3e47531b19
Polish CSP reference
...
Issue gh-3763
2016-03-22 22:37:51 -05:00
e04f685747
Fix Typo in @WithUserDetails reference
...
Issue gh-3346
2016-03-22 22:37:41 -05:00
2f7f2ff589
Adds support for Content Security Policy
...
Fixes gh-2342
2016-03-22 21:59:13 -05:00
4cb9b202f8
Remove subversion from reference
...
Fixes gh-3766
2016-03-22 16:37:39 -05:00
683d751902
Polish What's New
...
Fixes gh-3768
2016-03-22 16:33:25 -05:00
4b650dc58d
Allow AuthenticationProvider Bean in Java Config
...
This commit adds support for defaulting java configuration's
authentication by providing an AuthenticationProvider Bean.
Fixes gh-3091
2016-03-22 16:17:25 -05:00
988b54ec3d
Remove invalid ` from docs
...
Fixes gh-3751
2016-03-15 14:38:23 -05:00
134a0a7f96
Move FAQ to appendix
...
Fixes gh-3761
2016-03-15 14:37:35 -05:00
1382bd728b
Clean up Javadoc log levels
...
Issue gh-3757
2016-03-15 08:37:01 -05:00
e33e21fe6b
Add Forward after authentication attempt config support
...
Fixes gh-3728
2016-03-11 10:49:30 -06:00
dbf73c4692
Update spring-security-config module description
...
Include Java Configuration in the description.
Fixes gh-3298
2016-03-10 10:45:15 -06:00
835ac0a217
Add @WithUserDetails userDetailsServiceBeanName
...
Fixes gh-3346
2016-03-09 15:59:23 -06:00
dd8ba8c07e
Fix formatting error in documentation
...
Fixes gh-3279
2016-03-09 15:00:52 -06:00
db81977a1a
Polish HPKP
...
* Javadoc polish
* Whitespace cleanup
Issue gh-3706
2016-03-03 15:11:40 -06:00
331c7e91b7
HTTP Public Key Pinning
...
HTTP Public Key Pinning (HPKP) is a security mechanism which allows HTTPS websites
to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.
(For example, sometimes attackers can compromise certificate authorities,
and then can mis-issue certificates for a web origin.)
The HTTPS web server serves a list of public key hashes, and on subsequent connections
clients expect that server to use 1 or more of those public keys in its certificate chain.
This commit will add this new functionality.
Fixes gh-3706
2016-03-03 14:21:46 -06:00
004bb8e577
Fix ` in documentation
...
There were a few rendering issues within the documentation
associated with `
This commit fixes those rendering issues
Fixes gh-3699
2016-02-12 08:22:55 -06:00
83992a7a27
fix typo in doc
2016-01-05 14:12:04 +01:00
1f32e96d31
SEC-3181: Fixed reference formatting
...
The code ticks was broken.
2015-12-21 17:23:16 -06:00
b7360a803d
SEC-3152: Add @Retention to @WithMock documentation
2015-11-12 16:21:12 -06:00
5c36c9f659
SEC-3151 Polishing reference document (springsoruce -> spring, etc..)
2015-11-12 16:04:01 -06:00
c93d6bc823
SEC-3120: Remove .and() from httpStrictTransportSecurity() doc
2015-10-30 09:11:47 -05:00
0981cd975f
SEC-3120: Reference hsts() -> httpStrictTransportSecurity()
2015-10-29 15:07:44 -05:00
861ec76991
SEC-3133: Correct test doc username parameter
2015-10-26 12:59:44 -05:00
8858419696
SEC-3052: Doc DEFAULT_MATCHER->DEFAULT_CSRF_MATCHER
2015-10-21 16:22:37 -05:00
777431758d
Fix reference to Null Object pattern in the manual
2015-09-24 16:53:35 +03:00
09c4765191
Fix reference to Spring Security version in the manual
2015-09-07 00:44:16 -05:00
bac980cbcb
SEC-2868: Simplify custom UserDetailsService Java Config
...
Exposing a UserDetailsService as a bean is now all that is necessary
for Java based configuration. Additionally, an optional PasswordEncoder
bean can be used to configure password encoding.
2015-08-27 20:41:15 -05:00
35393098f8
SEC-3094: Add @WithAnonymousUser & anonymous() MockMvcRequestPostProcessor
2015-08-27 15:17:44 -05:00
6b05b298ff
SEC-2059: Support Path Variables in Web Expressions
2015-08-20 17:11:01 -05:00
327695ab0c
SEC-3084: Doc SecurityContextRequestPostProcessorSupport & SecurityContextHolder
2015-08-20 09:30:24 -05:00
cbed1d75ee
SEC-3076: Add Method Level Security Meta Annotations
2015-08-19 16:07:03 -05:00
7708129aad
SEC-3080: Remove invalid characters from reference
2015-08-19 16:06:56 -05:00
567c51e109
SEC-3074: Add Test Meta Annotation Support
2015-08-19 16:05:54 -05:00
dab4cf18b8
SEC-3032: Correct documented logout-success-url default
2015-07-22 13:48:07 -05:00
a50d297f3a
SEC-2953: Add index-docinfo.xml
...
