e8c9f75f9c
Update pom.xml to latest versions
2015-07-22 12:51:04 -05:00
07fb2af74b
SEC-3011: AbstractUrlAuthorizationConfigurer postProcess default AccessDecisionManager
2015-07-21 08:52:36 -05:00
ab1b7a1eb6
Remove unnecessary @SuppressWarnings
2015-07-21 08:51:32 -05:00
9654df2cc3
SEC-3045: Conditionally add MethodSecurityMetadataSourceAdvisor
2015-07-17 15:16:09 -05:00
a3df41b380
Clean Import Statements
2015-07-17 14:52:23 -05:00
0e36f85dab
SEC-3019: Java Config for Http Basic supports Rememberme
2015-07-16 11:12:44 -05:00
474d624e8e
SEC-2988: Renamed OnBeanCondition.java to OnMissingBeanCondition.java
2015-07-13 22:51:45 -05:00
64938ebcfc
SEC-2996: Suport configuring SecurityExpressionHandler<Message<Object>>
2015-07-13 22:45:35 -05:00
ca0ffb8b5d
SEC-2948: Fix error message for wrong xsd schema
...
When using the wrong xsd schema < 4.0 a message was shown that the
schema needed to be version 3.2.
In reality this schema had to be version 4.0.
2015-07-09 23:17:16 -05:00
1f74ac811e
Fix Spring IO Tests
2015-07-08 11:09:29 -05:00
197ddb3cd1
SEC-3029: Fix Compatibility with Spring 4.2.x
2015-07-07 22:46:31 -05:00
0a118336d4
SEC-2955: Convert to "static" for inner classes
2015-04-30 12:54:52 -05:00
f1352ba492
SEC-2942: Add test EnableWebSecurity supports AuthenticationPrincipal
2015-04-23 16:34:04 -05:00
f548d89b27
SEC-2932: SecurityContextConfigurer defaults SecurityContextRepository
2015-04-22 16:50:51 -05:00
09acc2b7a5
SEC-2962: SecurityContextHolderAwareRequestFilter default rolePrefix
2015-04-21 11:42:48 -05:00
38e2e23b86
Fix indentation of InterceptUrlConfigTests
2015-04-21 09:38:17 -05:00
d5dfeeca49
SEC-2927: Update chat-jc pom so Maven Builds
...
Previously there were some incorrect dependency versions. This commit fixes
that.
We added dependencyManagement for Spring Framework and corrected
Thymeleaf and embedded redis versions.
2015-04-20 15:53:26 -05:00
0bfbd2923a
SEC-2915: Fix defaut login page tests with tabs
2015-04-17 12:13:44 -05:00
4fdfb8caba
SEC-2915: More Tabs -> Spaces
2015-04-17 11:34:34 -05:00
5fa5630bc3
Polish ordering of Config and test in NamespaceRememberMeTests
...
The convention is to put the config just below the test.
This commit fixes the convention for NamespaceRememberMeTests
2015-04-17 11:20:39 -05:00
0c77c2071b
SEC-2880: Add a setter method to override the cookie name of remember-me
2015-04-17 11:14:58 -05:00
ec89fdcfaa
SEC-2919: Polish
...
Remove now unnecessary AuthenticationConfig.Builder#getLoginFormUrl
method.
2015-04-17 11:12:08 -05:00
052bd32f40
SEC-2919: DefaultLoginPageGeneratingFilter disabled when login-page specified
2015-04-17 11:12:08 -05:00
4ca936bb76
SEC-2913: Polish
2015-03-25 21:18:12 -05:00
6c541468f6
SEC-2913: Post Process default session fixation AuthenticationStrategy
...
Before the default session fixation AuthenticationStrategy used a
NullEventPublisher when using the Java Configuration. This was due to the
fact that it is not exposed as a Bean and is not post processed.
We now post process the default session fixation AuthenticationStrategy
which initializes the EventPublisher properly.
