: Reference cleanup
* Fix link rendering in CSRF section
* Remove static from MultiHttpSecurityConfig sample
* Decrease indention since can render w/ PDF now
* Remove invalid characters
2013-11-15 10:50:08 -06:00
Rob Winch f1f3acdf75 Fix guides spec 2013-11-01 14:21:37 -05:00
Rob Winch c135179029 Update to latest Asciidoctor version
We will temporarily remove PDF support until the plugin supports it.
2013-10-30 16:56:00 -05:00
Rob Winch cf3e2f2c6a Fix guide index's link to custom form 2013-10-30 16:19:51 -05:00
Rob Winch 17b9f33351 SEC-2378: Fix CSRF MultipartFilter doc typo 2013-10-29 13:07:10 -05:00
Rob Winch 5427da6b27 Move reference to htmlsingle to match standard Spring reference layout 2013-10-29 12:56:29 -05:00
Rob Winch 78f85cc129 SEC-2349: Number the reference 2013-10-23 17:46:57 -05:00
Rob Winch 85ec2429d9 SEC-2349: Externalize FAQ 2013-10-23 17:43:32 -05:00
Rob Winch 355f884d22 SEC-2093: Document what is new in Spring Security 3.2 2013-10-18 16:39:01 -05:00
Rob Winch 4a24c81147 SEC-2299: Document @AuthenticationPrincipal 2013-10-18 15:46:29 -05:00
Rob Winch a3009e303b SEC-2299: Document Web MVC integration 2013-10-18 11:23:58 -05:00
Rob Winch 6ea95cc3a3 SEC-2094: Document Concurrency Support 2013-10-18 09:50:49 -05:00
Rob Winch 348e3a22b6 SEC-2365: registerAuthentication->configure 2013-10-16 13:59:56 -05:00
Rob Winch db3c626ac9 SEC-2281: Document Java Configuration 2013-10-16 10:44:35 -05:00
Rob Winch e3f58fd9d3 Polish guide 2013-10-16 10:44:16 -05:00
Rob Winch bbefc62a87 Fix Security Header's link to HttpServletResponse.setHeader 2013-10-15 16:56:44 -05:00
Rob Winch 730dcffe6d Fix crossrefs in footnotes 2013-10-15 16:50:26 -05:00
Rob Winch bf3b5459cd Fix Authors of manual 2013-10-15 16:22:27 -05:00
Rob Winch 0978c12c47 SEC-2361: Java Config Sampels use @Autowired AuthenticationManagerBuilder 2013-10-15 12:35:32 -05:00
Rob Winch 51171efa7a SEC-2357: Move *RequestMatcher to .matcher package 2013-10-14 11:55:56 -05:00
Rob Winch 14b9050616 SEC-2357: Move *RequestMatchers to .matchers package 2013-10-14 10:36:31 -05:00
Rob Winch d28058303b SEC-2349: Move FAQ into reference 2013-10-03 21:28:55 -05:00
Rob Winch 4b43cf3f50 SEC-2349: Convert Reference to Asciidoctor 2013-10-03 14:15:09 -05:00
Rob Winch df5e034fc3 SEC-2282: Polish CSRF Documentation 2013-09-27 17:14:21 -05:00
Rob Winch 8087cde628 SEC-2331: Include Expires: 0 in xsd and appendix 2013-09-27 17:10:42 -05:00
Rob Winch 8fed90c26c SEC-2282: Add links for AccessDeniedHandler in CSRF doc 2013-09-27 16:44:34 -05:00
Rob Winch 3e95f1c12e SEC-2282: Polish CSRF Documentation 2013-09-27 16:41:06 -05:00
Rob Winch ee33a6deeb SEC-2285: Headers doc explicitly state default headers 2013-09-27 16:29:10 -05:00
Rob Winch 17efd25717 SEC-2331: Include Expires: 0 in security headers documentation 2013-09-27 16:13:40 -05:00
Rob Winch 06a0ec1a9f SEC-2285: Polish Security Headers Documentation
Explain why (passivity) XML Namespace doesn't enable security headers by
default.
