Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,067 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

465 Commits

Author SHA1 Message Date
Rob Winch 7f99a2dfbb SEC-2487: Update to Spring 3.2.8.RELEASE 2014-02-19 09:30:40 -06:00
Rob Winch ec8b48150d SEC-2474: Update poms 2014-02-07 17:01:11 -06:00
Rob Winch 8d8475deb1 SEC-2455: form-login@login-processing-url & logout@logout-url use matchers 
Remove the deprecation warnings of using setFilterProcessingUrl by invoking
the matcher methods instead.
 2014-01-29 15:35:18 -06:00
Rob Winch 2df5541905 SEC-2448: Update to HSQL 2.3.1 2013-12-14 10:19:06 -06:00
Rob Winch ca1080fb96 SEC-2439: HttpSessionCsrfTokenRepository setHeaderName sets header instead of parameter 2013-12-13 15:47:28 -06:00
Rob Winch a34178bc40 SEC-2434: Update to Spring 3.2.6 and Spring 4.0 GA 2013-12-12 08:16:59 -06:00
Rob Winch aaa7cec32e SEC-2326: CsrfRequestDataValueProcessor implements RequestDataValueProcessor 
Previously there was unecessary complexity in CsrfRequestDataValueProcessor
due to the non-passive changes in RequestDataValueProcessor. Now it simply
implements the interface with the methods for both versions of the interface.
This works since linking happens at runtime.
 2013-12-12 08:07:22 -06:00
Rob Winch 7f714ebb23 SEC-2422: Session timeout detection with CSRF protection 2013-12-11 17:38:17 -06:00
Rob Winch 4460e84b29 Updates to pom.xml author and repo 2013-12-09 08:57:30 -06:00
Rob Winch 59e13e7bbb SEC-2404: CsrfAuthenticationStrategy creates new valid CsrfToken 2013-11-21 15:12:08 -06:00
Rob Winch 2c8946c406 Next development version 2013-11-01 14:20:55 -05:00
Spring Buildmaster 9c703a3051 Release version 3.2.0.RC2 2013-11-01 14:20:49 -05:00
Rob Winch 1a1f577a8b SEC-2358: Add RequestHEaderRequestMatcher#toString() 2013-10-28 14:41:10 -05:00
Rob Winch e638f0a547 SEC-2357: old RequestMatcher interface extends new RequestMatcher 2013-10-23 17:09:33 -05:00
Rob Winch 04b091c385 SEC-2369: PreAuthenticatedGrantedAuthoritiesUserDetailsService fix case to createUserDetails method 2013-10-17 16:18:43 -05:00
Rob Winch 15a63c58a7 SEC-2368: DebugFilter outputs headers and HTTP method 2013-10-17 14:49:45 -05:00
Rob Winch 1351c8bada SEC-2362: Clarify AbstractRememberMeServices loginSuccess javadoc 2013-10-15 13:53:23 -05:00
Adrien be e50b587d60 SEC-2360: AbstractRememberMeServices provide message for Assert on key fieldd 2013-10-14 15:06:11 -05:00
Rob Winch 0b0e7dbea9 SEC-2359: Merge DefaultLoginPageViewFilter w/ DefaultLoginPageGeneratingFilter 2013-10-14 15:00:24 -05:00
Rob Winch 51171efa7a SEC-2357: Move *RequestMatcher to .matcher package 2013-10-14 11:55:56 -05:00
Rob Winch 45ad74a0bd SEC-2357: Fix package cycles 2013-10-14 11:15:16 -05:00
Rob Winch 14b9050616 SEC-2357: Move *RequestMatchers to .matchers package 2013-10-14 10:36:31 -05:00
Rob Winch 7d99436740 SEC-2358: Add RequestHeaderRequestMatcher 2013-10-11 14:53:11 -05:00
Rob Winch 0ac1176152 Polish RequestMatcher logging and toString 2013-10-07 15:45:42 -05:00
Rob Winch cffbefadd1 SEC-2306: Fix Session Fixation logging race condition 
Previously session fixation protection could output an incorrect warning
that session fixation protection did not work.

