Commit Graph

572 Commits

Author SHA1 Message Date
Rob Winch 683d751902 Polish What's New
Fixes gh-3768
2016-03-22 16:33:25 -05:00
Rob Winch 4b650dc58d Allow AuthenticationProvider Bean in Java Config
This commit adds support for defaulting java configuration's
authentication by providing an AuthenticationProvider Bean.

Fixes gh-3091
2016-03-22 16:17:25 -05:00
Rob Winch 988b54ec3d Remove invalid ` from docs
Fixes gh-3751
2016-03-15 14:38:23 -05:00
Rob Winch 134a0a7f96 Move FAQ to appendix
Fixes gh-3761
2016-03-15 14:37:35 -05:00
Rob Winch 1382bd728b Clean up Javadoc log levels
Issue gh-3757
2016-03-15 08:37:01 -05:00
Shazin Sadakath e33e21fe6b Add Forward after authentication attempt config support
Fixes gh-3728
2016-03-11 10:49:30 -06:00
Rob Winch dbf73c4692 Update spring-security-config module description
Include Java Configuration in the description.

Fixes gh-3298
2016-03-10 10:45:15 -06:00
Rob Winch 835ac0a217 Add @WithUserDetails userDetailsServiceBeanName
Fixes gh-3346
2016-03-09 15:59:23 -06:00
Martin Macko dd8ba8c07e Fix formatting error in documentation
Fixes gh-3279
2016-03-09 15:00:52 -06:00
Rob Winch db81977a1a Polish HPKP
* Javadoc polish
* Whitespace cleanup

Issue gh-3706
2016-03-03 15:11:40 -06:00
Tim Ysewyn 331c7e91b7 HTTP Public Key Pinning
HTTP Public Key Pinning (HPKP) is a security mechanism which allows HTTPS websites
to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.
(For example, sometimes attackers can compromise certificate authorities,
 and then can mis-issue certificates for a web origin.)
The HTTPS web server serves a list of public key hashes, and on subsequent connections
clients expect that server to use 1 or more of those public keys in its certificate chain.

This commit will add this new functionality.

Fixes gh-3706
2016-03-03 14:21:46 -06:00
drdamour 004bb8e577 Fix ` in documentation
There were a few rendering issues within the documentation
associated with `

