Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-22 22:46:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,250 Commits 33 Branches 337 Tags
Commit Graph

305 Commits

Author SHA1 Message Date
Rob Winch
c67ff42b8a SEC-2783: XML Configuration Defaults Should Match JavaConfig 
* j_username -> username
* j_password -> password
* j_spring_security_check -> login
* j_spring_cas_security_check -> login/cas
* j_spring_cas_security_proxyreceptor -> login/cas/proxyreceptor
* j_spring_openid_security_login -> login/openid
* j_spring_security_switch_user -> login/impersonate
* j_spring_security_exit_user -> logout/impersonate
* login_error -> error
* use-expressions=true by default
 2014-12-08 15:09:15 -06:00
Rob Winch
87a52ffbfd SEC-2784: Update to Gradle 2.2.1 2014-12-08 13:29:07 -06:00
Rob Winch
6e204fff72 SEC-2781: Remove deprecations 2014-12-04 15:28:40 -06:00
Rob Winch
2cb2657f5b SEC-2702: Clean WebSocket Namespace documentation 2014-11-25 12:27:29 -06:00
Rob Winch
3c487c0348 SEC-2348: Update doc headers enabled by default with XML 2014-11-21 21:55:03 -06:00
Rob Winch
4392205f63 SEC-2347: CSRF Enabled by default w/ XML Config 2014-11-21 21:32:56 -06:00
Rob Winch
eedbf44235 SEC-2348: Security HTTP Response Headers enabled by default w/ XML 2014-11-21 16:06:29 -06:00
Rob Winch
4dcc89fab0 SEC-2674: Documentation refers to httpStrictTransportSecurity() instead of hsts() 2014-11-19 13:31:09 -06:00
Rob Winch
55d6d5a86a SEC-2615: accesscontrollist tag hasPermission performs OR not AND 
In 3.1 the accesscontrollist tag began performing an and on the
permissions. This may have been accidental, but I think that it is more
intuitive & secure for it to behave this way. When compared to hasAnyRole
and hasRoles the hasPermission tag implies it is an and. If users end up
needing OR support, then the authorize tag can be used along with the
hasPermission expression. For example:

  <sec:authorize access="hasPermission(#domain, 'read') or hasPermission(#domain, 'write') ">

