Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,729 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

5729 Commits

Author SHA1 Message Date
Rob Winch c935d857eb Add mvc namespace to XmlApplicationContext 2016-07-01 22:04:55 -05:00
Rob Winch 843ed3e437 Update to Spring 4.3.1.BUILD-SNAPSHOT 2016-07-01 22:04:55 -05:00
Rob Winch 7f3b3a8b59 Polish 
Issue gh-180
 2016-07-01 13:17:52 -05:00
Jakob Englisch 261c932b8e Upgrade Gradle to 2.14 
Issue gh-3946
 2016-06-28 13:13:08 -04:00
Rob Winch 1b4e20e97f Fix InsecureApplicationTests package 
Fixes gh-3951
 2016-06-28 10:17:17 -05:00
Rob Winch bd5f71bb0d Polish 
Fix checkstyle for LDAP JavaConfig Authority mapping

Issue gh-2768
 2016-06-21 17:08:37 -05:00
Tony Dalbrekt b76e3be822 LDAP Java Config supports GrantedAuthoritiesMapper 
Fixes gh-2768
 2016-06-21 16:43:13 -05:00
Rob Winch 26ad1cb4a5 Polish RememberMe Validation 
Issue gh-3909
 2016-06-21 14:57:15 -05:00
Eddú Meléndez 87224f62e4 RememberMe JavaConfig Validation 
Add validation when rememberMeServices and rememberMeCookieName are
provided

Fixes gh-3909
 2016-06-21 14:57:01 -05:00
Rob Winch 8f880aea0e Polish Pbkdf2PasswordEncoder 
Issue gh-3930
 2016-06-21 11:47:50 -05:00
vitaliy_kuzmich 5f658b3ffc Remove double salt in Pbkdf2PasswordEncoder 
Issue gh-3930
 2016-06-21 11:44:23 -05:00
Rob Winch 77a478ba0d Fix ApacheDSEmbeddedLdifTests checkstyle 
Issue gh-54
 2016-06-21 09:56:34 -05:00
Marcin Zajączkowski a3c4a5fde7 SEC-2387 - add ignored failing test case 2016-06-21 09:53:38 -05:00
Rob Winch bbeb7f94d7 Fix checkstyle 
Issue gh-3920
 2016-06-20 19:36:51 -05:00
Rob Winch a2a06d19c1 Add formLogin() Accept Test 
Issue gh-3920
 2016-06-20 16:23:29 -05:00
Micah Silverman 314828859e Added accept method call to buildRequest in SecurityMockMvcRequestBuilders with default of MediaType.APPLICATION_FORM_URLENCODED 2016-06-20 15:46:01 -05:00
Rob Winch 66858e22ad Disable XMLHttpRequest for formLogin entry point 
Previously the following:

http http://localhost:8080/user \
  "X-Requested-With:XMLHttpRequest" "Accept:text/plain"

Produced a 302 instead of a 401

Fixes gh-3887
 2016-06-20 15:30:00 -05:00
Rob Winch 2a73f3cdf7 Remove abigious import 2016-06-20 15:03:09 -05:00
Rob Winch dd9b59ba31 Document Digest is insecure 
Fixes gh-3894
 2016-06-20 14:10:36 -05:00
Eddú Meléndez 39ed7d0eca Propagate rolePrefix to LdapAuthoritiesPopulator 
Previous to this commit, custom rolePrefix was not propagated to
LdapAuthoritiesPopulator populating  a wrong authority. Now, rolePrefix
is propagated and the authority is as expected.

Fixes gh-3921
 2016-06-20 12:44:02 -05:00
Eddú Meléndez a2ead4cf7a Polish 
Fixes gh-3892
 2016-06-20 12:35:43 -05:00
Ruben Dijkstra 364db6762e Add failing test for #3905 Fix Assert usage 2016-06-20 09:24:04 -05:00
Ruben Dijkstra e8f4ee8a39 Fix Assert usage 2016-06-20 09:23:51 -05:00
Rob Winch d2b909e7c5 Doc InteractiveAuthenticationEvent doesn't extend AuthentcationEvent 
Document why InteractiveAuthenticationEvent doesn't extend
AuthentcationEvent. This is to avoid multiple AuthenticationSuccessEvent
from being sent to any listeners.

Fixes gh-3857
 2016-06-17 17:16:54 -05:00
Shannon Carey 9fa2c64737 Documentation SecurityConfig->WebSecurityConfig 
Rename SecurityConfig to WebSecurityConfig in the documentation.

