Commit Graph

572 Commits

Author SHA1 Message Date
Rob Winch 6c35c33abe SEC-2447: Fix AuthenticationManagerBuilder ordering issues 2014-02-09 21:17:51 -06:00
Rob Winch b5f5665ea6 SEC-2463: CSRF documentation includes EnableWebMvcSecurity 2014-01-29 09:28:51 -06:00
Rob Winch 3b05fd6fed SEC-2466: Add link to MultipartFilter in CSRF multipart section 2014-01-28 22:04:35 -06:00
Rob Winch 4c84805ac9 SEC-2466: CSRF MutipartFilter doc now uses <url-pattern> 2014-01-28 16:51:05 -06:00
Rob Winch f09ce267b3 Polish MVC doc 2013-12-16 12:30:25 -06:00
Rob Winch 374aceed2b Polish form.asc 2013-12-16 11:13:23 -06:00
Rob Winch df703e0189 Polish hellomvc.asc 2013-12-16 10:39:18 -06:00
Rob Winch 8c580dc170 SEC-2444: Polish Thymeleaf for samples 2013-12-16 09:51:00 -06:00
Rob Winch 5205bf57c6 SEC-2453: Create 403 CSRF FAQ Entry 2013-12-16 09:02:02 -06:00
Rob Winch b7041ed00e SEC-2436: Add @EnableWebMvcSecurity 2013-12-14 14:40:01 -06:00
Rob Winch 4708287ad3 SEC-2444: Convert Java Config samples to thymeleaf and tiles 2013-12-13 15:47:28 -06:00
Rob Winch 0d12397662 SEC-2385: Polish Gradle Spring 4 usage doc 2013-12-12 08:20:37 -06:00
Rob Winch 035067caf4 SEC-2385: Polish Gradle Spring 4 usage doc 2013-12-11 08:08:51 -06:00
Rob Winch 548ed4e14a Update samples to declare repository already added 2013-12-06 14:46:52 -06:00
Rob Winch feeb380b51 Polish Guides 2013-12-06 11:12:07 -06:00
Rob Winch ec524da6cb SEC-2416: Fix Hello MVC guide 2013-12-05 15:47:38 -06:00
Rob Winch fc6fc19eed Fix guides 2013-12-05 13:16:59 -06:00
Rob Winch 74a6303b6f SEC-2385: Document how to use with Spring 4 2013-12-04 12:38:45 -06:00
Rob Winch 4308e72573 Polish CSRF log in caveat with link 2013-12-03 09:27:49 -06:00
Rob Winch b8cc42e3a3 SEC-2426: Add CSRF and logout with non-post example 2013-12-03 09:07:54 -06:00
Rob Winch ab08d99a52 SEC-2421: Remove filterProcessUrl from UsernamePasswordAuthenticationFilter doc 2013-12-02 16:47:57 -06:00
Rob Winch 135df149a3 SEC-2423: Document differences between defaults in Java & XML Config 2013-12-02 16:37:52 -06:00
Rob Winch 0b996c669f SEC-2424: Document ObjectPostProcessor 2013-12-02 10:17:08 -06:00
Rob Winch 5a59c74d02 SEC-2327: Document SecurityExpressionRoot 2013-11-20 16:59:05 -06:00
Rob Winch 4944e602cb SEC-2402: Reference cleanup
* Fix link rendering in CSRF section
* Remove static from MultiHttpSecurityConfig sample
* Decrease indention since can render w/ PDF now
* Remove invalid characters
2013-11-15 10:50:08 -06:00
Rob Winch f1f3acdf75 Fix guides spec 2013-11-01 14:21:37 -05:00
Rob Winch c135179029 Update to latest Asciidoctor version
We will temporarily remove PDF support until the plugin supports it.
