Commit Graph

5472 Commits

Author SHA1 Message Date
Rob Winch a00a7dabd8 Merge pull request #221 from codingdiscer/master
Fix reference to Spring Security version in the manual (3.0->4.0)
2015-09-07 20:44:17 -05:00
Dan Dowma 09c4765191 Fix reference to Spring Security version in the manual 2015-09-07 00:44:16 -05:00
Rob Winch 50ff81033c Add coreInstall Task 2015-09-02 00:21:40 -05:00
Rob Winch 81e2778106 SEC-3097: Change CsrfRequestPostProcessor to use TestCsrfTokenRepository
This ensures that when using a wrapped HttpServletRequest (i.e. Spring
Session) that the CSRF token test support still works.
2015-09-02 00:21:40 -05:00
Rob Winch ea94706319 SEC-3097: Use MockMvc for SecurityMockMVcRequestPostProcessorsCsrfTests
This is necessary because the changes for this issue are going to make
the mocked version of the tests invalid.
2015-09-02 00:21:39 -05:00
David Avenante a9a5377e4a Unused import
An import unsued
2015-09-02 00:21:39 -05:00
David Avenante 5edfeb4091 Unused import
And import is unused
2015-09-02 00:21:39 -05:00
Rob Winch 97969ea9d2 SEC-2059: Ignore Query String for Resolving Path Variables 2015-09-01 09:53:29 -05:00
Rob Winch adfeb96e2f Update to Spring 4.2.1 2015-09-01 09:53:26 -05:00
Rob Winch bac980cbcb SEC-2868: Simplify custom UserDetailsService Java Config
Exposing a UserDetailsService as a bean is now all that is necessary
for Java based configuration. Additionally, an optional PasswordEncoder
bean can be used to configure password encoding.
2015-08-27 20:41:15 -05:00
Rob Winch 35393098f8 SEC-3094: Add @WithAnonymousUser & anonymous() MockMvcRequestPostProcessor 2015-08-27 15:17:44 -05:00
Rob Winch 6b05b298ff SEC-2059: Support Path Variables in Web Expressions 2015-08-20 17:11:01 -05:00
Rob Winch 5f328b1178 SEC-2709: Fix WithSecurityContextTestExecutionListener Order 2015-08-20 10:41:09 -05:00
Rob Winch 327695ab0c SEC-3084: Doc SecurityContextRequestPostProcessorSupport & SecurityContextHolder 2015-08-20 09:30:24 -05:00
Rob Winch c79bceab03 SEC-2956: Improve AnnotationParameterNameDiscoverer Performance 2015-08-19 16:07:03 -05:00
Rob Winch cbed1d75ee SEC-3076: Add Method Level Security Meta Annotations 2015-08-19 16:07:03 -05:00
Rob Winch 7708129aad SEC-3080: Remove invalid characters from reference 2015-08-19 16:06:56 -05:00
Rob Winch 5ac13eb905 SEC-3079: Update to Gradle 2.6 2015-08-19 16:05:54 -05:00
Rob Winch 567c51e109 SEC-3074: Add Test Meta Annotation Support 2015-08-19 16:05:54 -05:00
Rob Winch 55dd247660 SEC-3078: Update Spring 4.2 2015-08-19 16:05:40 -05:00
Rob Winch 7914b96e23 SEC-3077: Update to Groovy 2.4.4 2015-08-19 16:05:14 -05:00
Rob Winch 26ab012b57 Start 4.1.0 2015-08-18 13:58:01 -05:00
Rob Winch db9584104c Add Gitter to README 2015-08-11 11:49:46 -05:00
Rob Winch b0701ea770 SEC-3068: Update Tutorial to use POST /logout 2015-08-10 09:53:07 -05:00
Rob Winch 8cc9108601 Merge pull request #209 from raindev/patch-1
Remove unused imports from SecureRandomBytesKeyGenerator
2015-08-06 08:54:09 -05:00
Rob Winch 41c9431fcc Test that form log in requires CSRF 2015-08-03 12:24:37 -05:00
Rob Winch 453e6332da Fix indentation of CsrfConfigTests 2015-08-03 12:03:05 -05:00
Rob Winch 969f3a7d1b Update pom.xml to latest snapshots 2015-08-03 09:46:01 -05:00
Rob Winch 4c19768e54 Update to jacoco 0.7.5.201505241946 2015-08-03 09:45:42 -05:00
Thomas Darimont ad1d858e2b SEC-3056 - Fix JavaDoc errors.
Fixed JavaDoc errors accross multiple modules in order to make javadoc happy with Java 8.
2015-08-03 08:02:24 -05:00
Rob Winch 7317c090cc SEC-2963: Disable appengineRun if contains functional tests 2015-07-29 09:57:57 -05:00
Rob Winch 485fbdc1ee SEC-2963: Select Available Port for appengine 2015-07-28 22:47:21 -05:00
Spring Buildmaster 22aa91c8e1 Next development version 2015-07-22 22:08:15 -07:00
Rob Winch ea873fb1b8 SEC-2963: Disable appengineFunctionalTest 2015-07-22 21:27:28 -05:00
Rob Winch 117f892c91 SEC-3031: DelegatingSecurityContext(Runnable|Callable) only modify SecurityContext on new Thread
Modifying the SecurityContext on the same Thread can cause issues. For example, with a
RejectedExecutionHandler the SecurityContext may be cleared out on the original Thread.

