Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 07:37:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,099 Commits 34 Branches 337 Tags
Commit Graph

5099 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
cb0549a609 SEC-2498: RequestCache allows POST when CSRF is disabled 2014-03-25 10:50:59 -05:00
Rob Winch
d079044592 SEC-2531: AuthenticationConfiguration#lazyBean should use BeanClassLoader 2014-03-24 14:58:19 -05:00
Rob Winch
c0590e614a SEC-2177: Polish 2014-03-18 15:48:54 -05:00
Maciej Zasada
7cf37856c0 SEC-2177: Striping off all leading schemes 
Striping off all leading schemes in the DefaultRedirectStrategy, so it
will be less vulnerable to open redirect phishing attacks. More info can
be found at SEC-2177 JIRA issue.
 2014-03-18 15:45:41 -05:00
Rob Winch
5be4bfd55e SEC-2173: Polish javadoc 2014-03-14 08:59:24 -05:00
Rob Winch
2628be60d1 SEC-2173: Added SystemWideSaltSource.toString() test 2014-03-14 08:59:24 -05:00
Gamal Shaban
1c50a86661 SEC-2173: Override toString method in SystemWideSaltSource 
Now prints the saltSource string instead of the object memory signature.
 2014-03-14 08:59:24 -05:00
Julien Dubois
7325b97c76 SEC-2519: RememberMeAuthenticationException supports root cause 
Added a constructor which keeps the root cause of the exception, and
added some documentation
 2014-03-11 16:11:52 -05:00
Rob Winch
91a074c744 Merge pull request #62 from dalbertom/typo 
Correct typo in AbstractRememberMeServices assertion
 2014-03-11 15:40:23 -05:00
Alexander Kjäll
50637d4451 SEC-2518: UserDetailsService javadoc repeats "insensitive" 
Typo in javadoc, "case insensitive" was repeated twice.
 2014-03-11 15:36:47 -05:00
Rob Winch
a7005bd742 SEC-2500: Prevent anonymous bind for ActiveDirectoryLdapAuthenticator 2014-03-10 14:33:39 -05:00
Rob Winch
ea902e5829 SEC-2507: WebExpressionVoter.supports support subclasses of FilterInvocation 2014-03-10 14:33:37 -05:00
Rob Winch
e4a58375cc SEC-2515: Detect object cycle for AuthenticationManager configuration 2014-03-10 14:33:35 -05:00
Rob Winch
32d3e29c65 SEC-2325: Polish CSRF Tag support 
- Rename csrfField to csrfInput
- Make AbstractCsrfTag package scope
- rename FormFieldTag to CsrfInputTag
- rename MetaTagsTag to CsrfMetaTagsTag
- removed whitespace from tag output so output is
  minimized & improving browser performance
- Update @since
- changed test names to be more meaningful
 2014-03-07 15:28:52 -06:00
beamerblvd
a3e0475998 SEC-2325 Added JSP tags for CSRF meta tags and form fields 2014-03-07 15:28:48 -06:00
beamerblvd
26cee61b98 SEC-2335 Added ACL schema files for MySQL, SQL Server, Oracle 2014-03-07 15:28:45 -06:00
John Tims
56bb331760 SEC-2514: Fix typo in hellomvc.asc 
packags -> packages
 2014-03-07 10:27:23 -06:00
John Tims
1e3cdaf8a9 SEC-2513: Add link to SpringSource CLA form 2014-03-07 10:27:18 -06:00
Manimaran Selvan
1d6536fa71 SEC-2512: Fix typo in reference` 
udates -> updates
 2014-03-06 22:22:34 -06:00
Rob Winch
e15cee62f4 SEC-2511: Remove double ALLOW-FROM in X-Frame-Options header 2014-03-06 22:01:25 -06:00
getvictor
6de138c2f2 SEC-2511: Remove double ALLOW-FROM from X-Frame-Options header. 
The interface documentation for getAllowFromValue states: Gets the value for ALLOW-FROM excluding the ALLOW-FROM.
 2014-03-06 22:01:23 -06:00
Rob Winch
4cdeacc277 SEC-2499: Allow MethodSecurityExpressionHandler in parent context 
Previously a NoSuchBeanDefintionException was thrown when the
MethodSecurityExpressionHandler was defined in the parent context. This
happened due to trying to work around ordering issues related to SEC-2136

This commit resolves this by not marking the
MethodSecurityExpressionHandler bean as lazy unless it exists.
