Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,732 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

5732 Commits

Author SHA1 Message Date
Rob Winch 0f2a3b18ce Merge pull request #3759 from rwinch/gh-2953 
Cache Control only written if not set
 2016-03-15 13:03:58 -05:00
Rob Winch 242b831f20 Cache Control only written if not set 
Previously Spring Security always wrote cache control headers and relied
on the application to override the values. This can cause problems with
cache control. For example, applications may only set cache control if
the header is not already set. Additionally, setting of Cache-Control
should disable writing of Pragma.

This commit delays writing headers until just before the response is
committed and only writes the Cache Control headers if they do not exist.

Fixes gh-2953
 2016-03-15 12:30:37 -05:00
Rob Winch 1fcc2fcd88 Make OnCommittedResponseWrapper public 
This is preparing for changes in gh-2953

Issues gh-2953
 2016-03-15 11:22:06 -05:00
Rob Winch ed01fedfde Add Travis Build 
Fixes gh-3753
 2016-03-15 08:37:51 -05:00
Rob Winch 1c008cd56e Disable DEBUG logs 
Fixes gh-3757
 2016-03-15 08:37:01 -05:00
Rob Winch 1382bd728b Clean up Javadoc log levels 
Issue gh-3757
 2016-03-15 08:37:01 -05:00
Rob Winch d27abdb168 Remove MaxPermSize 
Fixes gh-3578
 2016-03-15 08:37:00 -05:00
Rob Winch 36c381a06a Update to Java 1.6 
Fixes gh-3756
 2016-03-15 08:37:00 -05:00
Rob Winch e945c19d7a Update to latest Tomcat Gradle Plugin 
Fixes gh-3754
 2016-03-15 08:37:00 -05:00
Eddú Meléndez df65662bf0 Upgrade to Sonarqube plugin 2016-03-14 13:56:49 -05:00
Rob Winch d85c0395bb Fix checkstyle import into Eclipse 
Issue gh-3747
 2016-03-14 09:19:55 -05:00
Rob Winch ec4e6c7453 Update pom.xml to 4.1.0.BUILD-SNAPSHOT 2016-03-14 00:51:35 -05:00
Rob Winch 7de4e59167 Auto Import Eclipse Settings 
Fixes gh-3747
 2016-03-14 00:15:15 -05:00
Rob Winch 6bd16fc686 Extract ide.gradle 
Issue gh-3747
 2016-03-14 00:15:14 -05:00
Rob Winch b52ffe038e Add Checkstyle 
Fixes gh-3746
 2016-03-14 00:15:13 -05:00
Rob Winch f221920a19 Clean up code to conform to basic checkstyle 
Issue gh-3746
 2016-03-14 00:15:12 -05:00
Rob Winch 5775f7bd80 Update to Gradle 2.10 
Do not use Gradle 2.11 as it causes issues with
Eclipse import

Fixes gh-3745
 2016-03-13 20:11:29 -05:00
Rob Winch 35eff94e3d Add Both Config names to duplicate WebSecurityConfigurer order 
Previously the error message when multiple WebSecurityConfigurer with the
same Order did not include both WebSecurityConfigurer classes that were
involved in the duplicate Order. This made resolving errors difficult.

This commit ensures both WebSecurityConfigurers are include in the error
message.

Fixes gh-3380
 2016-03-11 12:12:55 -06:00
Shazin Sadakath e33e21fe6b Add Forward after authentication attempt config support 
Fixes gh-3728
 2016-03-11 10:49:30 -06:00
Rob Winch dbf73c4692 Update spring-security-config module description 
Include Java Configuration in the description.

Fixes gh-3298
 2016-03-10 10:45:15 -06:00
Rob Winch 5d6e8bc3c8 Remove SPR-11251 workaround from WebSecurityConfiguration 
Fixes gh-3348
 2016-03-09 16:48:24 -06:00
Rob Winch be36ddb614 Some formatting fixes for HttpSecurity Javadoc 2016-03-09 16:45:43 -06:00
Rob Winch 2f4610e8b7 Update HttpSecurity.requestMatcher() Javadoc 
Fixes gh-3365
 2016-03-09 16:45:29 -06:00
Rob Winch df5e3ba6ee Polish Imports 2016-03-09 16:24:50 -06:00
Rob Winch 835ac0a217 Add @WithUserDetails userDetailsServiceBeanName 
Fixes gh-3346
 2016-03-09 15:59:23 -06:00
Rob Winch 618b8a2d83 Fix WebTestUtils when no matching HttpSecurity found 
Previously a NullPointerException would be thrown if no HttpSecurity
matched on the request passed in. This was because findFilters would
return null rather than an empty List.

This commit returns null if findFilters gets a null result.

