b6800bdb4d
Update ExpressionUrlAuthorizationConfigurer Error Message
...
Update error message
2016-04-14 15:33:48 -05:00
59db9413aa
Add SpEL Bean reference test ( #3815 )
...
Issue gh-3797
2016-04-14 12:11:40 -05:00
6f169267c4
HttpSecurity comparitor->comparator
...
Rename HttpSecurity's comparitor to comparator
Fixes gh-3810
2016-04-13 15:04:22 -05:00
a7fb6d2e58
Add HttpSecurity.addFilterAt ( #3809 )
...
Fixes gh-3784
2016-04-13 16:01:25 -04:00
d3a9cc6eae
Add CsrfTokenRepository ( #3805 )
...
* Create LazyCsrfTokenRepository
Fixes gh-3790
* Add CookieCsrfTokenRepository
Fixes gh-3009
2016-04-12 17:26:53 -04:00
b82df4ecf3
Add alwaysRemember to RememberMe Java Config
...
Allow setting alwaysRemember from RememberMeConfigurer
Fixes gh-180
2016-04-12 13:37:44 -05:00
bd0c8a7baa
Fix HttpSecurity logout JavaDoc
...
Removed error provoking extra logout() from example code
2016-04-12 13:24:40 -05:00
fe94d654ed
Fix typos ( #228 )
2016-04-12 11:11:51 -05:00
c57dba6b77
Fix typo in setMessageExpessionHandler ( #3803 )
2016-04-12 11:08:52 -05:00
b90242f2fa
Updates all POM versions to 4.1.0 snapshot build.
...
Fixes gh-3804
2016-04-12 10:35:43 -04:00
d05fe8ec07
Fix typo in xsd
...
Fixes gh-3229
2016-04-05 09:47:48 -05:00
044acf7e27
Release version 4.1.0.RC1
2016-03-23 07:15:15 -07:00
2f7f2ff589
Adds support for Content Security Policy
...
Fixes gh-2342
2016-03-22 21:59:13 -05:00
4b650dc58d
Allow AuthenticationProvider Bean in Java Config
...
This commit adds support for defaulting java configuration's
authentication by providing an AuthenticationProvider Bean.
Fixes gh-3091
2016-03-22 16:17:25 -05:00
533a5f0905
Fix <password-encoder> when authentication-manager@id specified
...
When <authentication-manager> specifies an id, the <password-encoder> is
not used because the parser changes the bean id without aliasing it to
BeanIds.AUTHENTICATION_MANAGER which is used by
AuthenticationManagerBeanDefinitionParser to look up the
AuthenticationManager bean.
This commit updates AuthenticationManagerBeanDefinitionParser to ensure
there is an alias to BeanIds.AUTHENTICATION_MANAGER when the id is
specified.
Fixes gh-3296
2016-03-21 22:48:49 -05:00
7bf014f678
Path Variables fail with different case
...
Fixes gh-3329
2016-03-21 10:09:50 -05:00
cf66487d3a
Add Java Configuration Test
...
Issue SEC-2256
2016-03-18 14:03:47 -05:00
41c6a797c3
Add RememberMeConfigurer set domain
...
Fixes gh-3408
2016-03-17 08:30:18 -05:00
ec4e6c7453
Update pom.xml to 4.1.0.BUILD-SNAPSHOT
2016-03-14 00:51:35 -05:00
f221920a19
Clean up code to conform to basic checkstyle
...
Issue gh-3746
2016-03-14 00:15:12 -05:00
35eff94e3d
Add Both Config names to duplicate WebSecurityConfigurer order
...
Previously the error message when multiple WebSecurityConfigurer with the
same Order did not include both WebSecurityConfigurer classes that were
involved in the duplicate Order. This made resolving errors difficult.
This commit ensures both WebSecurityConfigurers are include in the error
message.
Fixes gh-3380
2016-03-11 12:12:55 -06:00
e33e21fe6b
Add Forward after authentication attempt config support
...
Fixes gh-3728
2016-03-11 10:49:30 -06:00
5d6e8bc3c8
Remove SPR-11251 workaround from WebSecurityConfiguration
...
