Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-23 15:20:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,930 Commits 33 Branches 337 Tags
Commit Graph

4930 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
686a7a8d62 SEC-2223: Correct FirewalledRequest#reset() javadoc 2013-07-21 14:30:20 -05:00
Rob Winch
04b7d5ca08 SEC-2156: Only configures COOKIE instead of SSL 
Configuring SSL is only allowed for SSL enabled applications and should
be configured on its own (not in conjuction with other modes).
 2013-07-20 10:29:54 -05:00
Rob Winch
cf0fdc2d66 SEC-2222: Use auth parameter name instead of registry 2013-07-20 07:49:07 -05:00
Rob Winch
ac053dbda7 SEC-2156: AbstractSecurityWebApplicationInitializer configures SessionTrackingMode 
It also allows customization by overriding a method.
 2013-07-19 17:09:58 -05:00
Rob Winch
90bd241ce2 SEC-2199: Support multiple AuthenticationEntryPoint defaults 2013-07-19 17:09:58 -05:00
Rob Winch
87c9a14bff SEC-2198: http.httpBasic() defaults AuthenticationEntryPoint 2013-07-19 17:09:58 -05:00
Rob Winch
4411ae3ff6 SEC-2221: Add MediaTypeRequestMatcher 2013-07-19 17:09:31 -05:00
Rob Winch
eb15b19e50 SEC-2195: Update Groovy version on web module 2013-07-16 22:44:51 -05:00
Rob Winch
0f281f9575 SEC-2215: ServletApiConfigurer populates properties on SecurityContextHolderAwareRequestFilter 
Previously ServletApiConfigurer left the following properties null:
authenticationManager, logoutHandlers, and authenticationEntryPoint
 2013-07-16 22:43:53 -05:00
Rob Winch
59e8551279 Fix package tangles 2013-07-16 17:08:03 -05:00
Rob Winch
5e6ca12b01 SEC-2097: Update integrationTestCompile to use optional and provided 
Also update slf4j version and remove explicit commons-logging from pom generation
 2013-07-16 15:59:06 -05:00
Rob Winch
955a60cf49 SEC-2208: Use std docbook plugin and workspace cleanup 2013-07-16 15:15:47 -05:00
Rob Winch
7d9f0d688a SEC-2207: Workaround for GRADLE-1116 2013-07-16 15:15:47 -05:00
Rob Winch
00ed77af20 SEC-2207: Trick Gradle Eclipse to import project and not the build folders 2013-07-16 15:15:47 -05:00
Rob Winch
41b64e05d0 SEC-2211: check.dependsOn integrationTest 2013-07-16 15:15:47 -05:00
Rob Winch
02551e1b7a SEC-2214: Update Spring Version 2013-07-16 15:15:47 -05:00
Rob Winch
faa8b354b7 SEC-2209: add pom.xml 2013-07-16 15:15:47 -05:00
Rob Winch
e5fc063680 SEC-2206: Gradle Propdeps 2013-07-16 15:15:42 -05:00
Rob Winch
01230c76ef SEC-2217: Sonar Runner 2013-07-16 15:13:22 -05:00
Rob Winch
3c9a80433f SEC-2207: AspectJPlugin uses compileAspect and compileTestAspect 2013-07-16 15:02:39 -05:00
Rob Winch
07c3fdf8a7 SEC-2195: Update Groovy, Geb, Spock, httpcomponents, and Jetty 2013-07-16 15:02:39 -05:00
Rob Winch
1705c5d796 SEC-2207: Update Gradle to 1.6 2013-07-16 15:02:39 -05:00
Rob Winch
fb45db11e9 SEC-2191: Remove AuthenticationManagerBuilder default constructor 
This ensures that users must choose what ObjectPostProcessor is being used
with AuthenticationManagerBuilder. To make things easier for users, we now
automatically add an AuthenticationManagerBuilder object that can be used
for creating an AuthenticationManager with @Autowired.
 2013-07-05 12:10:03 -05:00
Rob Winch
e88800cd9b SEC-2187: Polish 
Create private utf8UrlEncode method to improve readability
 2013-07-05 10:24:10 -05:00
Tom Boettcher
54c1c20c69 SEC-2187: Encode query parameter names and values in return_to URL 2013-07-05 09:47:18 -05:00
Rob Winch
e5c450a14c Merge in AbstractSecurityWebApplicationInitializerTests.groovy 2013-07-05 09:42:19 -05:00
Keesun Baik
cf80cc88b5 SEC-2192: Create DEFAULT_FILTER_NAME 2013-07-05 09:41:53 -05:00
Rob Winch
cd34c47643 Next development version 2013-07-01 14:05:22 -05:00
Spring Buildmaster
b45f7b9585 [artifactory-release] Release version 3.2.0.M2 3.2.0.M2 2013-07-01 11:42:45 -07:00
Rob Winch
3c178a339e remove snapshot repo references 2013-07-01 13:00:57 -05:00
Rob Winch
70b3a330ef #137 WebSecurityConfigurerAdapter no longer uses getClass() for logger 
Previously it was difficult to change log levels due to CGLIB proxying of
the class which impacted the logger name.
 2013-07-01 10:07:38 -05:00
Rob Winch
17bef05c3c #138 WebInvocationPrivilegeEvaluator has default value 2013-07-01 08:46:57 -05:00
Rob Winch
d8ed429370 #138 Tests for WebSecurityExpressionHandler bean existing 2013-07-01 08:37:12 -05:00
Rob Winch
4d282cbe0d SEC-1953: Polish 2013-06-30 21:51:25 -05:00
Rob Winch
7412fe0748 SEC-1953: Polish bundlor warnings 2013-06-30 21:45:45 -05:00
Rob Winch
d0c4e6ca72 SEC-1953: Spring Security Java Config support 
This is the initial migration of Spring Security Java Config from the
external project at
https://github.com/SpringSource/spring-security-javaconfig
 2013-06-30 17:28:33 -05:00
Luke Taylor
fba4fec84b SEC-2175: Correct XSD docs on auto-config. 2013-06-09 14:51:58 +01:00
Rob Winch
7bc87cf13b SEC-2002: Polishing 2013-06-06 15:05:00 -05:00
Nicholas Williams
d89ace26ab SEC-2002: Added events to notify of session ID change 
Session fixation protection, whether by clean new session or
migrated session, now publishes an event when a session is
migrated or its ID is changed. This enables application developers
to keep track of the session ID of a particular authentication
from the time the authentication is successful until the time
of logout. Previously this was not possible since session
migration changed the session ID and there was no way to
reliably detect that.