The code now synchronizes on WebUtils.getSessionMutex(..).
 2013-10-06 17:13:40 -05:00
kazuki43zoo 611a97023d SEC-2352: HttpSessionCsrfTokenRepository lazy session creation 2013-10-06 16:44:18 -05:00
Rob Winch 17efd25717 SEC-2331: Include Expires: 0 in security headers documentation 2013-09-27 16:13:40 -05:00
Rob Winch cea0cf9260 SEC-2243: Remove additional Debug Filter 2013-09-26 11:38:16 -05:00
Rob Winch b591881e95 SEC-2302: Provide beforeSpringSecurityFilterChain hook 
This allows inserting filters before the springSecurityFilterChain.
 2013-09-25 14:52:40 -05:00
Rob Winch 88f41cdf62 SEC-2341: Update to Gradle 1.8 
Some dependencies were necessary to update due to issues with JUnit
integration.
 2013-09-24 15:35:51 -05:00
Rob Winch ddc0ef7ab3 SEC-2339: Added Logical (Or, And, Negated) RequestMatchers 2013-09-23 20:55:49 -05:00
Rob Winch 788ba9a1fa SEC-2329: Allow injecting of AuthenticationTrustResolver 2013-09-20 15:26:52 -05:00
Rob Winch 9133c33f1d SEC-2246: HttpSessionRequestCache.getRequest casts to RequestCache 
The method getRequest use to cast to DefaultRequestCache, but this
is not necessary.

Now the cast is to SavedRequest.
 2013-09-19 15:08:32 -05:00
Rob Winch 8f8c6169e8 SEC-2331: Cache Control now includes Expires: 0 2013-09-19 14:06:37 -05:00
Rob Winch 0114b457c0 SEC-2330: CacheControlHeadersWriter use a single header 2013-09-18 16:12:34 -05:00
Rob Winch 32e9239fd2 SEC-2320: AuthenticationPrincipal can be null on invalid type 
Previously a ClassCastException was thrown if the type was invalid. Now
a flag exists on AuthenticationPrincipal which indicates if a
ClassCastException should be thrown or not with the default being no error.
 2013-09-13 15:21:13 -07:00
Rob Winch b22acd0768 SEC-2314: AbstractSecurityWebApplicationInitializer.getSessionTrackingModes() uses EnumSet 2013-09-13 14:44:44 -07:00
Rob Winch 8e74407381 SEC-2296: HttpServletRequest.login should throw ServletException if already authenticated 
See throws documentation at
http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login%28java.lang.String,%20java.lang.String%29
 2013-08-31 11:55:24 -05:00
Rob Winch e8ac11641b SEC-2297: Add DispatchType.ASYNC as default for AbstractSecurityWebApplicationInitializer 2013-08-31 11:39:57 -05:00
Rob Winch 3d2f23602f SEC-2294: Update Spring Version to 3.2.4.RELEASE 2013-08-31 11:26:43 -05:00
Rob Winch 43f4d01cf3 SEC-2292: Add test to assert CSRF bypass of methods is case sensitive 
HTTP methods should be case sensitive, so add test to ensure that this is
the case http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.1
 2013-08-31 10:40:49 -05:00
Rob Winch 6e9fb7930b SEC-2298: Add AuthenticationPrincipalArgumentResolver 2013-08-30 17:06:40 -05:00
Rob Winch 086056f191 SEC-2289: Make compatible with Spring 4 as well 
There are a few subtle changes in Spring 4 that this commit addresses
 2013-08-27 16:43:10 -05:00
Rob Winch 26166ef6e8 SEC-2272: CsrfRequestDataValueProcessor support Spring 4 and Spring 3 2013-08-27 16:26:16 -05:00
Rob Winch 3f69847a4e SEC-2286: Log invalid CSRF tokens at debug level 2013-08-25 22:35:20 -05:00
Rob Winch d60108eaf6 SEC-2229: Add optional dependencies to spring-security-config 
spring-tx and spring-jdbc aren't pulled in transitively from
spring-security-web now, so we must include them as optional dependencies.
 2013-08-25 19:47:57 -05:00
Rob Winch 33db440961 SEC-2129: AntPathRequestMatcher also supports case sensitive comparisions 2013-08-25 16:26:18 -05:00
Rob Winch 7d1d856729 SEC-2229: spring-security-web dependency polish 
- remove direct dependency on spring-aop
- spring-tx and spring-jdbc optional
 2013-08-25 15:52:17 -05:00
Rob Winch 534989c8ea SEC-2103: Fix tests to verify debug logging instead of info 2013-08-25 10:05:22 -05:00
Rob Winch acb2b680d0 SEC-2103: Change log of no results to debug 2013-08-24 23:39:56 -05:00