Fixes gh-3343
 2016-03-09 15:20:10 -06:00
Martin Macko dd8ba8c07e Fix formatting error in documentation 
Fixes gh-3279
 2016-03-09 15:00:52 -06:00
Rob Winch 40f687aa78 Improve CSRF missing error message 
Fixes gh-3738
 2016-03-09 14:52:21 -06:00
Rob Winch f73357927f Merge pull request #199 from npcode/fix-broken-link 
Fix a broken link to a blog posting on the Spring website
 2016-03-09 14:44:13 -06:00
Billy Korando 71d4ce96ad Convert to assertj 
Fixes gh-3175
 2016-03-09 14:30:17 -06:00
Rob Winch bb600a473e Start AssertJ Migration 
Issue gh-3175
 2016-03-09 14:26:30 -06:00
Michael Osipov 6cbb439701 Use XML namespace for PreAuth Sample 
Fixes gh-3399
 2016-03-09 11:08:06 -06:00
Karol Lewandowski a1df8e5379 Fix keys in messages bundle 
Fixes gh-2971
 2016-03-09 10:43:37 -06:00
Alex Baxanean a1c4c2039b Rename HeaderWriter loop variable 2016-03-09 10:36:03 -06:00
Rob Winch 6cbb1dc881 Polish ForwardAuthenticationSuccessHandler 
* Whitespace cleanup
* Add @since

Issue gh-3726
 2016-03-09 10:23:53 -06:00
Rob Winch e61bc7e93b Polish ForwardAuthenticationFailureHandler 
* Whitespace cleanup
* Add @since

Issue gh-3727
 2016-03-09 10:23:39 -06:00
Shazin Sadakath 7341da9320 Add ForwardAuthenticationSuccessHandler 
Fixes gh-3726
 2016-03-09 10:22:55 -06:00
Shazin Sadakath b288d24100 Add ForwardAuthenticationFailureHandler 
Fixes gh-3727
 2016-03-09 10:22:41 -06:00
Rob Winch 3164bd6f8d Polish Sorting ObjectPostProcessor 
* Add Test
* Only sort on adding new entry

Issue gh-3572
 2016-03-08 15:51:13 -06:00
Wallace Wadge a366489c3c Sort ObjectPostProcessors prior to invoking them 
Fixes gh-3572
 2016-03-08 10:39:56 -06:00
Justine Tunney 3bbcbaae9c Upgrade Apache Commons Collections to v3.2.2 
Version 3.2.1 has a CVSS 10.0 vulnerability. That's the worst kind of
vulnerability that exists. By merely existing on the classpath, this
library causes the Java serialization parser for the entire JVM process
to go from being a state machine to a turing machine. A turing machine
with an exec() function!

https://commons.apache.org/proper/commons-collections/security-reports.html
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
 2016-03-08 08:56:01 -06:00
hmolsen b248eae416 Javadoc on ProviderManager.authenticate clarification 
Fixes gh-3722
 2016-03-03 15:32:03 -06:00
Rob Winch db81977a1a Polish HPKP 
* Javadoc polish
* Whitespace cleanup

Issue gh-3706
 2016-03-03 15:11:40 -06:00
Rob Winch a7b0f74803 bcprov-jdk15on -> bcpkix-jdk150n 
This fixes the Spring IO checks since bcprov-jdk15on is not part of Spring
IO platform.

Issue gh-3702
 2016-03-03 14:34:23 -06:00
Tim Ysewyn 331c7e91b7 HTTP Public Key Pinning 
HTTP Public Key Pinning (HPKP) is a security mechanism which allows HTTPS websites
to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.
(For example, sometimes attackers can compromise certificate authorities,
 and then can mis-issue certificates for a web origin.)
The HTTPS web server serves a list of public key hashes, and on subsequent connections
clients expect that server to use 1 or more of those public keys in its certificate chain.

This commit will add this new functionality.

Fixes gh-3706
 2016-03-03 14:21:46 -06:00
Rob Winch 8fbc7e0d2c Fix SCryptPasswordEncoder javadoc 
Issue gh-3702
 2016-03-03 14:18:50 -06:00
Rob Winch fc75a679d9 Polish SCryptPasswordEncoder 
* JKD8 Base64 -> Spring Security's Base64 to continue to support older JDKs
* Spaces to tabs
* Javadoc cleanup
* Remove of @Override to compile in Eclipse

Issue gh-3702
 2016-03-03 14:06:08 -06:00
Shazin 7d02e259df Add SCryptPasswordEncoder 
Fixes gh-3702
 2016-03-03 10:24:29 -06:00
Rob Winch e208bdb915 Update CONTRIBUTING to specify tabs 2016-03-03 10:21:15 -06:00
Rob Winch 65a00751a7 Update to Spring 4.2.5 
Fixes gh-3715
 2016-02-25 11:35:17 -06:00