Eddú Meléndez
df65662bf0
Upgrade to Sonarqube plugin
2016-03-14 13:56:49 -05:00
Rob Winch
d85c0395bb
Fix checkstyle import into Eclipse
...
Issue gh-3747
2016-03-14 09:19:55 -05:00
Rob Winch
ec4e6c7453
Update pom.xml to 4.1.0.BUILD-SNAPSHOT
2016-03-14 00:51:35 -05:00
Rob Winch
7de4e59167
Auto Import Eclipse Settings
...
Fixes gh-3747
2016-03-14 00:15:15 -05:00
Rob Winch
6bd16fc686
Extract ide.gradle
...
Issue gh-3747
2016-03-14 00:15:14 -05:00
Rob Winch
b52ffe038e
Add Checkstyle
...
Fixes gh-3746
2016-03-14 00:15:13 -05:00
Rob Winch
f221920a19
Clean up code to conform to basic checkstyle
...
Issue gh-3746
2016-03-14 00:15:12 -05:00
Rob Winch
5775f7bd80
Update to Gradle 2.10
...
Do not use Gradle 2.11 as it causes issues with
Eclipse import
Fixes gh-3745
2016-03-13 20:11:29 -05:00
Rob Winch
35eff94e3d
Add Both Config names to duplicate WebSecurityConfigurer order
...
Previously the error message when multiple WebSecurityConfigurer with the
same Order did not include both WebSecurityConfigurer classes that were
involved in the duplicate Order. This made resolving errors difficult.
This commit ensures both WebSecurityConfigurers are include in the error
message.
Fixes gh-3380
2016-03-11 12:12:55 -06:00
Shazin Sadakath
e33e21fe6b
Add Forward after authentication attempt config support
...
Fixes gh-3728
2016-03-11 10:49:30 -06:00
Rob Winch
dbf73c4692
Update spring-security-config module description
...
Include Java Configuration in the description.
Fixes gh-3298
2016-03-10 10:45:15 -06:00
Rob Winch
5d6e8bc3c8
Remove SPR-11251 workaround from WebSecurityConfiguration
...
Fixes gh-3348
2016-03-09 16:48:24 -06:00
Rob Winch
be36ddb614
Some formatting fixes for HttpSecurity Javadoc
2016-03-09 16:45:43 -06:00
Rob Winch
2f4610e8b7
Update HttpSecurity.requestMatcher() Javadoc
...
Fixes gh-3365
2016-03-09 16:45:29 -06:00
Rob Winch
df5e3ba6ee
Polish Imports
2016-03-09 16:24:50 -06:00
Rob Winch
835ac0a217
Add @WithUserDetails userDetailsServiceBeanName
...
Fixes gh-3346
2016-03-09 15:59:23 -06:00
Rob Winch
618b8a2d83
Fix WebTestUtils when no matching HttpSecurity found
...
Previously a NullPointerException would be thrown if no HttpSecurity
matched on the request passed in. This was because findFilters would
return null rather than an empty List.
This commit returns null if findFilters gets a null result.
Fixes gh-3343
2016-03-09 15:20:10 -06:00
Martin Macko
dd8ba8c07e
Fix formatting error in documentation
...
Fixes gh-3279
2016-03-09 15:00:52 -06:00
Rob Winch
40f687aa78
Improve CSRF missing error message
...
Fixes gh-3738
2016-03-09 14:52:21 -06:00
Rob Winch
f73357927f
Merge pull request #199 from npcode/fix-broken-link
...
Fix a broken link to a blog posting on the Spring website
2016-03-09 14:44:13 -06:00
Billy Korando
71d4ce96ad
Convert to assertj
...
Fixes gh-3175
2016-03-09 14:30:17 -06:00
Rob Winch
bb600a473e
Start AssertJ Migration
...
Issue gh-3175
2016-03-09 14:26:30 -06:00
Michael Osipov
6cbb439701
Use XML namespace for PreAuth Sample
...
Fixes gh-3399
2016-03-09 11:08:06 -06:00
Karol Lewandowski
a1df8e5379
Fix keys in messages bundle
...
Fixes gh-2971
2016-03-09 10:43:37 -06:00
Alex Baxanean
a1c4c2039b
Rename HeaderWriter loop variable
2016-03-09 10:36:03 -06:00
Rob Winch
6cbb1dc881
Polish ForwardAuthenticationSuccessHandler
...
* Whitespace cleanup
* Add @since
Issue gh-3726
2016-03-09 10:23:53 -06:00
Rob Winch
e61bc7e93b
Polish ForwardAuthenticationFailureHandler
...
