Rob Winch
bed20db905
Remove Unnecessary @Override
2015-02-27 16:18:31 -06:00
Michael Cramer
c8b79289c9
add setter for using a custom name for the rememberMeParameter
2015-02-24 21:45:23 -06:00
Kazuki Shimizu
67cd8465c3
SEC-2826: Add remember-me-cookie attribute in xml namespace
2015-02-24 17:54:54 -06:00
Rob Winch
d2fd852711
SEC-2832: Fix config tests
2015-02-24 17:53:39 -06:00
Rob Winch
2bf4f28db9
Fix .properites user
2015-02-24 16:25:24 -06:00
Rob Winch
df96e5573f
Add test .properties Authentication Java Config
2015-02-24 16:14:15 -06:00
Rob Winch
37740cd020
SEC-2861: Add WebSocket Documentation & Sample
2015-02-24 10:29:47 -06:00
Rob Winch
b9563f6102
SEC-2830: Cleanup disabling Same Origin SockJS
...
- Defaults for properties false
- Add XML Namespace support
2015-02-24 10:28:33 -06:00
Rob Winch
b9e2a57131
SEC-2854: Add intercept-message@message-type
2015-02-20 11:43:16 -06:00
Rob Winch
fea03536d6
SEC-2853: Rename WebSocket XML Namespace elements
2015-02-20 11:43:15 -06:00
Rob Winch
fb085cae25
Add session-management@session-fixation-protection=none test
2015-02-19 13:01:59 -06:00
Rob Winch
6a8475adbb
SEC-2830: Provide Same Origin support for SockJS
2015-02-18 11:21:02 -06:00
Rob Winch
a27c33754c
SEC-2859: Add CsrfTokenArgumentResolver
2015-02-18 10:51:30 -06:00
Rob Winch
36fe0d0357
SEC-2845: SecurityContextChannelInterceptor support anonymous
2015-02-18 10:00:22 -06:00
Rob Winch
c4fe630f8e
SEC-2846: Security HTTP Response Headers Configuration Cleanup
2015-02-10 10:36:00 -06:00
Rob Winch
9b5f76f3d6
SEC-2833: Rossen's feedback on WebSocket
2015-02-04 10:43:12 -06:00
Rob Winch
6627f76df7
SEC-2758: Make ROLE_ consistent
2015-01-29 17:08:43 -06:00
Rob Winch
414f98bee0
SEC-2827: Clean up MessageMatcher Ambiguities
2015-01-23 17:29:54 -06:00
Rob Winch
1e5f7023c6
SEC-2822: Make EnableGlobalAuthenticationAutowiredConfigurer static Bean
...
This ensures that EnableGlobalAuthenticationAutowiredConfigurer is actually
used in newer versions of Spring. See SPR-12646
2015-01-20 14:28:17 -06:00
Rob Winch
62649af0aa
SEC-2815: Delay looking up AuthenticationConfiguration
2015-01-20 10:23:43 -06:00
Rob Winch
1677836d53
SEC-2790: Deprecate @EnableWebMvcConfig
2014-12-10 21:10:27 -06:00
Rob Winch
62e127e978
SEC-2789: Add Default WebSecurityConfigurerAdapter
2014-12-10 21:10:26 -06:00
Rob Winch
3171cc4364
SEC-2788: Add @Configuration as meta annotation to @Enable* annotations
2014-12-10 21:10:15 -06:00
Rob Winch
c67ff42b8a
SEC-2783: XML Configuration Defaults Should Match JavaConfig
...
