Commit Graph

5732 Commits

Author SHA1 Message Date
Rob Winch d0dc47cb66 Remove logging for "Skip invoking on" response committed
Fixes gh-3683
2016-02-25 11:01:51 -06:00
Andrei Ivanov 9008a7af1d Allow override of SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR
Fixes gh-3697
2016-02-15 09:03:27 -06:00
Rob Winch 2fac7dfb15 Update to GitHub issues and Gitter 2016-02-12 08:30:50 -06:00
drdamour 004bb8e577 Fix ` in documentation
There were a few rendering issues within the documentation
associated with `

This commit fixes those rendering issues

Fixes gh-3699
2016-02-12 08:22:55 -06:00
Rob Winch cf551f73c7 SEC-3209: Add Code of Conduct 2016-02-01 14:23:59 -06:00
Rob Winch 0deee65eb6 Merge pull request #250 from ziedzaiem/patch-1
fix typo in doc
2016-01-07 13:56:33 -06:00
Zied Zaïem 83992a7a27 fix typo in doc 2016-01-05 14:12:04 +01:00
Juzer Ali 1f32e96d31 SEC-3181: Fixed reference formatting
The code ticks was broken.
2015-12-21 17:23:16 -06:00
Rob Winch 3480e3c05c Remove check.dependsOn springSnapshotTest 2015-12-21 16:09:59 -06:00
Rob Winch 2ff38ccdc5 SEC-3179: Set springIoVersion to explicit version 2015-12-21 15:22:23 -06:00
Rob Winch 56fad169db request.setMethod("POST") 2015-12-21 14:53:13 -06:00
Rob Winch 3a8aec0c2f SEC-3178: Update to JUnit 4.12 2015-12-21 14:53:07 -06:00
Rob Winch 337f1885ea SEC-3170: Polish
* Prevent a null LogoutHandler from being set when RememberMeServices
does not implement LogoutHandler
* Fix test which invoked Mock from outside spock which failed
* Add explicit test for adding null LogoutHandler to
RememberMeConfigurer
2015-12-15 09:50:54 -06:00
Nikos Kastamoulas b28c62a6fe SEC-3170: Null check for Java Config of RememberMeServices
Added a null check in LogoutConfigurer.addLogoutHandler() method to
ensure that a logout handler is always provided..
2015-12-15 09:50:54 -06:00
Rob Winch e66eb539cc SEC-3173: Update to cas-client-3.4.1 2015-12-15 09:50:54 -06:00
Rob Winch 7d5af63510 Merge pull request #243 from panchenko/SEC-3158
SEC-3158 findRequiredWebApplicationContext() compatibility with spring framework 4.1
2015-12-03 22:14:58 -06:00
Rob Winch 81db6abbe0 SEC-3164: JDK6 compatability 2015-12-02 14:16:57 -06:00
Rob Winch 3cc085bcdd Merge pull request #244 from panchenko/SEC-3164
SEC-3164 Optimization in DefaultRequiresCsrfMatcher
2015-12-02 14:10:04 -06:00
Alex Panchenko cfa23b152e SEC-3164 Optimization in DefaultRequiresCsrfMatcher 2015-12-01 13:19:13 +06:00
Alex Panchenko 3af4140742 SEC-3158 findRequiredWebApplicationContext() compatibility with spring framework 4.1.x 2015-12-01 12:54:08 +06:00
Rob Winch ed01213a27 Merge pull request #240 from wgorder/SEC-3159
SEC-3159: Fix Javadoc
2015-11-28 21:00:14 -06:00
William Gorder 1182d35d3c SEC-3159: Fix Javadoc
The HttpSecurity#headers() Javadoc did not accurately reflect changes made to the
HeadersConfigurer in Spring Security 4.x.
2015-11-21 19:39:15 -05:00
Kazuki Shimizu b7360a803d SEC-3152: Add @Retention to @WithMock documentation 2015-11-12 16:21:12 -06:00
Kazuki Shimizu 5c36c9f659 SEC-3151 Polishing reference document (springsoruce -> spring, etc..) 2015-11-12 16:04:01 -06:00
petaure cf76e3c65e SEC-3150: Escape ' character in messages_fr.properties
Escape ' character, if not format doesn't work fine.
2015-11-12 15:42:52 -06:00
Kazuki Shimizu 205ef42cfb SEC-3147: Add error parameter for default authentication-failure-url 2015-11-12 15:00:21 -06:00
Rob Winch 53f85e2151 SEC-2848: LogoutConfigurer allows setting clearAuthentication 2015-10-30 13:54:01 -05:00
Rob Winch 15b4406015 SEC-3135: antMatchers(<method>,new String[0]) now passive 2015-10-30 10:08:42 -05:00
Rob Winch c93d6bc823 SEC-3120: Remove .and() from httpStrictTransportSecurity() doc 2015-10-30 09:11:47 -05:00
Rob Winch 4144de9376 SEC-3082: make SavedRequest parameters case sensitive 2015-10-29 16:46:11 -05:00
Rob Winch 0981cd975f SEC-3120: Reference hsts() -> httpStrictTransportSecurity() 2015-10-29 15:07:44 -05:00
Rob Winch be303b15d1 SEC-3128: RoleVoter supports null Authentication 2015-10-29 14:03:18 -05:00
Rob Winch 6f1bb705ac SEC-3135: antMatchers now allows method and no pattern
Previously, antMatchers(POST).authenticated() was not allowed. Instead
users had to use antMatchers(POST, "/**").authenticated().

