Rob Winch
6c35c33abe
SEC-2447: Fix AuthenticationManagerBuilder ordering issues
2014-02-09 21:17:51 -06:00
Rob Winch
b5f5665ea6
SEC-2463: CSRF documentation includes EnableWebMvcSecurity
2014-01-29 09:28:51 -06:00
Rob Winch
3b05fd6fed
SEC-2466: Add link to MultipartFilter in CSRF multipart section
2014-01-28 22:04:35 -06:00
Rob Winch
4c84805ac9
SEC-2466: CSRF MutipartFilter doc now uses <url-pattern>
2014-01-28 16:51:05 -06:00
Rob Winch
f09ce267b3
Polish MVC doc
2013-12-16 12:30:25 -06:00
Rob Winch
374aceed2b
Polish form.asc
2013-12-16 11:13:23 -06:00
Rob Winch
df703e0189
Polish hellomvc.asc
2013-12-16 10:39:18 -06:00
Rob Winch
8c580dc170
SEC-2444: Polish Thymeleaf for samples
2013-12-16 09:51:00 -06:00
Rob Winch
5205bf57c6
SEC-2453: Create 403 CSRF FAQ Entry
2013-12-16 09:02:02 -06:00
Rob Winch
b7041ed00e
SEC-2436: Add @EnableWebMvcSecurity
2013-12-14 14:40:01 -06:00
Rob Winch
4708287ad3
SEC-2444: Convert Java Config samples to thymeleaf and tiles
2013-12-13 15:47:28 -06:00
Rob Winch
0d12397662
SEC-2385: Polish Gradle Spring 4 usage doc
2013-12-12 08:20:37 -06:00
Rob Winch
035067caf4
SEC-2385: Polish Gradle Spring 4 usage doc
2013-12-11 08:08:51 -06:00
Rob Winch
548ed4e14a
Update samples to declare repository already added
2013-12-06 14:46:52 -06:00
Rob Winch
feeb380b51
Polish Guides
2013-12-06 11:12:07 -06:00
Rob Winch
ec524da6cb
SEC-2416: Fix Hello MVC guide
2013-12-05 15:47:38 -06:00
Rob Winch
fc6fc19eed
Fix guides
2013-12-05 13:16:59 -06:00
Rob Winch
74a6303b6f
SEC-2385: Document how to use with Spring 4
2013-12-04 12:38:45 -06:00
Rob Winch
4308e72573
Polish CSRF log in caveat with link
2013-12-03 09:27:49 -06:00
Rob Winch
b8cc42e3a3
SEC-2426: Add CSRF and logout with non-post example
2013-12-03 09:07:54 -06:00
Rob Winch
ab08d99a52
SEC-2421: Remove filterProcessUrl from UsernamePasswordAuthenticationFilter doc
2013-12-02 16:47:57 -06:00
Rob Winch
135df149a3
SEC-2423: Document differences between defaults in Java & XML Config
2013-12-02 16:37:52 -06:00
Rob Winch
0b996c669f
SEC-2424: Document ObjectPostProcessor
2013-12-02 10:17:08 -06:00
Rob Winch
5a59c74d02
SEC-2327: Document SecurityExpressionRoot
2013-11-20 16:59:05 -06:00
Rob Winch
4944e602cb
SEC-2402: Reference cleanup
...
* Fix link rendering in CSRF section
* Remove static from MultiHttpSecurityConfig sample
* Decrease indention since can render w/ PDF now
* Remove invalid characters
2013-11-15 10:50:08 -06:00
Rob Winch
f1f3acdf75
Fix guides spec
2013-11-01 14:21:37 -05:00
Rob Winch
c135179029
Update to latest Asciidoctor version
...
We will temporarily remove PDF support until the plugin supports it.