This commit fixes those rendering issues

Fixes gh-3699
2016-02-12 08:22:55 -06:00
Zied Zaïem 83992a7a27 fix typo in doc 2016-01-05 14:12:04 +01:00
Juzer Ali 1f32e96d31 SEC-3181: Fixed reference formatting
The code ticks was broken.
2015-12-21 17:23:16 -06:00
Kazuki Shimizu b7360a803d SEC-3152: Add @Retention to @WithMock documentation 2015-11-12 16:21:12 -06:00
Kazuki Shimizu 5c36c9f659 SEC-3151 Polishing reference document (springsoruce -> spring, etc..) 2015-11-12 16:04:01 -06:00
Rob Winch c93d6bc823 SEC-3120: Remove .and() from httpStrictTransportSecurity() doc 2015-10-30 09:11:47 -05:00
Rob Winch 0981cd975f SEC-3120: Reference hsts() -> httpStrictTransportSecurity() 2015-10-29 15:07:44 -05:00
Rob Winch 861ec76991 SEC-3133: Correct test doc username parameter 2015-10-26 12:59:44 -05:00
Rob Winch 8858419696 SEC-3052: Doc DEFAULT_MATCHER->DEFAULT_CSRF_MATCHER 2015-10-21 16:22:37 -05:00
Alex Derkach 777431758d Fix reference to Null Object pattern in the manual 2015-09-24 16:53:35 +03:00
Dan Dowma 09c4765191 Fix reference to Spring Security version in the manual 2015-09-07 00:44:16 -05:00
Rob Winch bac980cbcb SEC-2868: Simplify custom UserDetailsService Java Config
Exposing a UserDetailsService as a bean is now all that is necessary
for Java based configuration. Additionally, an optional PasswordEncoder
bean can be used to configure password encoding.
2015-08-27 20:41:15 -05:00
Rob Winch 35393098f8 SEC-3094: Add @WithAnonymousUser & anonymous() MockMvcRequestPostProcessor 2015-08-27 15:17:44 -05:00
Rob Winch 6b05b298ff SEC-2059: Support Path Variables in Web Expressions 2015-08-20 17:11:01 -05:00
Rob Winch 327695ab0c SEC-3084: Doc SecurityContextRequestPostProcessorSupport & SecurityContextHolder 2015-08-20 09:30:24 -05:00
Rob Winch cbed1d75ee SEC-3076: Add Method Level Security Meta Annotations 2015-08-19 16:07:03 -05:00
Rob Winch 7708129aad SEC-3080: Remove invalid characters from reference 2015-08-19 16:06:56 -05:00
Rob Winch 567c51e109 SEC-3074: Add Test Meta Annotation Support 2015-08-19 16:05:54 -05:00
Rob Winch dab4cf18b8 SEC-3032: Correct documented logout-success-url default 2015-07-22 13:48:07 -05:00
Rob Winch a50d297f3a SEC-2953: Add index-docinfo.xml
This removes the "please define title in your docbook file"
2015-07-21 11:48:44 -05:00
Rob Winch abc445d5a7 SEC-2965: Polish 2015-07-16 15:52:00 -05:00
Rob Winch 518a1c3c08 SEC-2965: Fix invalid formatted links in reference documentation 2015-07-16 15:27:04 -05:00
Rob Winch 1ca5946d74 SEC-3003: Document invalid intercept-url attributes for filter-security-metadata-source 2015-07-16 15:03:51 -05:00
Rob Winch 2d448658cd SEC-3042: Add SecurityTestExecutionListeners 2015-07-16 13:51:37 -05:00
Rob Winch 0e36f85dab SEC-3019: Java Config for Http Basic supports Rememberme 2015-07-16 11:12:44 -05:00
Rob Winch b96cee7950 SEC-2984: WithMockUser authorities doc 2015-07-16 08:48:53 -05:00
Rob Winch 64938ebcfc SEC-2996: Suport configuring SecurityExpressionHandler<Message<Object>> 2015-07-13 22:45:35 -05:00
Rob Winch a46ad0f446 SEC-2951: Polish 2015-04-30 09:52:52 -05:00
Gunnar Hillert 013177c644 SEC-2951: Document Logouthandler and LogoutSuccesshandler
Jira: https://jira.spring.io/browse/SEC-2951
2015-04-30 09:37:17 -05:00
Rob Winch 600927def6 SEC-2952: Document Spring Security leveraging WebMvcConfigurerAdapter 2015-04-29 10:18:02 -05:00
Rob Winch 1087d19346 SEC-2933: Update ProviderManager reference XML to use constructor 2015-04-20 15:57:04 -05:00
Rob Winch 67762321f8 SEC-2920: Fix tickets resolved link in reference 2015-04-20 15:14:40 -05:00
Rob Winch c94a5cf8e2 SEC-2916: disable-url-rewriting=true by default 2015-03-25 13:14:15 -05:00
Rob Winch 0a2e496a84 SEC-2915: groovy/gradle spaces->tabs 2015-03-25 13:08:59 -05:00
Rob Winch cf9f58a4ac SEC-2915: XML spaces->tabs 2015-03-25 13:08:52 -05:00
Rob Winch 8105b05dd0 SEC-2782: Migrate guide links include "current" in URL 2015-03-23 09:33:00 -05:00
Rob Winch b262c198d8 SEC-2782: Polish Migrating from 3 to 4 Guide 2015-03-20 14:14:55 -05:00
Rob Winch a18fa3f1db saving updates to migrate 2015-03-16 12:32:58 -05:00
Rob Winch 1da1b8b12f SEC-2892: Added Guides Back to dist 2015-03-11 13:29:18 -05:00
Rob Winch 9169186d48 SEC-2889: Update documentation to use sameOriginDisabled 2015-03-10 14:48:19 -05:00
