Commit Graph

5573 Commits

Author SHA1 Message Date
Eddú Meléndez df65662bf0 Upgrade to Sonarqube plugin 2016-03-14 13:56:49 -05:00
Rob Winch d85c0395bb Fix checkstyle import into Eclipse
Issue gh-3747
2016-03-14 09:19:55 -05:00
Rob Winch ec4e6c7453 Update pom.xml to 4.1.0.BUILD-SNAPSHOT 2016-03-14 00:51:35 -05:00
Rob Winch 7de4e59167 Auto Import Eclipse Settings
Fixes gh-3747
2016-03-14 00:15:15 -05:00
Rob Winch 6bd16fc686 Extract ide.gradle
Issue gh-3747
2016-03-14 00:15:14 -05:00
Rob Winch b52ffe038e Add Checkstyle
Fixes gh-3746
2016-03-14 00:15:13 -05:00
Rob Winch f221920a19 Clean up code to conform to basic checkstyle
Issue gh-3746
2016-03-14 00:15:12 -05:00
Rob Winch 5775f7bd80 Update to Gradle 2.10
Do not use Gradle 2.11 as it causes issues with
Eclipse import

Fixes gh-3745
2016-03-13 20:11:29 -05:00
Rob Winch 35eff94e3d Add Both Config names to duplicate WebSecurityConfigurer order
Previously the error message when multiple WebSecurityConfigurer with the
same Order did not include both WebSecurityConfigurer classes that were
involved in the duplicate Order. This made resolving errors difficult.

This commit ensures both WebSecurityConfigurers are include in the error
message.

Fixes gh-3380
2016-03-11 12:12:55 -06:00
Shazin Sadakath e33e21fe6b Add Forward after authentication attempt config support
Fixes gh-3728
2016-03-11 10:49:30 -06:00
Rob Winch dbf73c4692 Update spring-security-config module description
Include Java Configuration in the description.

Fixes gh-3298
2016-03-10 10:45:15 -06:00
Rob Winch 5d6e8bc3c8 Remove SPR-11251 workaround from WebSecurityConfiguration
Fixes gh-3348
2016-03-09 16:48:24 -06:00
Rob Winch be36ddb614 Some formatting fixes for HttpSecurity Javadoc 2016-03-09 16:45:43 -06:00
Rob Winch 2f4610e8b7 Update HttpSecurity.requestMatcher() Javadoc
Fixes gh-3365
2016-03-09 16:45:29 -06:00
Rob Winch df5e3ba6ee Polish Imports 2016-03-09 16:24:50 -06:00
Rob Winch 835ac0a217 Add @WithUserDetails userDetailsServiceBeanName
Fixes gh-3346
2016-03-09 15:59:23 -06:00
Rob Winch 618b8a2d83 Fix WebTestUtils when no matching HttpSecurity found
Previously a NullPointerException would be thrown if no HttpSecurity
matched on the request passed in. This was because findFilters would
return null rather than an empty List.

This commit returns null if findFilters gets a null result.

Fixes gh-3343
2016-03-09 15:20:10 -06:00
Martin Macko dd8ba8c07e Fix formatting error in documentation
Fixes gh-3279
2016-03-09 15:00:52 -06:00
Rob Winch 40f687aa78 Improve CSRF missing error message
Fixes gh-3738
2016-03-09 14:52:21 -06:00
Rob Winch f73357927f Merge pull request #199 from npcode/fix-broken-link
Fix a broken link to a blog posting on the Spring website
2016-03-09 14:44:13 -06:00
Billy Korando 71d4ce96ad Convert to assertj
Fixes gh-3175
2016-03-09 14:30:17 -06:00
Rob Winch bb600a473e Start AssertJ Migration
Issue gh-3175
2016-03-09 14:26:30 -06:00
Michael Osipov 6cbb439701 Use XML namespace for PreAuth Sample
Fixes gh-3399
2016-03-09 11:08:06 -06:00
Karol Lewandowski a1df8e5379 Fix keys in messages bundle
Fixes gh-2971
2016-03-09 10:43:37 -06:00
Alex Baxanean a1c4c2039b Rename HeaderWriter loop variable 2016-03-09 10:36:03 -06:00
Rob Winch 6cbb1dc881 Polish ForwardAuthenticationSuccessHandler
* Whitespace cleanup
* Add @since

Issue gh-3726
2016-03-09 10:23:53 -06:00
Rob Winch e61bc7e93b Polish ForwardAuthenticationFailureHandler
* Whitespace cleanup
* Add @since

