Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,767 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

687 Commits

Author SHA1 Message Date
novotnyr f8bfe19a98 Fix typo in autowiring warning (#4026) 
Fixes a misleading message that warns about
PermissionEvaluator when MethodSecurityExpressionHandler
should be mentioned instead.

Fixes gh-3402
 2016-08-16 08:39:49 -05:00
Rob Winch bb997eecde Fix defaultMethodExpressionHandler autowiring 
Previously if a Bean for GlobalMethodSecurityConfiguration's
defaultMethodExpressionHandler was found on a Configuration that also
@Autowired a Bean that enabled method security, the Bean that was
@Autowired would not have security enabled.

This fixes the issue by delaying the lookup of Beans populated on
GlobalMethodSecurityConfiguration's defaultMethodExpressionHandler.

Fixes gh-4020
 2016-08-10 23:48:07 -05:00
Joe Grandja e080905a79 MvcRequestMatcher servletPath Polish / XML Config 
Fixes gh-4014
 2016-08-09 16:29:30 -05:00
Rob Winch 3befb1c8a6 MvcRequestMatcher servletPath / JavaConfig 
Issue: gh-3987
 2016-08-09 16:29:30 -05:00
Rob Winch 519c15efb3 Logout is 204 for XMLHttpRequest 
Fixes gh-3997
 2016-08-02 11:26:52 -07:00
Rob Winch c23c7982ca Add ObjectPostProcessor support for SmartInitializingSingleton 2016-07-21 08:59:17 -05:00
Rob Winch ca170f8479 DummyRequest supports methods for MvcRequestMatcher 
To support MvcRequestMatcher DummyRequest needs to support
getCharacterEncoding() and getAttribute(String)
 2016-07-14 14:18:31 -05:00
Rob Winch ada146244e Add HttpSecurity.mvcMatcher 
Fixes gh-3970
 2016-07-14 10:50:49 -04:00
Rob Winch 945e2e2ad4 Fix NPE requestMatchers().mvcMatchers 
Fixes gh-3969
 2016-07-14 10:50:49 -04:00
Marten Deinum 80ff267749 Check RememberMe in ExceptionTranslationFilter 
This commit adds a check for rememberme to the ExceptionTranslationFilter.
Using this when someone isn't fully authenticated he will be prompted with a
login screen and after that will be redirected to the original requested URI.

Fixes gh-2427
 2016-07-13 16:58:00 -04:00
Eddú Meléndez 1effc1882a Add CompositeLogoutHandler 
Fixes gh-3895
 2016-07-08 13:30:38 -05:00
Rob Winch 885f074ddf Fix XsdDocumentedTests 2016-07-07 15:05:04 -05:00
Rob Winch e297706e8b Polish allow unlimitted sessions 
Update the rnc file

Issue gh-3900
 2016-07-07 14:31:40 -05:00
Michael J. Simons e3ff4130a5 Allow negative values to configure unlimited sessions 2016-07-07 14:29:18 -05:00
Rob Winch 50d7d3287f Add spring-security-4.2.xsd 2016-07-07 14:19:01 -05:00
Eddú Meléndez 13b0ddb7e6 Fix test assertions 2016-07-07 13:29:00 -05:00
Spring Buildmaster 919f000c80 Release version 4.1.1.RELEASE 2016-07-07 00:57:35 +00:00
Johnny Lim 310bb39a0d Fix typo 2016-07-06 16:22:33 -05:00
Rob Winch 764a4d8414 Fix Error Message typo 
Fixes gh-3953
 2016-07-06 16:19:29 -05:00
Jakob Englisch b17870ee07 LogoutConfigurer: only allow suitable http methods 2016-07-06 16:17:11 -05:00
Rob Winch e4c13e3c0e Add MvcRequestMatcher 
Fixes gh-3964
 2016-07-06 15:47:23 -05:00
Rob Winch 13bc70f693 Add CorsFilter support 2016-07-05 14:28:04 -05:00
Rob Winch c935d857eb Add mvc namespace to XmlApplicationContext 2016-07-01 22:04:55 -05:00
Rob Winch 7f3b3a8b59 Polish 
Issue gh-180
 2016-07-01 13:17:52 -05:00
Rob Winch bd5f71bb0d Polish 
Fix checkstyle for LDAP JavaConfig Authority mapping

Issue gh-2768
 2016-06-21 17:08:37 -05:00
Tony Dalbrekt b76e3be822 LDAP Java Config supports GrantedAuthoritiesMapper 
Fixes gh-2768
 2016-06-21 16:43:13 -05:00
Rob Winch 26ad1cb4a5 Polish RememberMe Validation 
Issue gh-3909
 2016-06-21 14:57:15 -05:00
Eddú Meléndez 87224f62e4 RememberMe JavaConfig Validation 
Add validation when rememberMeServices and rememberMeCookieName are
provided

Fixes gh-3909
 2016-06-21 14:57:01 -05:00
Rob Winch 66858e22ad Disable XMLHttpRequest for formLogin entry point 
Previously the following:

http http://localhost:8080/user \
  "X-Requested-With:XMLHttpRequest" "Accept:text/plain"

Produced a 302 instead of a 401

Fixes gh-3887
 2016-06-20 15:30:00 -05:00
Eddú Meléndez 39ed7d0eca Propagate rolePrefix to LdapAuthoritiesPopulator 
Previous to this commit, custom rolePrefix was not propagated to
LdapAuthoritiesPopulator populating  a wrong authority. Now, rolePrefix
is propagated and the authority is as expected.