This removes the "please define title in your docbook file"
2015-07-21 11:48:44 -05:00
abc445d5a7
SEC-2965: Polish
2015-07-16 15:52:00 -05:00
518a1c3c08
SEC-2965: Fix invalid formatted links in reference documentation
2015-07-16 15:27:04 -05:00
1ca5946d74
SEC-3003: Document invalid intercept-url attributes for filter-security-metadata-source
2015-07-16 15:03:51 -05:00
2d448658cd
SEC-3042: Add SecurityTestExecutionListeners
2015-07-16 13:51:37 -05:00
0e36f85dab
SEC-3019: Java Config for Http Basic supports Rememberme
2015-07-16 11:12:44 -05:00
b96cee7950
SEC-2984: WithMockUser authorities doc
2015-07-16 08:48:53 -05:00
64938ebcfc
SEC-2996: Suport configuring SecurityExpressionHandler<Message<Object>>
2015-07-13 22:45:35 -05:00
a46ad0f446
SEC-2951: Polish
2015-04-30 09:52:52 -05:00
013177c644
SEC-2951: Document Logouthandler and LogoutSuccesshandler
...
Jira: https://jira.spring.io/browse/SEC-2951
2015-04-30 09:37:17 -05:00
600927def6
SEC-2952: Document Spring Security leveraging WebMvcConfigurerAdapter
2015-04-29 10:18:02 -05:00
1087d19346
SEC-2933: Update ProviderManager reference XML to use constructor
2015-04-20 15:57:04 -05:00
67762321f8
SEC-2920: Fix tickets resolved link in reference
2015-04-20 15:14:40 -05:00
c94a5cf8e2
SEC-2916: disable-url-rewriting=true by default
2015-03-25 13:14:15 -05:00
0a2e496a84
SEC-2915: groovy/gradle spaces->tabs
2015-03-25 13:08:59 -05:00
cf9f58a4ac
SEC-2915: XML spaces->tabs
2015-03-25 13:08:52 -05:00
8105b05dd0
SEC-2782: Migrate guide links include "current" in URL
2015-03-23 09:33:00 -05:00
b262c198d8
SEC-2782: Polish Migrating from 3 to 4 Guide
2015-03-20 14:14:55 -05:00
a18fa3f1db
saving updates to migrate
2015-03-16 12:32:58 -05:00
1da1b8b12f
SEC-2892: Added Guides Back to dist
2015-03-11 13:29:18 -05:00
9169186d48
SEC-2889: Update documentation to use sameOriginDisabled
2015-03-10 14:48:19 -05:00
5e2720723a
SEC-2884: Fix WebSocket reference link text
2015-03-10 10:51:53 -05:00
dea5723ecc
SEC-2782: Finish Migration Guide from 3.x to 4.x
2015-03-09 17:09:00 -05:00
9b4cbff58c
SEC-2782: Additional Updates to Migration Guide from 3.x to 4.x
2015-03-06 17:10:06 -06:00
ff4e9e6ad4
SEC-2782: Started Migration Guide from 3.x to 4.x
2015-02-27 16:18:18 -06:00
ff5a176675
trivial docs fixed a few typos and grammatical errors
...
I have signed and agree to the terms of the SpringSource Individual Contributor License Agreement.
2015-02-25 00:04:15 -06:00
4ca99ef88c
SEC-2877: Fix doc typo in index.adoc
...
Replace "a`" with "a `"
2015-02-24 22:28:07 -06:00
5f57e5b0c3
SEC-2873: Remember Me XML Configuration Defaults Should Match Java Config
2015-02-24 20:49:56 -06:00
67cd8465c3
SEC-2826: Add remember-me-cookie attribute in xml namespace
2015-02-24 17:54:54 -06:00
9ffd5db466
SEC-2584: Add What's New in 4.0
2015-02-24 16:14:15 -06:00
bfa12ade40
SEC-2870: Add Spring Data Documentation
2015-02-24 16:14:08 -06:00
37740cd020
SEC-2861: Add WebSocket Documentation & Sample
2015-02-24 10:29:47 -06:00
b9563f6102
SEC-2830: Cleanup disabling Same Origin SockJS
...