This change modifies both the DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable to,
by default, only modify the SecurityContext if they are invoked on a new Thread. The behavior can be changed
by setting the property enableOnOrigionalThread to true.
2015-07-22 16:07:21 -05:00
Rob Winch 113b61e3a0 SEC-2957: Polish 2015-07-22 13:57:28 -05:00
Rob Winch dab4cf18b8 SEC-3032: Correct documented logout-success-url default 2015-07-22 13:48:07 -05:00
Rob Winch be27ede0e9 SEC-2957: Add missing provided dependencies to samples 2015-07-22 13:33:52 -05:00
Rob Winch e8c9f75f9c Update pom.xml to latest versions 2015-07-22 12:51:04 -05:00
Rob Winch bc53945d89 Remove unused import in WithSecurityContextTestExecutionListenerTests 2015-07-22 12:44:34 -05:00
Rob Winch 432123daa2 SEC-2964: Fix CsrfTokenArgumentResolver Javadoc 2015-07-22 11:32:36 -05:00
Rob Winch 92ae45a04d SEC-3051: Add AbstractPreAuthenticatedProcessingFilter#principalChanged 2015-07-22 08:41:33 -05:00
Rob Winch a50d297f3a SEC-2953: Add index-docinfo.xml
This removes the "please define title in your docbook file"
2015-07-21 11:48:44 -05:00
Rob Winch 54dabb6433 SEC-2993: OpenID Sample now uses me.yahoo.com 2015-07-21 10:44:54 -05:00
Rob Winch cd4a7e95cc SEC-2991: Add CSRF Token to OpenID XML Sample 2015-07-21 10:42:24 -05:00
Rob Winch 07fb2af74b SEC-3011: AbstractUrlAuthorizationConfigurer postProcess default AccessDecisionManager 2015-07-21 08:52:36 -05:00
Rob Winch ab1b7a1eb6 Remove unnecessary @SuppressWarnings 2015-07-21 08:51:32 -05:00
Rob Winch 7c725a60e2 SEC-3047: SecurityContextHolderAwareRequestFactory update RequestFactory 2015-07-20 14:06:44 -05:00
Rob Winch 9b92d5a1e7 SEC-2963: Fix tests 2015-07-20 12:53:21 -05:00
Rob Winch e25b84c902 SEC-2963: Update to latest Google AppEngine 2015-07-20 12:36:29 -05:00