2013-10-30 16:56:00 -05:00
Rob Winch
cf3e2f2c6a
Fix guide index's link to custom form
2013-10-30 16:19:51 -05:00
Rob Winch
17b9f33351
SEC-2378: Fix CSRF MultipartFilter doc typo
2013-10-29 13:07:10 -05:00
Rob Winch
5427da6b27
Move reference to htmlsingle to match standard Spring reference layout
2013-10-29 12:56:29 -05:00
Rob Winch
78f85cc129
SEC-2349: Number the reference
2013-10-23 17:46:57 -05:00
Rob Winch
85ec2429d9
SEC-2349: Externalize FAQ
2013-10-23 17:43:32 -05:00
Rob Winch
355f884d22
SEC-2093: Document what is new in Spring Security 3.2
2013-10-18 16:39:01 -05:00
Rob Winch
4a24c81147
SEC-2299: Document @AuthenticationPrincipal
2013-10-18 15:46:29 -05:00
Rob Winch
a3009e303b
SEC-2299: Document Web MVC integration
2013-10-18 11:23:58 -05:00
Rob Winch
6ea95cc3a3
SEC-2094: Document Concurrency Support
2013-10-18 09:50:49 -05:00
Rob Winch
348e3a22b6
SEC-2365: registerAuthentication->configure
2013-10-16 13:59:56 -05:00
Rob Winch
db3c626ac9
SEC-2281: Document Java Configuration
2013-10-16 10:44:35 -05:00
Rob Winch
e3f58fd9d3
Polish guide
2013-10-16 10:44:16 -05:00
Rob Winch
bbefc62a87
Fix Security Header's link to HttpServletResponse.setHeader
2013-10-15 16:56:44 -05:00
Rob Winch
730dcffe6d
Fix crossrefs in footnotes
2013-10-15 16:50:26 -05:00
Rob Winch
bf3b5459cd
Fix Authors of manual
2013-10-15 16:22:27 -05:00
Rob Winch
0978c12c47
SEC-2361: Java Config Sampels use @Autowired AuthenticationManagerBuilder
2013-10-15 12:35:32 -05:00
Rob Winch
51171efa7a
SEC-2357: Move *RequestMatcher to .matcher package
2013-10-14 11:55:56 -05:00
Rob Winch
14b9050616
SEC-2357: Move *RequestMatchers to .matchers package
2013-10-14 10:36:31 -05:00
Rob Winch
d28058303b
SEC-2349: Move FAQ into reference
2013-10-03 21:28:55 -05:00
Rob Winch
4b43cf3f50
SEC-2349: Convert Reference to Asciidoctor
2013-10-03 14:15:09 -05:00
Rob Winch
df5e034fc3
SEC-2282: Polish CSRF Documentation
2013-09-27 17:14:21 -05:00
Rob Winch
8087cde628
SEC-2331: Include Expires: 0 in xsd and appendix
2013-09-27 17:10:42 -05:00
Rob Winch
8fed90c26c
SEC-2282: Add links for AccessDeniedHandler in CSRF doc
2013-09-27 16:44:34 -05:00
Rob Winch
3e95f1c12e
SEC-2282: Polish CSRF Documentation
2013-09-27 16:41:06 -05:00
Rob Winch
ee33a6deeb
SEC-2285: Headers doc explicitly state default headers
2013-09-27 16:29:10 -05:00
Rob Winch
17efd25717
SEC-2331: Include Expires: 0 in security headers documentation
2013-09-27 16:13:40 -05:00
Rob Winch
06a0ec1a9f
SEC-2285: Polish Security Headers Documentation
...
Explain why (passivity) XML Namespace doesn't enable security headers by
default.
2013-09-27 16:13:18 -05:00
Rob Winch
9bb283044f
SEC-2282: Polish CSRF Documentation
...
Explain why (passivity) XML Namespace doesn't enable csrf protection by
default.
2013-09-27 16:06:25 -05:00
Rob Winch
a09756745f
SEC-2151: Support binding method arguments with Annotations
...
This allow utilizing method arguments for method access control on
interfaces prior to JDK 8.
2013-09-27 11:18:37 -05:00
Rob Winch
1f3b812a66
SEC-2282: Polish CSRF Documentation
2013-09-26 08:58:39 -05:00
Rob Winch
ef7cc40389
SEC-2282: Polish CSRF Documentation
2013-09-25 17:30:50 -05:00
Rob Winch
d16106ef56
SEC-2309: Document CSRF multipart/form-data
2013-09-25 15:14:32 -05:00
Rob Winch
e5804d323b
SEC-2256: Fix intercept-url doc precidence statement
...
Previously the documentation incorrectly stated "If a request matches
multiple patterns, the method-specific match will take precedence
regardless of ordering."
This has now been removed and InterceptUrlConfigTests was added previously
to ensure this was true.
2013-09-13 22:02:52 -07:00
Rob Winch
f6587c8697
SEC-2312: Update javadoc link to Spring 3.2.x
2013-09-13 15:34:30 -07:00
Rob Winch
98fe2322cd
SEC-2095: Fix Servlet API doc ids
2013-08-30 13:10:32 -05:00
Scott Andrews
fc16450344
Demonstrate rest.js CSRF support in reference docs
...
rest.js 0.9.4 added support for applying the CSRF header and token to
Ajax requests.
2013-08-30 12:21:32 -05:00
Rob Winch
246c632f3a
SEC-2095: Document Servlet API support
2013-08-30 12:20:35 -05:00
Rob Winch
86340b8016
SEC-2283: Polish headers doc
2013-08-29 13:47:54 -05:00
Rob Winch
d89cf6db29
SEC-2283: Update headers documentation and tests
2013-08-28 12:35:40 -05:00
Rob Winch
4761614c9f
SEC-2291: Fix internal links within reference
...