2013-10-30 16:56:00 -05:00
Rob Winch cf3e2f2c6a Fix guide index's link to custom form 2013-10-30 16:19:51 -05:00
Rob Winch 17b9f33351 SEC-2378: Fix CSRF MultipartFilter doc typo 2013-10-29 13:07:10 -05:00
Rob Winch 5427da6b27 Move reference to htmlsingle to match standard Spring reference layout 2013-10-29 12:56:29 -05:00
Rob Winch 78f85cc129 SEC-2349: Number the reference 2013-10-23 17:46:57 -05:00
Rob Winch 85ec2429d9 SEC-2349: Externalize FAQ 2013-10-23 17:43:32 -05:00
Rob Winch 355f884d22 SEC-2093: Document what is new in Spring Security 3.2 2013-10-18 16:39:01 -05:00
Rob Winch 4a24c81147 SEC-2299: Document @AuthenticationPrincipal 2013-10-18 15:46:29 -05:00
Rob Winch a3009e303b SEC-2299: Document Web MVC integration 2013-10-18 11:23:58 -05:00
Rob Winch 6ea95cc3a3 SEC-2094: Document Concurrency Support 2013-10-18 09:50:49 -05:00
Rob Winch 348e3a22b6 SEC-2365: registerAuthentication->configure 2013-10-16 13:59:56 -05:00
Rob Winch db3c626ac9 SEC-2281: Document Java Configuration 2013-10-16 10:44:35 -05:00
Rob Winch e3f58fd9d3 Polish guide 2013-10-16 10:44:16 -05:00
Rob Winch bbefc62a87 Fix Security Header's link to HttpServletResponse.setHeader 2013-10-15 16:56:44 -05:00
Rob Winch 730dcffe6d Fix crossrefs in footnotes 2013-10-15 16:50:26 -05:00
Rob Winch bf3b5459cd Fix Authors of manual 2013-10-15 16:22:27 -05:00
Rob Winch 0978c12c47 SEC-2361: Java Config Sampels use @Autowired AuthenticationManagerBuilder 2013-10-15 12:35:32 -05:00
Rob Winch 51171efa7a SEC-2357: Move *RequestMatcher to .matcher package 2013-10-14 11:55:56 -05:00
Rob Winch 14b9050616 SEC-2357: Move *RequestMatchers to .matchers package 2013-10-14 10:36:31 -05:00
Rob Winch d28058303b SEC-2349: Move FAQ into reference 2013-10-03 21:28:55 -05:00
Rob Winch 4b43cf3f50 SEC-2349: Convert Reference to Asciidoctor 2013-10-03 14:15:09 -05:00
Rob Winch df5e034fc3 SEC-2282: Polish CSRF Documentation 2013-09-27 17:14:21 -05:00
Rob Winch 8087cde628 SEC-2331: Include Expires: 0 in xsd and appendix 2013-09-27 17:10:42 -05:00
Rob Winch 8fed90c26c SEC-2282: Add links for AccessDeniedHandler in CSRF doc 2013-09-27 16:44:34 -05:00
Rob Winch 3e95f1c12e SEC-2282: Polish CSRF Documentation 2013-09-27 16:41:06 -05:00
Rob Winch ee33a6deeb SEC-2285: Headers doc explicitly state default headers 2013-09-27 16:29:10 -05:00
Rob Winch 17efd25717 SEC-2331: Include Expires: 0 in security headers documentation 2013-09-27 16:13:40 -05:00
Rob Winch 06a0ec1a9f SEC-2285: Polish Security Headers Documentation
Explain why (passivity) XML Namespace doesn't enable security headers by
default.
2013-09-27 16:13:18 -05:00
Rob Winch 9bb283044f SEC-2282: Polish CSRF Documentation
Explain why (passivity) XML Namespace doesn't enable csrf protection by
default.
2013-09-27 16:06:25 -05:00
Rob Winch a09756745f SEC-2151: Support binding method arguments with Annotations
This allow utilizing method arguments for method access control on
interfaces prior to JDK 8.
2013-09-27 11:18:37 -05:00
Rob Winch 1f3b812a66 SEC-2282: Polish CSRF Documentation 2013-09-26 08:58:39 -05:00
Rob Winch ef7cc40389 SEC-2282: Polish CSRF Documentation 2013-09-25 17:30:50 -05:00
Rob Winch d16106ef56 SEC-2309: Document CSRF multipart/form-data 2013-09-25 15:14:32 -05:00
Rob Winch e5804d323b SEC-2256: Fix intercept-url doc precidence statement
Previously the documentation incorrectly stated "If a request matches
multiple patterns, the method-specific match will take precedence
regardless of ordering."

This has now been removed and InterceptUrlConfigTests was added previously
to ensure this was true.
2013-09-13 22:02:52 -07:00
Rob Winch f6587c8697 SEC-2312: Update javadoc link to Spring 3.2.x 2013-09-13 15:34:30 -07:00
Rob Winch 98fe2322cd SEC-2095: Fix Servlet API doc ids 2013-08-30 13:10:32 -05:00
Scott Andrews fc16450344 Demonstrate rest.js CSRF support in reference docs
rest.js 0.9.4 added support for applying the CSRF header and token to
Ajax requests.
