Previously the following:
http http://localhost:8080/user \
"X-Requested-With:XMLHttpRequest" "Accept:text/plain"
Produced a 302 instead of a 401
Fixes gh-3887
Previous to this commit, custom rolePrefix was not propagated to
LdapAuthoritiesPopulator populating a wrong authority. Now, rolePrefix
is propagated and the authority is as expected.
Fixes gh-3921
AuthenticationConfiguration.getAuthenticationManager() now supports
recursion. This is necessary in instances where something using
@EnableGlobalAuthentication requires an object using method level security.
Fixes gh-3935
Previously the SecurityExpressionHandler for message based configuration
did not have a beanResolver set.
This commit post processes the default message SecurityExpressionHandler
to ensure the beanResolver is set.
Fixes gh-3797
Previously it required quite a bit of extra work to use RoleHiearchy
within Java Based Spring Security configuration.
Now if a single RoleHiearchy Bean is defined it will automatically
be picked up and used by method security.
Fixes gh-3394
Perviously there were issues with case insenstive patterns and URI
variables that contained upper case characters. For example, the pattern
"/user/{userId}" could not resolve the variable #userId Instead it was
forced to lowercase and #userid was used.
Now if the pattern is case insensitive then so is the variable. This means
that #userId will work as will #userid.
Fixes gh-3786
When <authentication-manager> specifies an id, the <password-encoder> is
not used because the parser changes the bean id without aliasing it to
BeanIds.AUTHENTICATION_MANAGER which is used by
AuthenticationManagerBeanDefinitionParser to look up the
AuthenticationManager bean.
This commit updates AuthenticationManagerBeanDefinitionParser to ensure
there is an alias to BeanIds.AUTHENTICATION_MANAGER when the id is
specified.
Fixes gh-3296
Previously the error message when multiple WebSecurityConfigurer with the
same Order did not include both WebSecurityConfigurer classes that were
involved in the duplicate Order. This made resolving errors difficult.
This commit ensures both WebSecurityConfigurers are include in the error
message.
Fixes gh-3380
Rob Winch
Tony Dalbrekt
Eddú Meléndez
Sola
Spring Buildmaster
Joe Grandja
didiez
Rob Winch
Johnny Lim
Matthias Merdes
Leon Radley
Jeffrey Walraven
Nicolai Ehemann
Quinten De Swaef
Shazin Sadakath