Commit Graph

5221 Commits

Author SHA1 Message Date
Mikhail Stryzhonok f20219d541 Added possibility create custom Sid 2014-11-18 13:27:36 -06:00
Rob Winch fa9e7999da SEC-2569: SavedRequestAwareWrapper no longer overrides getCookies()
Previously SavedRequestAwareWrapper overrode the getCookies() method. This
meant that the cookies from the original request were used instead of the
new request. In general, this does not make sense since cookies are
automatically submitted in every request by a client. Additionally, this
caused problems with using a locale cookie that was specified after the
secured page was requested.

Now SavedRequestAwareWrapper uses the new incoming request for determining
the cookies.
2014-11-18 13:17:27 -06:00
Rob Winch 97df23e3b5 Add IDE Setup to CONTRIBUTING 2014-10-28 22:09:53 -05:00
Rob Winch 24dec7ec3e SEC-2737: Remove WebSocket Outbound Authorization 2014-10-10 15:56:25 -05:00
Rob Winch 4e7398eec0 SEC-2150: Support class level annotations on Spring Data Repositories 2014-09-26 13:47:37 -05:00
Rob Winch d429c96253 SEC-2150: Add tests to verify JSR-250 Spec behavior 2014-09-26 13:46:10 -05:00
Andy Wilkinson a28650c715 Provide a ClassLoader to be used to load LDIF files
Prior to this change, ApacheDSContainer created a LdifFileLoader
without a ClassLoader. This limited its ability to load LDIF files
and causes a problem with an executable war in Spring Boot. See [1]
for details.

ApacheDSContainer now initialises LdifFileLoader with a ClassLoader.
This allows it to locate LDIF files packaged in WEB-INF/classes in
the case of an executable war file. The executable jar case was not
affected by this problem as, in that case, the LDIF file is pacakaged
in the root of the jar and is accessible via getSystemResourceAsStream

