Rob Winch
683d751902
Polish What's New
...
Fixes gh-3768
2016-03-22 16:33:25 -05:00
Rob Winch
4b650dc58d
Allow AuthenticationProvider Bean in Java Config
...
This commit adds support for defaulting java configuration's
authentication by providing an AuthenticationProvider Bean.
Fixes gh-3091
2016-03-22 16:17:25 -05:00
Rob Winch
988b54ec3d
Remove invalid ` from docs
...
Fixes gh-3751
2016-03-15 14:38:23 -05:00
Rob Winch
134a0a7f96
Move FAQ to appendix
...
Fixes gh-3761
2016-03-15 14:37:35 -05:00
Rob Winch
1382bd728b
Clean up Javadoc log levels
...
Issue gh-3757
2016-03-15 08:37:01 -05:00
Shazin Sadakath
e33e21fe6b
Add Forward after authentication attempt config support
...
Fixes gh-3728
2016-03-11 10:49:30 -06:00
Rob Winch
dbf73c4692
Update spring-security-config module description
...
Include Java Configuration in the description.
Fixes gh-3298
2016-03-10 10:45:15 -06:00
Rob Winch
835ac0a217
Add @WithUserDetails userDetailsServiceBeanName
...
Fixes gh-3346
2016-03-09 15:59:23 -06:00
Martin Macko
dd8ba8c07e
Fix formatting error in documentation
...
Fixes gh-3279
2016-03-09 15:00:52 -06:00
Rob Winch
db81977a1a
Polish HPKP
...
* Javadoc polish
* Whitespace cleanup
Issue gh-3706
2016-03-03 15:11:40 -06:00
Tim Ysewyn
331c7e91b7
HTTP Public Key Pinning
...
HTTP Public Key Pinning (HPKP) is a security mechanism which allows HTTPS websites
to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.
(For example, sometimes attackers can compromise certificate authorities,
and then can mis-issue certificates for a web origin.)
The HTTPS web server serves a list of public key hashes, and on subsequent connections
clients expect that server to use 1 or more of those public keys in its certificate chain.
This commit will add this new functionality.
Fixes gh-3706
2016-03-03 14:21:46 -06:00
drdamour
004bb8e577
Fix ` in documentation
...
There were a few rendering issues within the documentation
associated with `
This commit fixes those rendering issues
Fixes gh-3699
2016-02-12 08:22:55 -06:00
Zied Zaïem
83992a7a27
fix typo in doc
2016-01-05 14:12:04 +01:00
Juzer Ali
1f32e96d31
SEC-3181: Fixed reference formatting
...
The code ticks was broken.
2015-12-21 17:23:16 -06:00
Kazuki Shimizu
b7360a803d
SEC-3152: Add @Retention to @WithMock documentation
2015-11-12 16:21:12 -06:00
Kazuki Shimizu
5c36c9f659
SEC-3151 Polishing reference document (springsoruce -> spring, etc..)
2015-11-12 16:04:01 -06:00
Rob Winch
c93d6bc823
SEC-3120: Remove .and() from httpStrictTransportSecurity() doc
2015-10-30 09:11:47 -05:00
Rob Winch
0981cd975f
SEC-3120: Reference hsts() -> httpStrictTransportSecurity()
2015-10-29 15:07:44 -05:00
Rob Winch
861ec76991
SEC-3133: Correct test doc username parameter
2015-10-26 12:59:44 -05:00
Rob Winch
8858419696
SEC-3052: Doc DEFAULT_MATCHER->DEFAULT_CSRF_MATCHER
2015-10-21 16:22:37 -05:00
Alex Derkach
777431758d
Fix reference to Null Object pattern in the manual
2015-09-24 16:53:35 +03:00
Dan Dowma
09c4765191
Fix reference to Spring Security version in the manual
2015-09-07 00:44:16 -05:00
Rob Winch
bac980cbcb
SEC-2868: Simplify custom UserDetailsService Java Config
...
