Commit Graph

5864 Commits

Author SHA1 Message Date
Rob Winch bb997eecde Fix defaultMethodExpressionHandler autowiring
Previously if a Bean for GlobalMethodSecurityConfiguration's
defaultMethodExpressionHandler was found on a Configuration that also
@Autowired a Bean that enabled method security, the Bean that was
@Autowired would not have security enabled.

This fixes the issue by delaying the lookup of Beans populated on
GlobalMethodSecurityConfiguration's defaultMethodExpressionHandler.

Fixes gh-4020
2016-08-10 23:48:07 -05:00
Joe Grandja e080905a79 MvcRequestMatcher servletPath Polish / XML Config
Fixes gh-4014
2016-08-09 16:29:30 -05:00
Rob Winch 3befb1c8a6 MvcRequestMatcher servletPath / JavaConfig
Issue: gh-3987
2016-08-09 16:29:30 -05:00
Rob Winch 050198e51b Fix csrf() when used then not used
Previously if csrf() was used and subsequently not used, the
TestCsrfTokenRepository was still used. This makes it difficult to test
the actual CsrfTokenRepository implementation.

Now the TestCsrfTokenRepository is only used if explicitly enabled.

Fixes gh-4016
2016-08-09 17:09:16 -04:00
Rob Winch 519c15efb3 Logout is 204 for XMLHttpRequest
Fixes gh-3997
2016-08-02 11:26:52 -07:00
Kevin Conaway d2a37cb1d6 Improve field visibility in DefaultMethodSecurityExpressionHandler
Fixes gh-210
2016-07-26 09:56:00 -04:00
Rob Winch c23c7982ca Add ObjectPostProcessor support for SmartInitializingSingleton 2016-07-21 08:59:17 -05:00
Artur Owczarek 0b14664a8c Fix typos in reference (#3979) 2016-07-19 15:42:23 -05:00
Rob Winch ca170f8479 DummyRequest supports methods for MvcRequestMatcher
To support MvcRequestMatcher DummyRequest needs to support
getCharacterEncoding() and getAttribute(String)
2016-07-14 14:18:31 -05:00
Rob Winch ada146244e Add HttpSecurity.mvcMatcher
Fixes gh-3970
2016-07-14 10:50:49 -04:00
Rob Winch 945e2e2ad4 Fix NPE requestMatchers().mvcMatchers
Fixes gh-3969
2016-07-14 10:50:49 -04:00
Marten Deinum 80ff267749 Check RememberMe in ExceptionTranslationFilter
This commit adds a check for rememberme to the ExceptionTranslationFilter.
Using this when someone isn't fully authenticated he will be prompted with a
login screen and after that will be redirected to the original requested URI.

Fixes gh-2427
2016-07-13 16:58:00 -04:00
Johnny Lim 69306a8b46 Fix typo (#3968)
Fixes typo `advantadge`
2016-07-13 12:37:26 -05:00
Rob Winch 8a17c23277 Bump PermGen 2016-07-12 10:08:01 -05:00
Rob Winch 0f608d59b6 Default to Spring IO Athens-SNAPSHOT 2016-07-12 10:07:49 -05:00
Rob Winch 70787fc548 Polish CompositeLogoutHandler
Issue gh-3895
2016-07-08 14:39:35 -05:00
Eddú Meléndez 1effc1882a Add CompositeLogoutHandler
Fixes gh-3895
2016-07-08 13:30:38 -05:00
Michael Simons e5b1cb842e Document schema changes in CONTRIBUTING.md (#3965)
Direct changes to XSD schemas will be overwritten by the build, it is necessary that the developer updates the RELAX NG schema instead.

See discussion on commit e297706e8b.
2016-07-08 13:27:23 -05:00
Rob Winch 885f074ddf Fix XsdDocumentedTests 2016-07-07 15:05:04 -05:00
Rob Winch e297706e8b Polish allow unlimitted sessions
Update the rnc file

Issue gh-3900
2016-07-07 14:31:40 -05:00
Michael J. Simons e3ff4130a5 Allow negative values to configure unlimited sessions 2016-07-07 14:29:18 -05:00
Rob Winch 50d7d3287f Add spring-security-4.2.xsd 2016-07-07 14:19:01 -05:00
Eddú Meléndez 26fa4a4bf0 Prevent HTTP response splitting
Evaluate if http header value contains CR/LF.