Instead of using xlink:href="# use linkend="
2013-08-28 09:12:27 -05:00
Rob Winch
69aac09e1d
SEC-2285: Added headers to to reference
2013-08-28 08:58:45 -05:00
Rob Winch
9483226d02
SEC-2282: Polish CSRF doc
2013-08-27 17:16:32 -05:00
Rob Winch
98bdd32ca0
SEC-2282: Add CSRF documentation to the reference manual
2013-08-25 19:00:04 -05:00
Rob Winch
18bd82e7d4
SEC-2131: Update doc to state session authentication sends 401 if no page
2013-08-25 11:37:23 -05:00
Rob Winch
cd7055f725
SEC-2171: Include Information about pooling in Spring LDAP documentation
2013-08-25 11:27:50 -05:00
Rob Winch
7f2308f46c
SEC-2146: Document AspectJ does not inherit annotations
2013-08-25 11:06:36 -05:00
Rob Winch
03b235295e
SEC-2270: Remove duplicate version from guides index
2013-08-23 14:13:12 -05:00
Rob Winch
efa9f4db93
SEC-2108: Fix typo in ldap section of manual
2013-08-23 14:09:58 -05:00
Rob Winch
e8788f2657
SEC-2269: Fix markup for CSRF link
2013-08-21 10:08:39 -05:00
Rob Winch
17c2a18fee
SEC-2269: Fix CSRF link in appendix
2013-08-21 10:01:19 -05:00
Rob Winch
a3a432f7b6
SEC-2269: Fix additional links
2013-08-20 14:02:33 -05:00
Rob Winch
3b2156969d
SEC-2269: Fix headers link
2013-08-20 10:06:00 -05:00
Rob Winch
f707101fdb
SEC-2269: Fix headers documentation
2013-08-20 10:03:31 -05:00
Rob Winch
eb95c500f5
Remove dockbook-reference from guides
2013-08-20 10:02:55 -05:00
Rob Winch
658a93178c
SEC-2252: Add custom form guide
2013-08-19 15:22:04 -05:00
Rob Winch
51b9c4a19a
Hide logout in main.jsp if not logged in
2013-08-17 14:38:39 -05:00
Rob Winch
e9bb9e766e
SEC-1574: Add CSRF Support
2013-08-15 14:49:21 -05:00
beamerblvd
5f35d9e3ec
SEC-2135: Document HttpServletRequest.changeSessionId() support
2013-08-15 13:59:16 -05:00
Rob Winch
485676be8c
SEC-2251: Polish Hello World guides
...
* Correct how to add username and logout to mvc
* Externalize :revnumber:
2013-08-15 12:50:40 -05:00
Rob Winch
13da42ca1b
SEC-2137: Allow disabling session fixation and enable concurrency control
2013-08-15 12:50:40 -05:00
Rob Winch
e0cb931f69
SEC-2251: Create Hello World Java Configuration guides
2013-08-08 14:34:50 -05:00
Asaf David
333a7291a4
SEC-2242: Fixed typo in technical overview
...
Changed "source source" to "source"
2013-08-01 13:02:56 -05:00
Rob Winch
e242aeff3e
SEC-2230: Polish and clickjacking demo
2013-08-01 10:19:36 -05:00
Rob Winch
283c906215
SEC-2230: Fix reference PDF
2013-07-31 12:22:41 -05:00
Rob Winch
988e97e366
SEC-2230: Polish headers reference
2013-07-31 10:39:52 -05:00
Rob Winch
c85328c5d1
SEC-2230: HTTP Strict Transport Security (HSTS)Add support for Strict
...
This is a distinct filter as apposed to reusing StaticHeaderWriter
since the specification specifies that the "Strict-Transport-Security"
header should only be set on secure requests. It would not make sense to
require DelegatingRequestMatcherHeaderWriter since this requirement is
in the specification.
2013-07-31 10:39:52 -05:00
Rob Winch
8013cd54d6
SEC-2230: Added Cache Control support
2013-07-31 10:39:45 -05:00
Rob Winch
7b164bb5e1
SEC-2230: Polish pull request
2013-07-26 14:19:53 -05:00
Rob Winch
8acd205486
SEC-2232: HeaderFactory to HeaderWriter
2013-07-26 09:01:12 -05:00
Rob Winch
fd754c5cab
SEC-2098, SEC-2099: Fix build
...
- hf.doFilter is missing FilterChain argument
- response.headers does not contain the exact values for the headers so
should not be used for comparison (note it is a private member so this
is acceptable)
- hf does not need non-null check when hf.doFilter is invoked
- some of the configurations are no longer valid (i.e. ALLOW-FROM
requires strategy)
- Some error messages needed updated (some could still use improvement)
- No validation for missing header name or value
- rebased off master / merged
- nsa=frame-options-strategy id should use - not =
- FramewOptionsHeaderFactory did not produce "ALLOW-FROM " prefix of origin
- remove @Override on interface overrides to work with JDK5
2013-07-25 16:23:25 -05:00
Marten Deinum
d0b40cd2ae
- Created HeaderFactory abstraction
...
- Implemented different ALLOW-FROM strategies as specified in the proposal.
Conflicts:
config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy
2013-07-25 16:22:43 -05:00
Rob Winch
a63baa8391
SEC-2098, SEC-2099: Polishing
2013-07-25 16:22:43 -05:00
Marten Deinum
0adf5aea91
SEC-2098, SEC-2099: Created HeadersFilter
...
Created HeadersFilter for setting security headers added including a
bean definition parser for easy configuration of the headers. Enables
easy configuration for the X-Frame-Options, X-XSS-Protection and
X-Content-Type-Options headers. Also allows for additional headers to
be added.
2013-07-25 16:22:43 -05:00
Rob Winch
955a60cf49
SEC-2208: Use std docbook plugin and workspace cleanup
2013-07-16 15:15:47 -05:00
Luke Taylor
d8727638ab
SEC-1785: Remove auto-config from manual.