Exposing a UserDetailsService as a bean is now all that is necessary
for Java based configuration. Additionally, an optional PasswordEncoder
bean can be used to configure password encoding.
2015-08-27 20:41:15 -05:00
Rob Winch
35393098f8
SEC-3094: Add @WithAnonymousUser & anonymous() MockMvcRequestPostProcessor
2015-08-27 15:17:44 -05:00
Rob Winch
6b05b298ff
SEC-2059: Support Path Variables in Web Expressions
2015-08-20 17:11:01 -05:00
Rob Winch
327695ab0c
SEC-3084: Doc SecurityContextRequestPostProcessorSupport & SecurityContextHolder
2015-08-20 09:30:24 -05:00
Rob Winch
cbed1d75ee
SEC-3076: Add Method Level Security Meta Annotations
2015-08-19 16:07:03 -05:00
Rob Winch
7708129aad
SEC-3080: Remove invalid characters from reference
2015-08-19 16:06:56 -05:00
Rob Winch
567c51e109
SEC-3074: Add Test Meta Annotation Support
2015-08-19 16:05:54 -05:00
Rob Winch
dab4cf18b8
SEC-3032: Correct documented logout-success-url default
2015-07-22 13:48:07 -05:00
Rob Winch
a50d297f3a
SEC-2953: Add index-docinfo.xml
...
This removes the "please define title in your docbook file"
2015-07-21 11:48:44 -05:00
Rob Winch
abc445d5a7
SEC-2965: Polish
2015-07-16 15:52:00 -05:00
Rob Winch
518a1c3c08
SEC-2965: Fix invalid formatted links in reference documentation
2015-07-16 15:27:04 -05:00
Rob Winch
1ca5946d74
SEC-3003: Document invalid intercept-url attributes for filter-security-metadata-source
2015-07-16 15:03:51 -05:00
Rob Winch
2d448658cd
SEC-3042: Add SecurityTestExecutionListeners
2015-07-16 13:51:37 -05:00
Rob Winch
0e36f85dab
SEC-3019: Java Config for Http Basic supports Rememberme
2015-07-16 11:12:44 -05:00
Rob Winch
b96cee7950
SEC-2984: WithMockUser authorities doc
2015-07-16 08:48:53 -05:00
Rob Winch
64938ebcfc
SEC-2996: Suport configuring SecurityExpressionHandler<Message<Object>>
2015-07-13 22:45:35 -05:00
Rob Winch
a46ad0f446
SEC-2951: Polish
2015-04-30 09:52:52 -05:00
Gunnar Hillert
013177c644
SEC-2951: Document Logouthandler and LogoutSuccesshandler
...
Jira: https://jira.spring.io/browse/SEC-2951
2015-04-30 09:37:17 -05:00
Rob Winch
600927def6
SEC-2952: Document Spring Security leveraging WebMvcConfigurerAdapter
2015-04-29 10:18:02 -05:00
Rob Winch
1087d19346
SEC-2933: Update ProviderManager reference XML to use constructor
2015-04-20 15:57:04 -05:00
Rob Winch
67762321f8
SEC-2920: Fix tickets resolved link in reference
2015-04-20 15:14:40 -05:00
Rob Winch
c94a5cf8e2
SEC-2916: disable-url-rewriting=true by default
2015-03-25 13:14:15 -05:00
Rob Winch
0a2e496a84
SEC-2915: groovy/gradle spaces->tabs
2015-03-25 13:08:59 -05:00
Rob Winch
cf9f58a4ac
SEC-2915: XML spaces->tabs
2015-03-25 13:08:52 -05:00
Rob Winch
8105b05dd0
SEC-2782: Migrate guide links include "current" in URL
2015-03-23 09:33:00 -05:00
Rob Winch
b262c198d8
SEC-2782: Polish Migrating from 3 to 4 Guide
2015-03-20 14:14:55 -05:00
Rob Winch
a18fa3f1db
saving updates to migrate
2015-03-16 12:32:58 -05:00
Rob Winch
1da1b8b12f
SEC-2892: Added Guides Back to dist
2015-03-11 13:29:18 -05:00
Rob Winch
9169186d48
SEC-2889: Update documentation to use sameOriginDisabled
2015-03-10 14:48:19 -05:00
Rob Winch
5e2720723a
SEC-2884: Fix WebSocket reference link text
2015-03-10 10:51:53 -05:00
Rob Winch
dea5723ecc
SEC-2782: Finish Migration Guide from 3.x to 4.x
2015-03-09 17:09:00 -05:00
Rob Winch
9b4cbff58c
SEC-2782: Additional Updates to Migration Guide from 3.x to 4.x
2015-03-06 17:10:06 -06:00
Rob Winch
ff4e9e6ad4
SEC-2782: Started Migration Guide from 3.x to 4.x
2015-02-27 16:18:18 -06:00
drdamour
ff5a176675
trivial docs fixed a few typos and grammatical errors
...
