Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-20 21:38:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,911 Commits 33 Branches 337 Tags
Commit Graph

410 Commits

Author SHA1 Message Date
Rob Winch
a888ddf8b3 SEC-2307: JavaConfig RequestCache ignores favicon.ico 2013-09-24 11:30:37 -05:00
Rob Winch
ddc0ef7ab3 SEC-2339: Added Logical (Or, And, Negated) RequestMatchers 2013-09-23 20:55:49 -05:00
Rob Winch
28fb6ba14b SEC-2328: Add hasAnyRole to ExpressionUrlAuthorizationConfiguration 2013-09-23 10:51:08 -05:00
Rob Winch
b16c17f70b SEC-2301: Remove invalid import 2013-09-20 16:09:23 -05:00
Rob Winch
a3d112979f SEC-2301: GlobalMethodSecurityConfiguration sets DefaultWebSecurityExpressionHandler BeanResolver 2013-09-20 15:53:58 -05:00
Rob Winch
f294480e6b SEC-2329: JC @Autowire(required=false) AuthenticationTrustResolver 
Java Configuration now allows optional @Autowire of
AuthenticationTrustResolver. In the WebSecurityConfigurerAdapter this is
done by populating AuthenticationTrustResolver as a sharedObject.
 2013-09-20 15:28:50 -05:00
Rob Winch
7537dfc33a SEC-2304: rm duplicate MethodExpressionHandler from GlobalMethodSecurityConfiguration 2013-09-20 15:13:02 -05:00
Rob Winch
5082a04626 SEC-2311: LogoutConfigurer allows other HTTP methods if CSRF is disabled 2013-09-19 16:05:26 -05:00
Rob Winch
8f8c6169e8 SEC-2331: Cache Control now includes Expires: 0 2013-09-19 14:06:37 -05:00
Rob Winch
c5c1419521 SEC-2332: GlobalMethodSecurityConfiguration includes proper voters 
Previously GlobalMethodSecurityConfiguration did not include the correct
voters. This updates the code and the tests to ensure that the proper
voters are added. Note this got past testing previously due to all the
voters abstaining, so tests were added for ensuring that methods could also
be invoked sucessfully using the configured annotation.
 2013-09-18 18:27:12 -05:00
Rob Winch
0114b457c0 SEC-2330: CacheControlHeadersWriter use a single header 2013-09-18 16:12:34 -05:00
Rob Winch
05a7c58daa SEC-2228: Change openid4j to optional in template.mf 2013-09-13 22:06:42 -07:00
Rob Winch
be8aad8306 SEC-2196: Demonstrate Method Security works on Generic methods 2013-09-13 16:20:43 -07:00
Rob Winch
662bb24370 SEC-1937: Added test to demonstrate SEC-1937 was invalid 2013-09-11 15:10:42 -07:00
Rob Winch
3c82e63ded Formatting cleanup 2013-09-11 15:10:20 -07:00
Rob Winch
7203faf34f SEC-2300: Update Spring LDAP version to 1.3.2.RELEASE 2013-08-31 11:26:43 -05:00
Rob Winch
3d2f23602f SEC-2294: Update Spring Version to 3.2.4.RELEASE 2013-08-31 11:26:43 -05:00
Rob Winch
6e9fb7930b SEC-2298: Add AuthenticationPrincipalArgumentResolver 2013-08-30 17:06:40 -05:00
Rob Winch
ae368829f4 Tweak PermGen for tests 2013-08-28 13:30:25 -05:00
Rob Winch
d89cf6db29 SEC-2283: Update headers documentation and tests 2013-08-28 12:35:40 -05:00
Rob Winch
4761614c9f SEC-2291: Fix internal links within reference 
Instead of using xlink:href="# use linkend="
 2013-08-28 09:12:27 -05:00
Rob Winch
26166ef6e8 SEC-2272: CsrfRequestDataValueProcessor support Spring 4 and Spring 3 2013-08-27 16:26:16 -05:00
Rob Winch
d60108eaf6 SEC-2229: Add optional dependencies to spring-security-config 
spring-tx and spring-jdbc aren't pulled in transitively from
spring-security-web now, so we must include them as optional dependencies.
 2013-08-25 19:47:57 -05:00
Rob Winch
18bd82e7d4 SEC-2131: Update doc to state session authentication sends 401 if no page 2013-08-25 11:37:23 -05:00
Nick Williams
f29505d657 SEC-2280: Fix SessionFixationConfigurer#changeSessionId Javadoc 