[1] https://github.com/spring-projects/spring-boot/issues/1550
2014-09-24 13:49:15 -05:00
Rob Winch 5ba8f000a7 SEC-2714: Add AuthenticationPrincipal resolver for messaging support 2014-09-23 16:28:48 -05:00
Rob Winch d2fa019fe5 SEC-2704: Separation of inbound and outbound security rules 2014-09-19 16:39:43 -05:00
Rob Winch 28446284a6 SEC-2713: Support authorization by SimpMessageType 2014-09-19 16:38:56 -05:00
Rob Winch b717333707 Polish messaging generics and imports 2014-09-16 14:31:06 -05:00
Rob Winch b6fcde880a SEC-2703: ChannelSecurityInterceptor use ThreadLocal for InterceptorStatusToken 2014-09-16 13:46:10 -05:00
Rob Winch e7edb77cae SEC-2716: Fix doc spelling of AbstractPreAuthenticatedProcessingFilter 2014-09-16 10:56:52 -05:00
Rob Winch d316f661e8 SEC-2719: Fix order sensitive authenticated().withRoles(..) 2014-09-16 10:54:50 -05:00
Rob Winch 02c3565e22 Fix compiling in Eclipse 2014-09-16 10:18:46 -05:00
Rob Winch 39d544b901 Merge pull request #121 from bonifaido/patch-1
Removed unnecessary params from anyRequest()'s javadoc
2014-09-01 22:30:25 -05:00
Rob Winch 96ea4ddc7b Merge pull request #120 from bura/fix-clickjacking-url
Fixed broken url to Clickjacking description.
2014-09-01 22:29:39 -05:00
Nándor István Krácser a932d6ecf3 Removed unnecessary params from anyRequest()'s javadoc 2014-08-20 11:24:15 +02:00
Bloshchetsov Andrey Evgenyevich bd322542ca Fixed broken url to Clickjacking description. 2014-08-20 10:11:21 +04:00
Rob Winch 57ea75a7ce Merge pull request #118 from benmccann/patch-1
Artifacts should be downloaded using https
2014-08-18 17:03:36 -05:00
Rob Winch b9df7ba01f SEC-2179: Allow customize PathMatcher for SimpDestinationMessageMatcher 2014-08-18 11:04:04 -05:00
Ben McCann 613820a218 Artifacts should be downloaded using https
See http://blog.ontoillogical.com/blog/2014/07/28/how-to-take-over-any-java-developer/
2014-08-16 14:52:34 -07:00
Rob Winch 533b71b9b8 SEC-2688: Remove ORDER constant 2014-08-15 21:14:12 -05:00
Rob Winch 6321665353 SEC-2676: Update to Spring Data Evans RC1 2014-08-15 20:46:59 -05:00
Rob Winch 3f30529039 SEC-2179: Add Spring Security Messaging Support 2014-08-15 20:46:58 -05:00
Rob Winch 934937d9c1 SEC-2688: CAS Proxy Ticket Authentication uses Service for host & port 2014-08-15 16:41:33 -05:00
Rob Winch f50e058d07 SEC-2697: Fix logging of Spring Version Check 2014-08-15 16:41:33 -05:00
Rob Winch 939df5f0f9 SEC-2547: Update to cas-client-core-3.3.3 2014-08-15 16:41:33 -05:00
Rob Winch 3187ee8bf3 SEC-2700: Register WithSecurityContextTestExecutionListener by default 2014-08-15 16:41:33 -05:00
Rob Winch 1eaa621619 SEC-2676: Fix data and sample data poms 2014-08-15 16:40:51 -05:00
Rob Winch 94a0816153 Exclude spring-data-commons from spring-ldap-core 2014-08-01 14:04:47 -05:00
Rob Winch 4f936c4c51 Remove @Version from created since it should not be updated
This also works around DATAJPA-582
2014-08-01 14:03:27 -05:00
Rob Winch 3e8c879cea SEC-2676: Fix data-jc sample's classpath 2014-08-01 10:33:33 -05:00
Rob Winch 1f861f512a SEC-2676: Add SpEL Spring Security Integration 2014-07-29 20:04:37 -05:00
Rob Winch 4a633a938a SEC-2690: Add guard around debug statement 2014-07-28 16:25:27 -05:00
Rob Winch 0f6235bbe0 SEC-2690: Polish LdapAuthority
- Make dn required (as javadoc inidicates)
- Simplify .equals since role cannot be null
- Formatting polish
2014-07-28 16:25:27 -05:00
Rob Winch aac4ede3a4 SEC-2690: Polish method modifiers
- Make methods final where possible
- Make methods private where possible
2014-07-28 16:25:27 -05:00
Rob Winch 1761b29e58 SEC-2690: String[]->List<String>
Use Collections rather than Arrays since Collections can be immutable.
2014-07-28 16:25:27 -05:00
Rob Winch 15c837d5de SEC-2690: Revert explicit TcpTransport since causes tests to fail 2014-07-28 16:25:26 -05:00
Rob Winch 6b43b261bc SEC-2690: Formatting cleanup 2014-07-28 12:41:56 -05:00
Filip Hanik 93b863d2e5 SEC-2690: Support static nested groups in LDAP
This refers to groups that have member: <another group DN> as an attribute
- Add in a utility method in the SpringSecurityLdapTemplate to retrieve multiple attributes and their values from an LDAP record
- Make the DefaultLdapAuthoritiesPopulator more extensible
- Add an LdapAuthority object that holds the DN in addition to other group attributes
- Add a NestedLdapAuthoritiesPopulator to search statically nested groups
2014-07-28 12:40:19 -05:00
Rob Winch 8a2a1b7a5b SEC-2595: Polish 2014-07-25 16:27:19 -05:00
Rob Winch b2d66e2a78 SEC-2595: @EnableGlobalMethodSecurity AspectJ fixes 2014-07-25 16:03:18 -05:00
Rob Winch 44f688c9d2 Update to Spring IO 1.1.0.BUILD-SNAPSHOT 2014-07-22 22:32:42 -05:00
Rob Winch 08d703545c SEC-2686: Fix SpringSecurityCoreVersion 2014-07-22 22:06:45 -05:00
Rob Winch b72c1ad314 SEC-2686: Create SecurityMockMvcConfigurer 2014-07-22 15:11:37 -05:00
Rob Winch e14e5b42fc SEC-2599: HttpSessionEventPublisher get required ApplicationContext
In order to get better error messages (avoid NullPointerException) the
HttpSessionEventPublisher now gets the required ApplicationContext which
throws an IllegalStateException with a good error message.
2014-07-22 09:19:50 -05:00
Rob Winch 9654817fd8 SEC-2601: Add DigestRequestPostProcessor 2014-07-21 22:46:18 -05:00
Rob Winch c8348d60e1 SEC-2602: Add test support for x509 certificate 2014-07-21 15:09:30 -05:00
Rob Winch ecb4296540 SEC-2588: Javadoc fix channelSecurity->requiresChannel 2014-07-21 14:23:40 -05:00