I have signed and agree to the terms of the SpringSource Individual Contributor License Agreement.
2015-02-25 00:04:15 -06:00
Eugene Wolfson
4ca99ef88c
SEC-2877: Fix doc typo in index.adoc
...
Replace "a`" with "a `"
2015-02-24 22:28:07 -06:00
Rob Winch
5f57e5b0c3
SEC-2873: Remember Me XML Configuration Defaults Should Match Java Config
2015-02-24 20:49:56 -06:00
Kazuki Shimizu
67cd8465c3
SEC-2826: Add remember-me-cookie attribute in xml namespace
2015-02-24 17:54:54 -06:00
Rob Winch
9ffd5db466
SEC-2584: Add What's New in 4.0
2015-02-24 16:14:15 -06:00
Rob Winch
bfa12ade40
SEC-2870: Add Spring Data Documentation
2015-02-24 16:14:08 -06:00
Rob Winch
37740cd020
SEC-2861: Add WebSocket Documentation & Sample
2015-02-24 10:29:47 -06:00
Rob Winch
b9563f6102
SEC-2830: Cleanup disabling Same Origin SockJS
...
- Defaults for properties false
- Add XML Namespace support
2015-02-24 10:28:33 -06:00
Rob Winch
b9e2a57131
SEC-2854: Add intercept-message@message-type
2015-02-20 11:43:16 -06:00
Rob Winch
fea03536d6
SEC-2853: Rename WebSocket XML Namespace elements
2015-02-20 11:43:15 -06:00
Rob Winch
6a8475adbb
SEC-2830: Provide Same Origin support for SockJS
2015-02-18 11:21:02 -06:00
Rob Winch
a27c33754c
SEC-2859: Add CsrfTokenArgumentResolver
2015-02-18 10:51:30 -06:00
Rob Winch
c4fe630f8e
SEC-2846: Security HTTP Response Headers Configuration Cleanup
2015-02-10 10:36:00 -06:00
Rob Winch
6627f76df7
SEC-2758: Make ROLE_ consistent
2015-01-29 17:08:43 -06:00
Rob Winch
081f84844c
SEC-2777: Fix <header> attributes in doc
2015-01-20 16:28:02 -06:00
Rob Winch
c30c97005b
SEC-2572: Document Spring Test
2015-01-20 16:20:14 -06:00
Christopher Pelloux
aab0eea9cf
SEC-2800 Documentation typo in class name
2014-12-22 19:22:26 -05:00
Rob Winch
d5ff80011b
Polish Documentation
2014-12-11 20:36:55 -06:00
Rob Winch
1677836d53
SEC-2790: Deprecate @EnableWebMvcConfig
2014-12-10 21:10:27 -06:00
Rob Winch
3171cc4364
SEC-2788: Add @Configuration as meta annotation to @Enable* annotations
2014-12-10 21:10:15 -06:00
Rob Winch
c67ff42b8a
SEC-2783: XML Configuration Defaults Should Match JavaConfig
...
