Mikhail Stryzhonok
f20219d541
Added possibility create custom Sid
2014-11-18 13:27:36 -06:00
Rob Winch
fa9e7999da
SEC-2569: SavedRequestAwareWrapper no longer overrides getCookies()
...
Previously SavedRequestAwareWrapper overrode the getCookies() method. This
meant that the cookies from the original request were used instead of the
new request. In general, this does not make sense since cookies are
automatically submitted in every request by a client. Additionally, this
caused problems with using a locale cookie that was specified after the
secured page was requested.
Now SavedRequestAwareWrapper uses the new incoming request for determining
the cookies.
2014-11-18 13:17:27 -06:00
Rob Winch
97df23e3b5
Add IDE Setup to CONTRIBUTING
2014-10-28 22:09:53 -05:00
Rob Winch
24dec7ec3e
SEC-2737: Remove WebSocket Outbound Authorization
2014-10-10 15:56:25 -05:00
Rob Winch
4e7398eec0
SEC-2150: Support class level annotations on Spring Data Repositories
2014-09-26 13:47:37 -05:00
Rob Winch
d429c96253
SEC-2150: Add tests to verify JSR-250 Spec behavior
2014-09-26 13:46:10 -05:00
Andy Wilkinson
a28650c715
Provide a ClassLoader to be used to load LDIF files
...
Prior to this change, ApacheDSContainer created a LdifFileLoader
without a ClassLoader. This limited its ability to load LDIF files
and causes a problem with an executable war in Spring Boot. See [1]
for details.
ApacheDSContainer now initialises LdifFileLoader with a ClassLoader.
This allows it to locate LDIF files packaged in WEB-INF/classes in
the case of an executable war file. The executable jar case was not
affected by this problem as, in that case, the LDIF file is pacakaged
in the root of the jar and is accessible via getSystemResourceAsStream
[1] https://github.com/spring-projects/spring-boot/issues/1550
2014-09-24 13:49:15 -05:00
Rob Winch
5ba8f000a7
SEC-2714: Add AuthenticationPrincipal resolver for messaging support
2014-09-23 16:28:48 -05:00
Rob Winch
d2fa019fe5
SEC-2704: Separation of inbound and outbound security rules
2014-09-19 16:39:43 -05:00
Rob Winch
28446284a6
SEC-2713: Support authorization by SimpMessageType
2014-09-19 16:38:56 -05:00
Rob Winch
b717333707
Polish messaging generics and imports
2014-09-16 14:31:06 -05:00
Rob Winch
b6fcde880a
SEC-2703: ChannelSecurityInterceptor use ThreadLocal for InterceptorStatusToken
2014-09-16 13:46:10 -05:00
Rob Winch
e7edb77cae
SEC-2716: Fix doc spelling of AbstractPreAuthenticatedProcessingFilter
2014-09-16 10:56:52 -05:00
Rob Winch
d316f661e8
SEC-2719: Fix order sensitive authenticated().withRoles(..)
2014-09-16 10:54:50 -05:00
Rob Winch
02c3565e22
Fix compiling in Eclipse
2014-09-16 10:18:46 -05:00
Rob Winch
39d544b901
Merge pull request #121 from bonifaido/patch-1
...
Removed unnecessary params from anyRequest()'s javadoc
2014-09-01 22:30:25 -05:00
Rob Winch
96ea4ddc7b
Merge pull request #120 from bura/fix-clickjacking-url
...
Fixed broken url to Clickjacking description.
2014-09-01 22:29:39 -05:00
Nándor István Krácser
a932d6ecf3
Removed unnecessary params from anyRequest()'s javadoc
2014-08-20 11:24:15 +02:00
Bloshchetsov Andrey Evgenyevich
bd322542ca
Fixed broken url to Clickjacking description.
2014-08-20 10:11:21 +04:00
Rob Winch
57ea75a7ce
Merge pull request #118 from benmccann/patch-1
...
Artifacts should be downloaded using https
2014-08-18 17:03:36 -05:00
Rob Winch
b9df7ba01f
SEC-2179: Allow customize PathMatcher for SimpDestinationMessageMatcher
2014-08-18 11:04:04 -05:00
Ben McCann
613820a218
Artifacts should be downloaded using https
...
