Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,546 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

610 Commits

Author SHA1 Message Date
Rob Winch 3164bd6f8d Polish Sorting ObjectPostProcessor 
* Add Test
* Only sort on adding new entry

Issue gh-3572
 2016-03-08 15:51:13 -06:00
Wallace Wadge a366489c3c Sort ObjectPostProcessors prior to invoking them 
Fixes gh-3572
 2016-03-08 10:39:56 -06:00
Rob Winch db81977a1a Polish HPKP 
* Javadoc polish
* Whitespace cleanup

Issue gh-3706
 2016-03-03 15:11:40 -06:00
Tim Ysewyn 331c7e91b7 HTTP Public Key Pinning 
HTTP Public Key Pinning (HPKP) is a security mechanism which allows HTTPS websites
to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.
(For example, sometimes attackers can compromise certificate authorities,
 and then can mis-issue certificates for a web origin.)
The HTTPS web server serves a list of public key hashes, and on subsequent connections
clients expect that server to use 1 or more of those public keys in its certificate chain.

This commit will add this new functionality.

Fixes gh-3706
 2016-03-03 14:21:46 -06:00
Rob Winch 337f1885ea SEC-3170: Polish 
* Prevent a null LogoutHandler from being set when RememberMeServices
does not implement LogoutHandler
* Fix test which invoked Mock from outside spock which failed
* Add explicit test for adding null LogoutHandler to
RememberMeConfigurer
 2015-12-15 09:50:54 -06:00
Nikos Kastamoulas b28c62a6fe SEC-3170: Null check for Java Config of RememberMeServices 
Added a null check in LogoutConfigurer.addLogoutHandler() method to
ensure that a logout handler is always provided..
 2015-12-15 09:50:54 -06:00
William Gorder 1182d35d3c SEC-3159: Fix Javadoc 
The HttpSecurity#headers() Javadoc did not accurately reflect changes made to the
HeadersConfigurer in Spring Security 4.x.
 2015-11-21 19:39:15 -05:00
Kazuki Shimizu 205ef42cfb SEC-3147: Add error parameter for default authentication-failure-url 2015-11-12 15:00:21 -06:00
Rob Winch 53f85e2151 SEC-2848: LogoutConfigurer allows setting clearAuthentication 2015-10-30 13:54:01 -05:00
Rob Winch 15b4406015 SEC-3135: antMatchers(<method>,new String[0]) now passive 2015-10-30 10:08:42 -05:00
Rob Winch 6f1bb705ac SEC-3135: antMatchers now allows method and no pattern 
Previously, antMatchers(POST).authenticated() was not allowed. Instead
users had to use antMatchers(POST, "/**").authenticated().

Now we default the patterns to be "/**" if it is null or empty.
 2015-10-29 12:48:29 -05:00
Rob Winch f76bf96e14 SEC-3132: securityBuilder cannot be null 
If a custom SecurityConfiguererAdapter applies another
SecurityConfigurerAdapter it caused an error securityBuilder cannot be null.

This commit fixes this.
 2015-10-23 10:27:09 -05:00
Rob Winch b9f8af3096 SEC-3063: rm ConditionalOnMissingBean for @Primary 
ConditionalOnMissingBean can only work in a Spring Boot environment. This
means this approach is flawed.

Instead users that wish to override requestDataValueProcessor can use
@Primary.
 2015-10-21 15:40:43 -05:00
izeye 8baafbb2f2 SEC-3116: Polish WebSecurity Javadoc 2015-10-01 15:50:22 -05:00
zhanhb 29f2cc0ab1 snasphot -> snapshot 2015-09-25 15:28:39 -05:00
Rob Winch bac980cbcb SEC-2868: Simplify custom UserDetailsService Java Config 
Exposing a UserDetailsService as a bean is now all that is necessary
for Java based configuration. Additionally, an optional PasswordEncoder
bean can be used to configure password encoding.
 2015-08-27 20:41:15 -05:00
Rob Winch 6b05b298ff SEC-2059: Support Path Variables in Web Expressions 2015-08-20 17:11:01 -05:00
Rob Winch cbed1d75ee SEC-3076: Add Method Level Security Meta Annotations 2015-08-19 16:07:03 -05:00
Rob Winch 41c9431fcc Test that form log in requires CSRF 2015-08-03 12:24:37 -05:00
Rob Winch 453e6332da Fix indentation of CsrfConfigTests 2015-08-03 12:03:05 -05:00
Rob Winch 969f3a7d1b Update pom.xml to latest snapshots 2015-08-03 09:46:01 -05:00
Thomas Darimont ad1d858e2b SEC-3056 - Fix JavaDoc errors. 
Fixed JavaDoc errors accross multiple modules in order to make javadoc happy with Java 8.
 2015-08-03 08:02:24 -05:00
Rob Winch dab4cf18b8 SEC-3032: Correct documented logout-success-url default 2015-07-22 13:48:07 -05:00
Rob Winch e8c9f75f9c Update pom.xml to latest versions 2015-07-22 12:51:04 -05:00
Rob Winch 07fb2af74b SEC-3011: AbstractUrlAuthorizationConfigurer postProcess default AccessDecisionManager 2015-07-21 08:52:36 -05:00
Rob Winch ab1b7a1eb6 Remove unnecessary @SuppressWarnings 2015-07-21 08:51:32 -05:00
Rob Winch 9654df2cc3 SEC-3045: Conditionally add MethodSecurityMetadataSourceAdvisor 2015-07-17 15:16:09 -05:00
Rob Winch a3df41b380 Clean Import Statements 2015-07-17 14:52:23 -05:00
Rob Winch 0e36f85dab SEC-3019: Java Config for Http Basic supports Rememberme 2015-07-16 11:12:44 -05:00
Rob Winch 474d624e8e SEC-2988: Renamed OnBeanCondition.java to OnMissingBeanCondition.java 2015-07-13 22:51:45 -05:00
Rob Winch 64938ebcfc SEC-2996: Suport configuring SecurityExpressionHandler<Message<Object>> 2015-07-13 22:45:35 -05:00
Stijn ca0ffb8b5d SEC-2948: Fix error message for wrong xsd schema 
When using the wrong xsd schema < 4.0 a message was shown that the
schema needed to be version 3.2.