2013-09-27 16:13:18 -05:00
Rob Winch 9bb283044f SEC-2282: Polish CSRF Documentation
Explain why (passivity) XML Namespace doesn't enable csrf protection by
default.
2013-09-27 16:06:25 -05:00
Rob Winch a09756745f SEC-2151: Support binding method arguments with Annotations
This allow utilizing method arguments for method access control on
interfaces prior to JDK 8.
2013-09-27 11:18:37 -05:00
Rob Winch 1f3b812a66 SEC-2282: Polish CSRF Documentation 2013-09-26 08:58:39 -05:00
Rob Winch ef7cc40389 SEC-2282: Polish CSRF Documentation 2013-09-25 17:30:50 -05:00
Rob Winch d16106ef56 SEC-2309: Document CSRF multipart/form-data 2013-09-25 15:14:32 -05:00
Rob Winch e5804d323b SEC-2256: Fix intercept-url doc precidence statement
Previously the documentation incorrectly stated "If a request matches
multiple patterns, the method-specific match will take precedence
regardless of ordering."

This has now been removed and InterceptUrlConfigTests was added previously
to ensure this was true.
2013-09-13 22:02:52 -07:00
Rob Winch f6587c8697 SEC-2312: Update javadoc link to Spring 3.2.x 2013-09-13 15:34:30 -07:00
Rob Winch 98fe2322cd SEC-2095: Fix Servlet API doc ids 2013-08-30 13:10:32 -05:00
Scott Andrews fc16450344 Demonstrate rest.js CSRF support in reference docs
rest.js 0.9.4 added support for applying the CSRF header and token to
Ajax requests.
2013-08-30 12:21:32 -05:00
Rob Winch 246c632f3a SEC-2095: Document Servlet API support 2013-08-30 12:20:35 -05:00
Rob Winch 86340b8016 SEC-2283: Polish headers doc 2013-08-29 13:47:54 -05:00
Rob Winch d89cf6db29 SEC-2283: Update headers documentation and tests 2013-08-28 12:35:40 -05:00
Rob Winch 4761614c9f SEC-2291: Fix internal links within reference
Instead of using xlink:href="# use linkend="
2013-08-28 09:12:27 -05:00
Rob Winch 69aac09e1d SEC-2285: Added headers to to reference 2013-08-28 08:58:45 -05:00
Rob Winch 9483226d02 SEC-2282: Polish CSRF doc 2013-08-27 17:16:32 -05:00
Rob Winch 98bdd32ca0 SEC-2282: Add CSRF documentation to the reference manual 2013-08-25 19:00:04 -05:00
Rob Winch 18bd82e7d4 SEC-2131: Update doc to state session authentication sends 401 if no page 2013-08-25 11:37:23 -05:00
Rob Winch cd7055f725 SEC-2171: Include Information about pooling in Spring LDAP documentation 2013-08-25 11:27:50 -05:00
Rob Winch 7f2308f46c SEC-2146: Document AspectJ does not inherit annotations 2013-08-25 11:06:36 -05:00
Rob Winch 03b235295e SEC-2270: Remove duplicate version from guides index 2013-08-23 14:13:12 -05:00
Rob Winch efa9f4db93 SEC-2108: Fix typo in ldap section of manual 2013-08-23 14:09:58 -05:00
Rob Winch e8788f2657 SEC-2269: Fix markup for CSRF link 2013-08-21 10:08:39 -05:00
Rob Winch 17c2a18fee SEC-2269: Fix CSRF link in appendix 2013-08-21 10:01:19 -05:00
Rob Winch a3a432f7b6 SEC-2269: Fix additional links 2013-08-20 14:02:33 -05:00
Rob Winch 3b2156969d SEC-2269: Fix headers link 2013-08-20 10:06:00 -05:00
Rob Winch f707101fdb SEC-2269: Fix headers documentation 2013-08-20 10:03:31 -05:00
Rob Winch eb95c500f5 Remove dockbook-reference from guides 2013-08-20 10:02:55 -05:00
Rob Winch 658a93178c SEC-2252: Add custom form guide 2013-08-19 15:22:04 -05:00
Rob Winch 51b9c4a19a Hide logout in main.jsp if not logged in 2013-08-17 14:38:39 -05:00
Rob Winch e9bb9e766e SEC-1574: Add CSRF Support 2013-08-15 14:49:21 -05:00
