Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-04-24 09:50:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,487 Commits 50 Branches 379 Tags
Commit Graph

179 Commits

Author SHA1 Message Date
Rob Winch
b9f8af3096 SEC-3063: rm ConditionalOnMissingBean for @Primary 
ConditionalOnMissingBean can only work in a Spring Boot environment. This
means this approach is flawed.

Instead users that wish to override requestDataValueProcessor can use
@Primary.
 2015-10-21 15:40:43 -05:00
Rob Winch
cbed1d75ee SEC-3076: Add Method Level Security Meta Annotations 2015-08-19 16:07:03 -05:00
Rob Winch
64938ebcfc SEC-2996: Suport configuring SecurityExpressionHandler<Message<Object>> 2015-07-13 22:45:35 -05:00
Rob Winch
57b06fb0b5 SEC-2864: Default Spring Security WebSocket PathMatcher 2015-03-25 13:14:15 -05:00
Rob Winch
ae6af5d73c SEC-2915: Updated Java Code Formatting 2015-03-25 13:09:18 -05:00
Rob Winch
bed20db905 Remove Unnecessary @Override 2015-02-27 16:18:31 -06:00
Rob Winch
37740cd020 SEC-2861: Add WebSocket Documentation & Sample 2015-02-24 10:29:47 -06:00
Rob Winch
b9563f6102 SEC-2830: Cleanup disabling Same Origin SockJS 
- Defaults for properties false
- Add XML Namespace support
 2015-02-24 10:28:33 -06:00
Rob Winch
fea03536d6 SEC-2853: Rename WebSocket XML Namespace elements 2015-02-20 11:43:15 -06:00
Rob Winch
6a8475adbb SEC-2830: Provide Same Origin support for SockJS 2015-02-18 11:21:02 -06:00
Rob Winch
a27c33754c SEC-2859: Add CsrfTokenArgumentResolver 2015-02-18 10:51:30 -06:00
Rob Winch
36fe0d0357 SEC-2845: SecurityContextChannelInterceptor support anonymous 2015-02-18 10:00:22 -06:00
Rob Winch
9b5f76f3d6 SEC-2833: Rossen's feedback on WebSocket 2015-02-04 10:43:12 -06:00
Rob Winch
6627f76df7 SEC-2758: Make ROLE_ consistent 2015-01-29 17:08:43 -06:00
Rob Winch
414f98bee0 SEC-2827: Clean up MessageMatcher Ambiguities 2015-01-23 17:29:54 -06:00
Rob Winch
1677836d53 SEC-2790: Deprecate @EnableWebMvcConfig 2014-12-10 21:10:27 -06:00
Rob Winch
3171cc4364 SEC-2788: Add @Configuration as meta annotation to @Enable* annotations 2014-12-10 21:10:15 -06:00
Rob Winch
c67ff42b8a SEC-2783: XML Configuration Defaults Should Match JavaConfig 
* j_username -> username
* j_password -> password
* j_spring_security_check -> login
* j_spring_cas_security_check -> login/cas
* j_spring_cas_security_proxyreceptor -> login/cas/proxyreceptor
* j_spring_openid_security_login -> login/openid
* j_spring_security_switch_user -> login/impersonate
* j_spring_security_exit_user -> logout/impersonate
* login_error -> error
* use-expressions=true by default
 2014-12-08 15:09:15 -06:00
Rob Winch
6e204fff72 SEC-2781: Remove deprecations 2014-12-04 15:28:40 -06:00
Rob Winch
8ad16b01f5 SEC-2702: Add WebSocket Security XML Namespace Support 2014-11-25 09:45:32 -06:00
Rob Winch
3c487c0348 SEC-2348: Update doc headers enabled by default with XML 2014-11-21 21:55:03 -06:00
Rob Winch
eedbf44235 SEC-2348: Security HTTP Response Headers enabled by default w/ XML 2014-11-21 16:06:29 -06:00
Rob Winch
28446284a6 SEC-2713: Support authorization by SimpMessageType 2014-09-19 16:38:56 -05:00
Rob Winch
b9df7ba01f SEC-2179: Allow customize PathMatcher for SimpDestinationMessageMatcher 2014-08-18 11:04:04 -05:00
Rob Winch
3f30529039 SEC-2179: Add Spring Security Messaging Support 2014-08-15 20:46:58 -05:00
Rob Winch
4cdeacc277 SEC-2499: Allow MethodSecurityExpressionHandler in parent context 
Previously a NoSuchBeanDefintionException was thrown when the
MethodSecurityExpressionHandler was defined in the parent context. This
happened due to trying to work around ordering issues related to SEC-2136