- Defaults for properties false
- Add XML Namespace support
2015-02-24 10:28:33 -06:00
b9e2a57131
SEC-2854: Add intercept-message@message-type
2015-02-20 11:43:16 -06:00
fea03536d6
SEC-2853: Rename WebSocket XML Namespace elements
2015-02-20 11:43:15 -06:00
6a8475adbb
SEC-2830: Provide Same Origin support for SockJS
2015-02-18 11:21:02 -06:00
a27c33754c
SEC-2859: Add CsrfTokenArgumentResolver
2015-02-18 10:51:30 -06:00
c4fe630f8e
SEC-2846: Security HTTP Response Headers Configuration Cleanup
2015-02-10 10:36:00 -06:00
6627f76df7
SEC-2758: Make ROLE_ consistent
2015-01-29 17:08:43 -06:00
081f84844c
SEC-2777: Fix <header> attributes in doc
2015-01-20 16:28:02 -06:00
c30c97005b
SEC-2572: Document Spring Test
2015-01-20 16:20:14 -06:00
aab0eea9cf
SEC-2800 Documentation typo in class name
2014-12-22 19:22:26 -05:00
d5ff80011b
Polish Documentation
2014-12-11 20:36:55 -06:00
1677836d53
SEC-2790: Deprecate @EnableWebMvcConfig
2014-12-10 21:10:27 -06:00
3171cc4364
SEC-2788: Add @Configuration as meta annotation to @Enable* annotations
2014-12-10 21:10:15 -06:00
c67ff42b8a
SEC-2783: XML Configuration Defaults Should Match JavaConfig
...
* j_username -> username
* j_password -> password
* j_spring_security_check -> login
* j_spring_cas_security_check -> login/cas
* j_spring_cas_security_proxyreceptor -> login/cas/proxyreceptor
* j_spring_openid_security_login -> login/openid
* j_spring_security_switch_user -> login/impersonate
* j_spring_security_exit_user -> logout/impersonate
* login_error -> error
* use-expressions=true by default
2014-12-08 15:09:15 -06:00
5f5e7e7265
SEC-2785: Reference outputs PDF, Html Multi, & epub
2014-12-08 13:29:15 -06:00
87a52ffbfd
SEC-2784: Update to Gradle 2.2.1
2014-12-08 13:29:07 -06:00
6e204fff72
SEC-2781: Remove deprecations
2014-12-04 15:28:40 -06:00
2cb2657f5b
SEC-2702: Clean WebSocket Namespace documentation
2014-11-25 12:27:29 -06:00
3c487c0348
SEC-2348: Update doc headers enabled by default with XML
2014-11-21 21:55:03 -06:00
4392205f63
SEC-2347: CSRF Enabled by default w/ XML Config
2014-11-21 21:32:56 -06:00
eedbf44235
SEC-2348: Security HTTP Response Headers enabled by default w/ XML
2014-11-21 16:06:29 -06:00
4dcc89fab0
SEC-2674: Documentation refers to httpStrictTransportSecurity() instead of hsts()
2014-11-19 13:31:09 -06:00
55d6d5a86a
SEC-2615: accesscontrollist tag hasPermission performs OR not AND
...
In 3.1 the accesscontrollist tag began performing an and on the
permissions. This may have been accidental, but I think that it is more
intuitive & secure for it to behave this way. When compared to hasAnyRole
and hasRoles the hasPermission tag implies it is an and. If users end up
needing OR support, then the authorize tag can be used along with the
hasPermission expression. For example:
<sec:authorize access="hasPermission(#domain, 'read') or hasPermission(#domain, 'write') ">
In general, the authorize tag should be preferred as it is the more
powerful way of performing authorization checks.
2014-11-18 16:59:46 -06:00
e7edb77cae
SEC-2716: Fix doc spelling of AbstractPreAuthenticatedProcessingFilter
2014-09-16 10:56:52 -05:00
bd322542ca
Fixed broken url to Clickjacking description.
2014-08-20 10:11:21 +04:00
934937d9c1
SEC-2688: CAS Proxy Ticket Authentication uses Service for host & port
2014-08-15 16:41:33 -05:00
b97b84063a
SEC-2665: Fix samples/ldap-jc link in reference
2014-07-21 14:20:14 -05:00
d9efd08bfd
SEC-2577: Add missing whitespace in reference
2014-04-28 16:24:48 -05:00
5b216bd0b2
Revert "SEC-2547: Consistent CAS client version"
...
This reverts commit f6cc9d87d5
2014-04-15 10:36:37 -05:00
f6cc9d87d5
SEC-2547: Consistent CAS client version
2014-04-14 22:48:55 -05:00
8e31b66f06
SEC-2556: Fix @Import example in manual
2014-04-14 22:39:37 -05:00
71ba977dad
Fix package name in manual code
2014-03-27 13:08:23 +00:00
32d3e29c65
SEC-2325: Polish CSRF Tag support
...
