Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-04 17:52:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,635 Commits 44 Branches 348 Tags
Commit Graph

571 Commits

Author SHA1 Message Date
Marten Deinum
b88418b94a Configuration of session management strategies 
This commit adds an ExpiredSessionStrategy for the ConcurrentSessionFilter
analogous to the InvalidSessionStrategy for the SessionManagementFilter. It also
adds a configuration option for both the InvalidSessionStrategy and
ExpiredSessionStrategy to the XML namespace and Java configuration.

Fixes gh-3794
Fixes gh-3795
 2016-09-15 11:10:17 -05:00
Kazuki Shimizu
37c6605062 Add explanation for DelegatingAuthenticationFailureHandler (#207) 2016-09-02 13:27:23 -05:00
Marek Jeszka
2deb722a1f JavaDoc links in 5.5 Handling Logouts fixed (#3993) 
Fixes gh-3992
 2016-08-15 10:13:36 -05:00
qwazer
fe117bc445 [minor] fix grammar error (#4013) 
add space: that"collects" -> that "collects"
 2016-08-15 09:42:36 -05:00
Rob Winch
3befb1c8a6 MvcRequestMatcher servletPath / JavaConfig 
Issue: gh-3987
 2016-08-09 16:29:30 -05:00
Artur Owczarek
0b14664a8c Fix typos in reference (#3979) 2016-07-19 15:42:23 -05:00
Johnny Lim
69306a8b46 Fix typo (#3968) 
Fixes typo `advantadge`
 2016-07-13 12:37:26 -05:00
Johnny Lim
310bb39a0d Fix typo 2016-07-06 16:22:33 -05:00
Rob Winch
e4c13e3c0e Add MvcRequestMatcher 
Fixes gh-3964
 2016-07-06 15:47:23 -05:00
Rob Winch
13bc70f693 Add CorsFilter support 2016-07-05 14:28:04 -05:00
Rob Winch
dd9b59ba31 Document Digest is insecure 
Fixes gh-3894
 2016-06-20 14:10:36 -05:00
Shannon Carey
9fa2c64737 Documentation SecurityConfig->WebSecurityConfig 
Rename SecurityConfig to WebSecurityConfig in the documentation.

Fixes gh-153
 2016-06-17 16:55:46 -05:00
Pedro Vilaça
208f898403 Improve csrf login caveats 
Add a suggestion to retrieve a fresh csrf token right before the
form submission in order to avoid problems with invalid csrf tokens
due session timeouts.

Fixes gh-3925
 2016-06-13 16:26:16 +01:00
Ryan W. Moore
8aea83011d Docs: Remove broken link 
I think the originally intended destination no longer exists in the
documentation.
 2016-05-28 21:09:15 -04:00
Ryan W. Moore
fd65652bbe Docs: Fix broken link to security database schema 2016-05-28 21:09:15 -04:00
Ryan W. Moore
38e9f6a851 Docs: Fix broken link to csrfInput tag info 
ID names are case sensitive.
 2016-05-28 21:09:15 -04:00
Ryan W. Moore
cdb04c50e8 Docs: Fix broken link to websocket security info 2016-05-28 21:09:15 -04:00
Ryan W. Moore
057ea4fb17 Docs: Make 'Getting Started' a level 1 section heading 
This fixes the following build error:

  asciidoctor: ERROR: index.adoc: line 26: invalid part, must have at least one
  section (e.g., chapter, appendix, etc.)
 2016-05-28 21:09:01 -04:00
David Kane
503828c994 Add FAQ for JSP taglib & method security 
Updated FAQ to clarify how the url attribute of the authorize tag
interacts with method security
 2016-05-23 08:39:54 -05:00
Pedro Vilaça
ea2b5dd412 Fix wrong class name reference in the docs 
In the documentation, there was a reference to a class called CsrfTokenResolver
and it should CsrfTokenArgumentResolver

Fixes gh-3890
 2016-05-18 20:26:20 +01:00
Rob Winch
f363c62afd Document spring-security-test dependency 
Fixes gh-3873
 2016-05-16 10:56:50 -04:00
Joe Grandja
66980e827c Add Spring Boot Hello World guide 
Add Spring Boot Hello World Guide

Fixes gh-3866
 2016-05-13 14:05:29 -05:00
Rob Winch
ede521dc8d authorizeUrls -> authorizeRequests 
Replace remaining authorizeUrls with authorizeRequests

Fixes gh-3875
 2016-05-09 10:34:36 -05:00
Rob Winch
d4218c70f1 Update CookieCsrfTokenRepository docs to cookiHttpOnly=false 
Currently CookieCsrfTokenRepository does not specify that the httpOnly
flag needs set to false. We should update the reference to include this
setting (and a comment about it) since it states that the settings will
work with AngularJS.