 2014-03-06 21:14:35 -06:00
Rob Winch
9988fa141c Update Spring Security version in pom.xml 2014-03-06 08:13:52 -06:00
Rob Winch
8afa8d8588 Fix integration tests 2014-03-06 07:56:40 -06:00
Rob Winch
6dfdb10e31 Fix move to 4.0 2014-03-05 16:52:19 -06:00
Rob Winch
6be4e3a9fc SEC-2506: Remove Bundlor Support 2014-03-05 13:32:16 -06:00
Rob Winch
04a527d4ec SEC-2495: CSRF disables logout on GET 2014-02-20 09:40:00 -06:00
Rob Winch
de4ed136ea Fix spring4 test 2014-02-19 16:13:30 -06:00
Rob Winch
4a1a2dfed4 Update min Spring version of 4.0.2.REELASE 2014-02-19 11:16:57 -06:00
Rob Winch
3fc9dd82f3 Start Spring Security 4.0.x 2014-02-19 11:05:27 -06:00
Spring Buildmaster
551f600073 Next development version 2014-02-19 08:10:01 -08:00
Rob Winch
f2cde4ffa3 SEC-2486: Update tests to Spring LDAP 2.0.1.RELEASE 2014-02-19 09:32:37 -06:00
Rob Winch
9810768186 SEC-2485: Update test to Spring 4.0.2.RELEASE 2014-02-19 09:31:46 -06:00
Rob Winch
7f99a2dfbb SEC-2487: Update to Spring 3.2.8.RELEASE 2014-02-19 09:30:40 -06:00
Rob Winch
85305050c0 SEC-2455: Fix XML default login generation 2014-02-18 13:52:05 -06:00
Rob Winch
8a3a7961cb SEC-2492: ExpressionUrlAuthorizationConfigurer private interceptUrl to void 2014-02-15 14:41:26 -06:00
Rob Winch
fc8e4868ce SEC-2468: Fix tests 2014-02-15 14:25:46 -06:00
Rob Winch
65367e6547 SEC-2468: JdbcUserDetailsManager#createNewAuthentication uses null credentials 2014-02-14 16:53:26 -06:00
Rob Winch
bf2df220ca SEC-2490: LdapAuthenticationProviderConfigurer allows custom LdapAuthoritiesPopulator 2014-02-13 16:37:33 -06:00
Rob Winch
152f41f61e SEC-2392: KeyBasedPersistenceTokenService uses bytes instead of bits 
The method setPseudoRandomNumberBits actually sets the number of bytes. This
commit deprecates setPseudoRandomNumberBits and adds
setPseudoRandomNumberBytes. The default value is still 256 to remain passive
but will be updated in 4.x.
 2014-02-13 15:36:47 -06:00
Rob Winch
7a3da28987 SEC-2479: Search parent context for AuthenticationManager 2014-02-12 08:11:26 -06:00
Rob Winch
e17adad878 SEC-2469: Support Spring LDAP 2.0.1+ 2014-02-12 08:11:26 -06:00
Luke Taylor
058b9debef Minor slapd config changes 2014-02-11 14:23:54 +00:00
Rob Winch
6c35c33abe SEC-2447: Fix AuthenticationManagerBuilder ordering issues 2014-02-09 21:17:51 -06:00
Rob Winch
c42e13c966 loginProcessing test 2014-02-07 17:01:11 -06:00
Rob Winch
6b42a2eae1 SEC-2461: Multi WebSecurityConfiguration does not create null springSecurityFilterChain 2014-02-07 17:01:11 -06:00
Rob Winch
ec8b48150d SEC-2474: Update poms 2014-02-07 17:01:11 -06:00
Rob Winch
4eff50b48b SEC-2474: Update tests against Spring 4.0.1 2014-01-30 09:44:26 -06:00
Rob Winch
087b56da96 SEC-2473: Update to Spring 3.2.7 2014-01-30 09:44:26 -06:00
Rob Winch
8d8475deb1 SEC-2455: form-login@login-processing-url & logout@logout-url use matchers 
Remove the deprecation warnings of using setFilterProcessingUrl by invoking
the matcher methods instead.
 2014-01-29 15:35:18 -06:00