Rob Winch
bb997eecde
Fix defaultMethodExpressionHandler autowiring
...
Previously if a Bean for GlobalMethodSecurityConfiguration's
defaultMethodExpressionHandler was found on a Configuration that also
@Autowired a Bean that enabled method security, the Bean that was
@Autowired would not have security enabled.
This fixes the issue by delaying the lookup of Beans populated on
GlobalMethodSecurityConfiguration's defaultMethodExpressionHandler.
Fixes gh-4020
2016-08-10 23:48:07 -05:00
Joe Grandja
e080905a79
MvcRequestMatcher servletPath Polish / XML Config
...
Fixes gh-4014
2016-08-09 16:29:30 -05:00
Rob Winch
3befb1c8a6
MvcRequestMatcher servletPath / JavaConfig
...
Issue: gh-3987
2016-08-09 16:29:30 -05:00
Rob Winch
050198e51b
Fix csrf() when used then not used
...
Previously if csrf() was used and subsequently not used, the
TestCsrfTokenRepository was still used. This makes it difficult to test
the actual CsrfTokenRepository implementation.
Now the TestCsrfTokenRepository is only used if explicitly enabled.
Fixes gh-4016
2016-08-09 17:09:16 -04:00
Rob Winch
519c15efb3
Logout is 204 for XMLHttpRequest
...
Fixes gh-3997
2016-08-02 11:26:52 -07:00
Kevin Conaway
d2a37cb1d6
Improve field visibility in DefaultMethodSecurityExpressionHandler
...
Fixes gh-210
2016-07-26 09:56:00 -04:00
Rob Winch
c23c7982ca
Add ObjectPostProcessor support for SmartInitializingSingleton
2016-07-21 08:59:17 -05:00
Artur Owczarek
0b14664a8c
Fix typos in reference ( #3979 )
2016-07-19 15:42:23 -05:00
Rob Winch
ca170f8479
DummyRequest supports methods for MvcRequestMatcher
...
To support MvcRequestMatcher DummyRequest needs to support
getCharacterEncoding() and getAttribute(String)
2016-07-14 14:18:31 -05:00
Rob Winch
ada146244e
Add HttpSecurity.mvcMatcher
...
Fixes gh-3970
2016-07-14 10:50:49 -04:00
Rob Winch
945e2e2ad4
Fix NPE requestMatchers().mvcMatchers
...
Fixes gh-3969
2016-07-14 10:50:49 -04:00
Marten Deinum
80ff267749
Check RememberMe in ExceptionTranslationFilter
...
This commit adds a check for rememberme to the ExceptionTranslationFilter.
Using this when someone isn't fully authenticated he will be prompted with a
login screen and after that will be redirected to the original requested URI.
Fixes gh-2427
2016-07-13 16:58:00 -04:00
Johnny Lim
69306a8b46
Fix typo ( #3968 )
...
Fixes typo `advantadge`
2016-07-13 12:37:26 -05:00
Rob Winch
8a17c23277
Bump PermGen
2016-07-12 10:08:01 -05:00
Rob Winch
0f608d59b6
Default to Spring IO Athens-SNAPSHOT
2016-07-12 10:07:49 -05:00
Rob Winch
70787fc548
Polish CompositeLogoutHandler
...
Issue gh-3895
2016-07-08 14:39:35 -05:00
Eddú Meléndez
1effc1882a
Add CompositeLogoutHandler
...
Fixes gh-3895
2016-07-08 13:30:38 -05:00
Michael Simons
e5b1cb842e
Document schema changes in CONTRIBUTING.md ( #3965 )
...
Direct changes to XSD schemas will be overwritten by the build, it is necessary that the developer updates the RELAX NG schema instead.
See discussion on commit e297706e8b
.
2016-07-08 13:27:23 -05:00
Rob Winch
885f074ddf
Fix XsdDocumentedTests
2016-07-07 15:05:04 -05:00
Rob Winch
e297706e8b
Polish allow unlimitted sessions
...
Update the rnc file
Issue gh-3900
2016-07-07 14:31:40 -05:00
Michael J. Simons
e3ff4130a5
Allow negative values to configure unlimited sessions
2016-07-07 14:29:18 -05:00
Rob Winch
50d7d3287f
Add spring-security-4.2.xsd
2016-07-07 14:19:01 -05:00
Eddú Meléndez
26fa4a4bf0
Prevent HTTP response splitting
...
