Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,975 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

430 Commits

Author SHA1 Message Date
Rob Winch 26be54653b SEC-2382: AutowireBeanFactoryObjectPostProcessor works w/ BeanNameAutoProxyCreator 2013-10-30 11:20:42 -05:00
Rob Winch 9e7fbf8067 SEC-2321: Refine to use X-Requested-With: XMLHttpRequest 2013-10-28 14:00:56 -05:00
Rob Winch 5f290ba10f SEC-2371: Remove ObjectPostProcessor.QUIESENT_POSTPROCESSOR 2013-10-18 14:31:13 -05:00
Rob Winch 604c26eb0d Shis simplifies the class hieararchy significantly.EC-2366: Extract AbstractRequestMatcherRegistry from AbstractRequestMatcherConfigurer 
This simplifies the class hierarchy significantly.
 2013-10-17 13:37:51 -05:00
Rob Winch 348e3a22b6 SEC-2365: registerAuthentication->configure 2013-10-16 13:59:56 -05:00
Rob Winch 0978c12c47 SEC-2361: Java Config Sampels use @Autowired AuthenticationManagerBuilder 2013-10-15 12:35:32 -05:00
Rob Winch 0b0e7dbea9 SEC-2359: Merge DefaultLoginPageViewFilter w/ DefaultLoginPageGeneratingFilter 2013-10-14 15:00:24 -05:00
Rob Winch 51171efa7a SEC-2357: Move *RequestMatcher to .matcher package 2013-10-14 11:55:56 -05:00
Rob Winch 14b9050616 SEC-2357: Move *RequestMatchers to .matchers package 2013-10-14 10:36:31 -05:00
Rob Winch f2b44e6beb Fix javadoc whitespace issue in HttpBasicConfigurer 2013-10-11 14:53:11 -05:00
Rob Winch 4ef0460ef6 SEC-2321: Improve Java Config defaults for JavaScript clients 2013-10-11 14:53:11 -05:00
Rob Winch 5f10d84bf5 SEC-2303: WebSecurity sets the Bean resolver 2013-10-06 13:37:51 -05:00
Rob Winch dd1c2483b5 SEC-2349: Fix documentation tests 2013-10-03 17:03:17 -05:00
Rob Winch 8087cde628 SEC-2331: Include Expires: 0 in xsd and appendix 2013-09-27 17:10:42 -05:00
Rob Winch 17efd25717 SEC-2331: Include Expires: 0 in security headers documentation 2013-09-27 16:13:40 -05:00
Rob Winch 614c94187e SEC-2305: GlobalMethodSecurityConfiguration autowire PermissionEvaluator 
If a single PermissionEvaluator bean is found the
DefaultMethodSecurityExpressionHandler is configured with the
PermissionEvaluator. If multiple PermissionEvaluator beans are found, the
beans are ignored.
 2013-09-27 15:46:45 -05:00
Rob Winch a09756745f SEC-2151: Support binding method arguments with Annotations 
This allow utilizing method arguments for method access control on
interfaces prior to JDK 8.
 2013-09-27 11:18:37 -05:00
Rob Winch cea0cf9260 SEC-2243: Remove additional Debug Filter 2013-09-26 11:38:16 -05:00
Rob Winch 56ce7d284c SEC-2336: WebSecurityConfigurerAdapter#registerAuthentication javadoc fixes 2013-09-26 09:08:25 -05:00
Rob Winch 88f41cdf62 SEC-2341: Update to Gradle 1.8 
Some dependencies were necessary to update due to issues with JUnit
integration.
 2013-09-24 15:35:51 -05:00
Rob Winch a888ddf8b3 SEC-2307: JavaConfig RequestCache ignores favicon.ico 2013-09-24 11:30:37 -05:00
Rob Winch ddc0ef7ab3 SEC-2339: Added Logical (Or, And, Negated) RequestMatchers 2013-09-23 20:55:49 -05:00
Rob Winch 28fb6ba14b SEC-2328: Add hasAnyRole to ExpressionUrlAuthorizationConfiguration 2013-09-23 10:51:08 -05:00
Rob Winch b16c17f70b SEC-2301: Remove invalid import 2013-09-20 16:09:23 -05:00
Rob Winch a3d112979f SEC-2301: GlobalMethodSecurityConfiguration sets DefaultWebSecurityExpressionHandler BeanResolver 2013-09-20 15:53:58 -05:00
Rob Winch f294480e6b SEC-2329: JC @Autowire(required=false) AuthenticationTrustResolver 
Java Configuration now allows optional @Autowire of
AuthenticationTrustResolver. In the WebSecurityConfigurerAdapter this is
done by populating AuthenticationTrustResolver as a sharedObject.