- Rename csrfField to csrfInput
- Make AbstractCsrfTag package scope
- rename FormFieldTag to CsrfInputTag
- rename MetaTagsTag to CsrfMetaTagsTag
- removed whitespace from tag output so output is
minimized & improving browser performance
- Update @since
- changed test names to be more meaningful
2014-03-07 15:28:52 -06:00
a3e0475998
SEC-2325 Added JSP tags for CSRF meta tags and form fields
2014-03-07 15:28:48 -06:00
26cee61b98
SEC-2335 Added ACL schema files for MySQL, SQL Server, Oracle
2014-03-07 15:28:45 -06:00
56bb331760
SEC-2514: Fix typo in hellomvc.asc
...
packags -> packages
2014-03-07 10:27:23 -06:00
1d6536fa71
SEC-2512: Fix typo in reference`
...
udates -> updates
2014-03-06 22:22:34 -06:00
4a1a2dfed4
Update min Spring version of 4.0.2.REELASE
2014-02-19 11:16:57 -06:00
6c35c33abe
SEC-2447: Fix AuthenticationManagerBuilder ordering issues
2014-02-09 21:17:51 -06:00
b5f5665ea6
SEC-2463: CSRF documentation includes EnableWebMvcSecurity
2014-01-29 09:28:51 -06:00
3b05fd6fed
SEC-2466: Add link to MultipartFilter in CSRF multipart section
2014-01-28 22:04:35 -06:00
4c84805ac9
SEC-2466: CSRF MutipartFilter doc now uses <url-pattern>
2014-01-28 16:51:05 -06:00
f09ce267b3
Polish MVC doc
2013-12-16 12:30:25 -06:00
374aceed2b
Polish form.asc
2013-12-16 11:13:23 -06:00
df703e0189
Polish hellomvc.asc
2013-12-16 10:39:18 -06:00
8c580dc170
SEC-2444: Polish Thymeleaf for samples
2013-12-16 09:51:00 -06:00
5205bf57c6
SEC-2453: Create 403 CSRF FAQ Entry
2013-12-16 09:02:02 -06:00
b7041ed00e
SEC-2436: Add @EnableWebMvcSecurity
2013-12-14 14:40:01 -06:00
4708287ad3
SEC-2444: Convert Java Config samples to thymeleaf and tiles
2013-12-13 15:47:28 -06:00
0d12397662
SEC-2385: Polish Gradle Spring 4 usage doc
2013-12-12 08:20:37 -06:00
035067caf4
SEC-2385: Polish Gradle Spring 4 usage doc
2013-12-11 08:08:51 -06:00
548ed4e14a
Update samples to declare repository already added
2013-12-06 14:46:52 -06:00
feeb380b51
Polish Guides
2013-12-06 11:12:07 -06:00
ec524da6cb
SEC-2416: Fix Hello MVC guide
2013-12-05 15:47:38 -06:00
fc6fc19eed
Fix guides
2013-12-05 13:16:59 -06:00
74a6303b6f
SEC-2385: Document how to use with Spring 4
2013-12-04 12:38:45 -06:00
4308e72573
Polish CSRF log in caveat with link
2013-12-03 09:27:49 -06:00
b8cc42e3a3
SEC-2426: Add CSRF and logout with non-post example
2013-12-03 09:07:54 -06:00
ab08d99a52
SEC-2421: Remove filterProcessUrl from UsernamePasswordAuthenticationFilter doc
2013-12-02 16:47:57 -06:00
135df149a3
SEC-2423: Document differences between defaults in Java & XML Config
2013-12-02 16:37:52 -06:00
0b996c669f
SEC-2424: Document ObjectPostProcessor
2013-12-02 10:17:08 -06:00
5a59c74d02
SEC-2327: Document SecurityExpressionRoot
2013-11-20 16:59:05 -06:00
4944e602cb
SEC-2402: Reference cleanup
...
* Fix link rendering in CSRF section
* Remove static from MultiHttpSecurityConfig sample
* Decrease indention since can render w/ PDF now
* Remove invalid characters
2013-11-15 10:50:08 -06:00
f1f3acdf75
Fix guides spec
2013-11-01 14:21:37 -05:00
c135179029
Update to latest Asciidoctor version
...
We will temporarily remove PDF support until the plugin supports it.