2013-08-30 12:21:32 -05:00
Rob Winch 246c632f3a SEC-2095: Document Servlet API support 2013-08-30 12:20:35 -05:00
Rob Winch 86340b8016 SEC-2283: Polish headers doc 2013-08-29 13:47:54 -05:00
Rob Winch d89cf6db29 SEC-2283: Update headers documentation and tests 2013-08-28 12:35:40 -05:00
Rob Winch 4761614c9f SEC-2291: Fix internal links within reference
Instead of using xlink:href="# use linkend="
2013-08-28 09:12:27 -05:00
Rob Winch 69aac09e1d SEC-2285: Added headers to to reference 2013-08-28 08:58:45 -05:00
Rob Winch 9483226d02 SEC-2282: Polish CSRF doc 2013-08-27 17:16:32 -05:00
Rob Winch 98bdd32ca0 SEC-2282: Add CSRF documentation to the reference manual 2013-08-25 19:00:04 -05:00
Rob Winch 18bd82e7d4 SEC-2131: Update doc to state session authentication sends 401 if no page 2013-08-25 11:37:23 -05:00
Rob Winch cd7055f725 SEC-2171: Include Information about pooling in Spring LDAP documentation 2013-08-25 11:27:50 -05:00
Rob Winch 7f2308f46c SEC-2146: Document AspectJ does not inherit annotations 2013-08-25 11:06:36 -05:00
Rob Winch 03b235295e SEC-2270: Remove duplicate version from guides index 2013-08-23 14:13:12 -05:00
Rob Winch efa9f4db93 SEC-2108: Fix typo in ldap section of manual 2013-08-23 14:09:58 -05:00
Rob Winch e8788f2657 SEC-2269: Fix markup for CSRF link 2013-08-21 10:08:39 -05:00
Rob Winch 17c2a18fee SEC-2269: Fix CSRF link in appendix 2013-08-21 10:01:19 -05:00
Rob Winch a3a432f7b6 SEC-2269: Fix additional links 2013-08-20 14:02:33 -05:00
Rob Winch 3b2156969d SEC-2269: Fix headers link 2013-08-20 10:06:00 -05:00
Rob Winch f707101fdb SEC-2269: Fix headers documentation 2013-08-20 10:03:31 -05:00
Rob Winch eb95c500f5 Remove dockbook-reference from guides 2013-08-20 10:02:55 -05:00
Rob Winch 658a93178c SEC-2252: Add custom form guide 2013-08-19 15:22:04 -05:00
Rob Winch 51b9c4a19a Hide logout in main.jsp if not logged in 2013-08-17 14:38:39 -05:00
Rob Winch e9bb9e766e SEC-1574: Add CSRF Support 2013-08-15 14:49:21 -05:00
beamerblvd 5f35d9e3ec SEC-2135: Document HttpServletRequest.changeSessionId() support 2013-08-15 13:59:16 -05:00
Rob Winch 485676be8c SEC-2251: Polish Hello World guides
* Correct how to add username and logout to mvc
* Externalize :revnumber:
2013-08-15 12:50:40 -05:00
Rob Winch 13da42ca1b SEC-2137: Allow disabling session fixation and enable concurrency control 2013-08-15 12:50:40 -05:00
Rob Winch e0cb931f69 SEC-2251: Create Hello World Java Configuration guides 2013-08-08 14:34:50 -05:00
Asaf David 333a7291a4 SEC-2242: Fixed typo in technical overview
Changed "source source" to "source"
2013-08-01 13:02:56 -05:00
Rob Winch e242aeff3e SEC-2230: Polish and clickjacking demo 2013-08-01 10:19:36 -05:00
Rob Winch 283c906215 SEC-2230: Fix reference PDF 2013-07-31 12:22:41 -05:00
Rob Winch 988e97e366 SEC-2230: Polish headers reference 2013-07-31 10:39:52 -05:00
Rob Winch c85328c5d1 SEC-2230: HTTP Strict Transport Security (HSTS)Add support for Strict
This is a distinct filter as apposed to reusing StaticHeaderWriter
since the specification specifies that the "Strict-Transport-Security"
header should only be set on secure requests. It would not make sense to
require DelegatingRequestMatcherHeaderWriter since this requirement is
in the specification.
2013-07-31 10:39:52 -05:00
Rob Winch 8013cd54d6 SEC-2230: Added Cache Control support 2013-07-31 10:39:45 -05:00
Rob Winch 7b164bb5e1 SEC-2230: Polish pull request 2013-07-26 14:19:53 -05:00
Rob Winch 8acd205486 SEC-2232: HeaderFactory to HeaderWriter 2013-07-26 09:01:12 -05:00
Rob Winch fd754c5cab SEC-2098, SEC-2099: Fix build
- hf.doFilter is missing FilterChain argument
  - response.headers does not contain the exact values for the headers so
    should not be used for comparison (note it is a private member so this
    is acceptable)
  - hf does not need non-null check when hf.doFilter is invoked
  - some of the configurations are no longer valid (i.e. ALLOW-FROM
    requires strategy)
  - Some error messages needed updated (some could still use improvement)
  - No validation for missing header name or value
  - rebased off master / merged
  - nsa=frame-options-strategy id should use - not =
  - FramewOptionsHeaderFactory did not produce "ALLOW-FROM " prefix of origin
  - remove @Override on interface overrides to work with JDK5
2013-07-25 16:23:25 -05:00
Marten Deinum d0b40cd2ae - Created HeaderFactory abstraction
- Implemented different ALLOW-FROM strategies as specified in the proposal.

Conflicts:
	config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
	config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy
2013-07-25 16:22:43 -05:00
Rob Winch a63baa8391 SEC-2098, SEC-2099: Polishing 2013-07-25 16:22:43 -05:00
Marten Deinum 0adf5aea91 SEC-2098, SEC-2099: Created HeadersFilter
Created HeadersFilter for setting security headers added including a
bean definition parser for easy configuration of the headers. Enables
easy configuration for the X-Frame-Options, X-XSS-Protection and
X-Content-Type-Options headers. Also allows for additional headers to
be added.
2013-07-25 16:22:43 -05:00
Rob Winch 955a60cf49 SEC-2208: Use std docbook plugin and workspace cleanup 2013-07-16 15:15:47 -05:00
Luke Taylor d8727638ab SEC-1785: Remove auto-config from manual.