Issue gh-3727
2016-03-09 10:23:39 -06:00
Shazin Sadakath 7341da9320 Add ForwardAuthenticationSuccessHandler
Fixes gh-3726
2016-03-09 10:22:55 -06:00
Shazin Sadakath b288d24100 Add ForwardAuthenticationFailureHandler
Fixes gh-3727
2016-03-09 10:22:41 -06:00
Rob Winch 3164bd6f8d Polish Sorting ObjectPostProcessor
* Add Test
* Only sort on adding new entry

Issue gh-3572
2016-03-08 15:51:13 -06:00
Wallace Wadge a366489c3c Sort ObjectPostProcessors prior to invoking them
Fixes gh-3572
2016-03-08 10:39:56 -06:00
Justine Tunney 3bbcbaae9c Upgrade Apache Commons Collections to v3.2.2
Version 3.2.1 has a CVSS 10.0 vulnerability. That's the worst kind of
vulnerability that exists. By merely existing on the classpath, this
library causes the Java serialization parser for the entire JVM process
to go from being a state machine to a turing machine. A turing machine
with an exec() function!

https://commons.apache.org/proper/commons-collections/security-reports.html
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
2016-03-08 08:56:01 -06:00
hmolsen b248eae416 Javadoc on ProviderManager.authenticate clarification
Fixes gh-3722
2016-03-03 15:32:03 -06:00
Rob Winch db81977a1a Polish HPKP
* Javadoc polish
* Whitespace cleanup

Issue gh-3706
2016-03-03 15:11:40 -06:00
Rob Winch a7b0f74803 bcprov-jdk15on -> bcpkix-jdk150n
This fixes the Spring IO checks since bcprov-jdk15on is not part of Spring
IO platform.

Issue gh-3702
2016-03-03 14:34:23 -06:00
Tim Ysewyn 331c7e91b7 HTTP Public Key Pinning
HTTP Public Key Pinning (HPKP) is a security mechanism which allows HTTPS websites
to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.
(For example, sometimes attackers can compromise certificate authorities,
 and then can mis-issue certificates for a web origin.)
The HTTPS web server serves a list of public key hashes, and on subsequent connections
clients expect that server to use 1 or more of those public keys in its certificate chain.

This commit will add this new functionality.

Fixes gh-3706
2016-03-03 14:21:46 -06:00
Rob Winch 8fbc7e0d2c Fix SCryptPasswordEncoder javadoc
Issue gh-3702
2016-03-03 14:18:50 -06:00
Rob Winch fc75a679d9 Polish SCryptPasswordEncoder
* JKD8 Base64 -> Spring Security's Base64 to continue to support older JDKs
* Spaces to tabs
* Javadoc cleanup
* Remove of @Override to compile in Eclipse

Issue gh-3702
2016-03-03 14:06:08 -06:00
Shazin 7d02e259df Add SCryptPasswordEncoder
Fixes gh-3702
2016-03-03 10:24:29 -06:00
Rob Winch e208bdb915 Update CONTRIBUTING to specify tabs 2016-03-03 10:21:15 -06:00
Rob Winch 65a00751a7 Update to Spring 4.2.5
Fixes gh-3715
2016-02-25 11:35:17 -06:00
Rob Winch d0dc47cb66 Remove logging for "Skip invoking on" response committed
Fixes gh-3683
2016-02-25 11:01:51 -06:00
Andrei Ivanov 9008a7af1d Allow override of SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR
Fixes gh-3697
2016-02-15 09:03:27 -06:00
Rob Winch 2fac7dfb15 Update to GitHub issues and Gitter 2016-02-12 08:30:50 -06:00
drdamour 004bb8e577 Fix ` in documentation
There were a few rendering issues within the documentation
associated with `

This commit fixes those rendering issues

Fixes gh-3699
2016-02-12 08:22:55 -06:00
Rob Winch cf551f73c7 SEC-3209: Add Code of Conduct 2016-02-01 14:23:59 -06:00
Rob Winch 0deee65eb6 Merge pull request #250 from ziedzaiem/patch-1
fix typo in doc
2016-01-07 13:56:33 -06:00
Zied Zaïem 83992a7a27 fix typo in doc 2016-01-05 14:12:04 +01:00
Juzer Ali 1f32e96d31 SEC-3181: Fixed reference formatting
The code ticks was broken.
2015-12-21 17:23:16 -06:00
Rob Winch 3480e3c05c Remove check.dependsOn springSnapshotTest 2015-12-21 16:09:59 -06:00