Rob Winch 5e2720723a SEC-2884: Fix WebSocket reference link text 2015-03-10 10:51:53 -05:00
Rob Winch dea5723ecc SEC-2782: Finish Migration Guide from 3.x to 4.x 2015-03-09 17:09:00 -05:00
Rob Winch 9b4cbff58c SEC-2782: Additional Updates to Migration Guide from 3.x to 4.x 2015-03-06 17:10:06 -06:00
Rob Winch ff4e9e6ad4 SEC-2782: Started Migration Guide from 3.x to 4.x 2015-02-27 16:18:18 -06:00
drdamour ff5a176675 trivial docs fixed a few typos and grammatical errors
I have signed and agree to the terms of the SpringSource Individual Contributor License Agreement.
2015-02-25 00:04:15 -06:00
Eugene Wolfson 4ca99ef88c SEC-2877: Fix doc typo in index.adoc
Replace "a`" with "a `"
2015-02-24 22:28:07 -06:00
Rob Winch 5f57e5b0c3 SEC-2873: Remember Me XML Configuration Defaults Should Match Java Config 2015-02-24 20:49:56 -06:00
Kazuki Shimizu 67cd8465c3 SEC-2826: Add remember-me-cookie attribute in xml namespace 2015-02-24 17:54:54 -06:00
Rob Winch 9ffd5db466 SEC-2584: Add What's New in 4.0 2015-02-24 16:14:15 -06:00
Rob Winch bfa12ade40 SEC-2870: Add Spring Data Documentation 2015-02-24 16:14:08 -06:00
Rob Winch 37740cd020 SEC-2861: Add WebSocket Documentation & Sample 2015-02-24 10:29:47 -06:00
Rob Winch b9563f6102 SEC-2830: Cleanup disabling Same Origin SockJS
- Defaults for properties false
- Add XML Namespace support
2015-02-24 10:28:33 -06:00
Rob Winch b9e2a57131 SEC-2854: Add intercept-message@message-type 2015-02-20 11:43:16 -06:00
Rob Winch fea03536d6 SEC-2853: Rename WebSocket XML Namespace elements 2015-02-20 11:43:15 -06:00
Rob Winch 6a8475adbb SEC-2830: Provide Same Origin support for SockJS 2015-02-18 11:21:02 -06:00
Rob Winch a27c33754c SEC-2859: Add CsrfTokenArgumentResolver 2015-02-18 10:51:30 -06:00
Rob Winch c4fe630f8e SEC-2846: Security HTTP Response Headers Configuration Cleanup 2015-02-10 10:36:00 -06:00
Rob Winch 6627f76df7 SEC-2758: Make ROLE_ consistent 2015-01-29 17:08:43 -06:00
Rob Winch 081f84844c SEC-2777: Fix <header> attributes in doc 2015-01-20 16:28:02 -06:00
Rob Winch c30c97005b SEC-2572: Document Spring Test 2015-01-20 16:20:14 -06:00
Christopher Pelloux aab0eea9cf SEC-2800 Documentation typo in class name 2014-12-22 19:22:26 -05:00
Rob Winch d5ff80011b Polish Documentation 2014-12-11 20:36:55 -06:00
Rob Winch 1677836d53 SEC-2790: Deprecate @EnableWebMvcConfig 2014-12-10 21:10:27 -06:00
Rob Winch 3171cc4364 SEC-2788: Add @Configuration as meta annotation to @Enable* annotations 2014-12-10 21:10:15 -06:00
Rob Winch c67ff42b8a SEC-2783: XML Configuration Defaults Should Match JavaConfig
* j_username -> username
* j_password -> password
* j_spring_security_check -> login
* j_spring_cas_security_check -> login/cas
* j_spring_cas_security_proxyreceptor -> login/cas/proxyreceptor
* j_spring_openid_security_login -> login/openid
* j_spring_security_switch_user -> login/impersonate
* j_spring_security_exit_user -> logout/impersonate
* login_error -> error
* use-expressions=true by default
2014-12-08 15:09:15 -06:00
Rob Winch 5f5e7e7265 SEC-2785: Reference outputs PDF, Html Multi, & epub 2014-12-08 13:29:15 -06:00
Rob Winch 87a52ffbfd SEC-2784: Update to Gradle 2.2.1 2014-12-08 13:29:07 -06:00
Rob Winch 6e204fff72 SEC-2781: Remove deprecations 2014-12-04 15:28:40 -06:00
Rob Winch 2cb2657f5b SEC-2702: Clean WebSocket Namespace documentation 2014-11-25 12:27:29 -06:00
Rob Winch 3c487c0348 SEC-2348: Update doc headers enabled by default with XML 2014-11-21 21:55:03 -06:00
Rob Winch 4392205f63 SEC-2347: CSRF Enabled by default w/ XML Config 2014-11-21 21:32:56 -06:00
Rob Winch eedbf44235 SEC-2348: Security HTTP Response Headers enabled by default w/ XML 2014-11-21 16:06:29 -06:00
Rob Winch 4dcc89fab0 SEC-2674: Documentation refers to httpStrictTransportSecurity() instead of hsts() 2014-11-19 13:31:09 -06:00
Rob Winch 55d6d5a86a SEC-2615: accesscontrollist tag hasPermission performs OR not AND
In 3.1 the accesscontrollist tag began performing an and on the
permissions. This may have been accidental, but I think that it is more
intuitive & secure for it to behave this way. When compared to hasAnyRole
and hasRoles the hasPermission tag implies it is an and. If users end up
needing OR support, then the authorize tag can be used along with the
hasPermission expression. For example:

  <sec:authorize access="hasPermission(#domain, 'read') or hasPermission(#domain, 'write') ">

In general, the authorize tag should be preferred as it is the more
powerful way of performing authorization checks.
2014-11-18 16:59:46 -06:00
Rob Winch e7edb77cae SEC-2716: Fix doc spelling of AbstractPreAuthenticatedProcessingFilter 2014-09-16 10:56:52 -05:00
Bloshchetsov Andrey Evgenyevich bd322542ca Fixed broken url to Clickjacking description. 2014-08-20 10:11:21 +04:00
Rob Winch 934937d9c1 SEC-2688: CAS Proxy Ticket Authentication uses Service for host & port 2014-08-15 16:41:33 -05:00
Rob Winch b97b84063a SEC-2665: Fix samples/ldap-jc link in reference 2014-07-21 14:20:14 -05:00
Alexander Grüneberg d9efd08bfd SEC-2577: Add missing whitespace in reference 2014-04-28 16:24:48 -05:00
Rob Winch 5b216bd0b2 Revert "SEC-2547: Consistent CAS client version"
This reverts commit f6cc9d87d5.
2014-04-15 10:36:37 -05:00
Hans-Joachim Kliemeck f6cc9d87d5 SEC-2547: Consistent CAS client version 2014-04-14 22:48:55 -05:00
Grzegorz Rożniecki 8e31b66f06 SEC-2556: Fix @Import example in manual 2014-04-14 22:39:37 -05:00
Luke Taylor 71ba977dad Fix package name in manual code 2014-03-27 13:08:23 +00:00
Rob Winch 32d3e29c65 SEC-2325: Polish CSRF Tag support
- Rename csrfField to csrfInput
- Make AbstractCsrfTag package scope
- rename FormFieldTag to CsrfInputTag
- rename MetaTagsTag to CsrfMetaTagsTag
- removed whitespace from tag output so output is
  minimized & improving browser performance
- Update @since
- changed test names to be more meaningful
2014-03-07 15:28:52 -06:00
beamerblvd a3e0475998 SEC-2325 Added JSP tags for CSRF meta tags and form fields 2014-03-07 15:28:48 -06:00
beamerblvd 26cee61b98 SEC-2335 Added ACL schema files for MySQL, SQL Server, Oracle 2014-03-07 15:28:45 -06:00
John Tims 56bb331760 SEC-2514: Fix typo in hellomvc.asc
packags -> packages
2014-03-07 10:27:23 -06:00
Manimaran Selvan 1d6536fa71 SEC-2512: Fix typo in reference`
udates -> updates
2014-03-06 22:22:34 -06:00
Rob Winch 4a1a2dfed4 Update min Spring version of 4.0.2.REELASE 2014-02-19 11:16:57 -06:00
Rob Winch 6c35c33abe SEC-2447: Fix AuthenticationManagerBuilder ordering issues 2014-02-09 21:17:51 -06:00
Rob Winch b5f5665ea6 SEC-2463: CSRF documentation includes EnableWebMvcSecurity 2014-01-29 09:28:51 -06:00
Rob Winch 3b05fd6fed SEC-2466: Add link to MultipartFilter in CSRF multipart section 2014-01-28 22:04:35 -06:00
Rob Winch 4c84805ac9 SEC-2466: CSRF MutipartFilter doc now uses <url-pattern> 2014-01-28 16:51:05 -06:00
Rob Winch f09ce267b3 Polish MVC doc 2013-12-16 12:30:25 -06:00
Rob Winch 374aceed2b Polish form.asc 2013-12-16 11:13:23 -06:00
Rob Winch df703e0189 Polish hellomvc.asc 2013-12-16 10:39:18 -06:00
Rob Winch 8c580dc170 SEC-2444: Polish Thymeleaf for samples 2013-12-16 09:51:00 -06:00
Rob Winch 5205bf57c6 SEC-2453: Create 403 CSRF FAQ Entry 2013-12-16 09:02:02 -06:00
Rob Winch b7041ed00e SEC-2436: Add @EnableWebMvcSecurity 2013-12-14 14:40:01 -06:00
Rob Winch 4708287ad3 SEC-2444: Convert Java Config samples to thymeleaf and tiles 2013-12-13 15:47:28 -06:00
Rob Winch 0d12397662 SEC-2385: Polish Gradle Spring 4 usage doc 2013-12-12 08:20:37 -06:00
Rob Winch 035067caf4 SEC-2385: Polish Gradle Spring 4 usage doc 2013-12-11 08:08:51 -06:00
Rob Winch 548ed4e14a Update samples to declare repository already added 2013-12-06 14:46:52 -06:00
Rob Winch feeb380b51 Polish Guides 2013-12-06 11:12:07 -06:00