Evaluate if http header value contains CR/LF.
Reference: https://www.owasp.org/index.php/HTTP_Response_Splitting
Fixes gh-3910
2016-07-07 13:42:52 -05:00
Eddú Meléndez
13b0ddb7e6
Fix test assertions
2016-07-07 13:29:00 -05:00
Rob Winch
b4ab0483b1
Update version to 4.2.0.BUILD-SNAPSHOT
2016-07-07 12:56:20 -05:00
Spring Buildmaster
cc04392d9a
Next development version
2016-07-07 00:57:53 +00:00
Spring Buildmaster
919f000c80
Release version 4.1.1.RELEASE
2016-07-07 00:57:35 +00:00
Johnny Lim
310bb39a0d
Fix typo
2016-07-06 16:22:33 -05:00
Rob Winch
764a4d8414
Fix Error Message typo
...
Fixes gh-3953
2016-07-06 16:19:29 -05:00
Jakob Englisch
b17870ee07
LogoutConfigurer: only allow suitable http methods
2016-07-06 16:17:11 -05:00
Rob Winch
8ad91ef6a5
WithSecurityContextTestExecutionListener > SqlScriptsTestExecutionListener
...
WithSecurityContextTestExecutionListener should order after
SqlScriptsTestExecutionListener so sql can setup the current user's info
in the database.
Fixes gh-3962
2016-07-06 16:09:17 -05:00
Rob Winch
5f6312c5be
Update to Spring 4.3.1
...
Fixes gh-3963
2016-07-06 15:47:44 -05:00
Rob Winch
9d50944cb2
AntPathRequestMatcher implements RequestVariableExtractor
...
Issue gh-3964
2016-07-06 15:47:34 -05:00
Rob Winch
e4c13e3c0e
Add MvcRequestMatcher
...
Fixes gh-3964
2016-07-06 15:47:23 -05:00
Rob Winch
13bc70f693
Add CorsFilter support
2016-07-05 14:28:04 -05:00
Rob Winch
c935d857eb
Add mvc namespace to XmlApplicationContext
2016-07-01 22:04:55 -05:00
Rob Winch
843ed3e437
Update to Spring 4.3.1.BUILD-SNAPSHOT
2016-07-01 22:04:55 -05:00
Rob Winch
7f3b3a8b59
Polish
...
Issue gh-180
2016-07-01 13:17:52 -05:00
Jakob Englisch
261c932b8e
Upgrade Gradle to 2.14
...
Issue gh-3946
2016-06-28 13:13:08 -04:00
Rob Winch
1b4e20e97f
Fix InsecureApplicationTests package
...
Fixes gh-3951
2016-06-28 10:17:17 -05:00
Rob Winch
bd5f71bb0d
Polish
...
Fix checkstyle for LDAP JavaConfig Authority mapping
Issue gh-2768
2016-06-21 17:08:37 -05:00
Tony Dalbrekt
b76e3be822
LDAP Java Config supports GrantedAuthoritiesMapper
...
Fixes gh-2768
2016-06-21 16:43:13 -05:00
Rob Winch
26ad1cb4a5
Polish RememberMe Validation
...
Issue gh-3909
2016-06-21 14:57:15 -05:00
Eddú Meléndez
87224f62e4
RememberMe JavaConfig Validation
...
Add validation when rememberMeServices and rememberMeCookieName are
provided
Fixes gh-3909
2016-06-21 14:57:01 -05:00
Rob Winch
8f880aea0e
Polish Pbkdf2PasswordEncoder
...
Issue gh-3930
2016-06-21 11:47:50 -05:00
vitaliy_kuzmich
5f658b3ffc
Remove double salt in Pbkdf2PasswordEncoder
...
Issue gh-3930
2016-06-21 11:44:23 -05:00
Rob Winch
77a478ba0d
Fix ApacheDSEmbeddedLdifTests checkstyle
...
Issue gh-54
2016-06-21 09:56:34 -05:00
Marcin Zajączkowski
a3c4a5fde7
SEC-2387 - add ignored failing test case
2016-06-21 09:53:38 -05:00
Rob Winch
bbeb7f94d7
Fix checkstyle
...
Issue gh-3920
2016-06-20 19:36:51 -05:00
Rob Winch
a2a06d19c1
Add formLogin() Accept Test
...
Issue gh-3920
2016-06-20 16:23:29 -05:00