In general, the authorize tag should be preferred as it is the more
powerful way of performing authorization checks.
 2014-11-18 16:59:46 -06:00
Rob Winch
e7edb77cae SEC-2716: Fix doc spelling of AbstractPreAuthenticatedProcessingFilter 2014-09-16 10:56:52 -05:00
Bloshchetsov Andrey Evgenyevich
bd322542ca Fixed broken url to Clickjacking description. 2014-08-20 10:11:21 +04:00
Rob Winch
934937d9c1 SEC-2688: CAS Proxy Ticket Authentication uses Service for host & port 2014-08-15 16:41:33 -05:00
Rob Winch
b97b84063a SEC-2665: Fix samples/ldap-jc link in reference 2014-07-21 14:20:14 -05:00
Alexander Grüneberg
d9efd08bfd SEC-2577: Add missing whitespace in reference 2014-04-28 16:24:48 -05:00
Rob Winch
5b216bd0b2 Revert "SEC-2547: Consistent CAS client version" 
This reverts commit f6cc9d87d5d85d8ea4c01696cbcd6f88ff558dca.
 2014-04-15 10:36:37 -05:00
Hans-Joachim Kliemeck
f6cc9d87d5 SEC-2547: Consistent CAS client version 2014-04-14 22:48:55 -05:00
Luke Taylor
71ba977dad Fix package name in manual code 2014-03-27 13:08:23 +00:00
Rob Winch
32d3e29c65 SEC-2325: Polish CSRF Tag support 
- Rename csrfField to csrfInput
- Make AbstractCsrfTag package scope
- rename FormFieldTag to CsrfInputTag
- rename MetaTagsTag to CsrfMetaTagsTag
- removed whitespace from tag output so output is
  minimized & improving browser performance
- Update @since
- changed test names to be more meaningful
 2014-03-07 15:28:52 -06:00
beamerblvd
a3e0475998 SEC-2325 Added JSP tags for CSRF meta tags and form fields 2014-03-07 15:28:48 -06:00
beamerblvd
26cee61b98 SEC-2335 Added ACL schema files for MySQL, SQL Server, Oracle 2014-03-07 15:28:45 -06:00
Manimaran Selvan
1d6536fa71 SEC-2512: Fix typo in reference` 
udates -> updates
 2014-03-06 22:22:34 -06:00
Rob Winch
4a1a2dfed4 Update min Spring version of 4.0.2.REELASE 2014-02-19 11:16:57 -06:00
Rob Winch
6c35c33abe SEC-2447: Fix AuthenticationManagerBuilder ordering issues 2014-02-09 21:17:51 -06:00
Rob Winch
b5f5665ea6 SEC-2463: CSRF documentation includes EnableWebMvcSecurity 2014-01-29 09:28:51 -06:00
Rob Winch
3b05fd6fed SEC-2466: Add link to MultipartFilter in CSRF multipart section 2014-01-28 22:04:35 -06:00
Rob Winch
4c84805ac9 SEC-2466: CSRF MutipartFilter doc now uses <url-pattern> 2014-01-28 16:51:05 -06:00
Rob Winch
f09ce267b3 Polish MVC doc 2013-12-16 12:30:25 -06:00
Rob Winch
5205bf57c6 SEC-2453: Create 403 CSRF FAQ Entry 2013-12-16 09:02:02 -06:00
Rob Winch
0d12397662 SEC-2385: Polish Gradle Spring 4 usage doc 2013-12-12 08:20:37 -06:00
Rob Winch
035067caf4 SEC-2385: Polish Gradle Spring 4 usage doc 2013-12-11 08:08:51 -06:00
Rob Winch
feeb380b51 Polish Guides 2013-12-06 11:12:07 -06:00
Rob Winch
74a6303b6f SEC-2385: Document how to use with Spring 4 2013-12-04 12:38:45 -06:00
Rob Winch
4308e72573 Polish CSRF log in caveat with link 2013-12-03 09:27:49 -06:00
Rob Winch
b8cc42e3a3 SEC-2426: Add CSRF and logout with non-post example 2013-12-03 09:07:54 -06:00
Rob Winch
ab08d99a52 SEC-2421: Remove filterProcessUrl from UsernamePasswordAuthenticationFilter doc 2013-12-02 16:47:57 -06:00
Rob Winch
135df149a3 SEC-2423: Document differences between defaults in Java & XML Config 2013-12-02 16:37:52 -06:00
Rob Winch
0b996c669f SEC-2424: Document ObjectPostProcessor 2013-12-02 10:17:08 -06:00
Rob Winch
5a59c74d02 SEC-2327: Document SecurityExpressionRoot 2013-11-20 16:59:05 -06:00
Rob Winch
4944e602cb SEC-2402: Reference cleanup 
* Fix link rendering in CSRF section
* Remove static from MultiHttpSecurityConfig sample
* Decrease indention since can render w/ PDF now
* Remove invalid characters
 2013-11-15 10:50:08 -06:00
Rob Winch
c135179029 Update to latest Asciidoctor version 
We will temporarily remove PDF support until the plugin supports it.
 2013-10-30 16:56:00 -05:00
Rob Winch
17b9f33351 SEC-2378: Fix CSRF MultipartFilter doc typo 2013-10-29 13:07:10 -05:00
Rob Winch
85ec2429d9 SEC-2349: Externalize FAQ 2013-10-23 17:43:32 -05:00
Rob Winch
355f884d22 SEC-2093: Document what is new in Spring Security 3.2 2013-10-18 16:39:01 -05:00
Rob Winch
4a24c81147 SEC-2299: Document @AuthenticationPrincipal 2013-10-18 15:46:29 -05:00
Rob Winch
a3009e303b SEC-2299: Document Web MVC integration 2013-10-18 11:23:58 -05:00
Rob Winch
6ea95cc3a3 SEC-2094: Document Concurrency Support 2013-10-18 09:50:49 -05:00
Rob Winch
348e3a22b6 SEC-2365: registerAuthentication->configure 2013-10-16 13:59:56 -05:00
Rob Winch
db3c626ac9 SEC-2281: Document Java Configuration 2013-10-16 10:44:35 -05:00
Rob Winch
bbefc62a87 Fix Security Header's link to HttpServletResponse.setHeader 2013-10-15 16:56:44 -05:00
Rob Winch
730dcffe6d Fix crossrefs in footnotes 2013-10-15 16:50:26 -05:00