Changed the namespace doc to use an explicit form-login
and logout element and avoid mention of auto-config or its
effects. This makes the intro shorter and simpler.
2013-05-18 21:25:11 +01:00
Luke Taylor d6524feb62 SEC-2122: Change doc to prioritize bcrypt use 2013-05-17 18:42:47 +01:00
Rob Winch c0921b9ede SEC-2133: Update doc from ChannelAuthenticationFilter to ChannelProcessingFilter 2013-04-25 08:56:47 -05:00
Luke Taylor 6ebb9abfb7 Fix HttpSessionEventPublisher package name in FAQ. 2013-04-06 14:53:53 +01:00
Oliver Becker 5eb5c91d86 SEC-2119: Rename rememberme-parameter to remember-me-parameter
This change extends pull request https://github.com/SpringSource/spring-security/pull/26
and its subsequent changes by renaming the attribute name 'rememberme-parameter' to
'remember-me-parameter'.

The spelling including the additional hyphen in 'remember-me-parameter' is more consistent
with the default spelling of the 'remember-me' functionality.
2013-03-05 14:47:25 -06:00
Rob Winch b014020955 SEC-2119: Polish remember-me@rememberme-parameter
- Change form-parameter to rememerme-parameter
  - Use rnc file for generating the xsd
  - Add test for deafult value of rememberme parameter
2013-03-01 17:03:09 -06:00
Oliver Becker 9eb34fe51c SEC-2119: Add a 'form-parameter' attribute to <remember-me>
This change extends the namespace configuration of <remember-me>
with a 'form-parameter' attribute. The introduced attribute sets
the 'parameter' property of  AbstractRememberMeServices.

This enables overriding the default value of
'_spring_security_remember_me' using the namespace configuration.
2013-03-01 17:03:02 -06:00
Rob Winch e8661913d1 SEC-2119: Update to 3.2 schema and use default schema version when available 2013-03-01 16:29:27 -06:00
@fbiville 83f1d76c16 SEC-2138: Fix code snippet in Hierarchical Roles section
The bean definition of RoleHierarchyVoter was syntactically incorrect.
2013-02-26 09:48:59 -06:00
Rob Winch 5ba31dfd56 Use AspectJMethodSecurityInterceptor in reference
Change reference to use AspectJMethodSecurityInterceptor instead of
undefined AspectJSecurityInterceptor.
2012-12-04 10:06:27 -06:00
Rob Winch 373fe3a9f1 SEC-2074: Update reference to use <method-security-metadata-source> 2012-12-04 10:05:22 -06:00
Rob Winch 6cea2694dc SEC-2069: Update doc to use FilterInvocationSecurityMetadataSource 2012-10-22 14:24:05 -05:00
Rob Winch 4f741bc914 SEC-2057: ConcurrentSessionFilter is now after SecurityContextPersistenceFilter
Previously, ConcurrentSessionFilter was placed after SecurityContextPersistenceFilter
which meant that the SecurityContextHolder was empty when ConcurrentSessionFilter was
invoked. This caused the Authentication to be null when performing a logout. It also
caused complications with LogoutHandler implementations that would be accessing the
SecurityContextHolder and potentially clear it out expecting that
SecurityContextPersistenceFilter would then clear the SecurityContextRepository.

The ConcurrentSessionFilter is now positioned after the
SecurityContextPersistenceFilter to ensure that the SecurityContextHolder is populated
and cleared out appropriately.
2012-10-03 09:27:24 -05:00
Rob Winch 8ad0e0e8e8 SEC-1995: Use Gradle Artifactory integration for releases 2012-08-09 14:20:57 -05:00
Rob Winch 095dcb3a74 SEC-2010: Include missing <value> tag in Hierarchical Roles section of the reference 2012-07-19 10:18:12 -05:00
Rob Winch b196d70f99 SEC-1905: Added para tag to the digest encoded password footnote 2012-07-11 13:12:57 -05:00
Rob Winch bfd09f7603 SEC-1905: Added footnote to password encoding for digest authentication
Technically digest authentication can allow for encoded passwords, but
it needs to be in the correct format. This update adds a footnote to clarify this.

Previously the documentation stated that passwords must be in clear text.
