Previously the following:
http http://localhost:8080/user \
"X-Requested-With:XMLHttpRequest" "Accept:text/plain"
Produced a 302 instead of a 401
Fixes gh-3887
Previous to this commit, custom rolePrefix was not propagated to
LdapAuthoritiesPopulator populating a wrong authority. Now, rolePrefix
is propagated and the authority is as expected.
Fixes gh-3921
Document why InteractiveAuthenticationEvent doesn't extend
AuthentcationEvent. This is to avoid multiple AuthenticationSuccessEvent
from being sent to any listeners.
Fixes gh-3857
When using search-and-bind strategy, the user attributes are already returned in the first search.
If the user happens to not have privileges to perform a search, the second search may fail.
(user only has bind privileges)
See https://github.com/cloudfoundry/uaa/issues/342
AuthenticationConfiguration.getAuthenticationManager() now supports
recursion. This is necessary in instances where something using
@EnableGlobalAuthentication requires an object using method level security.
Fixes gh-3935
Add a suggestion to retrieve a fresh csrf token right before the
form submission in order to avoid problems with invalid csrf tokens
due session timeouts.
Fixes gh-3925
This fixes the following build error:
asciidoctor: ERROR: index.adoc: line 26: invalid part, must have at least one
section (e.g., chapter, appendix, etc.)
Previously, Spring Security's test support did not work well with the
standalone setup. This was because the springSecurityFilterChain was not
found by the WebTestUtils.
This commit ensures that the springSecurityFilterChain is added as a
servlet attribute if it is explicitly defined. WebTestUtils can then
find the springSecurityFilterChain in the ServletContext.
Fixes gh-3881
Currently CookieCsrfTokenRepository does not specify that the httpOnly
flag needs set to false. We should update the reference to include this
setting (and a comment about it) since it states that the settings will
work with AngularJS.
This commit updates the documentation and provides a convenience factory
method to create a CookieCsrfTokenRepository with cookiHttpOnly=false
Fixes gh-3865