Reference: https://www.owasp.org/index.php/HTTP_Response_Splitting

Fixes gh-3910
2016-07-07 13:42:52 -05:00
Eddú Meléndez 13b0ddb7e6 Fix test assertions 2016-07-07 13:29:00 -05:00
Rob Winch b4ab0483b1 Update version to 4.2.0.BUILD-SNAPSHOT 2016-07-07 12:56:20 -05:00
Spring Buildmaster cc04392d9a Next development version 2016-07-07 00:57:53 +00:00
Spring Buildmaster 919f000c80 Release version 4.1.1.RELEASE 2016-07-07 00:57:35 +00:00
Johnny Lim 310bb39a0d Fix typo 2016-07-06 16:22:33 -05:00
Rob Winch 764a4d8414 Fix Error Message typo
Fixes gh-3953
2016-07-06 16:19:29 -05:00
Jakob Englisch b17870ee07 LogoutConfigurer: only allow suitable http methods 2016-07-06 16:17:11 -05:00
Rob Winch 8ad91ef6a5 WithSecurityContextTestExecutionListener > SqlScriptsTestExecutionListener
WithSecurityContextTestExecutionListener should order after
SqlScriptsTestExecutionListener so sql can setup the current user's info
in the database.

Fixes gh-3962
2016-07-06 16:09:17 -05:00
Rob Winch 5f6312c5be Update to Spring 4.3.1
Fixes gh-3963
2016-07-06 15:47:44 -05:00
Rob Winch 9d50944cb2 AntPathRequestMatcher implements RequestVariableExtractor
Issue gh-3964
2016-07-06 15:47:34 -05:00
Rob Winch e4c13e3c0e Add MvcRequestMatcher
Fixes gh-3964
2016-07-06 15:47:23 -05:00
Rob Winch 13bc70f693 Add CorsFilter support 2016-07-05 14:28:04 -05:00
Rob Winch c935d857eb Add mvc namespace to XmlApplicationContext 2016-07-01 22:04:55 -05:00
Rob Winch 843ed3e437 Update to Spring 4.3.1.BUILD-SNAPSHOT 2016-07-01 22:04:55 -05:00
Rob Winch 7f3b3a8b59 Polish
Issue gh-180
2016-07-01 13:17:52 -05:00
Jakob Englisch 261c932b8e Upgrade Gradle to 2.14
Issue gh-3946
2016-06-28 13:13:08 -04:00
Rob Winch 1b4e20e97f Fix InsecureApplicationTests package
Fixes gh-3951
2016-06-28 10:17:17 -05:00
Rob Winch bd5f71bb0d Polish
Fix checkstyle for LDAP JavaConfig Authority mapping

Issue gh-2768
2016-06-21 17:08:37 -05:00
Tony Dalbrekt b76e3be822 LDAP Java Config supports GrantedAuthoritiesMapper
Fixes gh-2768
2016-06-21 16:43:13 -05:00
Rob Winch 26ad1cb4a5 Polish RememberMe Validation
Issue gh-3909
2016-06-21 14:57:15 -05:00
Eddú Meléndez 87224f62e4 RememberMe JavaConfig Validation
Add validation when rememberMeServices and rememberMeCookieName are
provided

Fixes gh-3909
2016-06-21 14:57:01 -05:00
Rob Winch 8f880aea0e Polish Pbkdf2PasswordEncoder
Issue gh-3930
2016-06-21 11:47:50 -05:00
vitaliy_kuzmich 5f658b3ffc Remove double salt in Pbkdf2PasswordEncoder
Issue gh-3930
2016-06-21 11:44:23 -05:00
Rob Winch 77a478ba0d Fix ApacheDSEmbeddedLdifTests checkstyle
Issue gh-54
2016-06-21 09:56:34 -05:00
Marcin Zajączkowski a3c4a5fde7 SEC-2387 - add ignored failing test case 2016-06-21 09:53:38 -05:00
Rob Winch bbeb7f94d7 Fix checkstyle
Issue gh-3920
2016-06-20 19:36:51 -05:00
Rob Winch a2a06d19c1 Add formLogin() Accept Test
Issue gh-3920
2016-06-20 16:23:29 -05:00