Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-21 05:44:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,886 Commits 33 Branches 337 Tags
Commit Graph

447 Commits

Author SHA1 Message Date
stonio
c8ed130008 Fix websocket.adoc typo 2016-12-21 10:19:51 -06:00
Johnny Lim
f94399cff9 Polish 2016-11-17 09:49:41 -06:00
Dapeng
94fb1893de fix typo "RemoteIpValve" 2016-11-16 14:13:53 -06:00
Rob Winch
fd9f57eb5f Update What's New changelogs 2016-11-09 17:00:09 -06:00
Rob Winch
f0a9421aa4 SecurityJacksonModules->SecurityJackson2Modules 
Fixes gh-4121
 2016-11-09 16:42:41 -06:00
Rob Winch
14a656186d Polish Referrer Header Policy Docs 
Previously, the Referrer Header Policy was accidentally placed within
the CSP section.

Move Referrer Header Polich outside of the CSP section.

Issue gh-4110
 2016-11-09 13:15:06 -06:00
stonio
2a197c72eb Fix typos in the reference 
Fix typos in the reference documentation

Fixes gh-4113
 2016-11-09 10:05:27 -06:00
Rob Winch
ab5af87953 Add Referrer Policy to What's New 2016-11-08 16:14:20 -06:00
Eddú Meléndez
23294c4c57 Add Referrer-Policy header support 
Fixes gh-4110
 2016-11-08 13:21:35 -06:00
Kazuki Shimizu
eb2870bf82 Polishing doc in What's New in Spring Security 4.2 2016-11-08 11:19:51 -06:00
Rob Winch
cf3d6e7167 Fix Small Typo 
propoerty->property
 2016-10-31 11:31:52 -05:00
Rob Winch
8ca4b55d32 Update What's New Section of Reference 
Fixes gh-4109
 2016-10-25 15:03:59 -05:00
Rob Winch
f432c04111 Create UserBuilder 
This commit creates a UserBuilder and updates samples to use it. We do not
leverate it for JdbcUserDetailsManager because it requires the schema to
be created which is difficult with a single bean definition and
unpredicatble ordering. For this, it is still advised to use
AuthenticationManagerBuilder

Fixes gh-4095
 2016-10-21 16:42:03 -05:00
Rob Winch
94e580fe64 Add Support for Custom Default Configuration in Web Security 
Fixes gh-4102
 2016-10-19 16:15:56 -05:00
Rob Winch
af9139b613 Add intercept-url@request-matcher-ref 
Fixes gh-4097
 2016-10-18 22:27:31 -05:00
Rob Winch
f019ea89e7 Remove unused lowercase-comparisons from XSD 
Fixes gh-3932
 2016-10-18 22:27:28 -05:00
Rob Winch
aaa9708b95 Add BeanResolver to AuthenticationPrincipalArgumentResolver 
Previously @AuthenticationPrincipal's expression attribute didn't support
bean references because the BeanResolver was not set on the SpEL context.

This commit adds a BeanResolver and ensures that the configuration
sets a BeanResolver.

Fixes gh-3949
 2016-10-18 19:45:54 -05:00
Joe
df9e6c973c linked to java configuration sample applications 
removed outdated description and linked directly to java configuration sample applications
 2016-10-17 21:12:17 -05:00
Paul Samsotha
1da9c06f3b Fix Reference (test.adoc) Typo 
@SpringExecutionListeners -> @SpringTestExecutionListeners
 2016-10-17 21:11:19 -05:00
Rob Winch
0c35209d77 Document Proxy Server 
Issue gh-4076
 2016-10-17 21:07:57 -05:00
Rob Winch
0b1e3b4e4a Fix Reference Typo 
unlimitted->unlimited
 2016-09-23 16:45:08 -05:00
Rob Winch
6b4a52715b Fix Typo in Reference 2016-09-23 14:57:52 -05:00
Rob Winch
c0f5aaee78 Adds What's New Spring Security 4.2 
Fixes gh-4070
 2016-09-23 13:02:27 -05:00
Rob Winch
d8690a59e2 Fix ??? in reference 2016-09-19 16:29:46 -05:00
Rob Winch
7f54c8b8b4 Fix link to CSP in Reference Doc 
Previously the link in the reference from x-frame-options to the
content security policy section was broken.

This commit fixes the link.

Issue gh-4063
 2016-09-19 10:21:04 -05:00
Fred Cooke
12173c04ee Fix Typo in Reference Docs 
Word substitution, it's foolproof, not full proof :-)

Fixes gh-4063
 2016-09-19 10:11:16 -05:00
Marten Deinum
b88418b94a Configuration of session management strategies 
This commit adds an ExpiredSessionStrategy for the ConcurrentSessionFilter
analogous to the InvalidSessionStrategy for the SessionManagementFilter. It also
adds a configuration option for both the InvalidSessionStrategy and
ExpiredSessionStrategy to the XML namespace and Java configuration.