...
Changed the namespace doc to use an explicit form-login
and logout element and avoid mention of auto-config or its
effects. This makes the intro shorter and simpler.
2013-05-18 21:25:11 +01:00
Luke Taylor
d6524feb62
SEC-2122: Change doc to prioritize bcrypt use
2013-05-17 18:42:47 +01:00
Rob Winch
c0921b9ede
SEC-2133: Update doc from ChannelAuthenticationFilter to ChannelProcessingFilter
2013-04-25 08:56:47 -05:00
Luke Taylor
6ebb9abfb7
Fix HttpSessionEventPublisher package name in FAQ.
2013-04-06 14:53:53 +01:00
Oliver Becker
5eb5c91d86
SEC-2119: Rename rememberme-parameter to remember-me-parameter
...
This change extends pull request https://github.com/SpringSource/spring-security/pull/26
and its subsequent changes by renaming the attribute name 'rememberme-parameter' to
'remember-me-parameter'.
The spelling including the additional hyphen in 'remember-me-parameter' is more consistent
with the default spelling of the 'remember-me' functionality.
2013-03-05 14:47:25 -06:00
Rob Winch
b014020955
SEC-2119: Polish remember-me@rememberme-parameter
...
- Change form-parameter to rememerme-parameter
- Use rnc file for generating the xsd
- Add test for deafult value of rememberme parameter
2013-03-01 17:03:09 -06:00
Oliver Becker
9eb34fe51c
SEC-2119: Add a 'form-parameter' attribute to <remember-me>
...
This change extends the namespace configuration of <remember-me>
with a 'form-parameter' attribute. The introduced attribute sets
the 'parameter' property of AbstractRememberMeServices.
This enables overriding the default value of
'_spring_security_remember_me' using the namespace configuration.
2013-03-01 17:03:02 -06:00
Rob Winch
e8661913d1
SEC-2119: Update to 3.2 schema and use default schema version when available
2013-03-01 16:29:27 -06:00
@fbiville
83f1d76c16
SEC-2138: Fix code snippet in Hierarchical Roles section
...
The bean definition of RoleHierarchyVoter was syntactically incorrect.
2013-02-26 09:48:59 -06:00
Rob Winch
5ba31dfd56
Use AspectJMethodSecurityInterceptor in reference
...
Change reference to use AspectJMethodSecurityInterceptor instead of
undefined AspectJSecurityInterceptor.
2012-12-04 10:06:27 -06:00
Rob Winch
373fe3a9f1
SEC-2074: Update reference to use <method-security-metadata-source>
2012-12-04 10:05:22 -06:00
Rob Winch
6cea2694dc
SEC-2069: Update doc to use FilterInvocationSecurityMetadataSource
2012-10-22 14:24:05 -05:00
Rob Winch
4f741bc914
SEC-2057: ConcurrentSessionFilter is now after SecurityContextPersistenceFilter
...
Previously, ConcurrentSessionFilter was placed after SecurityContextPersistenceFilter
which meant that the SecurityContextHolder was empty when ConcurrentSessionFilter was
invoked. This caused the Authentication to be null when performing a logout. It also
caused complications with LogoutHandler implementations that would be accessing the
SecurityContextHolder and potentially clear it out expecting that
SecurityContextPersistenceFilter would then clear the SecurityContextRepository.
The ConcurrentSessionFilter is now positioned after the
SecurityContextPersistenceFilter to ensure that the SecurityContextHolder is populated
and cleared out appropriately.
2012-10-03 09:27:24 -05:00
Rob Winch
8ad0e0e8e8
SEC-1995: Use Gradle Artifactory integration for releases
2012-08-09 14:20:57 -05:00
Rob Winch
095dcb3a74
SEC-2010: Include missing <value> tag in Hierarchical Roles section of the reference
2012-07-19 10:18:12 -05:00
Rob Winch
b196d70f99
SEC-1905: Added para tag to the digest encoded password footnote
2012-07-11 13:12:57 -05:00
Rob Winch
bfd09f7603
SEC-1905: Added footnote to password encoding for digest authentication
...
Technically digest authentication can allow for encoded passwords, but
it needs to be in the correct format. This update adds a footnote to clarify this.
Previously the documentation stated that passwords must be in clear text.
2012-07-11 13:00:06 -05:00
Rob Winch
3e4da4f60f
Updated to next snapshot version
2012-07-06 11:28:21 -05:00
Rob Winch
f46a5bab40
Set to 3.1.1 Release
2012-07-06 10:32:55 -05:00
Rob Winch
a2452ab514
SEC-1906: Update to Gradle 1.0
2012-07-05 12:41:56 -05:00
Rob Winch
18230259b8
SEC-1985: Removed WebSecurityExpessionHandler from reference
2012-06-28 11:35:07 -05:00
Rob Winch
954ba57cf2
SEC-1970: Cleanup of pre authentication documentation
...