2012-07-11 13:00:06 -05:00
Rob Winch 3e4da4f60f Updated to next snapshot version 2012-07-06 11:28:21 -05:00
Rob Winch f46a5bab40 Set to 3.1.1 Release 2012-07-06 10:32:55 -05:00
Rob Winch a2452ab514 SEC-1906: Update to Gradle 1.0 2012-07-05 12:41:56 -05:00
Rob Winch 18230259b8 SEC-1985: Removed WebSecurityExpessionHandler from reference 2012-06-28 11:35:07 -05:00
Rob Winch 954ba57cf2 SEC-1970: Cleanup of pre authentication documentation
* Removed custom-authentication-provider from documentation
* Rephrased to make the pre authentication documentation a little more concise
* Removed nested () within text (not code)
* Removed user which should have been use
2012-06-15 14:44:16 -05:00
Rob Winch ca741ab18f SEC-1943: Corrected namespace doc to state SecurityContextHolderAwareRequestFilter instead of SecurityContextHolderAwareFilter 2012-03-20 19:18:26 -05:00
Luke Taylor 2434564d6c SEC-1904: Fixed LDAP object class name in docs. 2012-02-01 14:37:32 +00:00
Luke Taylor b493afa18c SEC-1888: Improving the doc on (not) using multiple annotation types in the same class. 2012-01-31 19:05:43 +00:00
Luke Taylor 9b423a7726 Set 3.1.0 release version. 2011-12-05 23:42:39 +00:00
Rob Winch 53483df1f5 SEC-1678: Added What's new section to reference 2011-11-18 13:52:37 -06:00
Rob Winch 041cb1dcc3 SEC-1858: Included the updates for logout-success-url documentation 2011-11-18 11:22:22 -06:00
Rob Winch f88b6f75ff SEC-1858: Overhall the namespace appendix of the reference to include missing elements and attributes 2011-11-11 09:00:53 -05:00
Rob Winch 2fd0a65049 SEC-1839: Updated preauth example to use </security:authentication-manager> instead of </security-authentication-manager> 2011-10-18 19:18:56 -05:00
Luke Taylor 503ac9ae7c SEC-1798: Remove internal evaluation of EL in JSP tag implementations. 2011-08-12 19:44:27 +01:00
Luke Taylor a1c714cff4 SEC-1754: Added an InvalidSessionStrategy to allow SessionManagementFilter to delegate out the behaviour when an invalid session identifier is submitted. 2011-07-14 16:43:02 +01:00
Luke Taylor ac3d8b25f2 Expand LDAP authentication FAQ with information about bind authentication and unreadable password attributes. 2011-07-14 13:13:39 +01:00
Luke Taylor d5946b81b4 Added FAQ on how to add ApacheDS entries to pom. 2011-07-13 17:50:29 +01:00
Florian Fankhauser 2e83d98c8f SEC-1776: Corrected typo in manual 2011-07-09 19:24:12 -05:00
Luke Taylor 2861a951aa Minor FAQ update on version info. 2011-06-17 11:45:56 +01:00
Luke Taylor ecfffaaa3f Make aspectj dependencies optional throughout and spring-jdbc/tx optional in core poms. Reduces exclusions required in third-party poms (e.g. spring-social). 2011-06-09 22:57:49 +01:00
Luke Taylor 132163ec2e Add FAQ on accessing password from a UserDetailsService. 2011-05-26 18:38:45 +01:00
Luke Taylor b53d430798 Doc update to reflect change in cas integration module name since 3.0. 2011-05-23 21:29:40 +01:00
Luke Taylor 3541099634 Correct typo in FAQ. 2011-05-17 18:23:48 +01:00
Luke Taylor 295ea27526 SEC-1743: Separate remoting from core into separate module. 2011-05-16 00:19:30 +01:00
Luke Taylor 6e91786f92 SEC-1734: AbstractRememberMeServices will now default to using a secure cookie if the connection is secure. The behaviour can be overridden by setting the useSecureCookie property in which case the cookie will either always be secure (true) or never (false). 2011-05-09 13:36:23 +01:00
Rob Winch bd74185e41 SEC-1729: Updated openid module and sample to openid4java 0.9.6 and httpclient 4.1.1 2011-04-26 23:39:51 -05:00
Luke Taylor e473897fd9 SEC-1181: Add docs for ActiveDirectoryLdapAuthenticationProvider. Minor fix to initialization checks. 2011-04-26 18:39:01 +01:00
Luke Taylor c4a1ce9f1a SEC-1725: Update docs to remove references to filter-chain-map. 2011-04-25 23:38:44 +01:00
Rob Winch f28a09dfa4 Formatting changes to CAS documentation 2011-04-17 18:17:16 -05:00
Rob Winch 01fb4bdb6d SEC-1718: Update documentation and sample application to demonstrate how to use a PGT to authenticate to stateless services using a PT 2011-04-17 18:17:14 -05:00
Rob Winch 11331d34d9 SEC-1717: Document how to perform Single Logout with CAS and added integration test for sample application to test Single Logout 2011-04-17 18:14:16 -05:00