* Whitespace cleanup
* Add @since
Issue gh-3727
2016-03-09 10:23:39 -06:00
Shazin Sadakath
7341da9320
Add ForwardAuthenticationSuccessHandler
...
Fixes gh-3726
2016-03-09 10:22:55 -06:00
Shazin Sadakath
b288d24100
Add ForwardAuthenticationFailureHandler
...
Fixes gh-3727
2016-03-09 10:22:41 -06:00
Rob Winch
3164bd6f8d
Polish Sorting ObjectPostProcessor
...
* Add Test
* Only sort on adding new entry
Issue gh-3572
2016-03-08 15:51:13 -06:00
Wallace Wadge
a366489c3c
Sort ObjectPostProcessors prior to invoking them
...
Fixes gh-3572
2016-03-08 10:39:56 -06:00
Justine Tunney
3bbcbaae9c
Upgrade Apache Commons Collections to v3.2.2
...
Version 3.2.1 has a CVSS 10.0 vulnerability. That's the worst kind of
vulnerability that exists. By merely existing on the classpath, this
library causes the Java serialization parser for the entire JVM process
to go from being a state machine to a turing machine. A turing machine
with an exec() function!
https://commons.apache.org/proper/commons-collections/security-reports.html
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
2016-03-08 08:56:01 -06:00
hmolsen
b248eae416
Javadoc on ProviderManager.authenticate clarification
...
Fixes gh-3722
2016-03-03 15:32:03 -06:00
Rob Winch
db81977a1a
Polish HPKP
...
* Javadoc polish
* Whitespace cleanup
Issue gh-3706
2016-03-03 15:11:40 -06:00
Rob Winch
a7b0f74803
bcprov-jdk15on -> bcpkix-jdk150n
...
This fixes the Spring IO checks since bcprov-jdk15on is not part of Spring
IO platform.
Issue gh-3702
2016-03-03 14:34:23 -06:00
Tim Ysewyn
331c7e91b7
HTTP Public Key Pinning
...
HTTP Public Key Pinning (HPKP) is a security mechanism which allows HTTPS websites
to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.
(For example, sometimes attackers can compromise certificate authorities,
and then can mis-issue certificates for a web origin.)
The HTTPS web server serves a list of public key hashes, and on subsequent connections
clients expect that server to use 1 or more of those public keys in its certificate chain.
This commit will add this new functionality.
Fixes gh-3706
2016-03-03 14:21:46 -06:00
Rob Winch
8fbc7e0d2c
Fix SCryptPasswordEncoder javadoc
...
Issue gh-3702
2016-03-03 14:18:50 -06:00
Rob Winch
fc75a679d9
Polish SCryptPasswordEncoder
...
* JKD8 Base64 -> Spring Security's Base64 to continue to support older JDKs
* Spaces to tabs
* Javadoc cleanup
* Remove of @Override to compile in Eclipse
Issue gh-3702
2016-03-03 14:06:08 -06:00
Shazin
7d02e259df
Add SCryptPasswordEncoder
...
Fixes gh-3702
2016-03-03 10:24:29 -06:00
Rob Winch
e208bdb915
Update CONTRIBUTING to specify tabs
2016-03-03 10:21:15 -06:00
Rob Winch
65a00751a7
Update to Spring 4.2.5
...
Fixes gh-3715
2016-02-25 11:35:17 -06:00
Rob Winch
d0dc47cb66
Remove logging for "Skip invoking on" response committed
...
Fixes gh-3683
2016-02-25 11:01:51 -06:00
Andrei Ivanov
9008a7af1d
Allow override of SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR
...
Fixes gh-3697
2016-02-15 09:03:27 -06:00
Rob Winch
2fac7dfb15
Update to GitHub issues and Gitter
2016-02-12 08:30:50 -06:00
drdamour
004bb8e577
Fix ` in documentation
...
There were a few rendering issues within the documentation
associated with `
This commit fixes those rendering issues
Fixes gh-3699
2016-02-12 08:22:55 -06:00
Rob Winch
cf551f73c7
SEC-3209: Add Code of Conduct
2016-02-01 14:23:59 -06:00
Rob Winch
0deee65eb6
Merge pull request #250 from ziedzaiem/patch-1
...
fix typo in doc
2016-01-07 13:56:33 -06:00
Zied Zaïem
83992a7a27
fix typo in doc
2016-01-05 14:12:04 +01:00
Juzer Ali
1f32e96d31
SEC-3181: Fixed reference formatting
...
The code ticks was broken.
2015-12-21 17:23:16 -06:00
Rob Winch
3480e3c05c
Remove check.dependsOn springSnapshotTest
2015-12-21 16:09:59 -06:00