2015-03-25 21:11:52 -05:00
7b25b3e40d
SEC-2864: Default Spring Security WebSocket PathMatcher XML Namespace
2015-03-25 16:32:03 -05:00
db531d9100
SEC-2917: Update to Spring 4.1.6
2015-03-25 15:18:59 -05:00
57b06fb0b5
SEC-2864: Default Spring Security WebSocket PathMatcher
2015-03-25 13:14:15 -05:00
c94a5cf8e2
SEC-2916: disable-url-rewriting=true by default
2015-03-25 13:14:15 -05:00
ae6af5d73c
SEC-2915: Updated Java Code Formatting
2015-03-25 13:09:18 -05:00
0a2e496a84
SEC-2915: groovy/gradle spaces->tabs
2015-03-25 13:08:59 -05:00
cf9f58a4ac
SEC-2915: XML spaces->tabs
2015-03-25 13:08:52 -05:00
fbf3672eca
SEC-2908: mulitple invocations of http.requetMatchers() properly chains
2015-03-20 15:30:19 -05:00
e776a1fd35
SEC-2803: Add HttpStatusEntryPoint
2015-03-11 14:45:59 -05:00
bed20db905
Remove Unnecessary @Override
2015-02-27 16:18:31 -06:00
8b78194f31
SEC-2876: HttpSecurityBuilder addFilterAfter javadoc before->after
2015-02-24 22:19:50 -06:00
c8b79289c9
add setter for using a custom name for the rememberMeParameter
2015-02-24 21:45:23 -06:00
5f57e5b0c3
SEC-2873: Remember Me XML Configuration Defaults Should Match Java Config
2015-02-24 20:49:56 -06:00
67cd8465c3
SEC-2826: Add remember-me-cookie attribute in xml namespace
2015-02-24 17:54:54 -06:00
d2fd852711
SEC-2832: Fix config tests
2015-02-24 17:53:39 -06:00
2bf4f28db9
Fix .properites user
2015-02-24 16:25:24 -06:00
df96e5573f
Add test .properties Authentication Java Config
2015-02-24 16:14:15 -06:00
37740cd020
SEC-2861: Add WebSocket Documentation & Sample
2015-02-24 10:29:47 -06:00
b9563f6102
SEC-2830: Cleanup disabling Same Origin SockJS
...
- Defaults for properties false
- Add XML Namespace support
2015-02-24 10:28:33 -06:00
b9e2a57131
SEC-2854: Add intercept-message@message-type
2015-02-20 11:43:16 -06:00
fea03536d6
SEC-2853: Rename WebSocket XML Namespace elements
2015-02-20 11:43:15 -06:00
706e7fd7a2
SEC-2863: Update to Spring 4.1.5
2015-02-20 11:43:04 -06:00
fb085cae25
Add session-management@session-fixation-protection=none test
2015-02-19 13:01:59 -06:00
6a8475adbb
SEC-2830: Provide Same Origin support for SockJS
2015-02-18 11:21:02 -06:00
a27c33754c
SEC-2859: Add CsrfTokenArgumentResolver
2015-02-18 10:51:30 -06:00
36fe0d0357
SEC-2845: SecurityContextChannelInterceptor support anonymous
2015-02-18 10:00:22 -06:00
c4fe630f8e
SEC-2846: Security HTTP Response Headers Configuration Cleanup
2015-02-10 10:36:00 -06:00
9b5f76f3d6
SEC-2833: Rossen's feedback on WebSocket
2015-02-04 10:43:12 -06:00
72e256b95a
Fix unchecked warning in AbstractSecurityWebSocketMessageBrokerConfigurer
2015-02-04 10:43:12 -06:00
55fde81a0f
SEC-2838
2015-01-31 11:04:55 +01:00
6627f76df7
SEC-2758: Make ROLE_ consistent
2015-01-29 17:08:43 -06:00
414f98bee0
SEC-2827: Clean up MessageMatcher Ambiguities
2015-01-23 17:29:54 -06:00
5b0f8918ce
Fix Eclipse import
2015-01-23 17:29:54 -06:00
1e5f7023c6
SEC-2822: Make EnableGlobalAuthenticationAutowiredConfigurer static Bean
...
This ensures that EnableGlobalAuthenticationAutowiredConfigurer is actually
used in newer versions of Spring. See SPR-12646
2015-01-20 14:28:17 -06:00
62649af0aa
SEC-2815: Delay looking up AuthenticationConfiguration
2015-01-20 10:23:43 -06:00
8f0001f59a
Next Development Version
2014-12-11 20:39:26 -06:00
49b69196de
Release version 4.0.0.RC1
2014-12-11 20:36:55 -06:00
1677836d53
SEC-2790: Deprecate @EnableWebMvcConfig
2014-12-10 21:10:27 -06:00
62e127e978
SEC-2789: Add Default WebSecurityConfigurerAdapter
2014-12-10 21:10:26 -06:00
3171cc4364
SEC-2788: Add @Configuration as meta annotation to @Enable* annotations
2014-12-10 21:10:15 -06:00
11116c2b80
SEC-2787: Update Versions
2014-12-10 16:37:19 -06:00
c67ff42b8a
SEC-2783: XML Configuration Defaults Should Match JavaConfig
...
