Commit Graph

5732 Commits

Author SHA1 Message Date
Pedro Vilaça ea2b5dd412 Fix wrong class name reference in the docs
In the documentation, there was a reference to a class called CsrfTokenResolver
and it should CsrfTokenArgumentResolver

Fixes gh-3890
2016-05-18 20:26:20 +01:00
Rob Winch 7b61a44929 Fix test .standaloneSetup
Previously, Spring Security's test support did not work well with the
standalone setup. This was because the springSecurityFilterChain was not
found by the WebTestUtils.

This commit ensures that the springSecurityFilterChain is added as a
servlet attribute if it is explicitly defined. WebTestUtils can then
find the springSecurityFilterChain in the ServletContext.

Fixes gh-3881
2016-05-16 11:02:40 -04:00
Rob Winch 602bb457b8 Formatting
Issue gh-3881
2016-05-16 11:02:40 -04:00
Rob Winch f363c62afd Document spring-security-test dependency
Fixes gh-3873
2016-05-16 10:56:50 -04:00
Joe Grandja 66980e827c Add Spring Boot Hello World guide
Add Spring Boot Hello World Guide

Fixes gh-3866
2016-05-13 14:05:29 -05:00
Adrien SAUVEZ c261975be0 Set cookie domain for cancel remember-me
Fixes gh-3871
2016-05-13 13:34:43 -05:00
Rob Winch ede521dc8d authorizeUrls -> authorizeRequests
Replace remaining authorizeUrls with authorizeRequests

Fixes gh-3875
2016-05-09 10:34:36 -05:00
Rob Winch d4218c70f1 Update CookieCsrfTokenRepository docs to cookiHttpOnly=false
Currently CookieCsrfTokenRepository does not specify that the httpOnly
flag needs set to false. We should update the reference to include this
setting (and a comment about it) since it states that the settings will
work with AngularJS.

This commit updates the documentation and provides a convenience factory
method to create a CookieCsrfTokenRepository with cookiHttpOnly=false

Fixes gh-3865
2016-05-06 16:28:04 -04:00
Spring Buildmaster 64f53620f8 Next development version 2016-05-05 04:26:13 +00:00
Spring Buildmaster 001b05569a Release version 4.1.0.RELEASE 2016-05-05 04:25:46 +00:00
Joe Grandja 447fb70f1d Add Hello World Xml guide
Issue gh-3850
2016-05-04 21:05:31 -04:00
Joe Grandja f6a95333d1 Add Hello World Spring Boot sample
Issue gh-3850
2016-05-04 17:26:42 -04:00
Rob Winch 9745de9510 Add @AuthenticationPrincipal expression
It is now possible to provide a SpEL expression for
@AuthenticationPrincipal. This allows invoking custom logic including
methods on the principal object.

Fixes gh-3859
2016-05-03 18:08:52 -04:00
Rob Winch 78bf6e2bd5 WithSecurityContextTestExecutionListener supports generic Annotation
Previously Spring Security's WithSecurityContextTestExecutionListener
allowed a WithSecurityContextFactory<Annotation> to be used. This
was broken in SEC-3074.

This commit ensures that WithSecurityContextFactory<Annotation> is
supported again.

Fixes gh-3837
2016-05-03 15:41:25 -04:00
Jens Goldhammer 04a12f49b1 Provide editor config for spring-security
This commit provides following editor config:
- Tabs, not spaces
- Unix (LF), not dos (CRLF) line endings
- Eliminate all trailing whitespace
- Latin-1 (ISO-8859-1) encoding for Java sources; use native2ascii to convert if necessary

Following convention cannot be set by editorconfig (only vim and emacs support maxline length of editorconfig):
- Aim to wrap code at 120 characters, but favor readability over wrapping

Fixes gh-3845
2016-05-03 12:26:56 -04:00
bartolom 3ca8273a95 Improve GC for OnCommittedResponseWrapper
Only track content length if disableOnCommitted is false. This improves object creation and thus GC.