beamerblvd 5f35d9e3ec SEC-2135: Document HttpServletRequest.changeSessionId() support 2013-08-15 13:59:16 -05:00
Rob Winch 485676be8c SEC-2251: Polish Hello World guides
* Correct how to add username and logout to mvc
* Externalize :revnumber:
2013-08-15 12:50:40 -05:00
Rob Winch 13da42ca1b SEC-2137: Allow disabling session fixation and enable concurrency control 2013-08-15 12:50:40 -05:00
Rob Winch e0cb931f69 SEC-2251: Create Hello World Java Configuration guides 2013-08-08 14:34:50 -05:00
Asaf David 333a7291a4 SEC-2242: Fixed typo in technical overview
Changed "source source" to "source"
2013-08-01 13:02:56 -05:00
Rob Winch e242aeff3e SEC-2230: Polish and clickjacking demo 2013-08-01 10:19:36 -05:00
Rob Winch 283c906215 SEC-2230: Fix reference PDF 2013-07-31 12:22:41 -05:00
Rob Winch 988e97e366 SEC-2230: Polish headers reference 2013-07-31 10:39:52 -05:00
Rob Winch c85328c5d1 SEC-2230: HTTP Strict Transport Security (HSTS)Add support for Strict
This is a distinct filter as apposed to reusing StaticHeaderWriter
since the specification specifies that the "Strict-Transport-Security"
header should only be set on secure requests. It would not make sense to
require DelegatingRequestMatcherHeaderWriter since this requirement is
in the specification.
2013-07-31 10:39:52 -05:00
Rob Winch 8013cd54d6 SEC-2230: Added Cache Control support 2013-07-31 10:39:45 -05:00
Rob Winch 7b164bb5e1 SEC-2230: Polish pull request 2013-07-26 14:19:53 -05:00
Rob Winch 8acd205486 SEC-2232: HeaderFactory to HeaderWriter 2013-07-26 09:01:12 -05:00
Rob Winch fd754c5cab SEC-2098, SEC-2099: Fix build
- hf.doFilter is missing FilterChain argument
  - response.headers does not contain the exact values for the headers so
    should not be used for comparison (note it is a private member so this
    is acceptable)
  - hf does not need non-null check when hf.doFilter is invoked
  - some of the configurations are no longer valid (i.e. ALLOW-FROM
    requires strategy)
  - Some error messages needed updated (some could still use improvement)
  - No validation for missing header name or value
  - rebased off master / merged
  - nsa=frame-options-strategy id should use - not =
  - FramewOptionsHeaderFactory did not produce "ALLOW-FROM " prefix of origin
  - remove @Override on interface overrides to work with JDK5
2013-07-25 16:23:25 -05:00
Marten Deinum d0b40cd2ae - Created HeaderFactory abstraction
- Implemented different ALLOW-FROM strategies as specified in the proposal.

Conflicts:
	config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
	config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy
2013-07-25 16:22:43 -05:00
Rob Winch a63baa8391 SEC-2098, SEC-2099: Polishing 2013-07-25 16:22:43 -05:00
Marten Deinum 0adf5aea91 SEC-2098, SEC-2099: Created HeadersFilter
Created HeadersFilter for setting security headers added including a
bean definition parser for easy configuration of the headers. Enables
easy configuration for the X-Frame-Options, X-XSS-Protection and
X-Content-Type-Options headers. Also allows for additional headers to
be added.
2013-07-25 16:22:43 -05:00
Rob Winch 955a60cf49 SEC-2208: Use std docbook plugin and workspace cleanup 2013-07-16 15:15:47 -05:00
Luke Taylor d8727638ab SEC-1785: Remove auto-config from manual.
Changed the namespace doc to use an explicit form-login
and logout element and avoid mention of auto-config or its
effects. This makes the intro shorter and simpler.