The Javadoc for SessionFixationConfigurer#changeSessionId() was copied and pasted from
SessionFixationConfigurer#none() and never updated. It is incorrect. This commit fixes that.
 2013-08-24 23:31:05 -05:00
Rob Winch
48283ec004 SEC-2276: Delay saving CsrfToken until token is accessed 
This also removed the CsrfToken from the response headers to prevent the
token from being saved. If user's wish to return the CsrfToken in the
response headers, they should use the CsrfToken found on the request.
 2013-08-24 23:31:01 -05:00
Rob Winch
c131fb6379 SEC-2139: named-security-filter are all defined and ordered correctly 2013-08-24 15:18:22 -05:00
Rob Winch
379cbd2a8b SEC-2274: Add ApplicationContext as HttpSecurity shared object 2013-08-21 16:50:09 -05:00
Rob Winch
0247dd124f SEC-2271: LogoutConfigurer#logoutUrl explains about CSRF 2013-08-21 06:58:09 -05:00
Rob Winch
110e769bd4 SEC-2257: Remove HttpSecurityBuilder#getAuthenticationManager() 
Removed in favor of using shared object.
 2013-08-19 15:22:04 -05:00
Rob Winch
5fe32bb3c8 SEC-2216: Add withObjectPostProcessor 2013-08-16 15:38:58 -05:00
Rob Winch
d62c2e0835 SEC-2244: Defaults based on loginPage are now updated when loginPage changes 2013-08-16 14:48:45 -05:00
Rob Winch
e0cad0d684 SEC-2230: Fix Header tests 2013-08-15 16:52:58 -05:00
Rob Winch
2e852f4613 SEC-2230: Remove stray import 2013-08-15 16:34:31 -05:00
Rob Winch
a469f26b10 SEC-2230: Polish Headers JavaConfig 2013-08-15 16:31:43 -05:00
Rob Winch
e9bb9e766e SEC-1574: Add CSRF Support 2013-08-15 14:49:21 -05:00
Rob Winch
797df51264 SEC-2135: Support HttpServletRequest#changeSessionId() 2013-08-15 13:59:16 -05:00
Rob Winch
13da42ca1b SEC-2137: Allow disabling session fixation and enable concurrency control 2013-08-15 12:50:40 -05:00
Rob Winch
976d9a9016 SEC-2194: Polish java config sample apps 2013-08-08 14:33:54 -05:00
Rob Winch
b13b87a1e7 Remove @Override from methods that override interfaces 
Ensure JDK5 compatibility
 2013-08-05 16:49:33 -05:00
Rob Winch
2266f0ca3f SEC-2238: Polish 2013-08-01 11:57:32 -05:00
Rob Winch
2fef79f3d2 SEC-2238: WebAsyncManagerIntegrationFilter Java Config 2013-08-01 11:40:34 -05:00
Rob Winch
94a73fee37 SEC-2230: Polish scoping and finals 2013-07-31 11:34:35 -05:00
Rob Winch
a1bf28a697 SEC-2239: Remove duplicate SessionCreationPolicy 2013-07-31 10:44:22 -05:00
Rob Winch
606bddf598 SEC-2230: Add Header JavaConfig 
Added JavaConfig for Headers. In the process, more HeaderWriter instances
were added so that we can reuse logic between the XML and JavaConfig. This
also prompted repackaging the writers.
 2013-07-31 10:39:52 -05:00
Rob Winch
bc8ff9590c SEC-2230: Defaults when using only <headers/> 
Previously an error occurred when no child elements were specified with
<headers/>.

Now all the explicitly supported header elements are added with their
default settings.
 2013-07-31 10:39:52 -05:00
Rob Winch
c85328c5d1 SEC-2230: HTTP Strict Transport Security (HSTS)Add support for Strict 
This is a distinct filter as apposed to reusing StaticHeaderWriter
since the specification specifies that the "Strict-Transport-Security"
header should only be set on secure requests. It would not make sense to
require DelegatingRequestMatcherHeaderWriter since this requirement is
in the specification.
 2013-07-31 10:39:52 -05:00
Rob Winch
8013cd54d6 SEC-2230: Added Cache Control support 2013-07-31 10:39:45 -05:00
Rob Winch
7b164bb5e1 SEC-2230: Polish pull request 2013-07-26 14:19:53 -05:00
Rob Winch
8acd205486 SEC-2232: HeaderFactory to HeaderWriter 2013-07-26 09:01:12 -05:00