 2013-09-20 15:28:50 -05:00
Rob Winch 7537dfc33a SEC-2304: rm duplicate MethodExpressionHandler from GlobalMethodSecurityConfiguration 2013-09-20 15:13:02 -05:00
Rob Winch 5082a04626 SEC-2311: LogoutConfigurer allows other HTTP methods if CSRF is disabled 2013-09-19 16:05:26 -05:00
Rob Winch 8f8c6169e8 SEC-2331: Cache Control now includes Expires: 0 2013-09-19 14:06:37 -05:00
Rob Winch c5c1419521 SEC-2332: GlobalMethodSecurityConfiguration includes proper voters 
Previously GlobalMethodSecurityConfiguration did not include the correct
voters. This updates the code and the tests to ensure that the proper
voters are added. Note this got past testing previously due to all the
voters abstaining, so tests were added for ensuring that methods could also
be invoked sucessfully using the configured annotation.
 2013-09-18 18:27:12 -05:00
Rob Winch 0114b457c0 SEC-2330: CacheControlHeadersWriter use a single header 2013-09-18 16:12:34 -05:00
Rob Winch 05a7c58daa SEC-2228: Change openid4j to optional in template.mf 2013-09-13 22:06:42 -07:00
Rob Winch be8aad8306 SEC-2196: Demonstrate Method Security works on Generic methods 2013-09-13 16:20:43 -07:00
Rob Winch 662bb24370 SEC-1937: Added test to demonstrate SEC-1937 was invalid 2013-09-11 15:10:42 -07:00
Rob Winch 3c82e63ded Formatting cleanup 2013-09-11 15:10:20 -07:00
Rob Winch 7203faf34f SEC-2300: Update Spring LDAP version to 1.3.2.RELEASE 2013-08-31 11:26:43 -05:00
Rob Winch 3d2f23602f SEC-2294: Update Spring Version to 3.2.4.RELEASE 2013-08-31 11:26:43 -05:00
Rob Winch 6e9fb7930b SEC-2298: Add AuthenticationPrincipalArgumentResolver 2013-08-30 17:06:40 -05:00
Rob Winch ae368829f4 Tweak PermGen for tests 2013-08-28 13:30:25 -05:00
Rob Winch d89cf6db29 SEC-2283: Update headers documentation and tests 2013-08-28 12:35:40 -05:00
Rob Winch 4761614c9f SEC-2291: Fix internal links within reference 
Instead of using xlink:href="# use linkend="
 2013-08-28 09:12:27 -05:00
Rob Winch 26166ef6e8 SEC-2272: CsrfRequestDataValueProcessor support Spring 4 and Spring 3 2013-08-27 16:26:16 -05:00
Rob Winch d60108eaf6 SEC-2229: Add optional dependencies to spring-security-config 
spring-tx and spring-jdbc aren't pulled in transitively from
spring-security-web now, so we must include them as optional dependencies.
 2013-08-25 19:47:57 -05:00
Rob Winch 18bd82e7d4 SEC-2131: Update doc to state session authentication sends 401 if no page 2013-08-25 11:37:23 -05:00
Nick Williams f29505d657 SEC-2280: Fix SessionFixationConfigurer#changeSessionId Javadoc 
The Javadoc for SessionFixationConfigurer#changeSessionId() was copied and pasted from
SessionFixationConfigurer#none() and never updated. It is incorrect. This commit fixes that.
 2013-08-24 23:31:05 -05:00
Rob Winch 48283ec004 SEC-2276: Delay saving CsrfToken until token is accessed 
This also removed the CsrfToken from the response headers to prevent the
token from being saved. If user's wish to return the CsrfToken in the
response headers, they should use the CsrfToken found on the request.
 2013-08-24 23:31:01 -05:00
Rob Winch c131fb6379 SEC-2139: named-security-filter are all defined and ordered correctly 2013-08-24 15:18:22 -05:00
Rob Winch 379cbd2a8b SEC-2274: Add ApplicationContext as HttpSecurity shared object 2013-08-21 16:50:09 -05:00
Rob Winch 0247dd124f SEC-2271: LogoutConfigurer#logoutUrl explains about CSRF 2013-08-21 06:58:09 -05:00
Rob Winch 110e769bd4 SEC-2257: Remove HttpSecurityBuilder#getAuthenticationManager() 
Removed in favor of using shared object.
 2013-08-19 15:22:04 -05:00