2013-05-18 21:25:11 +01:00
Luke Taylor d6524feb62 SEC-2122: Change doc to prioritize bcrypt use 2013-05-17 18:42:47 +01:00
Rob Winch c0921b9ede SEC-2133: Update doc from ChannelAuthenticationFilter to ChannelProcessingFilter 2013-04-25 08:56:47 -05:00
Luke Taylor 6ebb9abfb7 Fix HttpSessionEventPublisher package name in FAQ. 2013-04-06 14:53:53 +01:00
Oliver Becker 5eb5c91d86 SEC-2119: Rename rememberme-parameter to remember-me-parameter
This change extends pull request https://github.com/SpringSource/spring-security/pull/26
and its subsequent changes by renaming the attribute name 'rememberme-parameter' to
'remember-me-parameter'.

The spelling including the additional hyphen in 'remember-me-parameter' is more consistent
with the default spelling of the 'remember-me' functionality.
2013-03-05 14:47:25 -06:00
Rob Winch b014020955 SEC-2119: Polish remember-me@rememberme-parameter
- Change form-parameter to rememerme-parameter
  - Use rnc file for generating the xsd
  - Add test for deafult value of rememberme parameter
2013-03-01 17:03:09 -06:00
Oliver Becker 9eb34fe51c SEC-2119: Add a 'form-parameter' attribute to <remember-me>
This change extends the namespace configuration of <remember-me>
with a 'form-parameter' attribute. The introduced attribute sets
the 'parameter' property of  AbstractRememberMeServices.

This enables overriding the default value of
'_spring_security_remember_me' using the namespace configuration.
2013-03-01 17:03:02 -06:00
Rob Winch e8661913d1 SEC-2119: Update to 3.2 schema and use default schema version when available 2013-03-01 16:29:27 -06:00
@fbiville 83f1d76c16 SEC-2138: Fix code snippet in Hierarchical Roles section
The bean definition of RoleHierarchyVoter was syntactically incorrect.
2013-02-26 09:48:59 -06:00
Rob Winch 5ba31dfd56 Use AspectJMethodSecurityInterceptor in reference
Change reference to use AspectJMethodSecurityInterceptor instead of
undefined AspectJSecurityInterceptor.
2012-12-04 10:06:27 -06:00
Rob Winch 373fe3a9f1 SEC-2074: Update reference to use <method-security-metadata-source> 2012-12-04 10:05:22 -06:00
Rob Winch 6cea2694dc SEC-2069: Update doc to use FilterInvocationSecurityMetadataSource 2012-10-22 14:24:05 -05:00
Rob Winch 4f741bc914 SEC-2057: ConcurrentSessionFilter is now after SecurityContextPersistenceFilter
Previously, ConcurrentSessionFilter was placed after SecurityContextPersistenceFilter
which meant that the SecurityContextHolder was empty when ConcurrentSessionFilter was
invoked. This caused the Authentication to be null when performing a logout. It also
caused complications with LogoutHandler implementations that would be accessing the
SecurityContextHolder and potentially clear it out expecting that
SecurityContextPersistenceFilter would then clear the SecurityContextRepository.

The ConcurrentSessionFilter is now positioned after the
SecurityContextPersistenceFilter to ensure that the SecurityContextHolder is populated
and cleared out appropriately.
2012-10-03 09:27:24 -05:00
Rob Winch 8ad0e0e8e8 SEC-1995: Use Gradle Artifactory integration for releases 2012-08-09 14:20:57 -05:00
Rob Winch 095dcb3a74 SEC-2010: Include missing <value> tag in Hierarchical Roles section of the reference 2012-07-19 10:18:12 -05:00
Rob Winch b196d70f99 SEC-1905: Added para tag to the digest encoded password footnote 2012-07-11 13:12:57 -05:00
Rob Winch bfd09f7603 SEC-1905: Added footnote to password encoding for digest authentication
Technically digest authentication can allow for encoded passwords, but
it needs to be in the correct format. This update adds a footnote to clarify this.

Previously the documentation stated that passwords must be in clear text.