* Removed custom-authentication-provider from documentation
* Rephrased to make the pre authentication documentation a little more concise
* Removed nested () within text (not code)
* Removed user which should have been use
2012-06-15 14:44:16 -05:00
Rob Winch
ca741ab18f
SEC-1943: Corrected namespace doc to state SecurityContextHolderAwareRequestFilter instead of SecurityContextHolderAwareFilter
2012-03-20 19:18:26 -05:00
Luke Taylor
2434564d6c
SEC-1904: Fixed LDAP object class name in docs.
2012-02-01 14:37:32 +00:00
Luke Taylor
b493afa18c
SEC-1888: Improving the doc on (not) using multiple annotation types in the same class.
2012-01-31 19:05:43 +00:00
Luke Taylor
9b423a7726
Set 3.1.0 release version.
2011-12-05 23:42:39 +00:00
Rob Winch
53483df1f5
SEC-1678: Added What's new section to reference
2011-11-18 13:52:37 -06:00
Rob Winch
041cb1dcc3
SEC-1858: Included the updates for logout-success-url documentation
2011-11-18 11:22:22 -06:00
Rob Winch
f88b6f75ff
SEC-1858: Overhall the namespace appendix of the reference to include missing elements and attributes
2011-11-11 09:00:53 -05:00
Rob Winch
2fd0a65049
SEC-1839: Updated preauth example to use </security:authentication-manager> instead of </security-authentication-manager>
2011-10-18 19:18:56 -05:00
Luke Taylor
503ac9ae7c
SEC-1798: Remove internal evaluation of EL in JSP tag implementations.
2011-08-12 19:44:27 +01:00
Luke Taylor
a1c714cff4
SEC-1754: Added an InvalidSessionStrategy to allow SessionManagementFilter to delegate out the behaviour when an invalid session identifier is submitted.
2011-07-14 16:43:02 +01:00
Luke Taylor
ac3d8b25f2
Expand LDAP authentication FAQ with information about bind authentication and unreadable password attributes.
2011-07-14 13:13:39 +01:00
Luke Taylor
d5946b81b4
Added FAQ on how to add ApacheDS entries to pom.
2011-07-13 17:50:29 +01:00
Florian Fankhauser
2e83d98c8f
SEC-1776: Corrected typo in manual
2011-07-09 19:24:12 -05:00
Luke Taylor
2861a951aa
Minor FAQ update on version info.
2011-06-17 11:45:56 +01:00
Luke Taylor
ecfffaaa3f
Make aspectj dependencies optional throughout and spring-jdbc/tx optional in core poms. Reduces exclusions required in third-party poms (e.g. spring-social).
2011-06-09 22:57:49 +01:00
Luke Taylor
132163ec2e
Add FAQ on accessing password from a UserDetailsService.
2011-05-26 18:38:45 +01:00
Luke Taylor
b53d430798
Doc update to reflect change in cas integration module name since 3.0.
2011-05-23 21:29:40 +01:00
Luke Taylor
3541099634
Correct typo in FAQ.
2011-05-17 18:23:48 +01:00
Luke Taylor
295ea27526
SEC-1743: Separate remoting from core into separate module.
2011-05-16 00:19:30 +01:00
Luke Taylor
6e91786f92
SEC-1734: AbstractRememberMeServices will now default to using a secure cookie if the connection is secure. The behaviour can be overridden by setting the useSecureCookie property in which case the cookie will either always be secure (true) or never (false).
2011-05-09 13:36:23 +01:00
Rob Winch
bd74185e41
SEC-1729: Updated openid module and sample to openid4java 0.9.6 and httpclient 4.1.1
2011-04-26 23:39:51 -05:00
Luke Taylor
e473897fd9
SEC-1181: Add docs for ActiveDirectoryLdapAuthenticationProvider. Minor fix to initialization checks.
2011-04-26 18:39:01 +01:00
Luke Taylor
c4a1ce9f1a
SEC-1725: Update docs to remove references to filter-chain-map.
2011-04-25 23:38:44 +01:00
Rob Winch
f28a09dfa4
Formatting changes to CAS documentation
2011-04-17 18:17:16 -05:00
Rob Winch
01fb4bdb6d
SEC-1718: Update documentation and sample application to demonstrate how to use a PGT to authenticate to stateless services using a PT
2011-04-17 18:17:14 -05:00
Rob Winch
11331d34d9
SEC-1717: Document how to perform Single Logout with CAS and added integration test for sample application to test Single Logout
2011-04-17 18:14:16 -05:00
Rob Winch
04f1df2a1b
SEC-965: Updated CAS documentation to describe authenticating proxy tickets
2011-04-17 18:14:16 -05:00
Luke Taylor
74b0c1780e
SEC-1707: Added metadata-source-ref attribute to namespace appendix.
2011-04-05 15:25:49 +01:00
Rob Winch
79e17e22bc
SEC-1703: Updated namespace for intercept-url
2011-03-29 21:58:29 -05:00
Rob Winch
d9d5ee1114
SEC-1703: Updated cas custom-filter@ref to match example bean id and custom-filter@position to be CAS_FILTER
2011-03-29 20:13:07 -05:00
Luke Taylor
9c88576992
Added extra FAQ on "Bad Credentials" message and on testing LDAP authentication. Minor mods to LDAP doc.