* j_username -> username
* j_password -> password
* j_spring_security_check -> login
* j_spring_cas_security_check -> login/cas
* j_spring_cas_security_proxyreceptor -> login/cas/proxyreceptor
* j_spring_openid_security_login -> login/openid
* j_spring_security_switch_user -> login/impersonate
* j_spring_security_exit_user -> logout/impersonate
* login_error -> error
* use-expressions=true by default
2014-12-08 15:09:15 -06:00
Rob Winch
87a52ffbfd
SEC-2784: Update to Gradle 2.2.1
2014-12-08 13:29:07 -06:00
Rob Winch
6e204fff72
SEC-2781: Remove deprecations
2014-12-04 15:28:40 -06:00
Rob Winch
5bb0ce9a8f
SEC-2773: Add Test for static delegatingApplicationListener
2014-12-01 12:06:09 -06:00
Rob Winch
2cb2657f5b
SEC-2702: Clean WebSocket Namespace documentation
2014-11-25 12:27:29 -06:00
Rob Winch
8ad16b01f5
SEC-2702: Add WebSocket Security XML Namespace Support
2014-11-25 09:45:32 -06:00
Rob Winch
3c487c0348
SEC-2348: Update doc headers enabled by default with XML
2014-11-21 21:55:03 -06:00
Rob Winch
4392205f63
SEC-2347: CSRF Enabled by default w/ XML Config
2014-11-21 21:32:56 -06:00
Rob Winch
eedbf44235
SEC-2348: Security HTTP Response Headers enabled by default w/ XML
2014-11-21 16:06:29 -06:00
Rob Winch
30c5788b8b
SEC-1897: Remove raw types from AbstractAccessDecisionManager
2014-11-20 15:36:53 -06:00
Rob Winch
1cca72e6d8
SEC-2749: CsrfConfigurer.requireCsrfProtectionMatcher correct null check
2014-11-20 14:40:51 -06:00
Rob Winch
5810681b06
SEC-2574: JavaConfig default SessionRegistry processes SessionDestroyedEvents
2014-11-19 16:48:19 -06:00
Rob Winch
28446284a6
SEC-2713: Support authorization by SimpMessageType
2014-09-19 16:38:56 -05:00
Rob Winch
b9df7ba01f
SEC-2179: Allow customize PathMatcher for SimpDestinationMessageMatcher
2014-08-18 11:04:04 -05:00
Rob Winch
3f30529039
SEC-2179: Add Spring Security Messaging Support
2014-08-15 20:46:58 -05:00
Rob Winch
8a2a1b7a5b
SEC-2595: Polish
2014-07-25 16:27:19 -05:00
Mirko Zeibig
75df42cb7c
SEC-2656: Fix <frame-options> with whitelist strategy
2014-06-18 09:10:28 -05:00
Rob Winch
f73b579ad9
SEC-2543: Logout with CSRF enabled requires POST by default
2014-05-02 11:24:02 -05:00
Rob Winch
37bb350883
SEC-2549: Remove LazyBean marker interface
2014-04-24 14:34:35 -05:00
Rob Winch
c411014c24
SEC-2533: Global AuthenticationManagerBuilder disables clearing child credentials
2014-03-25 13:05:44 -05:00
Rob Winch
cb0549a609
SEC-2498: RequestCache allows POST when CSRF is disabled
2014-03-25 10:50:59 -05:00
Rob Winch
d079044592
SEC-2531: AuthenticationConfiguration#lazyBean should use BeanClassLoader
2014-03-24 14:58:19 -05:00
Rob Winch
e4a58375cc
SEC-2515: Detect object cycle for AuthenticationManager configuration
2014-03-10 14:33:35 -05:00
Rob Winch
4cdeacc277
SEC-2499: Allow MethodSecurityExpressionHandler in parent context
...
Previously a NoSuchBeanDefintionException was thrown when the
MethodSecurityExpressionHandler was defined in the parent context. This
happened due to trying to work around ordering issues related to SEC-2136
This commit resolves this by not marking the
MethodSecurityExpressionHandler bean as lazy unless it exists.
2014-03-06 21:14:35 -06:00
Rob Winch
04a527d4ec
SEC-2495: CSRF disables logout on GET
2014-02-20 09:40:00 -06:00
Rob Winch
85305050c0
SEC-2455: Fix XML default login generation
2014-02-18 13:52:05 -06:00
Rob Winch
7a3da28987
SEC-2479: Search parent context for AuthenticationManager
2014-02-12 08:11:26 -06:00