2013-10-30 16:56:00 -05:00
cf3e2f2c6a
Fix guide index's link to custom form
2013-10-30 16:19:51 -05:00
17b9f33351
SEC-2378: Fix CSRF MultipartFilter doc typo
2013-10-29 13:07:10 -05:00
5427da6b27
Move reference to htmlsingle to match standard Spring reference layout
2013-10-29 12:56:29 -05:00
78f85cc129
SEC-2349: Number the reference
2013-10-23 17:46:57 -05:00
85ec2429d9
SEC-2349: Externalize FAQ
2013-10-23 17:43:32 -05:00
355f884d22
SEC-2093: Document what is new in Spring Security 3.2
2013-10-18 16:39:01 -05:00
4a24c81147
SEC-2299: Document @AuthenticationPrincipal
2013-10-18 15:46:29 -05:00
a3009e303b
SEC-2299: Document Web MVC integration
2013-10-18 11:23:58 -05:00
6ea95cc3a3
SEC-2094: Document Concurrency Support
2013-10-18 09:50:49 -05:00
348e3a22b6
SEC-2365: registerAuthentication->configure
2013-10-16 13:59:56 -05:00
db3c626ac9
SEC-2281: Document Java Configuration
2013-10-16 10:44:35 -05:00
e3f58fd9d3
Polish guide
2013-10-16 10:44:16 -05:00
bbefc62a87
Fix Security Header's link to HttpServletResponse.setHeader
2013-10-15 16:56:44 -05:00
730dcffe6d
Fix crossrefs in footnotes
2013-10-15 16:50:26 -05:00
bf3b5459cd
Fix Authors of manual
2013-10-15 16:22:27 -05:00
0978c12c47
SEC-2361: Java Config Sampels use @Autowired AuthenticationManagerBuilder
2013-10-15 12:35:32 -05:00
51171efa7a
SEC-2357: Move *RequestMatcher to .matcher package
2013-10-14 11:55:56 -05:00
14b9050616
SEC-2357: Move *RequestMatchers to .matchers package
2013-10-14 10:36:31 -05:00
d28058303b
SEC-2349: Move FAQ into reference
2013-10-03 21:28:55 -05:00
4b43cf3f50
SEC-2349: Convert Reference to Asciidoctor
2013-10-03 14:15:09 -05:00
df5e034fc3
SEC-2282: Polish CSRF Documentation
2013-09-27 17:14:21 -05:00
8087cde628
SEC-2331: Include Expires: 0 in xsd and appendix
2013-09-27 17:10:42 -05:00
8fed90c26c
SEC-2282: Add links for AccessDeniedHandler in CSRF doc
2013-09-27 16:44:34 -05:00
3e95f1c12e
SEC-2282: Polish CSRF Documentation
2013-09-27 16:41:06 -05:00
ee33a6deeb
SEC-2285: Headers doc explicitly state default headers
2013-09-27 16:29:10 -05:00
17efd25717
SEC-2331: Include Expires: 0 in security headers documentation
2013-09-27 16:13:40 -05:00
06a0ec1a9f
SEC-2285: Polish Security Headers Documentation
...
Explain why (passivity) XML Namespace doesn't enable security headers by
default.
2013-09-27 16:13:18 -05:00
9bb283044f
SEC-2282: Polish CSRF Documentation
...
Explain why (passivity) XML Namespace doesn't enable csrf protection by
default.
2013-09-27 16:06:25 -05:00
a09756745f
SEC-2151: Support binding method arguments with Annotations
...
This allow utilizing method arguments for method access control on
interfaces prior to JDK 8.
2013-09-27 11:18:37 -05:00
1f3b812a66
SEC-2282: Polish CSRF Documentation
2013-09-26 08:58:39 -05:00
ef7cc40389
SEC-2282: Polish CSRF Documentation
2013-09-25 17:30:50 -05:00
d16106ef56
SEC-2309: Document CSRF multipart/form-data
2013-09-25 15:14:32 -05:00
e5804d323b
SEC-2256: Fix intercept-url doc precidence statement
...
Previously the documentation incorrectly stated "If a request matches
multiple patterns, the method-specific match will take precedence
regardless of ordering."
This has now been removed and InterceptUrlConfigTests was added previously
to ensure this was true.
2013-09-13 22:02:52 -07:00
f6587c8697
SEC-2312: Update javadoc link to Spring 3.2.x
2013-09-13 15:34:30 -07:00
98fe2322cd
SEC-2095: Fix Servlet API doc ids
2013-08-30 13:10:32 -05:00
fc16450344
Demonstrate rest.js CSRF support in reference docs
...
rest.js 0.9.4 added support for applying the CSRF header and token to
Ajax requests.
2013-08-30 12:21:32 -05:00
246c632f3a
SEC-2095: Document Servlet API support
2013-08-30 12:20:35 -05:00
86340b8016
SEC-2283: Polish headers doc
2013-08-29 13:47:54 -05:00
d89cf6db29
SEC-2283: Update headers documentation and tests
2013-08-28 12:35:40 -05:00
4761614c9f
SEC-2291: Fix internal links within reference
...