Rob Winch 04f1df2a1b SEC-965: Updated CAS documentation to describe authenticating proxy tickets 2011-04-17 18:14:16 -05:00
Luke Taylor 74b0c1780e SEC-1707: Added metadata-source-ref attribute to namespace appendix. 2011-04-05 15:25:49 +01:00
Rob Winch 79e17e22bc SEC-1703: Updated namespace for intercept-url 2011-03-29 21:58:29 -05:00
Rob Winch d9d5ee1114 SEC-1703: Updated cas custom-filter@ref to match example bean id and custom-filter@position to be CAS_FILTER 2011-03-29 20:13:07 -05:00
Luke Taylor 9c88576992 Added extra FAQ on "Bad Credentials" message and on testing LDAP authentication. Minor mods to LDAP doc. 2011-03-29 15:30:08 +01:00
Rob Winch 236efadfb7 SEC-1698: Update documentation to use correct package for RequestHeaderAuthenticationFilter 2011-03-16 23:53:29 -05:00
Luke Taylor 1dc309b041 SEC-1689: Minor doc updates related to use of password encoding and the crypto package. 2011-03-17 01:45:19 +00:00
Luke Taylor 3a3b2df1c5 Minor rewording of "child web context" FAQ. 2011-03-13 20:45:22 +00:00
Luke Taylor a25d131f21 Some doc clarifications on the use of UserDetailService vs AuthenticationProvider. 2011-03-10 16:12:16 +00:00
Luke Taylor b26f2309f4 Add paragraph to manual database appendix to clarify that the standard schema is completely optional if you aren't using JdbcDaoImpl. 2011-03-10 13:41:44 +00:00
Luke Taylor 9cf8ba02ba Adding some extra section IDs in namespace appendix to provide bookmarkable URLs. 2011-03-10 13:15:58 +00:00
Luke Taylor 57c3afd31a SEC-1689: Adjust manual to remove references to separate crypto module. 2011-03-08 12:58:28 +00:00
Luke Taylor 3fe49dfae5 Added JDK and Spring links to Javadoc generation task. 2011-02-08 16:43:34 +00:00
Luke Taylor 12561660b1 Add Javadoc groups to build. 2011-02-08 16:13:12 +00:00
Luke Taylor 5f58108717 Typo. 2011-02-06 15:31:36 +00:00
Luke Taylor 83050f96cb SEC-1656: Document potential need for pre-emptive session creation if writing the security context manuall. 2011-02-06 14:58:36 +00:00
Luke Taylor 4e349904e5 Add missing language attributes to programlisting tags for highlighting. 2011-02-01 16:54:18 +00:00
Luke Taylor 6a62b51870 Fix typo in FAQ. 2011-01-31 12:32:05 +00:00
Luke Taylor 347a2a91a9 SEC-1494: Document the use of system properties for disabling authorize tag functionality. 2011-01-30 14:04:32 +00:00
Luke Taylor 95b416b0e7 SEC-1660: Minor addition to FAQ text. 2011-01-21 16:26:14 +00:00
Luke Taylor b542c73907 SEC-1660: Updated FAQ to explain that session-fixation protection may cause problems if switching between HTTP and HTTPS, and also updated information to advise against switching in the first place. 2011-01-21 16:24:18 +00:00
Luke Taylor 60befb063a SEC-1659: Added crypto module to list of project modules in reference manual intro and to dependencies appendix. 2011-01-19 18:26:30 +00:00
Keith Donald 38327d1b16 SEC-1659: crypto docs 2011-01-19 18:17:03 +00:00
Luke Taylor afd586c96e Re-instate the CAS integration sequence description in the CAS chapter, with corrections (and minus proxying). 2011-01-18 16:50:18 +00:00
Luke Taylor 075b30ab44 SEC-1651: Added paragraph to FAQ mentioning dependencies appendix. 2011-01-12 15:27:30 +00:00
Luke Taylor 8da0de459b SEC-1651: Added remaining module information to dependencies appendix. 2011-01-12 15:09:01 +00:00
Luke Taylor b858b23927 SEC-1651: Added first draft of dependencies appendix to reference manual. 2011-01-07 19:23:06 +00:00
Luke Taylor 8d7830a1ee SEC-1603: Add support in namespace for use of AuthenticationSuccessHandler with remember-me. 2011-01-06 15:16:13 +00:00
Luke Taylor 48ea0a6249 SEC-1638: Added paragraph to docs explaining that for complete security, an app should not switch out of HTTPS at all. 2010-12-17 17:34:08 +00:00
Luke Taylor 7cf9740fd4 SEC-1638: Added an example configuration to the Javadoc for ChannelProcessingFilter and a pointer from the reference manual. 2010-12-17 17:09:20 +00:00
Luke Taylor ce421f22bf SEC-1635: Stop security interceptors from calling AfterInvocationManager if exception occurs during invocation 2010-12-14 16:24:51 +00:00
Luke Taylor 4a40d80da1 SEC-1418: Deprecate GrantedAuthorityImpl in favour of final SimpleGrantedAuthority.
It should be noted that equality checks or lookups with Strings or other authority types will now fail where they would have succeeded before.