Fixes gh-3921
 2016-06-20 12:44:02 -05:00
Eddú Meléndez a2ead4cf7a Polish 
Fixes gh-3892
 2016-06-20 12:35:43 -05:00
Rob Winch 2d6051625f Update pom.xml 2016-06-17 14:30:11 -05:00
Rob Winch 477573b3bc Fix @EnableGlobalAuthentication & method seucrity on @Configuration class 
Fixes gh-3934
 2016-06-17 14:05:11 -05:00
Rob Winch fa1c484587 AuthenticationConfiguration.getAuthenticationManager() supports recursion 
AuthenticationConfiguration.getAuthenticationManager() now supports
recursion. This is necessary in instances where something using
@EnableGlobalAuthentication requires an object using method level security.

Fixes gh-3935
 2016-06-17 14:02:36 -05:00
Rob Winch 9e3d2e2d99 HTTP Basic default logout ignores text/html 
This fixes an issue where Chrome sends an accept header of application/xml
which triggers an HTTP 204 to be returned

Fixes gh-3902
 2016-06-14 16:27:56 -05:00
Sola d3b3f8e004 Fix WebSecurityConfigurerAdapter Javadoc 
The constructor's Javadoc was incorrect. This commit
fixes it.
 2016-05-23 08:12:50 -05:00
Spring Buildmaster 001b05569a Release version 4.1.0.RELEASE 2016-05-05 04:25:46 +00:00
Joe Grandja e68d8bfaea Clarifies sessionAuthenticationStrategy setter 
Fixes gh-234
 2016-05-02 13:21:58 -05:00
Joe Grandja 491abf2600 Revert "Fix test for SessionManagementConfigurer" 
This reverts commit 17b25d1477.

Issue gh-234
 2016-05-02 13:21:58 -05:00
Joe Grandja 0d2b797c2a Revert "Fix sessionAuthenticationStrategy setter" 
This reverts commit 8f5d46ad68.

Issue gh-234
 2016-05-02 13:21:58 -05:00
Joe Grandja 17b25d1477 Fix test for SessionManagementConfigurer 
Fixes gh-234
 2016-04-21 16:50:03 -04:00
didiez 8f5d46ad68 Fix sessionAuthenticationStrategy setter 
sessionAuthenticationStrategy was setting sessionFixationAuthenticationStrategy instead

Fixes gh-234
 2016-04-21 16:21:54 -04:00
Spring Buildmaster 24d0069668 Release version 4.1.0.RC2 2016-04-21 01:47:25 +00:00
Rob Winch 7fe0a135ec Default AntPathRequestMatcher to be case sensitive 
Issue gh-3831
 2016-04-20 13:29:18 -05:00
Rob Winch 510cd59980 Default logout negotiation in Java Configuration 
This commit adds content negotiation for log out.

Fixes gh-3282
 2016-04-20 10:59:14 -05:00
Rob Winch 51995dc187 Add Java Configuration InvalidSessionStrategy (#3827) 
Allow configuring the InvalidSessionStrategy in Java Configuration.

Fixes gh-3371
 2016-04-20 09:59:27 -04:00
Rob Winch a5a8aeb550 Message SecurityExpressionHandler is post processed (#3820) 
Previously the SecurityExpressionHandler for message based configuration
did not have a beanResolver set.

This commit post processes the default message SecurityExpressionHandler
to ensure the beanResolver is set.

Fixes gh-3797
 2016-04-19 13:21:58 -04:00
Rob Winch c872a77ad1 RoleHiearchy Bean used in GlobalMethodSecurity (#3394) 
Previously it required quite a bit of extra work to use RoleHiearchy
within Java Based Spring Security configuration.

Now if a single RoleHiearchy Bean is defined it will automatically
be picked up and used by method security.

Fixes gh-3394
 2016-04-19 12:47:38 -04:00
Johnny Lim 933a7e8363 Remove duplicate words 
Fixes gh-3826
 2016-04-18 23:21:20 -05:00
Rob Winch fb5776cb5c Support Camel case URI variables (#3814) 
Perviously there were issues with case insenstive patterns and URI
variables that contained upper case characters. For example, the pattern
"/user/{userId}" could not resolve the variable #userId Instead it was
forced to lowercase and #userid was used.

Now if the pattern is case insensitive then so is the variable. This means
that #userId will work as will #userid.

Fixes gh-3786
 2016-04-18 17:54:48 -04:00