Fixes gh-153
 2016-06-17 16:55:46 -05:00
Filip Hanik 6b436ff409 Avoid duplicate attribute search. 
When using search-and-bind strategy, the user attributes are already returned in the first search.
If the user happens to not have privileges to perform a search, the second search may fail.
(user only has bind privileges)
See https://github.com/cloudfoundry/uaa/issues/342
 2016-06-17 16:43:06 -05:00
Ruben Dijkstra ca76e8d784 Remove null-check inside afterPropertiesSet() since it's never null 2016-06-17 16:40:39 -05:00
Rob Winch 2d6051625f Update pom.xml 2016-06-17 14:30:11 -05:00
Rob Winch 477573b3bc Fix @EnableGlobalAuthentication & method seucrity on @Configuration class 
Fixes gh-3934
 2016-06-17 14:05:11 -05:00
Rob Winch fa1c484587 AuthenticationConfiguration.getAuthenticationManager() supports recursion 
AuthenticationConfiguration.getAuthenticationManager() now supports
recursion. This is necessary in instances where something using
@EnableGlobalAuthentication requires an object using method level security.

Fixes gh-3935
 2016-06-17 14:02:36 -05:00
Rob Winch 9e3d2e2d99 HTTP Basic default logout ignores text/html 
This fixes an issue where Chrome sends an accept header of application/xml
which triggers an HTTP 204 to be returned

Fixes gh-3902
 2016-06-14 16:27:56 -05:00
Rob Winch e7fd6f6c3f Remove the CLA confirmation from template 
We now use the new CLA tooling which automates this
 2016-06-13 13:20:22 -05:00
Pedro Vilaça 208f898403 Improve csrf login caveats 
Add a suggestion to retrieve a fresh csrf token right before the
form submission in order to avoid problems with invalid csrf tokens
due session timeouts.

Fixes gh-3925
 2016-06-13 16:26:16 +01:00
Rob Winch a7369bf71b Update to CLA tooling 2016-06-08 21:56:22 -05:00
Rob Winch cf78793f8f Fixes for Documentation 
Fixes for the Documentation
 2016-05-31 21:40:21 -05:00
Ryan W. Moore 8aea83011d Docs: Remove broken link 
I think the originally intended destination no longer exists in the
documentation.
 2016-05-28 21:09:15 -04:00
Ryan W. Moore fd65652bbe Docs: Fix broken link to security database schema 2016-05-28 21:09:15 -04:00
Ryan W. Moore 38e9f6a851 Docs: Fix broken link to csrfInput tag info 
ID names are case sensitive.
 2016-05-28 21:09:15 -04:00
Ryan W. Moore cdb04c50e8 Docs: Fix broken link to websocket security info 2016-05-28 21:09:15 -04:00
Ryan W. Moore 057ea4fb17 Docs: Make 'Getting Started' a level 1 section heading 
This fixes the following build error:

  asciidoctor: ERROR: index.adoc: line 26: invalid part, must have at least one
  section (e.g., chapter, appendix, etc.)
 2016-05-28 21:09:01 -04:00
David Kane 503828c994 Add FAQ for JSP taglib & method security 
Updated FAQ to clarify how the url attribute of the authorize tag
interacts with method security
 2016-05-23 08:39:54 -05:00
Sola d3b3f8e004 Fix WebSecurityConfigurerAdapter Javadoc 
The constructor's Javadoc was incorrect. This commit
fixes it.
 2016-05-23 08:12:50 -05:00
Kim Saabye Pedersen 9fcfeaf225 BCryptPasswordEncoder validates strength 
Fixes gh-3862
 2016-05-20 14:54:26 -05:00
Rob Winch 101190ad8b Format WithSecurityContextTestExecutionListener 2016-05-20 10:46:26 -05:00
Rob Winch 336de35874 Polish WithSecurityContextTestExecutionListener 
Extract method for reuse

SecurityContext createSecurityContext(AnnotatedElement annotated,
    WithSecurityContext withSecurityContext,
    TestContext context)

Issue gh-3888
 2016-05-20 10:46:26 -05:00
Eddú Meléndez a53d022312 Support WithSecurityContextFactory on superclass 
Fixes gh-3888
 2016-05-20 10:46:14 -05:00
Rob Winch 9f95bfdfc9 Fix documentation 
CsrfTokenResolver -> CsrfTokenArgumentResolver

Fixes gh-3890
 2016-05-18 15:10:50 -05:00
Pedro Vilaça ea2b5dd412 Fix wrong class name reference in the docs 
In the documentation, there was a reference to a class called CsrfTokenResolver
and it should CsrfTokenArgumentResolver

Fixes gh-3890
 2016-05-18 20:26:20 +01:00
Rob Winch 7b61a44929 Fix test .standaloneSetup 
Previously, Spring Security's test support did not work well with the
standalone setup. This was because the springSecurityFilterChain was not
found by the WebTestUtils.

This commit ensures that the springSecurityFilterChain is added as a
servlet attribute if it is explicitly defined. WebTestUtils can then
find the springSecurityFilterChain in the ServletContext.

Fixes gh-3881
 2016-05-16 11:02:40 -04:00
Rob Winch 602bb457b8 Formatting 
Issue gh-3881
 2016-05-16 11:02:40 -04:00