2011-03-29 15:30:08 +01:00
Rob Winch
236efadfb7
SEC-1698: Update documentation to use correct package for RequestHeaderAuthenticationFilter
2011-03-16 23:53:29 -05:00
Luke Taylor
1dc309b041
SEC-1689: Minor doc updates related to use of password encoding and the crypto package.
2011-03-17 01:45:19 +00:00
Luke Taylor
3a3b2df1c5
Minor rewording of "child web context" FAQ.
2011-03-13 20:45:22 +00:00
Luke Taylor
a25d131f21
Some doc clarifications on the use of UserDetailService vs AuthenticationProvider.
2011-03-10 16:12:16 +00:00
Luke Taylor
b26f2309f4
Add paragraph to manual database appendix to clarify that the standard schema is completely optional if you aren't using JdbcDaoImpl.
2011-03-10 13:41:44 +00:00
Luke Taylor
9cf8ba02ba
Adding some extra section IDs in namespace appendix to provide bookmarkable URLs.
2011-03-10 13:15:58 +00:00
Luke Taylor
57c3afd31a
SEC-1689: Adjust manual to remove references to separate crypto module.
2011-03-08 12:58:28 +00:00
Luke Taylor
3fe49dfae5
Added JDK and Spring links to Javadoc generation task.
2011-02-08 16:43:34 +00:00
Luke Taylor
12561660b1
Add Javadoc groups to build.
2011-02-08 16:13:12 +00:00
Luke Taylor
5f58108717
Typo.
2011-02-06 15:31:36 +00:00
Luke Taylor
83050f96cb
SEC-1656: Document potential need for pre-emptive session creation if writing the security context manuall.
2011-02-06 14:58:36 +00:00
Luke Taylor
4e349904e5
Add missing language attributes to programlisting tags for highlighting.
2011-02-01 16:54:18 +00:00
Luke Taylor
6a62b51870
Fix typo in FAQ.
2011-01-31 12:32:05 +00:00
Luke Taylor
347a2a91a9
SEC-1494: Document the use of system properties for disabling authorize tag functionality.
2011-01-30 14:04:32 +00:00
Luke Taylor
95b416b0e7
SEC-1660: Minor addition to FAQ text.
2011-01-21 16:26:14 +00:00
Luke Taylor
b542c73907
SEC-1660: Updated FAQ to explain that session-fixation protection may cause problems if switching between HTTP and HTTPS, and also updated information to advise against switching in the first place.
2011-01-21 16:24:18 +00:00
Luke Taylor
60befb063a
SEC-1659: Added crypto module to list of project modules in reference manual intro and to dependencies appendix.
2011-01-19 18:26:30 +00:00
Keith Donald
38327d1b16
SEC-1659: crypto docs
2011-01-19 18:17:03 +00:00
Luke Taylor
afd586c96e
Re-instate the CAS integration sequence description in the CAS chapter, with corrections (and minus proxying).
2011-01-18 16:50:18 +00:00
Luke Taylor
075b30ab44
SEC-1651: Added paragraph to FAQ mentioning dependencies appendix.
2011-01-12 15:27:30 +00:00
Luke Taylor
8da0de459b
SEC-1651: Added remaining module information to dependencies appendix.
2011-01-12 15:09:01 +00:00
Luke Taylor
b858b23927
SEC-1651: Added first draft of dependencies appendix to reference manual.
2011-01-07 19:23:06 +00:00
Luke Taylor
8d7830a1ee
SEC-1603: Add support in namespace for use of AuthenticationSuccessHandler with remember-me.
2011-01-06 15:16:13 +00:00
Luke Taylor
48ea0a6249
SEC-1638: Added paragraph to docs explaining that for complete security, an app should not switch out of HTTPS at all.
2010-12-17 17:34:08 +00:00
Luke Taylor
7cf9740fd4
SEC-1638: Added an example configuration to the Javadoc for ChannelProcessingFilter and a pointer from the reference manual.
2010-12-17 17:09:20 +00:00
Luke Taylor
ce421f22bf
SEC-1635: Stop security interceptors from calling AfterInvocationManager if exception occurs during invocation
2010-12-14 16:24:51 +00:00
Luke Taylor
4a40d80da1
SEC-1418: Deprecate GrantedAuthorityImpl in favour of final SimpleGrantedAuthority.
...
It should be noted that equality checks or lookups with Strings or other authority types will now fail where they would have succeeded before.
2010-12-03 16:41:46 +00:00
Luke Taylor
89f80659a1
Move docs on request matching to correct file and delete unused one
2010-11-24 00:30:37 +00:00
Luke Taylor
49242729e4
Added imgSrcPath parameter for use in docbookFopPdf task.
2010-11-24 00:28:59 +00:00
Luke Taylor
6b691f6fc0
SEC-1613: Corrected preauth docs.
2010-11-04 14:32:06 +00:00
Luke Taylor
cf0289bc02
SEC-1598: Removed invalid properties from SessionFixationProtectionStrategy bean declaration in Session Management chapter docbook.
2010-10-27 13:25:40 +01:00
Luke Taylor
fabadff5f1
SEC-1597: Corrected bean class name for RememberMeAuthenticationProvider in docbook source.
