Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,574 Commits 34 Branches 334 Tags 109 MiB
Commit Graph

575 Commits

Author SHA1 Message Date
Rob Winch ec4e6c7453 Update pom.xml to 4.1.0.BUILD-SNAPSHOT 2016-03-14 00:51:35 -05:00
Rob Winch f221920a19 Clean up code to conform to basic checkstyle 
Issue gh-3746
 2016-03-14 00:15:12 -05:00
Rob Winch 40f687aa78 Improve CSRF missing error message 
Fixes gh-3738
 2016-03-09 14:52:21 -06:00
Billy Korando 71d4ce96ad Convert to assertj 
Fixes gh-3175
 2016-03-09 14:30:17 -06:00
Rob Winch bb600a473e Start AssertJ Migration 
Issue gh-3175
 2016-03-09 14:26:30 -06:00
Alex Baxanean a1c4c2039b Rename HeaderWriter loop variable 2016-03-09 10:36:03 -06:00
Rob Winch 6cbb1dc881 Polish ForwardAuthenticationSuccessHandler 
* Whitespace cleanup
* Add @since

Issue gh-3726
 2016-03-09 10:23:53 -06:00
Rob Winch e61bc7e93b Polish ForwardAuthenticationFailureHandler 
* Whitespace cleanup
* Add @since

Issue gh-3727
 2016-03-09 10:23:39 -06:00
Shazin Sadakath 7341da9320 Add ForwardAuthenticationSuccessHandler 
Fixes gh-3726
 2016-03-09 10:22:55 -06:00
Shazin Sadakath b288d24100 Add ForwardAuthenticationFailureHandler 
Fixes gh-3727
 2016-03-09 10:22:41 -06:00
Rob Winch db81977a1a Polish HPKP 
* Javadoc polish
* Whitespace cleanup

Issue gh-3706
 2016-03-03 15:11:40 -06:00
Tim Ysewyn 331c7e91b7 HTTP Public Key Pinning 
HTTP Public Key Pinning (HPKP) is a security mechanism which allows HTTPS websites
to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.
(For example, sometimes attackers can compromise certificate authorities,
 and then can mis-issue certificates for a web origin.)
The HTTPS web server serves a list of public key hashes, and on subsequent connections
clients expect that server to use 1 or more of those public keys in its certificate chain.

This commit will add this new functionality.

Fixes gh-3706
 2016-03-03 14:21:46 -06:00
Rob Winch d0dc47cb66 Remove logging for "Skip invoking on" response committed 
Fixes gh-3683
 2016-02-25 11:01:51 -06:00
Andrei Ivanov 9008a7af1d Allow override of SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR 
Fixes gh-3697
 2016-02-15 09:03:27 -06:00
Rob Winch 56fad169db request.setMethod("POST") 2015-12-21 14:53:13 -06:00
Rob Winch 7d5af63510 Merge pull request #243 from panchenko/SEC-3158 
SEC-3158 findRequiredWebApplicationContext() compatibility with spring framework 4.1
 2015-12-03 22:14:58 -06:00
Rob Winch 81db6abbe0 SEC-3164: JDK6 compatability 2015-12-02 14:16:57 -06:00
Alex Panchenko cfa23b152e SEC-3164 Optimization in DefaultRequiresCsrfMatcher 2015-12-01 13:19:13 +06:00
Alex Panchenko 3af4140742 SEC-3158 findRequiredWebApplicationContext() compatibility with spring framework 4.1.x 2015-12-01 12:54:08 +06:00
Rob Winch 4144de9376 SEC-3082: make SavedRequest parameters case sensitive 2015-10-29 16:46:11 -05:00
Rob Winch 8f13beccb7 SEC-2190: Fix Javadoc 2015-10-29 11:41:39 -05:00
Rob Winch 8b641e5f79 SEC-2190: Support WebApplicationContext in ServletContext attribute 2015-10-28 15:12:35 -05:00
Rob Winch 5c73816a1a SEC-3108: DigestAuthenticationFilter should use SecurityContextHolder.createEmptyContext() 2015-10-27 13:56:51 -05:00
Rob Winch a88ac0fcc1 SEC-3109: Fix web tests 2015-10-26 21:31:07 -05:00
Rob Winch cda6532c43 SEC-3070: Logout invalidate-session=false and Spring Session doesn't 
work
 2015-10-20 14:58:57 -05:00
izeye 3925ed90c4 SEC-3124: Fix broken Javadoc related to `<` and `>` 2015-10-13 13:33:28 -05:00
zhanhb 29f2cc0ab1 snasphot -> snapshot 2015-09-25 15:28:39 -05:00
Rob Winch 97969ea9d2 SEC-2059: Ignore Query String for Resolving Path Variables 2015-09-01 09:53:29 -05:00
Rob Winch 6b05b298ff SEC-2059: Support Path Variables in Web Expressions 2015-08-20 17:11:01 -05:00
Rob Winch 969f3a7d1b Update pom.xml to latest snapshots 2015-08-03 09:46:01 -05:00
Thomas Darimont ad1d858e2b SEC-3056 - Fix JavaDoc errors. 
Fixed JavaDoc errors accross multiple modules in order to make javadoc happy with Java 8.
 2015-08-03 08:02:24 -05:00
Rob Winch 117f892c91 SEC-3031: DelegatingSecurityContext(Runnable|Callable) only modify SecurityContext on new Thread 
Modifying the SecurityContext on the same Thread can cause issues. For example, with a
RejectedExecutionHandler the SecurityContext may be cleared out on the original Thread.