Now we default the patterns to be "/**" if it is null or empty.
2015-10-29 12:48:29 -05:00
Rob Winch 8f13beccb7 SEC-2190: Fix Javadoc 2015-10-29 11:41:39 -05:00
Rob Winch 8b641e5f79 SEC-2190: Support WebApplicationContext in ServletContext attribute 2015-10-28 15:12:35 -05:00
Rob Winch 5c73816a1a SEC-3108: DigestAuthenticationFilter should use SecurityContextHolder.createEmptyContext() 2015-10-27 13:56:51 -05:00
Rob Winch 69274d9aa8 SEC-2521: Improve StandardPasswordEncoder performance 2015-10-27 11:20:24 -05:00
Rob Winch a88ac0fcc1 SEC-3109: Fix web tests 2015-10-26 21:31:07 -05:00
Rob Winch bd221739c7 SEC-3109: DelegatingSecurityContextExecutor fails with same Thread
Previously DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable
would not setup the SecurityContext if it was on the same thread as it was created.
This was intended to fix SEC-3031 but simply caused more problems.

This commit changes the strategy to keep track of the previous SecurityContext
and restore it (or clear it out if it was originally empty).
2015-10-26 17:16:54 -05:00
Rob Winch 95ea86b48d SEC-3057: Include all *.txt & *.jar in dist zip 2015-10-26 14:04:17 -05:00
Rob Winch 861ec76991 SEC-3133: Correct test doc username parameter 2015-10-26 12:59:44 -05:00
Rob Winch f76bf96e14 SEC-3132: securityBuilder cannot be null
If a custom SecurityConfiguererAdapter applies another
SecurityConfigurerAdapter it caused an error securityBuilder cannot be null.

This commit fixes this.
2015-10-23 10:27:09 -05:00
Rob Winch 8858419696 SEC-3052: Doc DEFAULT_MATCHER->DEFAULT_CSRF_MATCHER 2015-10-21 16:22:37 -05:00
Rob Winch dd092431a0 SEC-2941: Default RequestPostProcessor overrides
Previously a default RequestPostProcessor overrode additional
RequestPostProcessor instances added to the request. This was due to
SPR-12945. Now that SPR-12945 is fixed, this commit adds a test to
ensure this stays fixed.
2015-10-21 16:06:49 -05:00
Rob Winch b9f8af3096 SEC-3063: rm ConditionalOnMissingBean for @Primary
ConditionalOnMissingBean can only work in a Spring Boot environment. This
means this approach is flawed.

Instead users that wish to override requestDataValueProcessor can use
@Primary.
2015-10-21 15:40:43 -05:00
Rob Winch cda6532c43 SEC-3070: Logout invalidate-session=false and Spring Session doesn't
work
2015-10-20 14:58:57 -05:00
izeye 3925ed90c4 SEC-3124: Fix broken Javadoc related to `<` and `>` 2015-10-13 13:33:28 -05:00
Rob Winch 81d61c2715 Merge pull request #227 from zshift/master
Fixed incorrect dn.
2015-10-01 16:22:33 -05:00
Peter David Faria 21c0542487 SEC-3117: Update users.ldif
Fixed incorrect dn.
2015-10-01 16:22:05 -05:00
Rob Winch 5f84902e72 Merge pull request #200 from ckarawani/master
SEC-2757: Removed assertion of 'sn' when creating LdapUserDetails
2015-10-01 16:18:26 -05:00