* j_username -> username
* j_password -> password
* j_spring_security_check -> login
* j_spring_cas_security_check -> login/cas
* j_spring_cas_security_proxyreceptor -> login/cas/proxyreceptor
* j_spring_openid_security_login -> login/openid
* j_spring_security_switch_user -> login/impersonate
* j_spring_security_exit_user -> logout/impersonate
* login_error -> error
* use-expressions=true by default
2014-12-08 15:09:15 -06:00
b56e5edbbd
SEC-2784: Fix build plugins
2014-12-08 14:24:34 -06:00
87a52ffbfd
SEC-2784: Update to Gradle 2.2.1
2014-12-08 13:29:07 -06:00
6e204fff72
SEC-2781: Remove deprecations
2014-12-04 15:28:40 -06:00
5bb0ce9a8f
SEC-2773: Add Test for static delegatingApplicationListener
2014-12-01 12:06:09 -06:00
0f7c2e4128
SEC-2773: Prevent premature container initialization in WebSecurityConfiguration.
...
Changed the bean definition method for the DelegatingApplicationListener
to be static to avoid the need to instantiate the configuration class which
caused further premature initializations to satisfy the dependencies
expressed in setFilterChainProxySecurityConfigurer(…).
2014-12-01 11:38:19 -06:00
2cb2657f5b
SEC-2702: Clean WebSocket Namespace documentation
2014-11-25 12:27:29 -06:00
8ad16b01f5
SEC-2702: Add WebSocket Security XML Namespace Support
2014-11-25 09:45:32 -06:00
3c487c0348
SEC-2348: Update doc headers enabled by default with XML
2014-11-21 21:55:03 -06:00
4392205f63
SEC-2347: CSRF Enabled by default w/ XML Config
2014-11-21 21:32:56 -06:00
eedbf44235
SEC-2348: Security HTTP Response Headers enabled by default w/ XML
2014-11-21 16:06:29 -06:00
dfa17bdb98
SEC-2747: Remove spring-core dependency from spring-security-crypto
2014-11-20 16:16:22 -06:00
30c5788b8b
SEC-1897: Remove raw types from AbstractAccessDecisionManager
2014-11-20 15:36:53 -06:00
1cca72e6d8
SEC-2749: CsrfConfigurer.requireCsrfProtectionMatcher correct null check
2014-11-20 14:40:51 -06:00
05882b5f24
SEC-2574: Polish
...
Handle null DelegatingApplicationListener
2014-11-19 17:09:24 -06:00
5810681b06
SEC-2574: JavaConfig default SessionRegistry processes SessionDestroyedEvents
2014-11-19 16:48:19 -06:00
24dec7ec3e
SEC-2737: Remove WebSocket Outbound Authorization
2014-10-10 15:56:25 -05:00
5ba8f000a7
SEC-2714: Add AuthenticationPrincipal resolver for messaging support
2014-09-23 16:28:48 -05:00
d2fa019fe5
SEC-2704: Separation of inbound and outbound security rules
2014-09-19 16:39:43 -05:00
28446284a6
SEC-2713: Support authorization by SimpMessageType
2014-09-19 16:38:56 -05:00
02c3565e22
Fix compiling in Eclipse
2014-09-16 10:18:46 -05:00
a932d6ecf3
Removed unnecessary params from anyRequest()'s javadoc
2014-08-20 11:24:15 +02:00
b9df7ba01f
SEC-2179: Allow customize PathMatcher for SimpDestinationMessageMatcher
2014-08-18 11:04:04 -05:00
6321665353
SEC-2676: Update to Spring Data Evans RC1
2014-08-15 20:46:59 -05:00
3f30529039
SEC-2179: Add Spring Security Messaging Support
2014-08-15 20:46:58 -05:00
3187ee8bf3
SEC-2700: Register WithSecurityContextTestExecutionListener by default
2014-08-15 16:41:33 -05:00
1f861f512a
SEC-2676: Add SpEL Spring Security Integration
2014-07-29 20:04:37 -05:00
8a2a1b7a5b
SEC-2595: Polish
2014-07-25 16:27:19 -05:00
b2d66e2a78
SEC-2595: @EnableGlobalMethodSecurity AspectJ fixes
2014-07-25 16:03:18 -05:00
b72c1ad314
SEC-2686: Create SecurityMockMvcConfigurer
2014-07-22 15:11:37 -05:00
ecb4296540
SEC-2588: Javadoc fix channelSecurity->requiresChannel
2014-07-21 14:23:40 -05:00
75df42cb7c
SEC-2656: Fix <frame-options> with whitelist strategy
2014-06-18 09:10:28 -05:00
c3d05bea62
SEC-2657: Test for multi dynamic ports for LDAP Java Config
2014-06-17 17:25:08 -05:00
a3fd706335
SEC-2660: Move config integration-test *.groovy to groovy source folder
2014-06-17 17:22:42 -05:00
b255478b14
SEC-2658: Java Config triggers usePasswordAttrCompare to be set
2014-06-17 17:10:16 -05:00
a2b53fabce
SEC-2657: LdapAuthenticationProviderConfigurer find available port
2014-06-17 16:54:42 -05:00
63d1b531a1
SEC-2618: LdapAuthenticationProviderConfigurer passwordAttribute null check
...