2010-10-27 13:25:40 +01:00
Luke Taylor
31afb9c76d
Deleted superseded dao-auth-provider.xml chapter.
2010-10-27 13:25:40 +01:00
Luke Taylor
07b9ded126
SEC-1599: Corrected docbook source.
2010-10-27 13:25:40 +01:00
Luke Taylor
173537f4f2
SEC-1584: Added namespace support for injecting custom HttpFirewall instance into FilterChainProxy.
2010-10-27 13:25:39 +01:00
Luke Taylor
f455e9a5a4
SEC-1584: Documentation of request-checking and matching process. Logging of servletPath and and pathInfo in DebugFilter for comparison.
2010-10-27 13:25:39 +01:00
Rob Winch
7258abbbf4
SEC-1585: changed spring-beans-3.1.xsd to spring-beans-3.0.xsd
2010-10-10 19:51:37 -05:00
Luke Taylor
1b2b371970
SEC-1544: Added CookieClearingLogoutHandler and 'delete-cookies' attribute to the 'logout' namespace element.
...
When the user logs out, the handler will attempt to delete the named cookies (which it is constructor-injected with) by expiring them in the response.
Also added documentation on the feature and a suggestion for deleting JSESSIONID through an Apache proxy server, if the servlet container doesn't allow clearing the session cookie.
2010-09-16 16:03:24 +01:00
rwinch
de819378fc
SEC-1536: added JAAS API Integration, updated doc, updated jaas sample
2010-09-13 13:12:45 -05:00
Luke Taylor
c5231fc213
SEC-1538: Deprecate PreAuthenticatedGrantedAuthoritiesAuthenticationDetails (forgot originally) and update documentation to remove reference to AbstractPreAuthenticationAuthenticationDetailsSource.
2010-09-13 12:19:21 +01:00
rwinch
58d9903ebc
SEC-1564: JAAS Configuration can now be injected into DefaultJaasAuthenticationProvider
2010-09-10 20:17:22 -05:00
Luke Taylor
7a3892556c
Added a "docs" convenience task
2010-08-30 19:03:15 +01:00
Luke Taylor
c1418c7536
Minor change in doc information about samples since these are no longer in maven repo.
2010-08-23 14:58:27 +01:00
Luke Taylor
35335e84b3
Reset post-release build version.
2010-08-23 00:13:20 +01:00
Luke Taylor
23c4d1ec28
Set version to 3.1.0.M1.
2010-08-22 23:54:33 +01:00
Luke Taylor
837771537f
Tweak docs build to only prevent "assemble" from depending on the archive/upload tasks.
2010-08-22 22:42:54 +01:00
Luke Taylor
d04e37c0c4
Minor changes to doc on version numbering. It's not true that minor versions are source/binary compatible.
2010-08-19 23:24:12 +01:00
Luke Taylor
992566b6cb
SEC-1527: Internationalization of contacts sample (Adding message resource bundle and RequestContextFilter). Re-working of L12n section of manual to mention existing localized message files and use of RequestContextFilter.
2010-08-14 01:07:51 +01:00
Luke Taylor
4935aa07c7
SEC-1535: Added suggested doc fixes.
2010-08-12 20:41:29 +01:00
Luke Taylor
bb7165ac6e
SEC-1530: Added information on calling getAllPrincipals() on SessionRegistry for direct use in an application to provide currently logged in users.
2010-08-07 15:43:55 +01:00
Luke Taylor
e2ba500c3c
SEC-1529: More user-friendly expressions on method annotations in EL chapter.
2010-08-05 18:14:11 +01:00
Luke Taylor
74b66591e9
Build refactoring.
2010-08-04 02:09:07 +01:00
Luke Taylor
5de68cb18f
SEC-1499: Additional doc paragraph that escaped the commit.
2010-07-23 23:03:54 +01:00
Luke Taylor
9dd6a5eb8f
SEC-1499: Added some Javadoc and doc on the problems of using session-fixation protection with attributes that implement HttpSessionBindingListener.
2010-07-23 16:27:57 +01:00
Luke Taylor
d7d8448120
SEC-1521: Add check for null SecurityContextRepository and clarify related docs on use of null implementation (NullSecurityContextRepository).
2010-07-23 15:59:53 +01:00
Luke Taylor
c1c8fd1874
SEC-1171: Changed attribute name/value from secured="false" to security="none" to allow future extension by adding extra options (e.g. contextOnly to provide security context information during the request).
2010-07-20 19:46:47 +01:00
Luke Taylor
080710e023
Minor doc updates on default filters created by namespace.
2010-07-06 13:29:11 +01:00
Luke Taylor
06368f956a
Minor doc/javadoc updates to clarify use of UserDetailsContextapper.
2010-07-04 15:13:27 +01:00
Luke Taylor
d6159e884a
Some minor doc fixes.
2010-07-03 13:11:39 +01:00
Luke Taylor
8ad6cbbe85
SEC-1508: Update docbook processing to use Docbook 5 namespaces.
2010-07-03 13:10:48 +01:00
Luke Taylor
8615369697
Added information on config jar to instructions on getting started using namespace.