2010-12-03 16:41:46 +00:00
Luke Taylor 89f80659a1 Move docs on request matching to correct file and delete unused one 2010-11-24 00:30:37 +00:00
Luke Taylor 49242729e4 Added imgSrcPath parameter for use in docbookFopPdf task. 2010-11-24 00:28:59 +00:00
Luke Taylor 6b691f6fc0 SEC-1613: Corrected preauth docs. 2010-11-04 14:32:06 +00:00
Luke Taylor cf0289bc02 SEC-1598: Removed invalid properties from SessionFixationProtectionStrategy bean declaration in Session Management chapter docbook. 2010-10-27 13:25:40 +01:00
Luke Taylor fabadff5f1 SEC-1597: Corrected bean class name for RememberMeAuthenticationProvider in docbook source. 2010-10-27 13:25:40 +01:00
Luke Taylor 31afb9c76d Deleted superseded dao-auth-provider.xml chapter. 2010-10-27 13:25:40 +01:00
Luke Taylor 07b9ded126 SEC-1599: Corrected docbook source. 2010-10-27 13:25:40 +01:00
Luke Taylor 173537f4f2 SEC-1584: Added namespace support for injecting custom HttpFirewall instance into FilterChainProxy. 2010-10-27 13:25:39 +01:00
Luke Taylor f455e9a5a4 SEC-1584: Documentation of request-checking and matching process. Logging of servletPath and and pathInfo in DebugFilter for comparison. 2010-10-27 13:25:39 +01:00
Rob Winch 7258abbbf4 SEC-1585: changed spring-beans-3.1.xsd to spring-beans-3.0.xsd 2010-10-10 19:51:37 -05:00
Luke Taylor 1b2b371970 SEC-1544: Added CookieClearingLogoutHandler and 'delete-cookies' attribute to the 'logout' namespace element.
When the user logs out, the handler will attempt to delete the named cookies (which it is constructor-injected with) by expiring them in the response.

Also added documentation on the feature and a suggestion for deleting JSESSIONID through an Apache proxy server, if the servlet container doesn't allow clearing the session cookie.
2010-09-16 16:03:24 +01:00
rwinch de819378fc SEC-1536: added JAAS API Integration, updated doc, updated jaas sample 2010-09-13 13:12:45 -05:00
Luke Taylor c5231fc213 SEC-1538: Deprecate PreAuthenticatedGrantedAuthoritiesAuthenticationDetails (forgot originally) and update documentation to remove reference to AbstractPreAuthenticationAuthenticationDetailsSource. 2010-09-13 12:19:21 +01:00
rwinch 58d9903ebc SEC-1564: JAAS Configuration can now be injected into DefaultJaasAuthenticationProvider 2010-09-10 20:17:22 -05:00
Luke Taylor 7a3892556c Added a "docs" convenience task 2010-08-30 19:03:15 +01:00
Luke Taylor c1418c7536 Minor change in doc information about samples since these are no longer in maven repo. 2010-08-23 14:58:27 +01:00
Luke Taylor 35335e84b3 Reset post-release build version. 2010-08-23 00:13:20 +01:00
Luke Taylor 23c4d1ec28 Set version to 3.1.0.M1. 2010-08-22 23:54:33 +01:00
Luke Taylor 837771537f Tweak docs build to only prevent "assemble" from depending on the archive/upload tasks. 2010-08-22 22:42:54 +01:00
Luke Taylor d04e37c0c4 Minor changes to doc on version numbering. It's not true that minor versions are source/binary compatible. 2010-08-19 23:24:12 +01:00
Luke Taylor 992566b6cb SEC-1527: Internationalization of contacts sample (Adding message resource bundle and RequestContextFilter). Re-working of L12n section of manual to mention existing localized message files and use of RequestContextFilter. 2010-08-14 01:07:51 +01:00
Luke Taylor 4935aa07c7 SEC-1535: Added suggested doc fixes. 2010-08-12 20:41:29 +01:00
Luke Taylor bb7165ac6e SEC-1530: Added information on calling getAllPrincipals() on SessionRegistry for direct use in an application to provide currently logged in users. 2010-08-07 15:43:55 +01:00
Luke Taylor e2ba500c3c SEC-1529: More user-friendly expressions on method annotations in EL chapter. 2010-08-05 18:14:11 +01:00
Luke Taylor 74b66591e9 Build refactoring. 2010-08-04 02:09:07 +01:00
Luke Taylor 5de68cb18f SEC-1499: Additional doc paragraph that escaped the commit. 2010-07-23 23:03:54 +01:00
Luke Taylor 9dd6a5eb8f SEC-1499: Added some Javadoc and doc on the problems of using session-fixation protection with attributes that implement HttpSessionBindingListener. 2010-07-23 16:27:57 +01:00
Luke Taylor d7d8448120 SEC-1521: Add check for null SecurityContextRepository and clarify related docs on use of null implementation (NullSecurityContextRepository). 2010-07-23 15:59:53 +01:00
Luke Taylor c1c8fd1874 SEC-1171: Changed attribute name/value from secured="false" to security="none" to allow future extension by adding extra options (e.g. contextOnly to provide security context information during the request). 2010-07-20 19:46:47 +01:00
Luke Taylor 080710e023 Minor doc updates on default filters created by namespace. 2010-07-06 13:29:11 +01:00