Fixes gh-3348
2016-03-09 16:48:24 -06:00
be36ddb614
Some formatting fixes for HttpSecurity Javadoc
2016-03-09 16:45:43 -06:00
2f4610e8b7
Update HttpSecurity.requestMatcher() Javadoc
...
Fixes gh-3365
2016-03-09 16:45:29 -06:00
71d4ce96ad
Convert to assertj
...
Fixes gh-3175
2016-03-09 14:30:17 -06:00
bb600a473e
Start AssertJ Migration
...
Issue gh-3175
2016-03-09 14:26:30 -06:00
3164bd6f8d
Polish Sorting ObjectPostProcessor
...
* Add Test
* Only sort on adding new entry
Issue gh-3572
2016-03-08 15:51:13 -06:00
a366489c3c
Sort ObjectPostProcessors prior to invoking them
...
Fixes gh-3572
2016-03-08 10:39:56 -06:00
db81977a1a
Polish HPKP
...
* Javadoc polish
* Whitespace cleanup
Issue gh-3706
2016-03-03 15:11:40 -06:00
331c7e91b7
HTTP Public Key Pinning
...
HTTP Public Key Pinning (HPKP) is a security mechanism which allows HTTPS websites
to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.
(For example, sometimes attackers can compromise certificate authorities,
and then can mis-issue certificates for a web origin.)
The HTTPS web server serves a list of public key hashes, and on subsequent connections
clients expect that server to use 1 or more of those public keys in its certificate chain.
This commit will add this new functionality.
Fixes gh-3706
2016-03-03 14:21:46 -06:00
337f1885ea
SEC-3170: Polish
...
* Prevent a null LogoutHandler from being set when RememberMeServices
does not implement LogoutHandler
* Fix test which invoked Mock from outside spock which failed
* Add explicit test for adding null LogoutHandler to
RememberMeConfigurer
2015-12-15 09:50:54 -06:00
b28c62a6fe
SEC-3170: Null check for Java Config of RememberMeServices
...
Added a null check in LogoutConfigurer.addLogoutHandler() method to
ensure that a logout handler is always provided..
2015-12-15 09:50:54 -06:00
1182d35d3c
SEC-3159: Fix Javadoc
...
The HttpSecurity#headers() Javadoc did not accurately reflect changes made to the
HeadersConfigurer in Spring Security 4.x.
2015-11-21 19:39:15 -05:00
205ef42cfb
SEC-3147: Add error parameter for default authentication-failure-url
2015-11-12 15:00:21 -06:00
53f85e2151
SEC-2848: LogoutConfigurer allows setting clearAuthentication
2015-10-30 13:54:01 -05:00
15b4406015
SEC-3135: antMatchers(<method>,new String[0]) now passive
2015-10-30 10:08:42 -05:00
6f1bb705ac
SEC-3135: antMatchers now allows method and no pattern
...
Previously, antMatchers(POST).authenticated() was not allowed. Instead
users had to use antMatchers(POST, "/**").authenticated().
Now we default the patterns to be "/**" if it is null or empty.
2015-10-29 12:48:29 -05:00
f76bf96e14
SEC-3132: securityBuilder cannot be null
...
If a custom SecurityConfiguererAdapter applies another
SecurityConfigurerAdapter it caused an error securityBuilder cannot be null.
This commit fixes this.
2015-10-23 10:27:09 -05:00
b9f8af3096
SEC-3063: rm ConditionalOnMissingBean for @Primary
...
ConditionalOnMissingBean can only work in a Spring Boot environment. This
means this approach is flawed.
Instead users that wish to override requestDataValueProcessor can use
@Primary.
2015-10-21 15:40:43 -05:00
8baafbb2f2
SEC-3116: Polish WebSecurity Javadoc
2015-10-01 15:50:22 -05:00
29f2cc0ab1
snasphot -> snapshot
2015-09-25 15:28:39 -05:00
bac980cbcb
SEC-2868: Simplify custom UserDetailsService Java Config
...
Exposing a UserDetailsService as a bean is now all that is necessary
for Java based configuration. Additionally, an optional PasswordEncoder
bean can be used to configure password encoding.
