Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,747 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

5747 Commits

Author SHA1 Message Date
Rob Winch e61bc7e93b Polish ForwardAuthenticationFailureHandler 
* Whitespace cleanup
* Add @since

Issue gh-3727
 2016-03-09 10:23:39 -06:00
Shazin Sadakath 7341da9320 Add ForwardAuthenticationSuccessHandler 
Fixes gh-3726
 2016-03-09 10:22:55 -06:00
Shazin Sadakath b288d24100 Add ForwardAuthenticationFailureHandler 
Fixes gh-3727
 2016-03-09 10:22:41 -06:00
Rob Winch 3164bd6f8d Polish Sorting ObjectPostProcessor 
* Add Test
* Only sort on adding new entry

Issue gh-3572
 2016-03-08 15:51:13 -06:00
Wallace Wadge a366489c3c Sort ObjectPostProcessors prior to invoking them 
Fixes gh-3572
 2016-03-08 10:39:56 -06:00
Justine Tunney 3bbcbaae9c Upgrade Apache Commons Collections to v3.2.2 
Version 3.2.1 has a CVSS 10.0 vulnerability. That's the worst kind of
vulnerability that exists. By merely existing on the classpath, this
library causes the Java serialization parser for the entire JVM process
to go from being a state machine to a turing machine. A turing machine
with an exec() function!

https://commons.apache.org/proper/commons-collections/security-reports.html
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
 2016-03-08 08:56:01 -06:00
hmolsen b248eae416 Javadoc on ProviderManager.authenticate clarification 
Fixes gh-3722
 2016-03-03 15:32:03 -06:00
Rob Winch db81977a1a Polish HPKP 
* Javadoc polish
* Whitespace cleanup

Issue gh-3706
 2016-03-03 15:11:40 -06:00
Rob Winch a7b0f74803 bcprov-jdk15on -> bcpkix-jdk150n 
This fixes the Spring IO checks since bcprov-jdk15on is not part of Spring
IO platform.

Issue gh-3702
 2016-03-03 14:34:23 -06:00
Tim Ysewyn 331c7e91b7 HTTP Public Key Pinning 
HTTP Public Key Pinning (HPKP) is a security mechanism which allows HTTPS websites
to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.
(For example, sometimes attackers can compromise certificate authorities,
 and then can mis-issue certificates for a web origin.)
The HTTPS web server serves a list of public key hashes, and on subsequent connections
clients expect that server to use 1 or more of those public keys in its certificate chain.

This commit will add this new functionality.

Fixes gh-3706
 2016-03-03 14:21:46 -06:00
Rob Winch 8fbc7e0d2c Fix SCryptPasswordEncoder javadoc 
Issue gh-3702
 2016-03-03 14:18:50 -06:00
Rob Winch fc75a679d9 Polish SCryptPasswordEncoder 
* JKD8 Base64 -> Spring Security's Base64 to continue to support older JDKs
* Spaces to tabs
* Javadoc cleanup
* Remove of @Override to compile in Eclipse

Issue gh-3702
 2016-03-03 14:06:08 -06:00
Shazin 7d02e259df Add SCryptPasswordEncoder 
Fixes gh-3702
 2016-03-03 10:24:29 -06:00
Rob Winch e208bdb915 Update CONTRIBUTING to specify tabs 2016-03-03 10:21:15 -06:00
Rob Winch 65a00751a7 Update to Spring 4.2.5 
Fixes gh-3715
 2016-02-25 11:35:17 -06:00
Rob Winch d0dc47cb66 Remove logging for "Skip invoking on" response committed 
Fixes gh-3683
 2016-02-25 11:01:51 -06:00
Andrei Ivanov 9008a7af1d Allow override of SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR 
Fixes gh-3697
 2016-02-15 09:03:27 -06:00
Rob Winch 2fac7dfb15 Update to GitHub issues and Gitter 2016-02-12 08:30:50 -06:00
drdamour 004bb8e577 Fix ` in documentation 
There were a few rendering issues within the documentation
associated with `