See http://blog.ontoillogical.com/blog/2014/07/28/how-to-take-over-any-java-developer/
2014-08-16 14:52:34 -07:00
Rob Winch
533b71b9b8
SEC-2688: Remove ORDER constant
2014-08-15 21:14:12 -05:00
Rob Winch
6321665353
SEC-2676: Update to Spring Data Evans RC1
2014-08-15 20:46:59 -05:00
Rob Winch
3f30529039
SEC-2179: Add Spring Security Messaging Support
2014-08-15 20:46:58 -05:00
Rob Winch
934937d9c1
SEC-2688: CAS Proxy Ticket Authentication uses Service for host & port
2014-08-15 16:41:33 -05:00
Rob Winch
f50e058d07
SEC-2697: Fix logging of Spring Version Check
2014-08-15 16:41:33 -05:00
Rob Winch
939df5f0f9
SEC-2547: Update to cas-client-core-3.3.3
2014-08-15 16:41:33 -05:00
Rob Winch
3187ee8bf3
SEC-2700: Register WithSecurityContextTestExecutionListener by default
2014-08-15 16:41:33 -05:00
Rob Winch
1eaa621619
SEC-2676: Fix data and sample data poms
2014-08-15 16:40:51 -05:00
Rob Winch
94a0816153
Exclude spring-data-commons from spring-ldap-core
2014-08-01 14:04:47 -05:00
Rob Winch
4f936c4c51
Remove @Version from created since it should not be updated
...
This also works around DATAJPA-582
2014-08-01 14:03:27 -05:00
Rob Winch
3e8c879cea
SEC-2676: Fix data-jc sample's classpath
2014-08-01 10:33:33 -05:00
Rob Winch
1f861f512a
SEC-2676: Add SpEL Spring Security Integration
2014-07-29 20:04:37 -05:00
Rob Winch
4a633a938a
SEC-2690: Add guard around debug statement
2014-07-28 16:25:27 -05:00
Rob Winch
0f6235bbe0
SEC-2690: Polish LdapAuthority
...
- Make dn required (as javadoc inidicates)
- Simplify .equals since role cannot be null
- Formatting polish
2014-07-28 16:25:27 -05:00
Rob Winch
aac4ede3a4
SEC-2690: Polish method modifiers
...
- Make methods final where possible
- Make methods private where possible
2014-07-28 16:25:27 -05:00
Rob Winch
1761b29e58
SEC-2690: String[]->List<String>
...
Use Collections rather than Arrays since Collections can be immutable.
2014-07-28 16:25:27 -05:00
Rob Winch
15c837d5de
SEC-2690: Revert explicit TcpTransport since causes tests to fail
2014-07-28 16:25:26 -05:00
Rob Winch
6b43b261bc
SEC-2690: Formatting cleanup
2014-07-28 12:41:56 -05:00
Filip Hanik
93b863d2e5
SEC-2690: Support static nested groups in LDAP
...
This refers to groups that have member: <another group DN> as an attribute
- Add in a utility method in the SpringSecurityLdapTemplate to retrieve multiple attributes and their values from an LDAP record
- Make the DefaultLdapAuthoritiesPopulator more extensible
- Add an LdapAuthority object that holds the DN in addition to other group attributes
- Add a NestedLdapAuthoritiesPopulator to search statically nested groups
2014-07-28 12:40:19 -05:00
Rob Winch
8a2a1b7a5b
SEC-2595: Polish
2014-07-25 16:27:19 -05:00
Rob Winch
b2d66e2a78
SEC-2595: @EnableGlobalMethodSecurity AspectJ fixes
2014-07-25 16:03:18 -05:00
Rob Winch
44f688c9d2
Update to Spring IO 1.1.0.BUILD-SNAPSHOT
2014-07-22 22:32:42 -05:00
Rob Winch
08d703545c
SEC-2686: Fix SpringSecurityCoreVersion
2014-07-22 22:06:45 -05:00
Rob Winch
b72c1ad314
SEC-2686: Create SecurityMockMvcConfigurer
2014-07-22 15:11:37 -05:00
Rob Winch
e14e5b42fc
SEC-2599: HttpSessionEventPublisher get required ApplicationContext
...
In order to get better error messages (avoid NullPointerException) the
HttpSessionEventPublisher now gets the required ApplicationContext which
throws an IllegalStateException with a good error message.
2014-07-22 09:19:50 -05:00
Rob Winch
9654817fd8
SEC-2601: Add DigestRequestPostProcessor
2014-07-21 22:46:18 -05:00
Rob Winch
c8348d60e1
SEC-2602: Add test support for x509 certificate
2014-07-21 15:09:30 -05:00
Rob Winch
ecb4296540
SEC-2588: Javadoc fix channelSecurity->requiresChannel
2014-07-21 14:23:40 -05:00