2015-08-27 20:41:15 -05:00
6b05b298ff
SEC-2059: Support Path Variables in Web Expressions
2015-08-20 17:11:01 -05:00
cbed1d75ee
SEC-3076: Add Method Level Security Meta Annotations
2015-08-19 16:07:03 -05:00
41c9431fcc
Test that form log in requires CSRF
2015-08-03 12:24:37 -05:00
453e6332da
Fix indentation of CsrfConfigTests
2015-08-03 12:03:05 -05:00
969f3a7d1b
Update pom.xml to latest snapshots
2015-08-03 09:46:01 -05:00
ad1d858e2b
SEC-3056 - Fix JavaDoc errors.
...
Fixed JavaDoc errors accross multiple modules in order to make javadoc happy with Java 8.
2015-08-03 08:02:24 -05:00
dab4cf18b8
SEC-3032: Correct documented logout-success-url default
2015-07-22 13:48:07 -05:00
e8c9f75f9c
Update pom.xml to latest versions
2015-07-22 12:51:04 -05:00
07fb2af74b
SEC-3011: AbstractUrlAuthorizationConfigurer postProcess default AccessDecisionManager
2015-07-21 08:52:36 -05:00
ab1b7a1eb6
Remove unnecessary @SuppressWarnings
2015-07-21 08:51:32 -05:00
9654df2cc3
SEC-3045: Conditionally add MethodSecurityMetadataSourceAdvisor
2015-07-17 15:16:09 -05:00
a3df41b380
Clean Import Statements
2015-07-17 14:52:23 -05:00
0e36f85dab
SEC-3019: Java Config for Http Basic supports Rememberme
2015-07-16 11:12:44 -05:00
474d624e8e
SEC-2988: Renamed OnBeanCondition.java to OnMissingBeanCondition.java
2015-07-13 22:51:45 -05:00
64938ebcfc
SEC-2996: Suport configuring SecurityExpressionHandler<Message<Object>>
2015-07-13 22:45:35 -05:00
ca0ffb8b5d
SEC-2948: Fix error message for wrong xsd schema
...
When using the wrong xsd schema < 4.0 a message was shown that the
schema needed to be version 3.2.
In reality this schema had to be version 4.0.
2015-07-09 23:17:16 -05:00
1f74ac811e
Fix Spring IO Tests
2015-07-08 11:09:29 -05:00
197ddb3cd1
SEC-3029: Fix Compatibility with Spring 4.2.x
2015-07-07 22:46:31 -05:00
0a118336d4
SEC-2955: Convert to "static" for inner classes
2015-04-30 12:54:52 -05:00
f1352ba492
SEC-2942: Add test EnableWebSecurity supports AuthenticationPrincipal
2015-04-23 16:34:04 -05:00
f548d89b27
SEC-2932: SecurityContextConfigurer defaults SecurityContextRepository
2015-04-22 16:50:51 -05:00
09acc2b7a5
SEC-2962: SecurityContextHolderAwareRequestFilter default rolePrefix
2015-04-21 11:42:48 -05:00
38e2e23b86
Fix indentation of InterceptUrlConfigTests
2015-04-21 09:38:17 -05:00
d5dfeeca49
SEC-2927: Update chat-jc pom so Maven Builds
...
Previously there were some incorrect dependency versions. This commit fixes
that.
We added dependencyManagement for Spring Framework and corrected
Thymeleaf and embedded redis versions.
2015-04-20 15:53:26 -05:00
0bfbd2923a
SEC-2915: Fix defaut login page tests with tabs
2015-04-17 12:13:44 -05:00
4fdfb8caba
SEC-2915: More Tabs -> Spaces
2015-04-17 11:34:34 -05:00
5fa5630bc3
Polish ordering of Config and test in NamespaceRememberMeTests
...
The convention is to put the config just below the test.
This commit fixes the convention for NamespaceRememberMeTests
2015-04-17 11:20:39 -05:00
0c77c2071b
SEC-2880: Add a setter method to override the cookie name of remember-me
2015-04-17 11:14:58 -05:00
ec89fdcfaa
SEC-2919: Polish
...
Remove now unnecessary AuthenticationConfig.Builder#getLoginFormUrl
method.
