Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-13 15:42:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,192 Commits 44 Branches 345 Tags
Commit Graph

5192 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
b0ad8173b0 SEC-2913: Post Process default session fixation AuthenticationStrategy 
Before the default session fixation AuthenticationStrategy used a
NullEventPublisher when using the Java Configuration. This was due to the
fact that it is not exposed as a Bean and is not post processed.

We now post process the default session fixation AuthenticationStrategy
which initializes the EventPublisher properly.
 2015-03-25 21:43:11 -05:00
Rob Winch
ea27cb6593 Update springIoVersion to latest.integration 2015-03-25 21:43:11 -05:00
Rob Winch
fe82c8ab4c SEC-2897: ActiveDirectoryLdapAuthenticationProvider uses bindPrincipal 2015-03-10 16:37:26 -05:00
Spring Buildmaster
cf66f2f39e Next development version 2015-02-25 08:20:55 -08:00
Rob Winch
050407564c SEC-2871: Polish README.adoc 2015-02-25 09:47:05 -06:00
Rob Winch
1374898cd8 SEC-2879: Add Test 2015-02-24 23:19:27 -06:00
Michael Cramer
d5ed97eba6 SEC-2879: JdbcTokenRepositoryImpl updateToken should use lastUsed arg 2015-02-24 23:19:22 -06:00
Marcin Mielnicki
8f29c2cc36 SEC-2878: Clean imports in UsernamePasswordAuthenticationFilter 2015-02-24 22:52:28 -06:00
Eugene Wolfson
99d503f0a9 SEC-2877: Fix doc typo in index.adoc 
Replace "a`" with "a `"
 2015-02-24 22:29:29 -06:00
Romain Fromi
6c185f649b SEC-2876: HttpSecurityBuilder addFilterAfter javadoc before->after 2015-02-24 22:20:45 -06:00
izeye
58be282f70 SEC-2875: Fix typo in hellomvc guide 2015-02-24 22:14:16 -06:00
Rob Winch
2df05ee2c3 SEC-1915: Polish 
* Restore default search filter to remain passive
* Check the search filter in setSearchFilter
* Add additional tests
 2015-02-24 21:39:39 -06:00
Mateusz Rasiński
72bc6bf539 SEC-1915: Custom ActiveDirectory search filter 
Currently the search filter used when retrieving user details is hard coded.

New property in ActiveDirectoryLdapAuthenticationProvider:
- searchFilter - the LDAP search filter to use when searching for authorities,
default to search using 'userPrincipalName' (current) OR 'sAMAccountName'
 2015-02-24 21:39:27 -06:00
Rob Winch
1b26d03479 SEC-2832: Fix config tests 2015-02-24 17:53:54 -06:00
Rob Winch
dfaebfa63b SEC-2872: CsrfAuthenticationStrategy Delay Saving CsrfToken 2015-02-24 17:35:08 -06:00
Rob Winch
f794272bac SEC-2832: Add Tests 2015-02-24 17:35:05 -06:00
Stillglade
aa0a5b96ab SEC-2832: Update request attributes with new CsrfToken 2015-02-24 17:35:03 -06:00
Rob Winch
27c7cd150b SEC-2871: Polish README.adoc 2015-02-24 16:59:41 -06:00
shaehnel
b3d108fa44 SEC-2871: readme.txt->README.adoc 2015-02-24 16:59:33 -06:00
Rob Winch
975e4ec019 SEC-2078: AbstractPreAuthenticatedProcessingFilter requriesAuthentication support for non-String Principals 
Previously, if the Principal returned by getPreAuthenticatedPrincipal was not a String,
it prevented requiresAuthentication from detecting when the Principal was the same.
This caused the need to authenticate the user for every request even when the Principal
did not change.