Instead of using xlink:href="# use linkend="
2013-08-28 09:12:27 -05:00
69aac09e1d
SEC-2285: Added headers to to reference
2013-08-28 08:58:45 -05:00
9483226d02
SEC-2282: Polish CSRF doc
2013-08-27 17:16:32 -05:00
98bdd32ca0
SEC-2282: Add CSRF documentation to the reference manual
2013-08-25 19:00:04 -05:00
18bd82e7d4
SEC-2131: Update doc to state session authentication sends 401 if no page
2013-08-25 11:37:23 -05:00
cd7055f725
SEC-2171: Include Information about pooling in Spring LDAP documentation
2013-08-25 11:27:50 -05:00
7f2308f46c
SEC-2146: Document AspectJ does not inherit annotations
2013-08-25 11:06:36 -05:00
03b235295e
SEC-2270: Remove duplicate version from guides index
2013-08-23 14:13:12 -05:00
efa9f4db93
SEC-2108: Fix typo in ldap section of manual
2013-08-23 14:09:58 -05:00
e8788f2657
SEC-2269: Fix markup for CSRF link
2013-08-21 10:08:39 -05:00
17c2a18fee
SEC-2269: Fix CSRF link in appendix
2013-08-21 10:01:19 -05:00
a3a432f7b6
SEC-2269: Fix additional links
2013-08-20 14:02:33 -05:00
3b2156969d
SEC-2269: Fix headers link
2013-08-20 10:06:00 -05:00
f707101fdb
SEC-2269: Fix headers documentation
2013-08-20 10:03:31 -05:00
eb95c500f5
Remove dockbook-reference from guides
2013-08-20 10:02:55 -05:00
658a93178c
SEC-2252: Add custom form guide
2013-08-19 15:22:04 -05:00
51b9c4a19a
Hide logout in main.jsp if not logged in
2013-08-17 14:38:39 -05:00
e9bb9e766e
SEC-1574: Add CSRF Support
2013-08-15 14:49:21 -05:00
5f35d9e3ec
SEC-2135: Document HttpServletRequest.changeSessionId() support
2013-08-15 13:59:16 -05:00
485676be8c
SEC-2251: Polish Hello World guides
...
* Correct how to add username and logout to mvc
* Externalize :revnumber:
2013-08-15 12:50:40 -05:00
13da42ca1b
SEC-2137: Allow disabling session fixation and enable concurrency control
2013-08-15 12:50:40 -05:00
e0cb931f69
SEC-2251: Create Hello World Java Configuration guides
2013-08-08 14:34:50 -05:00
333a7291a4
SEC-2242: Fixed typo in technical overview
...
Changed "source source" to "source"
2013-08-01 13:02:56 -05:00
e242aeff3e
SEC-2230: Polish and clickjacking demo
2013-08-01 10:19:36 -05:00
283c906215
SEC-2230: Fix reference PDF
2013-07-31 12:22:41 -05:00
988e97e366
SEC-2230: Polish headers reference
2013-07-31 10:39:52 -05:00
c85328c5d1
SEC-2230: HTTP Strict Transport Security (HSTS)Add support for Strict
...
This is a distinct filter as apposed to reusing StaticHeaderWriter
since the specification specifies that the "Strict-Transport-Security"
header should only be set on secure requests. It would not make sense to
require DelegatingRequestMatcherHeaderWriter since this requirement is
in the specification.
2013-07-31 10:39:52 -05:00
8013cd54d6
SEC-2230: Added Cache Control support
2013-07-31 10:39:45 -05:00
7b164bb5e1
SEC-2230: Polish pull request
2013-07-26 14:19:53 -05:00
8acd205486
SEC-2232: HeaderFactory to HeaderWriter
2013-07-26 09:01:12 -05:00
fd754c5cab
SEC-2098, SEC-2099: Fix build
...
- hf.doFilter is missing FilterChain argument
- response.headers does not contain the exact values for the headers so
should not be used for comparison (note it is a private member so this
is acceptable)
- hf does not need non-null check when hf.doFilter is invoked
- some of the configurations are no longer valid (i.e. ALLOW-FROM
requires strategy)
- Some error messages needed updated (some could still use improvement)
- No validation for missing header name or value
- rebased off master / merged
- nsa=frame-options-strategy id should use - not =
- FramewOptionsHeaderFactory did not produce "ALLOW-FROM " prefix of origin
- remove @Override on interface overrides to work with JDK5
2013-07-25 16:23:25 -05:00
d0b40cd2ae
- Created HeaderFactory abstraction
...
- Implemented different ALLOW-FROM strategies as specified in the proposal.