2015-04-17 11:12:08 -05:00
052bd32f40
SEC-2919: DefaultLoginPageGeneratingFilter disabled when login-page specified
2015-04-17 11:12:08 -05:00
4ca936bb76
SEC-2913: Polish
2015-03-25 21:18:12 -05:00
6c541468f6
SEC-2913: Post Process default session fixation AuthenticationStrategy
...
Before the default session fixation AuthenticationStrategy used a
NullEventPublisher when using the Java Configuration. This was due to the
fact that it is not exposed as a Bean and is not post processed.
We now post process the default session fixation AuthenticationStrategy
which initializes the EventPublisher properly.
2015-03-25 21:11:52 -05:00
7b25b3e40d
SEC-2864: Default Spring Security WebSocket PathMatcher XML Namespace
2015-03-25 16:32:03 -05:00
db531d9100
SEC-2917: Update to Spring 4.1.6
2015-03-25 15:18:59 -05:00
57b06fb0b5
SEC-2864: Default Spring Security WebSocket PathMatcher
2015-03-25 13:14:15 -05:00
c94a5cf8e2
SEC-2916: disable-url-rewriting=true by default
2015-03-25 13:14:15 -05:00
ae6af5d73c
SEC-2915: Updated Java Code Formatting
2015-03-25 13:09:18 -05:00
0a2e496a84
SEC-2915: groovy/gradle spaces->tabs
2015-03-25 13:08:59 -05:00
cf9f58a4ac
SEC-2915: XML spaces->tabs
2015-03-25 13:08:52 -05:00
fbf3672eca
SEC-2908: mulitple invocations of http.requetMatchers() properly chains
2015-03-20 15:30:19 -05:00
e776a1fd35
SEC-2803: Add HttpStatusEntryPoint
2015-03-11 14:45:59 -05:00
bed20db905
Remove Unnecessary @Override
2015-02-27 16:18:31 -06:00
8b78194f31
SEC-2876: HttpSecurityBuilder addFilterAfter javadoc before->after
2015-02-24 22:19:50 -06:00
c8b79289c9
add setter for using a custom name for the rememberMeParameter
2015-02-24 21:45:23 -06:00
5f57e5b0c3
SEC-2873: Remember Me XML Configuration Defaults Should Match Java Config
2015-02-24 20:49:56 -06:00
67cd8465c3
SEC-2826: Add remember-me-cookie attribute in xml namespace
2015-02-24 17:54:54 -06:00
d2fd852711
SEC-2832: Fix config tests
2015-02-24 17:53:39 -06:00
2bf4f28db9
Fix .properites user
2015-02-24 16:25:24 -06:00
df96e5573f
Add test .properties Authentication Java Config
2015-02-24 16:14:15 -06:00
37740cd020
SEC-2861: Add WebSocket Documentation & Sample
2015-02-24 10:29:47 -06:00
b9563f6102
SEC-2830: Cleanup disabling Same Origin SockJS
...
- Defaults for properties false
- Add XML Namespace support
2015-02-24 10:28:33 -06:00
b9e2a57131
SEC-2854: Add intercept-message@message-type
2015-02-20 11:43:16 -06:00
fea03536d6
SEC-2853: Rename WebSocket XML Namespace elements
2015-02-20 11:43:15 -06:00
706e7fd7a2
SEC-2863: Update to Spring 4.1.5
2015-02-20 11:43:04 -06:00
fb085cae25
Add session-management@session-fixation-protection=none test
2015-02-19 13:01:59 -06:00
6a8475adbb
SEC-2830: Provide Same Origin support for SockJS
2015-02-18 11:21:02 -06:00
a27c33754c
SEC-2859: Add CsrfTokenArgumentResolver
2015-02-18 10:51:30 -06:00
Matthias Merdes
Rob Winch
Rob Winch
Leon Radley
Jeffrey Walraven
Johnny Lim
Nicolai Ehemann
Joe Grandja
Quinten De Swaef
Spring Buildmaster
Eddú Meléndez
Shazin Sadakath
Billy Korando
Wallace Wadge
Tim Ysewyn
Nikos Kastamoulas
William Gorder
Kazuki Shimizu
zhanhb
Thomas Darimont
Stijn
Alex Panchenko
Romain Fromi
Michael Cramer