2010-06-30 13:45:13 +01:00
Luke Taylor
4da4734750
Minor doc link updates and tidying.
2010-06-26 13:20:48 +01:00
Luke Taylor
ad82e6a575
SEC-1493: Documentation of support for erasing credentials.
2010-06-26 12:27:49 +01:00
Luke Taylor
1dd4787194
Added note in namespace chapter clarifying that method security only applies to Spring beans, plus aspectj mode info to appendix.
2010-06-10 22:17:58 +01:00
Luke Taylor
8bddc8f820
SEC-1484: Documentation for some namespace attributes.
2010-06-05 17:35:24 +01:00
Luke Taylor
0d94e75a93
SEC-1171: Documentation of changes related to use of multiple <http> elements.
2010-06-05 17:12:33 +01:00
Luke Taylor
01308f8308
Added FAQ on using BeanPostProcessor to customize namespace-created beans.
2010-05-24 17:01:55 +01:00
Luke Taylor
a097a47246
Refactored ssh uploading into a separate gradle task. Added "uploadFaq" task
2010-05-23 00:05:30 +01:00
Luke Taylor
ca91b9abc5
Corrected section layout in DB schema appendix of ref manual.
2010-05-23 00:05:29 +01:00
Luke Taylor
12fc73f046
Added faqs on accessing the HttpSession from a UDS andon the use of URLs with fragments.
2010-05-22 14:31:28 +01:00
Luke Taylor
5aab06775e
SEC-1106: Added section on hierarchical roles to manual.
2010-05-18 16:43:55 +01:00
Luke Taylor
e0d06b2b53
Added documentation on RequestCache functionality.
2010-05-16 15:18:03 +01:00
Luke Taylor
f0c4cccb0d
SEC-1479: Clarify that matching is against servletPath + pathInfo for ant pattern matching. Added some extra pointers to request-matching info in namespace doc.
2010-05-16 14:14:13 +01:00
Luke Taylor
705f896209
SEC-1478: Added 'use-expressions' attribute to namespace appendix.
2010-05-11 02:25:45 +01:00
Luke Taylor
e5b0aa6850
Typo.
2010-05-07 02:07:03 +01:00
Luke Taylor
a567e32c69
Re-laying out of FAQ, plus some new questions.
2010-05-07 01:46:36 +01:00
Luke Taylor
64d59e1d32
Some extra FAQs and added comment to samples runall.sh script to explain that it's for dev only.
2010-05-03 14:56:22 +01:00
Luke Taylor
2c44461264
SEC-1473: Remove references to ContactSecurityVoter.
...
Replaced with reference to Oleg's blog article as an example of custom voter use
2010-05-03 14:53:06 +01:00
Luke Taylor
c95fe8af28
Adjust section in namespace chapter and increase section depth in manual TOC for easier reference.
2010-04-28 20:14:08 +01:00
Luke Taylor
bca6c1aeac
SEC-1468: Doc and Javadoc updates.
2010-04-26 23:26:07 +01:00
Luke Taylor
82bbd09b71
SEC-1460: Documentation of changes.
2010-04-24 15:49:47 +01:00
Luke Taylor
def5f88c8c
SEC-1431: Added openid-selector to openid sample, plus AX configuration for myopenid.com.
2010-04-21 17:16:03 +01:00
Luke Taylor
3af75afec1
Clarify that multiple authentication-provider elements can be used in combination.
2010-04-20 23:47:48 +01:00
Luke Taylor
d334f6fa09
Latest gradle syntax updates.
2010-03-28 23:54:41 +01:00
Luke Taylor
2a0aae1904
SEC-524: Document addition of "var" attribute in authorization tags.
2010-03-25 19:48:26 +00:00
Luke Taylor
0849dd93e9
Minor correction to namespace appendix
2010-03-24 21:02:51 +00:00
Hans Dockter
b64a3fa725
Hans Dockter's refactoring of gradle build, plus simplification of docbook plugin.
2010-03-05 23:23:43 +00:00
Luke Taylor
90caf1bb37
Manual formatting.
2010-03-03 23:08:05 +00:00
Luke Taylor
025ab4ce1a
Tweaking of table size in namespace chapter and PDF page margins to try to reduce overlapping of text
2010-02-21 20:41:44 +00:00
Luke Taylor
7c99361c26
Reduce length of long lines in the reference manual.
...
Some are too long for the PDF version.
2010-02-20 01:00:14 +00:00
Luke Taylor
40d3f726d6
Update manual version to 3.0.2.RELEASE
2010-02-19 19:00:06 +00:00
Luke Taylor
9bdc012c69
Minor corrections to Session Management chapter of ref manual.
2010-02-18 00:32:48 +00:00
Luke Taylor
c0579230b2
Correct package names in ref manual docbook. Minor change to namespace appendix.
2010-02-18 00:32:48 +00:00
Luke Taylor
e729819ce0
Updated incorrect package names in docbook
2010-02-12 15:18:01 +00:00
Luke Taylor
017dad8f5d
Added support for fop extensions in PDF generation.
2010-02-11 00:19:18 +00:00
Luke Taylor
81657d0efc
SEC-1403: Corrected interface name.
2010-02-10 15:24:46 +00:00