Conflicts:
config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy
2013-07-25 16:22:43 -05:00
a63baa8391
SEC-2098, SEC-2099: Polishing
2013-07-25 16:22:43 -05:00
0adf5aea91
SEC-2098, SEC-2099: Created HeadersFilter
...
Created HeadersFilter for setting security headers added including a
bean definition parser for easy configuration of the headers. Enables
easy configuration for the X-Frame-Options, X-XSS-Protection and
X-Content-Type-Options headers. Also allows for additional headers to
be added.
2013-07-25 16:22:43 -05:00
955a60cf49
SEC-2208: Use std docbook plugin and workspace cleanup
2013-07-16 15:15:47 -05:00
d8727638ab
SEC-1785: Remove auto-config from manual.
...
Changed the namespace doc to use an explicit form-login
and logout element and avoid mention of auto-config or its
effects. This makes the intro shorter and simpler.
2013-05-18 21:25:11 +01:00
d6524feb62
SEC-2122: Change doc to prioritize bcrypt use
2013-05-17 18:42:47 +01:00
c0921b9ede
SEC-2133: Update doc from ChannelAuthenticationFilter to ChannelProcessingFilter
2013-04-25 08:56:47 -05:00
6ebb9abfb7
Fix HttpSessionEventPublisher package name in FAQ.
2013-04-06 14:53:53 +01:00
5eb5c91d86
SEC-2119: Rename rememberme-parameter to remember-me-parameter
...
This change extends pull request https://github.com/SpringSource/spring-security/pull/26
and its subsequent changes by renaming the attribute name 'rememberme-parameter' to
'remember-me-parameter'.
The spelling including the additional hyphen in 'remember-me-parameter' is more consistent
with the default spelling of the 'remember-me' functionality.
2013-03-05 14:47:25 -06:00
b014020955
SEC-2119: Polish remember-me@rememberme-parameter
...
- Change form-parameter to rememerme-parameter
- Use rnc file for generating the xsd
- Add test for deafult value of rememberme parameter
2013-03-01 17:03:09 -06:00
9eb34fe51c
SEC-2119: Add a 'form-parameter' attribute to <remember-me>
...
This change extends the namespace configuration of <remember-me>
with a 'form-parameter' attribute. The introduced attribute sets
the 'parameter' property of AbstractRememberMeServices.
This enables overriding the default value of
'_spring_security_remember_me' using the namespace configuration.
2013-03-01 17:03:02 -06:00
e8661913d1
SEC-2119: Update to 3.2 schema and use default schema version when available
2013-03-01 16:29:27 -06:00
83f1d76c16
SEC-2138: Fix code snippet in Hierarchical Roles section
...
The bean definition of RoleHierarchyVoter was syntactically incorrect.
2013-02-26 09:48:59 -06:00
5ba31dfd56
Use AspectJMethodSecurityInterceptor in reference
...
Change reference to use AspectJMethodSecurityInterceptor instead of
undefined AspectJSecurityInterceptor.
2012-12-04 10:06:27 -06:00
373fe3a9f1
SEC-2074: Update reference to use <method-security-metadata-source>
2012-12-04 10:05:22 -06:00
6cea2694dc
SEC-2069: Update doc to use FilterInvocationSecurityMetadataSource
2012-10-22 14:24:05 -05:00
4f741bc914
SEC-2057: ConcurrentSessionFilter is now after SecurityContextPersistenceFilter
...
Previously, ConcurrentSessionFilter was placed after SecurityContextPersistenceFilter
which meant that the SecurityContextHolder was empty when ConcurrentSessionFilter was
invoked. This caused the Authentication to be null when performing a logout. It also
caused complications with LogoutHandler implementations that would be accessing the
SecurityContextHolder and potentially clear it out expecting that
SecurityContextPersistenceFilter would then clear the SecurityContextRepository.
The ConcurrentSessionFilter is now positioned after the
SecurityContextPersistenceFilter to ensure that the SecurityContextHolder is populated
and cleared out appropriately.
2012-10-03 09:27:24 -05:00
8ad0e0e8e8
SEC-1995: Use Gradle Artifactory integration for releases
2012-08-09 14:20:57 -05:00
095dcb3a74
SEC-2010: Include missing <value> tag in Hierarchical Roles section of the reference
2012-07-19 10:18:12 -05:00
b196d70f99
SEC-1905: Added para tag to the digest encoded password footnote
2012-07-11 13:12:57 -05:00
bfd09f7603
SEC-1905: Added footnote to password encoding for digest authentication
...
Technically digest authentication can allow for encoded passwords, but
it needs to be in the correct format. This update adds a footnote to clarify this.
Previously the documentation stated that passwords must be in clear text.