Revised changes per Rob Winch's suggestions.
 2013-06-05 14:44:17 -05:00
Luke Taylor
743960d2d8 SEC-2122: Fix broken integration tests. 
Modified BCryptPasswordEncoder to no longer throw an
IllegalArgumentException when the encoded password is empty or
the incorrect format for bcrypt. Instead it now logs a warning
that non bcrypt data was found.

The Dms integration tests were failing after being changed to
use bcrypt and this fixes the issue.
 2013-05-21 23:13:08 +01:00
Luke Taylor
d8727638ab SEC-1785: Remove auto-config from manual. 
Changed the namespace doc to use an explicit form-login
and logout element and avoid mention of auto-config or its
effects. This makes the intro shorter and simpler.
 2013-05-18 21:25:11 +01:00
Luke Taylor
ebba8ac514 SEC-2122: Update namespace to support bcrypt. 
password-encoder now supports hash='bcrypt'.
 2013-05-17 19:17:18 +01:00
Luke Taylor
896339087f SEC-2122: Update samples to use bcrypt. 
Data sources modified to store bcrypt hashes and configs now
use BCryptPassworEncoder.
 2013-05-17 18:44:30 +01:00
Luke Taylor
d6524feb62 SEC-2122: Change doc to prioritize bcrypt use 2013-05-17 18:42:47 +01:00
Rob Winch
34893cd53a Remove ApacheDSContainerTests successfulStartupAndShutdown since it was commented out 2013-04-25 11:21:23 -05:00
Rob Winch
407b08956b SEC-2161: <ldap-server> creates unique dir for embedded LDAP 2013-04-25 11:21:21 -05:00
Rob Winch
dd554e1842 SEC-2162: ApacheDSContainer throws RuntimeException on failure to start 2013-04-25 11:21:19 -05:00
Rob Winch
c0921b9ede SEC-2133: Update doc from ChannelAuthenticationFilter to ChannelProcessingFilter 2013-04-25 08:56:47 -05:00
Rob Winch
e469c93f9d SEC-2147: Deprecate .encoding.PasswordEncoding 2013-04-25 08:56:47 -05:00
Rob Winch
f594ed76db SEC-2087: GlobalMethodSecurityBeanDefinitionParser uses AuthenticationManager to create AuthenticationManagerDelegator 2013-04-25 08:56:46 -05:00