2012-07-11 13:00:06 -05:00
Rob Winch 3e4da4f60f Updated to next snapshot version 2012-07-06 11:28:21 -05:00
Rob Winch f46a5bab40 Set to 3.1.1 Release 2012-07-06 10:32:55 -05:00
Rob Winch a2452ab514 SEC-1906: Update to Gradle 1.0 2012-07-05 12:41:56 -05:00
Rob Winch 18230259b8 SEC-1985: Removed WebSecurityExpessionHandler from reference 2012-06-28 11:35:07 -05:00
Rob Winch 954ba57cf2 SEC-1970: Cleanup of pre authentication documentation
* Removed custom-authentication-provider from documentation
* Rephrased to make the pre authentication documentation a little more concise
* Removed nested () within text (not code)
* Removed user which should have been use
2012-06-15 14:44:16 -05:00
Rob Winch ca741ab18f SEC-1943: Corrected namespace doc to state SecurityContextHolderAwareRequestFilter instead of SecurityContextHolderAwareFilter 2012-03-20 19:18:26 -05:00
Luke Taylor 2434564d6c SEC-1904: Fixed LDAP object class name in docs. 2012-02-01 14:37:32 +00:00
Luke Taylor b493afa18c SEC-1888: Improving the doc on (not) using multiple annotation types in the same class. 2012-01-31 19:05:43 +00:00
Luke Taylor 9b423a7726 Set 3.1.0 release version. 2011-12-05 23:42:39 +00:00
Rob Winch 53483df1f5 SEC-1678: Added What's new section to reference 2011-11-18 13:52:37 -06:00
Rob Winch 041cb1dcc3 SEC-1858: Included the updates for logout-success-url documentation 2011-11-18 11:22:22 -06:00
Rob Winch f88b6f75ff SEC-1858: Overhall the namespace appendix of the reference to include missing elements and attributes 2011-11-11 09:00:53 -05:00
Rob Winch 2fd0a65049 SEC-1839: Updated preauth example to use </security:authentication-manager> instead of </security-authentication-manager> 2011-10-18 19:18:56 -05:00
Luke Taylor 503ac9ae7c SEC-1798: Remove internal evaluation of EL in JSP tag implementations. 2011-08-12 19:44:27 +01:00
Luke Taylor a1c714cff4 SEC-1754: Added an InvalidSessionStrategy to allow SessionManagementFilter to delegate out the behaviour when an invalid session identifier is submitted. 2011-07-14 16:43:02 +01:00
Luke Taylor ac3d8b25f2 Expand LDAP authentication FAQ with information about bind authentication and unreadable password attributes. 2011-07-14 13:13:39 +01:00
Luke Taylor d5946b81b4 Added FAQ on how to add ApacheDS entries to pom. 2011-07-13 17:50:29 +01:00
Florian Fankhauser 2e83d98c8f SEC-1776: Corrected typo in manual 2011-07-09 19:24:12 -05:00
Luke Taylor 2861a951aa Minor FAQ update on version info. 2011-06-17 11:45:56 +01:00
Luke Taylor ecfffaaa3f Make aspectj dependencies optional throughout and spring-jdbc/tx optional in core poms. Reduces exclusions required in third-party poms (e.g. spring-social). 2011-06-09 22:57:49 +01:00
Luke Taylor 132163ec2e Add FAQ on accessing password from a UserDetailsService. 2011-05-26 18:38:45 +01:00
Luke Taylor b53d430798 Doc update to reflect change in cas integration module name since 3.0. 2011-05-23 21:29:40 +01:00
Luke Taylor 3541099634 Correct typo in FAQ. 2011-05-17 18:23:48 +01:00
Luke Taylor 295ea27526 SEC-1743: Separate remoting from core into separate module. 2011-05-16 00:19:30 +01:00
Luke Taylor 6e91786f92 SEC-1734: AbstractRememberMeServices will now default to using a secure cookie if the connection is secure. The behaviour can be overridden by setting the useSecureCookie property in which case the cookie will either always be secure (true) or never (false). 2011-05-09 13:36:23 +01:00