2012-07-11 13:00:06 -05:00
3e4da4f60f
Updated to next snapshot version
2012-07-06 11:28:21 -05:00
f46a5bab40
Set to 3.1.1 Release
2012-07-06 10:32:55 -05:00
a2452ab514
SEC-1906: Update to Gradle 1.0
2012-07-05 12:41:56 -05:00
18230259b8
SEC-1985: Removed WebSecurityExpessionHandler from reference
2012-06-28 11:35:07 -05:00
954ba57cf2
SEC-1970: Cleanup of pre authentication documentation
...
* Removed custom-authentication-provider from documentation
* Rephrased to make the pre authentication documentation a little more concise
* Removed nested () within text (not code)
* Removed user which should have been use
2012-06-15 14:44:16 -05:00
ca741ab18f
SEC-1943: Corrected namespace doc to state SecurityContextHolderAwareRequestFilter instead of SecurityContextHolderAwareFilter
2012-03-20 19:18:26 -05:00
2434564d6c
SEC-1904: Fixed LDAP object class name in docs.
2012-02-01 14:37:32 +00:00
b493afa18c
SEC-1888: Improving the doc on (not) using multiple annotation types in the same class.
2012-01-31 19:05:43 +00:00
9b423a7726
Set 3.1.0 release version.
2011-12-05 23:42:39 +00:00
53483df1f5
SEC-1678: Added What's new section to reference
2011-11-18 13:52:37 -06:00
041cb1dcc3
SEC-1858: Included the updates for logout-success-url documentation
2011-11-18 11:22:22 -06:00
f88b6f75ff
SEC-1858: Overhall the namespace appendix of the reference to include missing elements and attributes
2011-11-11 09:00:53 -05:00
2fd0a65049
SEC-1839: Updated preauth example to use </security:authentication-manager> instead of </security-authentication-manager>
2011-10-18 19:18:56 -05:00
503ac9ae7c
SEC-1798: Remove internal evaluation of EL in JSP tag implementations.
2011-08-12 19:44:27 +01:00
a1c714cff4
SEC-1754: Added an InvalidSessionStrategy to allow SessionManagementFilter to delegate out the behaviour when an invalid session identifier is submitted.
2011-07-14 16:43:02 +01:00
ac3d8b25f2
Expand LDAP authentication FAQ with information about bind authentication and unreadable password attributes.
2011-07-14 13:13:39 +01:00
d5946b81b4
Added FAQ on how to add ApacheDS entries to pom.
2011-07-13 17:50:29 +01:00
2e83d98c8f
SEC-1776: Corrected typo in manual
2011-07-09 19:24:12 -05:00
2861a951aa
Minor FAQ update on version info.
2011-06-17 11:45:56 +01:00
ecfffaaa3f
Make aspectj dependencies optional throughout and spring-jdbc/tx optional in core poms. Reduces exclusions required in third-party poms (e.g. spring-social).
2011-06-09 22:57:49 +01:00
132163ec2e
Add FAQ on accessing password from a UserDetailsService.
2011-05-26 18:38:45 +01:00
b53d430798
Doc update to reflect change in cas integration module name since 3.0.
2011-05-23 21:29:40 +01:00
3541099634
Correct typo in FAQ.
2011-05-17 18:23:48 +01:00
295ea27526
SEC-1743: Separate remoting from core into separate module.
2011-05-16 00:19:30 +01:00
6e91786f92
SEC-1734: AbstractRememberMeServices will now default to using a secure cookie if the connection is secure. The behaviour can be overridden by setting the useSecureCookie property in which case the cookie will either always be secure (true) or never (false).
2011-05-09 13:36:23 +01:00
bd74185e41
SEC-1729: Updated openid module and sample to openid4java 0.9.6 and httpclient 4.1.1
2011-04-26 23:39:51 -05:00
e473897fd9
SEC-1181: Add docs for ActiveDirectoryLdapAuthenticationProvider. Minor fix to initialization checks.
2011-04-26 18:39:01 +01:00
c4a1ce9f1a
SEC-1725: Update docs to remove references to filter-chain-map.
2011-04-25 23:38:44 +01:00
Rob Winch
Joe Grandja
Shazin Sadakath
Martin Macko
Tim Ysewyn
drdamour
Zied Zaïem
Juzer Ali
Kazuki Shimizu
Alex Derkach
Dan Dowma
Gunnar Hillert
Eugene Wolfson
Christopher Pelloux
Bloshchetsov Andrey Evgenyevich
Alexander Grüneberg
Hans-Joachim Kliemeck
Grzegorz Rożniecki
Luke Taylor
Rob Winch
beamerblvd
John Tims
Manimaran Selvan
Scott Andrews
Asaf David
Marten Deinum
Oliver Becker
@fbiville
Rob Winch
Florian Fankhauser