This commit resolves this by not marking the
MethodSecurityExpressionHandler bean as lazy unless it exists.
 2014-03-06 21:14:35 -06:00
Rob Winch
994117ad75 SEC-2436: Fix CsrfConfigurerNoWebMvcTests 2013-12-14 14:48:47 -06:00
Rob Winch
2df5541905 SEC-2448: Update to HSQL 2.3.1 2013-12-14 10:19:06 -06:00
Rob Winch
348e3a22b6 SEC-2365: registerAuthentication->configure 2013-10-16 13:59:56 -05:00
Rob Winch
51171efa7a SEC-2357: Move *RequestMatcher to .matcher package 2013-10-14 11:55:56 -05:00
Rob Winch
14b9050616 SEC-2357: Move *RequestMatchers to .matchers package 2013-10-14 10:36:31 -05:00
Rob Winch
cea0cf9260 SEC-2243: Remove additional Debug Filter 2013-09-26 11:38:16 -05:00
Rob Winch
be8aad8306 SEC-2196: Demonstrate Method Security works on Generic methods 2013-09-13 16:20:43 -07:00
Rob Winch
48283ec004 SEC-2276: Delay saving CsrfToken until token is accessed 
This also removed the CsrfToken from the response headers to prevent the
token from being saved. If user's wish to return the CsrfToken in the
response headers, they should use the CsrfToken found on the request.
 2013-08-24 23:31:01 -05:00
Rob Winch
e9bb9e766e SEC-1574: Add CSRF Support 2013-08-15 14:49:21 -05:00
Rob Winch
797df51264 SEC-2135: Support HttpServletRequest#changeSessionId() 2013-08-15 13:59:16 -05:00
Marten Deinum
0adf5aea91 SEC-2098, SEC-2099: Created HeadersFilter 
Created HeadersFilter for setting security headers added including a
bean definition parser for easy configuration of the headers. Enables
easy configuration for the X-Frame-Options, X-XSS-Protection and
X-Content-Type-Options headers. Also allows for additional headers to
be added.
 2013-07-25 16:22:43 -05:00
Luke Taylor
ebba8ac514 SEC-2122: Update namespace to support bcrypt. 
password-encoder now supports hash='bcrypt'.
 2013-05-17 19:17:18 +01:00
Rob Winch
f594ed76db SEC-2087: GlobalMethodSecurityBeanDefinitionParser uses AuthenticationManager to create AuthenticationManagerDelegator 2013-04-25 08:56:46 -05:00
Rob Winch
e8661913d1 SEC-2119: Update to 3.2 schema and use default schema version when available 2013-03-01 16:29:27 -06:00
Rob Winch
914ec45e43 SEC-2136: Lazy load MethodSecurityExpressionHandler & MethodSecurityExpressionHandler.expressionParser 
Previously wiring dependencies created with a FactoryBean into
MethodSecurityExpressionHandler &
MethodSecurityExpressionHandler.expressionParser and  would cause
NoSuchBeanDefinitionException's to occur. These changes make it easier
(but not impossible) to avoid such errors.

The following changes were made:

    - ExpressionBasedAnnotationAttributeFactory delays the invocation of
      MethodSecurityExpressionHandler.getExpressionParser()
    - MethodSecurityExpressionHandler is automatically wrapped in a
      LazyInitTargetSource and marked as lazyInit=true
 2013-02-28 10:26:12 -06:00
Rob Winch
42b72bcbc4 SEC-1980: Prevent parser warning when URL's in configuration start with # 
Previously a warning would be logged to the parser when a URL was
configured with a SpEL expression. These changes prevent warnings from
being logged when using SpEL for URL configuration.
 2012-07-10 14:24:42 -05:00
Rob Winch
254333ce82 SEC-1957: DefaultFilterChainValidator no longer casts to DefaultFilterInvocationSecurityMetadataSource 2012-04-29 15:59:24 -05:00
Rob Winch
488efbc97e SEC-1901: Changed DebugFilter to no longer extend OncePerRequesetFilter so that the FilterChainProxy is invoked on forwards 2012-03-17 11:16:21 -05:00
Rob Winch
2d556c7b4f SEC-1885: Change SecurityDebugBeanFactoryPostProcessor to only interact with BeanDefinitions rather than instances to prevent premature instatiation of FilterChainProxy and its dependencies 
This issue occurred because the AutowiredAnnotationBeanPostProcessor had not been registered when the SecurityDebugBeanFactoryPostProcessor tried to obtain the FilterChainProxy. This caused
all of the FilterChainProxy's dependant beans to be resolved and if they used @Autowired they would not get processed properly.
 2012-01-07 13:52:50 -06:00
Rob Winch
ea56a98883 SEC-1868: Remove error level logs from SecurityNamespaceHandler when the web classes are not available and not required 
To get the detailed errors the FilterChainProxy is loaded again in reportMissingWebClasses
and included in the readerContext fatal log.
 2011-12-30 10:51:17 -06:00
Rob Winch
aabb16912f SEC-1878: DefaultFilterChainValidator properly handles AccessDecisionManager throwing exceptions other than AccessDeniedException 2011-12-28 16:43:19 -06:00
Luke Taylor
2f67bb3032 SEC-1847: Add authentication-manager-ref attribute to http and global-method-security namespace elements. 2011-10-30 21:51:02 +00:00
Luke Taylor
f92589f051 Extract a SecurityFilterChain interface and create a default implementation to facilitate other configuration options. 2011-07-06 00:12:48 +01:00
Luke Taylor
5d20f57fa8 Import cleaning. 2011-07-02 20:36:42 +01:00