Now requiresAuthentication will check to see if the result of
getPreAuthenticatedPrincipal is equal to the current Authentication.getPrincipal().
 2015-02-24 16:44:21 -06:00
Rob Winch
74f8534b17 SEC-2791: AbstractRememberMeServices sets the version 
If the maxAge < 1 then the version must be 1 otherwise browsers ignore
the value.
 2015-02-04 15:58:49 -06:00
Rob Winch
478a9650aa SEC-2831: Regex/AntPath RequestMatcher handle invalid HTTP method 2015-02-04 12:05:25 -06:00
Rob Winch
b79ba12502 SEC-2777: Fix <header> attributes in doc 2015-01-20 16:28:25 -06:00
Rob Winch
72de17d79a SEC-2822: Make EnableGlobalAuthenticationAutowiredConfigurer static Bean 
This ensures that EnableGlobalAuthenticationAutowiredConfigurer is actually
used in newer versions of Spring. See SPR-12646
 2015-01-20 14:30:04 -06:00
Rob Winch
e27200a255 SEC-2815: Delay looking up AuthenticationConfiguration 2015-01-20 14:30:04 -06:00
Rob Winch
c3f72f7b79 Merge pull request #160 from ractive/3.2.x 
SEC-2812: Fix german translations in 3.2.x
 2015-01-14 16:29:54 -06:00
james
b42cb9e3e1 SEC-2812: Fix german translations in 3.2.x 2015-01-12 13:48:50 +01:00
Rob Winch
b40088b73d Merge pull request #155 from wilkinsona/powermock-upgrade 
Upgrade to PowerMock 1.6.1
 2015-01-05 09:03:52 -06:00
Andy Wilkinson
4116596a6c Upgrade to PowerMock 1.6.1 
The Platform would like to move to JUnit 4.12 but cannot do so at the
moment as Spring Security uses a version of PowerMock which is
incompatible with JUnit 4.12. This commit updates Spring Security to use
PowerMock 1.6.1 with is compatible with JUnit 4.12.
 2015-01-05 09:52:26 +00:00
Christopher Pelloux
9de369c25f SEC-2800 Documentation typo in class name 2014-12-23 09:15:24 -06:00
Rob Winch
bf2d2d4597 SEC-2773: Add Test for static delegatingApplicationListener 2014-12-01 12:07:07 -06:00
Oliver Gierke
c05f27af6c SEC-2773: Prevent premature container initialization in WebSecurityConfiguration. 
Changed the bean definition method for the DelegatingApplicationListener
to be static to avoid the need to instantiate the configuration class which
caused further premature initializations to satisfy the dependencies
expressed in setFilterChainProxySecurityConfigurer(…).
 2014-12-01 12:07:05 -06:00
Rob Winch
cdac4d990b SEC-2747: Remove spring-core dependency from spring-security-crypto 2014-11-20 16:28:06 -06:00
Rob Winch
db66843e0b SEC-2749: CsrfConfigurer.requireCsrfProtectionMatcher correct null check 2014-11-20 14:42:53 -06:00
Rob Winch
c36cc88ac4 SEC-2150: Support class level annotations on Spring Data Repositories 2014-11-20 12:17:47 -06:00
Rob Winch
7d82349b1e SEC-2150: Add tests to verify JSR-250 Spec behavior 2014-11-20 12:17:44 -06:00
Rob Winch
b6ab9c85e9 SEC-2682: DelegatingSecurityContextRunnable/Callable delegate toString() 2014-11-20 11:51:26 -06:00
Rob Winch
29a8da4aa6 SEC-2574: Fix Bundlr 2014-11-20 11:10:58 -06:00
Rob Winch
b71989ecde SEC-2574: JavaConfig default SessionRegistry processes SessionDestroyedEvents 2014-11-19 17:10:14 -06:00
Rob Winch
eeef91498a SEC-2674: Documentation refers to httpStrictTransportSecurity() instead of hsts() 2014-11-19 13:33:27 -06:00
Spring Buildmaster
91bf099b01 Next development version 2014-08-15 11:20:59 -07:00
Rob Winch
137589325d SEC-2547: Update to cas-client-core-3.3.3 2014-08-15 12:42:07 -05:00
Rob Winch
0a184a8d79 SEC-2697: Fix logging of Spring Version Check 2014-08-15 12:41:26 -05:00
Rob Winch
2cb99f0791 SEC-2688: CAS Proxy Ticket Authentication uses Service for host & port 2014-08-11 15:20:58 -05:00
Rob Winch
d85a0a20bc SEC-2595: @EnableGlobalMethodSecurity AspectJ tweaks for Spring 3.2.x 2014-07-29 09:39:55 -05:00
Rob Winch
0a45d3170c SEC-2595: @EnableGlobalMethodSecurity AspectJ fixes 2014-07-25 16:27:49 -05:00
Rob Winch
89c5c56849 SEC-2599: HttpSessionEventPublisher get required ApplicationContext 
In order to get better error messages (avoid NullPointerException) the
HttpSessionEventPublisher now gets the required ApplicationContext which
throws an IllegalStateException with a good error message.
 2014-07-22 09:20:38 -05:00
Rob Winch
47acf17323 SEC-2588: Javadoc fix channelSecurity->requiresChannel 2014-07-21 14:23:47 -05:00
Rob Winch
52c585aef1 SEC-2665: Fix samples/ldap-jc link in reference 2014-07-21 14:21:05 -05:00
Rob Winch
89d80ed5c9 SEC-2683: Correct spelling of assignamble in AuthenticationPrincipalResolver Exception 2014-07-18 13:57:40 -05:00