This change modifies both the DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable to,
by default, only modify the SecurityContext if they are invoked on a new Thread. The behavior can be changed
by setting the property enableOnOrigionalThread to true.
 2015-07-22 16:07:21 -05:00
Rob Winch e8c9f75f9c Update pom.xml to latest versions 2015-07-22 12:51:04 -05:00
Rob Winch 432123daa2 SEC-2964: Fix CsrfTokenArgumentResolver Javadoc 2015-07-22 11:32:36 -05:00
Rob Winch 92ae45a04d SEC-3051: Add AbstractPreAuthenticatedProcessingFilter#principalChanged 2015-07-22 08:41:33 -05:00
Rob Winch 7c725a60e2 SEC-3047: SecurityContextHolderAwareRequestFactory update RequestFactory 2015-07-20 14:06:44 -05:00
Rob Winch 76a2fb9488 SEC-3020: SecurityContextHolderAwareRequestWrapper conditional rolePrefix 
Previously SecurityContextHolderAwareRequestWrapper always prefixed with
rolePrefix. This meant the defaults would never return true for a role
that started with the prefix (i.e. ROLE_).

We no longer apply the rolePrefix if the value passed in already starts
with rolePrefix.
 2015-07-16 14:49:32 -05:00
Rob Winch 08b1b56e2c SEC-2973: Add OnCommittedResponseWrapper 
This ensures that Spring Session & Security's logic for performing
a save on the response being committed can easily be kept in synch.
Further this ensures that the SecurityContext is now persisted when
the response body meets the content length.
 2015-07-14 14:48:41 -05:00
Rob Winch 316886affc SEC-2931: Fix CsrfFilter Javadoc 2015-07-14 13:40:59 -05:00
Rob Winch aed288da05 Fix Spring IO Tests 2015-07-08 11:48:43 -05:00
Rob Winch 1f74ac811e Fix Spring IO Tests 2015-07-08 11:09:29 -05:00
Rob Winch 197ddb3cd1 SEC-3029: Fix Compatibility with Spring 4.2.x 2015-07-07 22:46:31 -05:00
Alex Panchenko 0a118336d4 SEC-2955: Convert to "static" for inner classes 2015-04-30 12:54:52 -05:00
Rob Winch a67ef1c3a2 SEC-2944: Polish 2015-04-30 10:00:04 -05:00
Gunnar Hillert 3099f92154 SEC-2944 Add HttpStatusReturningLogoutSuccessHandler 
* Add HttpStatusReturningLogoutSuccessHandler to provide better logout capabilities for RESTful APIs
 2015-04-30 09:56:02 -05:00
Rob Winch e08e9cda00 SEC-2851: Remove DataAccessException import from Persistent RememberMe 2015-04-21 14:57:32 -05:00
Rob Winch 09acc2b7a5 SEC-2962: SecurityContextHolderAwareRequestFilter default rolePrefix 2015-04-21 11:42:48 -05:00
Rob Winch d5dfeeca49 SEC-2927: Update chat-jc pom so Maven Builds 
Previously there were some incorrect dependency versions. This commit fixes
that.

We added dependencyManagement for Spring Framework and corrected
Thymeleaf and embedded redis versions.
 2015-04-20 15:53:26 -05:00
Rob Winch 0bfbd2923a SEC-2915: Fix defaut login page tests with tabs 2015-04-17 12:13:44 -05:00
Rob Winch 4fdfb8caba SEC-2915: More Tabs -> Spaces 2015-04-17 11:34:34 -05:00