Fixes gh-3794
Fixes gh-3795
 2016-09-15 11:10:17 -05:00
Kazuki Shimizu
37c6605062 Add explanation for DelegatingAuthenticationFailureHandler (#207) 2016-09-02 13:27:23 -05:00
Marek Jeszka
2deb722a1f JavaDoc links in 5.5 Handling Logouts fixed (#3993) 
Fixes gh-3992
 2016-08-15 10:13:36 -05:00
qwazer
fe117bc445 [minor] fix grammar error (#4013) 
add space: that"collects" -> that "collects"
 2016-08-15 09:42:36 -05:00
Rob Winch
3befb1c8a6 MvcRequestMatcher servletPath / JavaConfig 
Issue: gh-3987
 2016-08-09 16:29:30 -05:00
Artur Owczarek
0b14664a8c Fix typos in reference (#3979) 2016-07-19 15:42:23 -05:00
Johnny Lim
69306a8b46 Fix typo (#3968) 
Fixes typo `advantadge`
 2016-07-13 12:37:26 -05:00
Johnny Lim
310bb39a0d Fix typo 2016-07-06 16:22:33 -05:00
Rob Winch
e4c13e3c0e Add MvcRequestMatcher 
Fixes gh-3964
 2016-07-06 15:47:23 -05:00
Rob Winch
13bc70f693 Add CorsFilter support 2016-07-05 14:28:04 -05:00
Rob Winch
dd9b59ba31 Document Digest is insecure 
Fixes gh-3894
 2016-06-20 14:10:36 -05:00
Shannon Carey
9fa2c64737 Documentation SecurityConfig->WebSecurityConfig 
Rename SecurityConfig to WebSecurityConfig in the documentation.

Fixes gh-153
 2016-06-17 16:55:46 -05:00
Pedro Vilaça
208f898403 Improve csrf login caveats 
Add a suggestion to retrieve a fresh csrf token right before the
form submission in order to avoid problems with invalid csrf tokens
due session timeouts.

Fixes gh-3925
 2016-06-13 16:26:16 +01:00
Ryan W. Moore
8aea83011d Docs: Remove broken link 
I think the originally intended destination no longer exists in the
documentation.
 2016-05-28 21:09:15 -04:00
Ryan W. Moore
fd65652bbe Docs: Fix broken link to security database schema 2016-05-28 21:09:15 -04:00
Ryan W. Moore
38e9f6a851 Docs: Fix broken link to csrfInput tag info 
ID names are case sensitive.
 2016-05-28 21:09:15 -04:00
Ryan W. Moore
cdb04c50e8 Docs: Fix broken link to websocket security info 2016-05-28 21:09:15 -04:00
Ryan W. Moore
057ea4fb17 Docs: Make 'Getting Started' a level 1 section heading 
This fixes the following build error:

  asciidoctor: ERROR: index.adoc: line 26: invalid part, must have at least one
  section (e.g., chapter, appendix, etc.)
 2016-05-28 21:09:01 -04:00
David Kane
503828c994 Add FAQ for JSP taglib & method security 
Updated FAQ to clarify how the url attribute of the authorize tag
interacts with method security
 2016-05-23 08:39:54 -05:00
Pedro Vilaça
ea2b5dd412 Fix wrong class name reference in the docs 
In the documentation, there was a reference to a class called CsrfTokenResolver
and it should CsrfTokenArgumentResolver

Fixes gh-3890
 2016-05-18 20:26:20 +01:00
Rob Winch
f363c62afd Document spring-security-test dependency 
Fixes gh-3873
 2016-05-16 10:56:50 -04:00
Joe Grandja
66980e827c Add Spring Boot Hello World guide 
Add Spring Boot Hello World Guide

Fixes gh-3866
 2016-05-13 14:05:29 -05:00
Rob Winch
ede521dc8d authorizeUrls -> authorizeRequests 
Replace remaining authorizeUrls with authorizeRequests

Fixes gh-3875
 2016-05-09 10:34:36 -05:00
Rob Winch
d4218c70f1 Update CookieCsrfTokenRepository docs to cookiHttpOnly=false 
Currently CookieCsrfTokenRepository does not specify that the httpOnly
flag needs set to false. We should update the reference to include this
setting (and a comment about it) since it states that the settings will
work with AngularJS.

This commit updates the documentation and provides a convenience factory
method to create a CookieCsrfTokenRepository with cookiHttpOnly=false

Fixes gh-3865
 2016-05-06 16:28:04 -04:00