Fixes gh-3842
2016-05-02 16:19:21 -05:00
Joe Grandja 2bdb0231c2 CookieCsrfTokenRepository supports HttpOnly
CookieCsrfTokenRepository supports HttpOnly

Fixes gh-3835

* Add Servlet 3 tests and javadocs

Issue gh-3835

* Add copyright header

Issue gh-3835
2016-05-02 15:49:37 -05:00
Joe Grandja e68d8bfaea Clarifies sessionAuthenticationStrategy setter
Fixes gh-234
2016-05-02 13:21:58 -05:00
Joe Grandja 491abf2600 Revert "Fix test for SessionManagementConfigurer"
This reverts commit 17b25d1477.

Issue gh-234
2016-05-02 13:21:58 -05:00
Joe Grandja 0d2b797c2a Revert "Fix sessionAuthenticationStrategy setter"
This reverts commit 8f5d46ad68.

Issue gh-234
2016-05-02 13:21:58 -05:00
Dmitrii Volykhin 7e2dd3bcb9 Fix File separator in settings.gradle script
Fixes gh-3852
2016-04-28 09:23:36 -04:00
Jens Goldhammer ceef70946b Resolve springSecurityFilterChain to Filter
When enabling debug for spring security, the FilterChainProxy will be wrapped by the DebugFilter.
This DebugFilter will be registered as bean springSecurityFilterChain. The WebTestUtils will now search for the bean by name instead of FilterChainProxy class.
In this case we have to cast to a Java ServletFilter to support both filter...

Fixes gh-3836
2016-04-26 15:53:38 -04:00
Patrick Cornelißen eaf8729941 Fixes RC1/RC2 URLs
Fixes gh-3838
2016-04-22 13:45:21 -04:00
Joe Grandja 17b25d1477 Fix test for SessionManagementConfigurer
Fixes gh-234
2016-04-21 16:50:03 -04:00
didiez 8f5d46ad68 Fix sessionAuthenticationStrategy setter
sessionAuthenticationStrategy was setting sessionFixationAuthenticationStrategy instead

Fixes gh-234
2016-04-21 16:21:54 -04:00
Wim Deblauwe 85786824af Fix logout url in doc
The default for logout is to redirect to `/login?logout`

Fixes gh-251
2016-04-21 14:25:44 -04:00
Li Weinan 70bd7d1bbc Include AuthenticationException in logs
Fixes gh-3705
2016-04-21 11:17:47 -04:00
Spring Buildmaster 4004ce2808 Next development version 2016-04-21 01:47:49 +00:00
Spring Buildmaster 24d0069668 Release version 4.1.0.RC2 2016-04-21 01:47:25 +00:00
Joe Grandja 4ee46a5f58 Add What's new in 4.1 RC2
Add What's new in 4.1 RC2

Fixes gh-3830
2016-04-20 19:26:54 -05:00
Rob Winch 7fe0a135ec Default AntPathRequestMatcher to be case sensitive
Issue gh-3831
2016-04-20 13:29:18 -05:00
Rob Winch 6fa1588de9 Disable AntPathRequestMatcher trim tokens
Issue gh-3831
2016-04-20 13:29:17 -05:00
Rob Winch 510cd59980 Default logout negotiation in Java Configuration
This commit adds content negotiation for log out.

Fixes gh-3282
2016-04-20 10:59:14 -05:00
Rob Winch 4093690322 Polish Logout Content Negotiation
* Rename to DelegatingLogoutSuccessHandler for consistency
* Remove JavascriptOriginRequestMatcher in favor of
RequestHeaderRequestMatcher

Issue gh-3282
2016-04-20 10:49:37 -05:00
Shazin Sadakath f0d1700ad6 Content Negotiating LogoutSuccessHandler
Issue gh-3282
2016-04-20 10:42:13 -05:00
Rob Winch 51995dc187 Add Java Configuration InvalidSessionStrategy (#3827)
Allow configuring the InvalidSessionStrategy in Java Configuration.