This commit updates the documentation and provides a convenience factory
method to create a CookieCsrfTokenRepository with cookiHttpOnly=false

Fixes gh-3865
 2016-05-06 16:28:04 -04:00
Rob Winch
9745de9510 Add @AuthenticationPrincipal expression 
It is now possible to provide a SpEL expression for
@AuthenticationPrincipal. This allows invoking custom logic including
methods on the principal object.

Fixes gh-3859
 2016-05-03 18:08:52 -04:00
Patrick Cornelißen
eaf8729941 Fixes RC1/RC2 URLs 
Fixes gh-3838
 2016-04-22 13:45:21 -04:00
Wim Deblauwe
85786824af Fix logout url in doc 
The default for logout is to redirect to `/login?logout`

Fixes gh-251
 2016-04-21 14:25:44 -04:00
Joe Grandja
4ee46a5f58 Add What's new in 4.1 RC2 
Add What's new in 4.1 RC2

Fixes gh-3830
 2016-04-20 19:26:54 -05:00
Johnny Lim
933a7e8363 Remove duplicate words 
Fixes gh-3826
 2016-04-18 23:21:20 -05:00
Joe Grandja
81c9fa805f Fix AuthenticationPrincipalArgumentResolver xml doc 
Fixes gh-3771
 2016-04-15 16:06:17 -05:00
Joe Grandja
2ef3da1b47 Documents the new @AuthenticationPrincipal in more detail. 
Fixes gh-3771
 2016-04-13 12:27:23 -04:00
Rob Winch
95a3e30d9f Polish Pbkdf2PasswordEncoder 
Fixes gh-2158
Fixes gh-51
 2016-04-12 17:16:38 -05:00
Rob Winch
d3a9cc6eae Add CsrfTokenRepository (#3805) 
* Create LazyCsrfTokenRepository

Fixes gh-3790

* Add CookieCsrfTokenRepository

Fixes gh-3009
 2016-04-12 17:26:53 -04:00
Art O Cathain
1d271184c9 Fix Documentation Formatting 
Fix corrupted character and add formatting per the duplicated text
block

Fixes gh-193
 2016-04-12 13:07:07 -05:00
Soeun Park
8f7cf28435 Fix typos in documentation 
Fixes gh-196
Fixes gh-3109
 2016-04-12 12:59:21 -05:00
Johnny Lim
fe94d654ed Fix typos (#228) 2016-04-12 11:11:51 -05:00
Joe Grandja
945a21a3fb Use xml / javaconfig folders for samples 
Fixes gh-3752
 2016-04-11 09:47:06 -05:00
Kamill Sokol
9c3db557dd Add missing # in SpEL expression doc 
SpEL variables can be referenced in the expression using the syntax
23.2.2 Path Variables in Web Security Expressions.

Fixes gh-3781
 2016-04-01 10:21:17 -05:00
Joe Grandja
9e5cdbd133 Includes a reference to the https://report-uri.io/ service in the CSP and HPKP documentation. 
Fixes gh-3772
 2016-03-30 12:12:43 -04:00
Rob Winch
b3d26ed5d6 Add changelog in What's New 
Issue gh-3768
 2016-03-22 22:40:58 -05:00
Rob Winch
bf9a837b9a Polish What's New 
Issue gh-3768
 2016-03-22 22:37:52 -05:00
Rob Winch
40b7fa5b72 Update Issues Link 
Issue gh-3333
 2016-03-22 22:37:52 -05:00
Rob Winch
3e47531b19 Polish CSP reference 
Issue gh-3763
 2016-03-22 22:37:51 -05:00
Rob Winch
e04f685747 Fix Typo in @WithUserDetails reference 
Issue gh-3346
 2016-03-22 22:37:41 -05:00
Joe Grandja
2f7f2ff589 Adds support for Content Security Policy 
Fixes gh-2342
 2016-03-22 21:59:13 -05:00
Rob Winch
4cb9b202f8 Remove subversion from reference 
Fixes gh-3766
 2016-03-22 16:37:39 -05:00
Rob Winch
683d751902 Polish What's New 
Fixes gh-3768
 2016-03-22 16:33:25 -05:00
Rob Winch
4b650dc58d Allow AuthenticationProvider Bean in Java Config 
This commit adds support for defaulting java configuration's
authentication by providing an AuthenticationProvider Bean.

Fixes gh-3091
 2016-03-22 16:17:25 -05:00
Rob Winch
988b54ec3d Remove invalid ` from docs 
Fixes gh-3751
 2016-03-15 14:38:23 -05:00
Rob Winch
134a0a7f96 Move FAQ to appendix 
Fixes gh-3761
 2016-03-15 14:37:35 -05:00