Rob Winch
d0dc47cb66
Remove logging for "Skip invoking on" response committed
...
Fixes gh-3683
2016-02-25 11:01:51 -06:00
Andrei Ivanov
9008a7af1d
Allow override of SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR
...
Fixes gh-3697
2016-02-15 09:03:27 -06:00
Rob Winch
2fac7dfb15
Update to GitHub issues and Gitter
2016-02-12 08:30:50 -06:00
drdamour
004bb8e577
Fix ` in documentation
...
There were a few rendering issues within the documentation
associated with `
This commit fixes those rendering issues
Fixes gh-3699
2016-02-12 08:22:55 -06:00
Rob Winch
cf551f73c7
SEC-3209: Add Code of Conduct
2016-02-01 14:23:59 -06:00
Rob Winch
0deee65eb6
Merge pull request #250 from ziedzaiem/patch-1
...
fix typo in doc
2016-01-07 13:56:33 -06:00
Zied Zaïem
83992a7a27
fix typo in doc
2016-01-05 14:12:04 +01:00
Juzer Ali
1f32e96d31
SEC-3181: Fixed reference formatting
...
The code ticks was broken.
2015-12-21 17:23:16 -06:00
Rob Winch
3480e3c05c
Remove check.dependsOn springSnapshotTest
2015-12-21 16:09:59 -06:00
Rob Winch
2ff38ccdc5
SEC-3179: Set springIoVersion to explicit version
2015-12-21 15:22:23 -06:00
Rob Winch
56fad169db
request.setMethod("POST")
2015-12-21 14:53:13 -06:00
Rob Winch
3a8aec0c2f
SEC-3178: Update to JUnit 4.12
2015-12-21 14:53:07 -06:00
Rob Winch
337f1885ea
SEC-3170: Polish
...
* Prevent a null LogoutHandler from being set when RememberMeServices
does not implement LogoutHandler
* Fix test which invoked Mock from outside spock which failed
* Add explicit test for adding null LogoutHandler to
RememberMeConfigurer
2015-12-15 09:50:54 -06:00
Nikos Kastamoulas
b28c62a6fe
SEC-3170: Null check for Java Config of RememberMeServices
...
Added a null check in LogoutConfigurer.addLogoutHandler() method to
ensure that a logout handler is always provided..
2015-12-15 09:50:54 -06:00
Rob Winch
e66eb539cc
SEC-3173: Update to cas-client-3.4.1
2015-12-15 09:50:54 -06:00
Rob Winch
7d5af63510
Merge pull request #243 from panchenko/SEC-3158
...
SEC-3158 findRequiredWebApplicationContext() compatibility with spring framework 4.1
2015-12-03 22:14:58 -06:00
Rob Winch
81db6abbe0
SEC-3164: JDK6 compatability
2015-12-02 14:16:57 -06:00
Rob Winch
3cc085bcdd
Merge pull request #244 from panchenko/SEC-3164
...
SEC-3164 Optimization in DefaultRequiresCsrfMatcher
2015-12-02 14:10:04 -06:00
Alex Panchenko
cfa23b152e
SEC-3164 Optimization in DefaultRequiresCsrfMatcher
2015-12-01 13:19:13 +06:00
Alex Panchenko
3af4140742
SEC-3158 findRequiredWebApplicationContext() compatibility with spring framework 4.1.x
2015-12-01 12:54:08 +06:00
Rob Winch
ed01213a27
Merge pull request #240 from wgorder/SEC-3159
...
SEC-3159: Fix Javadoc
2015-11-28 21:00:14 -06:00
William Gorder
1182d35d3c
SEC-3159: Fix Javadoc
...
The HttpSecurity#headers() Javadoc did not accurately reflect changes made to the
HeadersConfigurer in Spring Security 4.x.
2015-11-21 19:39:15 -05:00
Kazuki Shimizu
b7360a803d
SEC-3152: Add @Retention to @WithMock documentation
2015-11-12 16:21:12 -06:00
Kazuki Shimizu
5c36c9f659
SEC-3151 Polishing reference document (springsoruce -> spring, etc..)
2015-11-12 16:04:01 -06:00
petaure
cf76e3c65e
SEC-3150: Escape ' character in messages_fr.properties
...
Escape ' character, if not format doesn't work fine.