* j_username -> username
* j_password -> password
* j_spring_security_check -> login
* j_spring_cas_security_check -> login/cas
* j_spring_cas_security_proxyreceptor -> login/cas/proxyreceptor
* j_spring_openid_security_login -> login/openid
* j_spring_security_switch_user -> login/impersonate
* j_spring_security_exit_user -> logout/impersonate
* login_error -> error
* use-expressions=true by default
2014-12-08 15:09:15 -06:00
Rob Winch
5f5e7e7265
SEC-2785: Reference outputs PDF, Html Multi, & epub
2014-12-08 13:29:15 -06:00
Rob Winch
87a52ffbfd
SEC-2784: Update to Gradle 2.2.1
2014-12-08 13:29:07 -06:00
Rob Winch
6e204fff72
SEC-2781: Remove deprecations
2014-12-04 15:28:40 -06:00
Rob Winch
2cb2657f5b
SEC-2702: Clean WebSocket Namespace documentation
2014-11-25 12:27:29 -06:00
Rob Winch
3c487c0348
SEC-2348: Update doc headers enabled by default with XML
2014-11-21 21:55:03 -06:00
Rob Winch
4392205f63
SEC-2347: CSRF Enabled by default w/ XML Config
2014-11-21 21:32:56 -06:00
Rob Winch
eedbf44235
SEC-2348: Security HTTP Response Headers enabled by default w/ XML
2014-11-21 16:06:29 -06:00
Rob Winch
4dcc89fab0
SEC-2674: Documentation refers to httpStrictTransportSecurity() instead of hsts()
2014-11-19 13:31:09 -06:00
Rob Winch
55d6d5a86a
SEC-2615: accesscontrollist tag hasPermission performs OR not AND
...
In 3.1 the accesscontrollist tag began performing an and on the
permissions. This may have been accidental, but I think that it is more
intuitive & secure for it to behave this way. When compared to hasAnyRole
and hasRoles the hasPermission tag implies it is an and. If users end up
needing OR support, then the authorize tag can be used along with the
hasPermission expression. For example:
<sec:authorize access="hasPermission(#domain, 'read') or hasPermission(#domain, 'write') ">
In general, the authorize tag should be preferred as it is the more
powerful way of performing authorization checks.
2014-11-18 16:59:46 -06:00
Rob Winch
e7edb77cae
SEC-2716: Fix doc spelling of AbstractPreAuthenticatedProcessingFilter
2014-09-16 10:56:52 -05:00
Bloshchetsov Andrey Evgenyevich
bd322542ca
Fixed broken url to Clickjacking description.
2014-08-20 10:11:21 +04:00
Rob Winch
934937d9c1
SEC-2688: CAS Proxy Ticket Authentication uses Service for host & port
2014-08-15 16:41:33 -05:00
Rob Winch
b97b84063a
SEC-2665: Fix samples/ldap-jc link in reference
2014-07-21 14:20:14 -05:00
Alexander Grüneberg
d9efd08bfd
SEC-2577: Add missing whitespace in reference
2014-04-28 16:24:48 -05:00
Rob Winch
5b216bd0b2
Revert "SEC-2547: Consistent CAS client version"
...
This reverts commit f6cc9d87d5
.
2014-04-15 10:36:37 -05:00
Hans-Joachim Kliemeck
f6cc9d87d5
SEC-2547: Consistent CAS client version
2014-04-14 22:48:55 -05:00
Grzegorz Rożniecki
8e31b66f06
SEC-2556: Fix @Import example in manual
2014-04-14 22:39:37 -05:00
Luke Taylor
71ba977dad
Fix package name in manual code
2014-03-27 13:08:23 +00:00
Rob Winch
32d3e29c65
SEC-2325: Polish CSRF Tag support
...