Luke Taylor 06368f956a Minor doc/javadoc updates to clarify use of UserDetailsContextapper. 2010-07-04 15:13:27 +01:00
Luke Taylor d6159e884a Some minor doc fixes. 2010-07-03 13:11:39 +01:00
Luke Taylor 8ad6cbbe85 SEC-1508: Update docbook processing to use Docbook 5 namespaces. 2010-07-03 13:10:48 +01:00
Luke Taylor 8615369697 Added information on config jar to instructions on getting started using namespace. 2010-06-30 13:45:13 +01:00
Luke Taylor 4da4734750 Minor doc link updates and tidying. 2010-06-26 13:20:48 +01:00
Luke Taylor ad82e6a575 SEC-1493: Documentation of support for erasing credentials. 2010-06-26 12:27:49 +01:00
Luke Taylor 1dd4787194 Added note in namespace chapter clarifying that method security only applies to Spring beans, plus aspectj mode info to appendix. 2010-06-10 22:17:58 +01:00
Luke Taylor 8bddc8f820 SEC-1484: Documentation for some namespace attributes. 2010-06-05 17:35:24 +01:00
Luke Taylor 0d94e75a93 SEC-1171: Documentation of changes related to use of multiple <http> elements. 2010-06-05 17:12:33 +01:00
Luke Taylor 01308f8308 Added FAQ on using BeanPostProcessor to customize namespace-created beans. 2010-05-24 17:01:55 +01:00
Luke Taylor a097a47246 Refactored ssh uploading into a separate gradle task. Added "uploadFaq" task 2010-05-23 00:05:30 +01:00
Luke Taylor ca91b9abc5 Corrected section layout in DB schema appendix of ref manual. 2010-05-23 00:05:29 +01:00
Luke Taylor 12fc73f046 Added faqs on accessing the HttpSession from a UDS andon the use of URLs with fragments. 2010-05-22 14:31:28 +01:00
Luke Taylor 5aab06775e SEC-1106: Added section on hierarchical roles to manual. 2010-05-18 16:43:55 +01:00
Luke Taylor e0d06b2b53 Added documentation on RequestCache functionality. 2010-05-16 15:18:03 +01:00
Luke Taylor f0c4cccb0d SEC-1479: Clarify that matching is against servletPath + pathInfo for ant pattern matching. Added some extra pointers to request-matching info in namespace doc. 2010-05-16 14:14:13 +01:00
Luke Taylor 705f896209 SEC-1478: Added 'use-expressions' attribute to namespace appendix. 2010-05-11 02:25:45 +01:00
Luke Taylor e5b0aa6850 Typo. 2010-05-07 02:07:03 +01:00
Luke Taylor a567e32c69 Re-laying out of FAQ, plus some new questions. 2010-05-07 01:46:36 +01:00
Luke Taylor 64d59e1d32 Some extra FAQs and added comment to samples runall.sh script to explain that it's for dev only. 2010-05-03 14:56:22 +01:00
Luke Taylor 2c44461264 SEC-1473: Remove references to ContactSecurityVoter.
Replaced with reference to Oleg's blog article as an example of custom voter use
2010-05-03 14:53:06 +01:00
Luke Taylor c95fe8af28 Adjust section in namespace chapter and increase section depth in manual TOC for easier reference. 2010-04-28 20:14:08 +01:00
Luke Taylor bca6c1aeac SEC-1468: Doc and Javadoc updates. 2010-04-26 23:26:07 +01:00
Luke Taylor 82bbd09b71 SEC-1460: Documentation of changes. 2010-04-24 15:49:47 +01:00
Luke Taylor def5f88c8c SEC-1431: Added openid-selector to openid sample, plus AX configuration for myopenid.com. 2010-04-21 17:16:03 +01:00
Luke Taylor 3af75afec1 Clarify that multiple authentication-provider elements can be used in combination. 2010-04-20 23:47:48 +01:00
Luke Taylor d334f6fa09 Latest gradle syntax updates. 2010-03-28 23:54:41 +01:00
Luke Taylor 2a0aae1904 SEC-524: Document addition of "var" attribute in authorization tags. 2010-03-25 19:48:26 +00:00
Luke Taylor 0849dd93e9 Minor correction to namespace appendix 2010-03-24 21:02:51 +00:00
Hans Dockter b64a3fa725 Hans Dockter's refactoring of gradle build, plus simplification of docbook plugin. 2010-03-05 23:23:43 +00:00
Luke Taylor 90caf1bb37 Manual formatting. 2010-03-03 23:08:05 +00:00
Luke Taylor 025ab4ce1a Tweaking of table size in namespace chapter and PDF page margins to try to reduce overlapping of text 2010-02-21 20:41:44 +00:00
Luke Taylor 7c99361c26 Reduce length of long lines in the reference manual.
Some are too long for the PDF version.
2010-02-20 01:00:14 +00:00
Luke Taylor 40d3f726d6 Update manual version to 3.0.2.RELEASE 2010-02-19 19:00:06 +00:00
Luke Taylor 9bdc012c69 Minor corrections to Session Management chapter of ref manual. 2010-02-18 00:32:48 +00:00
Luke Taylor c0579230b2 Correct package names in ref manual docbook. Minor change to namespace appendix. 2010-02-18 00:32:48 +00:00
Luke Taylor e729819ce0 Updated incorrect package names in docbook 2010-02-12 15:18:01 +00:00
Luke Taylor 017dad8f5d Added support for fop extensions in PDF generation. 2010-02-11 00:19:18 +00:00
Luke Taylor 81657d0efc SEC-1403: Corrected interface name. 2010-02-10 15:24:46 +00:00