2015-11-12 15:42:52 -06:00
Kazuki Shimizu
205ef42cfb
SEC-3147: Add error parameter for default authentication-failure-url
2015-11-12 15:00:21 -06:00
Rob Winch
53f85e2151
SEC-2848: LogoutConfigurer allows setting clearAuthentication
2015-10-30 13:54:01 -05:00
Rob Winch
15b4406015
SEC-3135: antMatchers(<method>,new String[0]) now passive
2015-10-30 10:08:42 -05:00
Rob Winch
c93d6bc823
SEC-3120: Remove .and() from httpStrictTransportSecurity() doc
2015-10-30 09:11:47 -05:00
Rob Winch
4144de9376
SEC-3082: make SavedRequest parameters case sensitive
2015-10-29 16:46:11 -05:00
Rob Winch
0981cd975f
SEC-3120: Reference hsts() -> httpStrictTransportSecurity()
2015-10-29 15:07:44 -05:00
Rob Winch
be303b15d1
SEC-3128: RoleVoter supports null Authentication
2015-10-29 14:03:18 -05:00
Rob Winch
6f1bb705ac
SEC-3135: antMatchers now allows method and no pattern
...
Previously, antMatchers(POST).authenticated() was not allowed. Instead
users had to use antMatchers(POST, "/**").authenticated().
Now we default the patterns to be "/**" if it is null or empty.
2015-10-29 12:48:29 -05:00
Rob Winch
8f13beccb7
SEC-2190: Fix Javadoc
2015-10-29 11:41:39 -05:00
Rob Winch
8b641e5f79
SEC-2190: Support WebApplicationContext in ServletContext attribute
2015-10-28 15:12:35 -05:00
Rob Winch
5c73816a1a
SEC-3108: DigestAuthenticationFilter should use SecurityContextHolder.createEmptyContext()
2015-10-27 13:56:51 -05:00
Rob Winch
69274d9aa8
SEC-2521: Improve StandardPasswordEncoder performance
2015-10-27 11:20:24 -05:00
Rob Winch
a88ac0fcc1
SEC-3109: Fix web tests
2015-10-26 21:31:07 -05:00
Rob Winch
bd221739c7
SEC-3109: DelegatingSecurityContextExecutor fails with same Thread
...
Previously DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable
would not setup the SecurityContext if it was on the same thread as it was created.
This was intended to fix SEC-3031 but simply caused more problems.
This commit changes the strategy to keep track of the previous SecurityContext
and restore it (or clear it out if it was originally empty).
2015-10-26 17:16:54 -05:00
Rob Winch
95ea86b48d
SEC-3057: Include all *.txt & *.jar in dist zip
2015-10-26 14:04:17 -05:00
Rob Winch
861ec76991
SEC-3133: Correct test doc username parameter
2015-10-26 12:59:44 -05:00
Rob Winch
f76bf96e14
SEC-3132: securityBuilder cannot be null
...
If a custom SecurityConfiguererAdapter applies another
SecurityConfigurerAdapter it caused an error securityBuilder cannot be null.
This commit fixes this.
2015-10-23 10:27:09 -05:00
Rob Winch
8858419696
SEC-3052: Doc DEFAULT_MATCHER->DEFAULT_CSRF_MATCHER
2015-10-21 16:22:37 -05:00
Rob Winch
dd092431a0
SEC-2941: Default RequestPostProcessor overrides
...
Previously a default RequestPostProcessor overrode additional
RequestPostProcessor instances added to the request. This was due to
SPR-12945. Now that SPR-12945 is fixed, this commit adds a test to
ensure this stays fixed.
2015-10-21 16:06:49 -05:00
Rob Winch
b9f8af3096
SEC-3063: rm ConditionalOnMissingBean for @Primary
...
ConditionalOnMissingBean can only work in a Spring Boot environment. This
means this approach is flawed.
Instead users that wish to override requestDataValueProcessor can use
@Primary.
2015-10-21 15:40:43 -05:00
Rob Winch
cda6532c43
SEC-3070: Logout invalidate-session=false and Spring Session doesn't
...
work
2015-10-20 14:58:57 -05:00
izeye
3925ed90c4
SEC-3124: Fix broken Javadoc related to `<` and `>`
2015-10-13 13:33:28 -05:00
Rob Winch
81d61c2715
Merge pull request #227 from zshift/master
...
Fixed incorrect dn.
2015-10-01 16:22:33 -05:00
Peter David Faria
21c0542487
SEC-3117: Update users.ldif
...
Fixed incorrect dn.
2015-10-01 16:22:05 -05:00
Rob Winch
5f84902e72
Merge pull request #200 from ckarawani/master
...
SEC-2757: Removed assertion of 'sn' when creating LdapUserDetails
2015-10-01 16:18:26 -05:00