- Rename csrfField to csrfInput
- Make AbstractCsrfTag package scope
- rename FormFieldTag to CsrfInputTag
- rename MetaTagsTag to CsrfMetaTagsTag
- removed whitespace from tag output so output is
minimized & improving browser performance
- Update @since
- changed test names to be more meaningful
2014-03-07 15:28:52 -06:00
beamerblvd
a3e0475998
SEC-2325 Added JSP tags for CSRF meta tags and form fields
2014-03-07 15:28:48 -06:00
beamerblvd
26cee61b98
SEC-2335 Added ACL schema files for MySQL, SQL Server, Oracle
2014-03-07 15:28:45 -06:00
John Tims
56bb331760
SEC-2514: Fix typo in hellomvc.asc
...
packags -> packages
2014-03-07 10:27:23 -06:00
Manimaran Selvan
1d6536fa71
SEC-2512: Fix typo in reference`
...
udates -> updates
2014-03-06 22:22:34 -06:00
Rob Winch
4a1a2dfed4
Update min Spring version of 4.0.2.REELASE
2014-02-19 11:16:57 -06:00
Rob Winch
6c35c33abe
SEC-2447: Fix AuthenticationManagerBuilder ordering issues
2014-02-09 21:17:51 -06:00
Rob Winch
b5f5665ea6
SEC-2463: CSRF documentation includes EnableWebMvcSecurity
2014-01-29 09:28:51 -06:00
Rob Winch
3b05fd6fed
SEC-2466: Add link to MultipartFilter in CSRF multipart section
2014-01-28 22:04:35 -06:00
Rob Winch
4c84805ac9
SEC-2466: CSRF MutipartFilter doc now uses <url-pattern>
2014-01-28 16:51:05 -06:00
Rob Winch
f09ce267b3
Polish MVC doc
2013-12-16 12:30:25 -06:00
Rob Winch
374aceed2b
Polish form.asc
2013-12-16 11:13:23 -06:00
Rob Winch
df703e0189
Polish hellomvc.asc
2013-12-16 10:39:18 -06:00
Rob Winch
8c580dc170
SEC-2444: Polish Thymeleaf for samples
2013-12-16 09:51:00 -06:00
Rob Winch
5205bf57c6
SEC-2453: Create 403 CSRF FAQ Entry
2013-12-16 09:02:02 -06:00
Rob Winch
b7041ed00e
SEC-2436: Add @EnableWebMvcSecurity
2013-12-14 14:40:01 -06:00
Rob Winch
4708287ad3
SEC-2444: Convert Java Config samples to thymeleaf and tiles
2013-12-13 15:47:28 -06:00
Rob Winch
0d12397662
SEC-2385: Polish Gradle Spring 4 usage doc
2013-12-12 08:20:37 -06:00
Rob Winch
035067caf4
SEC-2385: Polish Gradle Spring 4 usage doc
2013-12-11 08:08:51 -06:00
Rob Winch
548ed4e14a
Update samples to declare repository already added
2013-12-06 14:46:52 -06:00
Rob Winch
feeb380b51
Polish Guides
2013-12-06 11:12:07 -06:00
Rob Winch
ec524da6cb
SEC-2416: Fix Hello MVC guide
2013-12-05 15:47:38 -06:00
Rob Winch
fc6fc19eed
Fix guides
2013-12-05 13:16:59 -06:00
Rob Winch
74a6303b6f
SEC-2385: Document how to use with Spring 4
2013-12-04 12:38:45 -06:00
Rob Winch
4308e72573
Polish CSRF log in caveat with link
2013-12-03 09:27:49 -06:00
Rob Winch
b8cc42e3a3
SEC-2426: Add CSRF and logout with non-post example
2013-12-03 09:07:54 -06:00
Rob Winch
ab08d99a52
SEC-2421: Remove filterProcessUrl from UsernamePasswordAuthenticationFilter doc
2013-12-02 16:47:57 -06:00
Rob Winch
135df149a3
SEC-2423: Document differences between defaults in Java & XML Config
2013-12-02 16:37:52 -06:00
Rob Winch
0b996c669f
SEC-2424: Document ObjectPostProcessor
2013-12-02 10:17:08 -06:00
Rob Winch
5a59c74d02
SEC-2327: Document SecurityExpressionRoot
2013-11-20 16:59:05 -06:00
Rob Winch
4944e602cb
SEC-2402: Reference cleanup
...