Fixes gh-3371
2016-04-20 09:59:27 -04:00
Joe Grandja b0028d4155 Merge pull request #3818 from rwinch/gh-3409-unauthenticated
Fix unauthenitcated() and AnonymousAuthenticationToken
2016-04-19 16:14:00 -04:00
Rob Winch b2b53f7a81 Fix unauthenitcated() and AnonymousAuthenticationToken
Previously if unauthenticated() experienced an AnonymousAuthenticationToken
it would not match.

This commit ensures that if the user is anonymous (not just null)
unauthenticated() works.

Fixes gh-3409
2016-04-19 15:08:47 -05:00
Rob Winch 8a28a27225 Formatting Polish 2016-04-19 14:24:11 -05:00
Rob Winch 1dbd3f5906 Fix NPE in OnCommittedResponseWrapper trackContentLength (#3824)
OnCommittedResponseWrapper trackContentLength will throw a
NullPointerException when the content length passed in is null.

This commit properly tracks the null value as a length of 4.

Fixes gh-3823
2016-04-19 14:58:56 -04:00
Rob Winch a5a8aeb550 Message SecurityExpressionHandler is post processed (#3820)
Previously the SecurityExpressionHandler for message based configuration
did not have a beanResolver set.

This commit post processes the default message SecurityExpressionHandler
to ensure the beanResolver is set.

Fixes gh-3797
2016-04-19 13:21:58 -04:00
Rob Winch c872a77ad1 RoleHiearchy Bean used in GlobalMethodSecurity (#3394)
Previously it required quite a bit of extra work to use RoleHiearchy
within Java Based Spring Security configuration.

Now if a single RoleHiearchy Bean is defined it will automatically
be picked up and used by method security.

Fixes gh-3394
2016-04-19 12:47:38 -04:00
Johnny Lim 933a7e8363 Remove duplicate words
Fixes gh-3826
2016-04-18 23:21:20 -05:00
Rob Winch fb5776cb5c Support Camel case URI variables (#3814)
Perviously there were issues with case insenstive patterns and URI
variables that contained upper case characters. For example, the pattern
"/user/{userId}" could not resolve the variable #userId Instead it was
forced to lowercase and #userid was used.

Now if the pattern is case insensitive then so is the variable. This means
that #userId will work as will #userid.

Fixes gh-3786
2016-04-18 17:54:48 -04:00
Will Tran b01437281d Bouncy Castle 1.47 Support
This forces us to avoid using CipherOutputStream, and instead use the
BlockCiphers directly. As an extra measure for correctness, test the
equivalence of the BC implementations against data sizes from 1 to 2048
bytes.

Fixes gh-2917
2016-04-18 08:35:57 -05:00
Joe Grandja 81c9fa805f Fix AuthenticationPrincipalArgumentResolver xml doc
Fixes gh-3771
2016-04-15 16:06:17 -05:00
Simon Olofsson 337a7ed35e Fix HeaderWriterFilter Javadoc
Fixes the formatting and spelling in HeaderWriterFilter Javadoc

Issue gh-3813
2016-04-15 08:56:58 -05:00
Marten Deinum cad81d0e18 Update TestNG
This commit updates the TestNG dependency to 6.8.21. This
is the last JDK 1.6 supporting version. The update of TestNG
makes it possible to run the integration tests from within
Intellij allowing for easier debugging and troubleshooting.

Issue gh-3811
2016-04-15 08:55:15 -05:00
Andrew NS Yeow eb26095ca9 Fix HpkpHeaderWriter Javadoc format 2016-04-15 08:41:43 -05:00
Will Tran 44fa624b6b Refactor test assumptions about JCE to common class. (#3817)
Apply assumptions directly to test methods instead of checking for key
length in crypto.gradle.
2016-04-14 17:02:31 -05:00