In reality this schema had to be version 4.0.
 2015-07-09 23:17:16 -05:00
Rob Winch 1f74ac811e Fix Spring IO Tests 2015-07-08 11:09:29 -05:00
Rob Winch 197ddb3cd1 SEC-3029: Fix Compatibility with Spring 4.2.x 2015-07-07 22:46:31 -05:00
Alex Panchenko 0a118336d4 SEC-2955: Convert to "static" for inner classes 2015-04-30 12:54:52 -05:00
Rob Winch f1352ba492 SEC-2942: Add test EnableWebSecurity supports AuthenticationPrincipal 2015-04-23 16:34:04 -05:00
Rob Winch f548d89b27 SEC-2932: SecurityContextConfigurer defaults SecurityContextRepository 2015-04-22 16:50:51 -05:00
Rob Winch 09acc2b7a5 SEC-2962: SecurityContextHolderAwareRequestFilter default rolePrefix 2015-04-21 11:42:48 -05:00
Rob Winch 38e2e23b86 Fix indentation of InterceptUrlConfigTests 2015-04-21 09:38:17 -05:00
Rob Winch d5dfeeca49 SEC-2927: Update chat-jc pom so Maven Builds 
Previously there were some incorrect dependency versions. This commit fixes
that.

We added dependencyManagement for Spring Framework and corrected
Thymeleaf and embedded redis versions.
 2015-04-20 15:53:26 -05:00
Rob Winch 0bfbd2923a SEC-2915: Fix defaut login page tests with tabs 2015-04-17 12:13:44 -05:00
Rob Winch 4fdfb8caba SEC-2915: More Tabs -> Spaces 2015-04-17 11:34:34 -05:00
Rob Winch 5fa5630bc3 Polish ordering of Config and test in NamespaceRememberMeTests 
The convention is to put the config just below the test.

This commit fixes the convention for NamespaceRememberMeTests
 2015-04-17 11:20:39 -05:00
Kazuki Shimizu 0c77c2071b SEC-2880: Add a setter method to override the cookie name of remember-me 2015-04-17 11:14:58 -05:00
Rob Winch ec89fdcfaa SEC-2919: Polish 
Remove now unnecessary AuthenticationConfig.Builder#getLoginFormUrl
method.
 2015-04-17 11:12:08 -05:00
Rob Winch 052bd32f40 SEC-2919: DefaultLoginPageGeneratingFilter disabled when login-page specified 2015-04-17 11:12:08 -05:00
Rob Winch 4ca936bb76 SEC-2913: Polish 2015-03-25 21:18:12 -05:00
Rob Winch 6c541468f6 SEC-2913: Post Process default session fixation AuthenticationStrategy 
Before the default session fixation AuthenticationStrategy used a
NullEventPublisher when using the Java Configuration. This was due to the
fact that it is not exposed as a Bean and is not post processed.

We now post process the default session fixation AuthenticationStrategy
which initializes the EventPublisher properly.
 2015-03-25 21:11:52 -05:00
Rob Winch 7b25b3e40d SEC-2864: Default Spring Security WebSocket PathMatcher XML Namespace 2015-03-25 16:32:03 -05:00
Rob Winch db531d9100 SEC-2917: Update to Spring 4.1.6 2015-03-25 15:18:59 -05:00