This commit fixes those rendering issues

Fixes gh-3699
 2016-02-12 08:22:55 -06:00
Rob Winch cf551f73c7 SEC-3209: Add Code of Conduct 2016-02-01 14:23:59 -06:00
Rob Winch 0deee65eb6 Merge pull request #250 from ziedzaiem/patch-1 
fix typo in doc
 2016-01-07 13:56:33 -06:00
Zied Zaïem 83992a7a27 fix typo in doc 2016-01-05 14:12:04 +01:00
Juzer Ali 1f32e96d31 SEC-3181: Fixed reference formatting 
The code ticks was broken.
 2015-12-21 17:23:16 -06:00
Rob Winch 3480e3c05c Remove check.dependsOn springSnapshotTest 2015-12-21 16:09:59 -06:00
Rob Winch 2ff38ccdc5 SEC-3179: Set springIoVersion to explicit version 2015-12-21 15:22:23 -06:00
Rob Winch 56fad169db request.setMethod("POST") 2015-12-21 14:53:13 -06:00
Rob Winch 3a8aec0c2f SEC-3178: Update to JUnit 4.12 2015-12-21 14:53:07 -06:00
Rob Winch 337f1885ea SEC-3170: Polish 
* Prevent a null LogoutHandler from being set when RememberMeServices
does not implement LogoutHandler
* Fix test which invoked Mock from outside spock which failed
* Add explicit test for adding null LogoutHandler to
RememberMeConfigurer
 2015-12-15 09:50:54 -06:00
Nikos Kastamoulas b28c62a6fe SEC-3170: Null check for Java Config of RememberMeServices 
Added a null check in LogoutConfigurer.addLogoutHandler() method to
ensure that a logout handler is always provided..
 2015-12-15 09:50:54 -06:00
Rob Winch e66eb539cc SEC-3173: Update to cas-client-3.4.1 2015-12-15 09:50:54 -06:00
Rob Winch 7d5af63510 Merge pull request #243 from panchenko/SEC-3158 
SEC-3158 findRequiredWebApplicationContext() compatibility with spring framework 4.1
 2015-12-03 22:14:58 -06:00
Rob Winch 81db6abbe0 SEC-3164: JDK6 compatability 2015-12-02 14:16:57 -06:00
Rob Winch 3cc085bcdd Merge pull request #244 from panchenko/SEC-3164 
SEC-3164 Optimization in DefaultRequiresCsrfMatcher
 2015-12-02 14:10:04 -06:00
Alex Panchenko cfa23b152e SEC-3164 Optimization in DefaultRequiresCsrfMatcher 2015-12-01 13:19:13 +06:00
Alex Panchenko 3af4140742 SEC-3158 findRequiredWebApplicationContext() compatibility with spring framework 4.1.x 2015-12-01 12:54:08 +06:00
Rob Winch ed01213a27 Merge pull request #240 from wgorder/SEC-3159 
SEC-3159: Fix Javadoc
 2015-11-28 21:00:14 -06:00
William Gorder 1182d35d3c SEC-3159: Fix Javadoc 
The HttpSecurity#headers() Javadoc did not accurately reflect changes made to the
HeadersConfigurer in Spring Security 4.x.
 2015-11-21 19:39:15 -05:00
Kazuki Shimizu b7360a803d SEC-3152: Add @Retention to @WithMock documentation 2015-11-12 16:21:12 -06:00
Kazuki Shimizu 5c36c9f659 SEC-3151 Polishing reference document (springsoruce -> spring, etc..) 2015-11-12 16:04:01 -06:00
petaure cf76e3c65e SEC-3150: Escape ' character in messages_fr.properties 
Escape ' character, if not format doesn't work fine.
 2015-11-12 15:42:52 -06:00
Kazuki Shimizu 205ef42cfb SEC-3147: Add error parameter for default authentication-failure-url 2015-11-12 15:00:21 -06:00
Rob Winch 53f85e2151 SEC-2848: LogoutConfigurer allows setting clearAuthentication 2015-10-30 13:54:01 -05:00
Rob Winch 15b4406015 SEC-3135: antMatchers(<method>,new String[0]) now passive 2015-10-30 10:08:42 -05:00
Rob Winch c93d6bc823 SEC-3120: Remove .and() from httpStrictTransportSecurity() doc 2015-10-30 09:11:47 -05:00
Rob Winch 4144de9376 SEC-3082: make SavedRequest parameters case sensitive 2015-10-29 16:46:11 -05:00
Rob Winch 0981cd975f SEC-3120: Reference hsts() -> httpStrictTransportSecurity() 2015-10-29 15:07:44 -05:00
Rob Winch be303b15d1 SEC-3128: RoleVoter supports null Authentication 2015-10-29 14:03:18 -05:00
Rob Winch 6f1bb705ac SEC-3135: antMatchers now allows method and no pattern 
Previously, antMatchers(POST).authenticated() was not allowed. Instead
users had to use antMatchers(POST, "/**").authenticated().

Now we default the patterns to be "/**" if it is null or empty.
 2015-10-29 12:48:29 -05:00
Rob Winch 8f13beccb7 SEC-2190: Fix Javadoc 2015-10-29 11:41:39 -05:00
Rob Winch 8b641e5f79 SEC-2190: Support WebApplicationContext in ServletContext attribute 2015-10-28 15:12:35 -05:00