* Fix link rendering in CSRF section
* Remove static from MultiHttpSecurityConfig sample
* Decrease indention since can render w/ PDF now
* Remove invalid characters
2013-11-15 10:50:08 -06:00
Rob Winch
f1f3acdf75
Fix guides spec
2013-11-01 14:21:37 -05:00
Rob Winch
c135179029
Update to latest Asciidoctor version
...
We will temporarily remove PDF support until the plugin supports it.
2013-10-30 16:56:00 -05:00
Rob Winch
cf3e2f2c6a
Fix guide index's link to custom form
2013-10-30 16:19:51 -05:00
Rob Winch
17b9f33351
SEC-2378: Fix CSRF MultipartFilter doc typo
2013-10-29 13:07:10 -05:00
Rob Winch
5427da6b27
Move reference to htmlsingle to match standard Spring reference layout
2013-10-29 12:56:29 -05:00
Rob Winch
78f85cc129
SEC-2349: Number the reference
2013-10-23 17:46:57 -05:00
Rob Winch
85ec2429d9
SEC-2349: Externalize FAQ
2013-10-23 17:43:32 -05:00
Rob Winch
355f884d22
SEC-2093: Document what is new in Spring Security 3.2
2013-10-18 16:39:01 -05:00
Rob Winch
4a24c81147
SEC-2299: Document @AuthenticationPrincipal
2013-10-18 15:46:29 -05:00
Rob Winch
a3009e303b
SEC-2299: Document Web MVC integration
2013-10-18 11:23:58 -05:00
Rob Winch
6ea95cc3a3
SEC-2094: Document Concurrency Support
2013-10-18 09:50:49 -05:00
Rob Winch
348e3a22b6
SEC-2365: registerAuthentication->configure
2013-10-16 13:59:56 -05:00
Rob Winch
db3c626ac9
SEC-2281: Document Java Configuration
2013-10-16 10:44:35 -05:00
Rob Winch
e3f58fd9d3
Polish guide
2013-10-16 10:44:16 -05:00
Rob Winch
bbefc62a87
Fix Security Header's link to HttpServletResponse.setHeader
2013-10-15 16:56:44 -05:00
Rob Winch
730dcffe6d
Fix crossrefs in footnotes
2013-10-15 16:50:26 -05:00
Rob Winch
bf3b5459cd
Fix Authors of manual
2013-10-15 16:22:27 -05:00
Rob Winch
0978c12c47
SEC-2361: Java Config Sampels use @Autowired AuthenticationManagerBuilder
2013-10-15 12:35:32 -05:00
Rob Winch
51171efa7a
SEC-2357: Move *RequestMatcher to .matcher package
2013-10-14 11:55:56 -05:00
Rob Winch
14b9050616
SEC-2357: Move *RequestMatchers to .matchers package
2013-10-14 10:36:31 -05:00
Rob Winch
d28058303b
SEC-2349: Move FAQ into reference
2013-10-03 21:28:55 -05:00
Rob Winch
4b43cf3f50
SEC-2349: Convert Reference to Asciidoctor
2013-10-03 14:15:09 -05:00
Rob Winch
df5e034fc3
SEC-2282: Polish CSRF Documentation
2013-09-27 17:14:21 -05:00
Rob Winch
8087cde628
SEC-2331: Include Expires: 0 in xsd and appendix
2013-09-27 17:10:42 -05:00
Rob Winch
8fed90c26c
SEC-2282: Add links for AccessDeniedHandler in CSRF doc
2013-09-27 16:44:34 -05:00