Rob Winch ec524da6cb SEC-2416: Fix Hello MVC guide 2013-12-05 15:47:38 -06:00
Rob Winch fc6fc19eed Fix guides 2013-12-05 13:16:59 -06:00
Rob Winch 74a6303b6f SEC-2385: Document how to use with Spring 4 2013-12-04 12:38:45 -06:00
Rob Winch 4308e72573 Polish CSRF log in caveat with link 2013-12-03 09:27:49 -06:00
Rob Winch b8cc42e3a3 SEC-2426: Add CSRF and logout with non-post example 2013-12-03 09:07:54 -06:00
Rob Winch ab08d99a52 SEC-2421: Remove filterProcessUrl from UsernamePasswordAuthenticationFilter doc 2013-12-02 16:47:57 -06:00
Rob Winch 135df149a3 SEC-2423: Document differences between defaults in Java & XML Config 2013-12-02 16:37:52 -06:00
Rob Winch 0b996c669f SEC-2424: Document ObjectPostProcessor 2013-12-02 10:17:08 -06:00
Rob Winch 5a59c74d02 SEC-2327: Document SecurityExpressionRoot 2013-11-20 16:59:05 -06:00
Rob Winch 4944e602cb SEC-2402: Reference cleanup
* Fix link rendering in CSRF section
* Remove static from MultiHttpSecurityConfig sample
* Decrease indention since can render w/ PDF now
* Remove invalid characters
2013-11-15 10:50:08 -06:00
Rob Winch f1f3acdf75 Fix guides spec 2013-11-01 14:21:37 -05:00
Rob Winch c135179029 Update to latest Asciidoctor version
We will temporarily remove PDF support until the plugin supports it.
2013-10-30 16:56:00 -05:00
Rob Winch cf3e2f2c6a Fix guide index's link to custom form 2013-10-30 16:19:51 -05:00
Rob Winch 17b9f33351 SEC-2378: Fix CSRF MultipartFilter doc typo 2013-10-29 13:07:10 -05:00
Rob Winch 5427da6b27 Move reference to htmlsingle to match standard Spring reference layout 2013-10-29 12:56:29 -05:00
Rob Winch 78f85cc129 SEC-2349: Number the reference 2013-10-23 17:46:57 -05:00
Rob Winch 85ec2429d9 SEC-2349: Externalize FAQ 2013-10-23 17:43:32 -05:00
Rob Winch 355f884d22 SEC-2093: Document what is new in Spring Security 3.2 2013-10-18 16:39:01 -05:00
Rob Winch 4a24c81147 SEC-2299: Document @AuthenticationPrincipal 2013-10-18 15:46:29 -05:00
Rob Winch a3009e303b SEC-2299: Document Web MVC integration 2013-10-18 11:23:58 -05:00
Rob Winch 6ea95cc3a3 SEC-2094: Document Concurrency Support 2013-10-18 09:50:49 -05:00
Rob Winch 348e3a22b6 SEC-2365: registerAuthentication->configure 2013-10-16 13:59:56 -05:00
Rob Winch db3c626ac9 SEC-2281: Document Java Configuration 2013-10-16 10:44:35 -05:00
Rob Winch e3f58fd9d3 Polish guide 2013-10-16 10:44:16 -05:00
Rob Winch bbefc62a87 Fix Security Header's link to HttpServletResponse.setHeader 2013-10-15 16:56:44 -05:00
Rob Winch 730dcffe6d Fix crossrefs in footnotes 2013-10-15 16:50:26 -05:00
Rob Winch bf3b5459cd Fix Authors of manual 2013-10-15 16:22:27 -05:00
Rob Winch 0978c12c47 SEC-2361: Java Config Sampels use @Autowired AuthenticationManagerBuilder 2013-10-15 12:35:32 -05:00
Rob Winch 51171efa7a SEC-2357: Move *RequestMatcher to .matcher package 2013-10-14 11:55:56 -05:00
Rob Winch 14b9050616 SEC-2357: Move *RequestMatchers to .matchers package 2013-10-14 10:36:31 -05:00
Rob Winch d28058303b SEC-2349: Move FAQ into reference 2013-10-03 21:28:55 -05:00
Rob Winch 4b43cf3f50 SEC-2349: Convert Reference to Asciidoctor 2013-10-03 14:15:09 -05:00
Rob Winch df5e034fc3 SEC-2282: Polish CSRF Documentation 2013-09-27 17:14:21 -05:00
Rob Winch 8087cde628 SEC-2331: Include Expires: 0 in xsd and appendix 2013-09-27 17:10:42 -05:00
Rob Winch 8fed90c26c SEC-2282: Add links for AccessDeniedHandler in CSRF doc 2013-09-27 16:44:34 -05:00