If LdapAuthenticationProviderConfigurer passwordAttribute is null, do not
set on the PasswordComparisonAuthenticator
2014-06-17 16:51:01 -05:00
e6e35932ed
SEC-2603: Fix config groovy integration tests
2014-05-20 23:15:39 -05:00
cbd06a4994
SEC-2472: Support LDAP crypto PasswordEncoder
2014-05-20 23:15:36 -05:00
d95640d3e5
SEC-2600: Remove unused import
2014-05-19 12:29:04 -05:00
f73b579ad9
SEC-2543: Logout with CSRF enabled requires POST by default
2014-05-02 11:24:02 -05:00
1d7402e0cd
SEC-2532: Add disclaimer about jdbcAuthentication() with persistent data stores
2014-04-28 15:06:52 -05:00
37bb350883
SEC-2549: Remove LazyBean marker interface
2014-04-24 14:34:35 -05:00
00e1094178
Add springio-platform plugin
2014-04-23 14:35:22 -05:00
ccf96a4d69
SEC-2542: Polish dependency exclusions
...
This cleans up exclusions so the pom.xml are not as cluttered.
2014-04-02 09:47:29 -05:00
3118e39de8
SEC-2542: Use exclusions to remove duplicate dependencies
...
A number of projects had duplicate dependencies on their classpaths
as a result of the same classes being available in more than one
artifact, each with different Maven coordinates. Typically this only
affected the tests, but meant that the actual classes that were
loaded was somewhat unpredictable and had the potential to vary
between an IDE and the command line depending on the order in which
the aritfacts appeared on the classpath. This commit adds a number of
exclusions to remove such duplicates.
In addition to the new exclusions, notable other changes are:
- Spring Data JPA has been updated to 1.4.1. This brings its
transitive dependency upon spring-data-commons into line with
Spring LDAP's and prevents both spring-data-commons-core and
spring-data-commons from being on the classpath
- All Servlet API dependencies have been updated to use the official
artifact with all transitive dependencies on unofficial servlet API
artifacts being excluded.
- In places, groovy has been replaced with groovy-all. This removes
some duplicates caused by groovy's transitive dependencies.
- JUnit has been updated to 4.11 which brings its transitive Hamcrest
dependency into line with other components.
There appears to be a bug in Gradle which means that some exclusions
applied to an artifact do not work reliably. To work around this
problem it has been necessary to apply some exclusions at the
configuration level
Conflicts:
samples/messages-jc/pom.xml
2014-04-02 09:47:26 -05:00
c411014c24
SEC-2533: Global AuthenticationManagerBuilder disables clearing child credentials
2014-03-25 13:05:44 -05:00
cb0549a609
SEC-2498: RequestCache allows POST when CSRF is disabled
2014-03-25 10:50:59 -05:00
d079044592
SEC-2531: AuthenticationConfiguration#lazyBean should use BeanClassLoader
2014-03-24 14:58:19 -05:00
e4a58375cc
SEC-2515: Detect object cycle for AuthenticationManager configuration
2014-03-10 14:33:35 -05:00
4cdeacc277
SEC-2499: Allow MethodSecurityExpressionHandler in parent context
...
Previously a NoSuchBeanDefintionException was thrown when the
MethodSecurityExpressionHandler was defined in the parent context. This
happened due to trying to work around ordering issues related to SEC-2136
This commit resolves this by not marking the
MethodSecurityExpressionHandler bean as lazy unless it exists.
2014-03-06 21:14:35 -06:00
9988fa141c
Update Spring Security version in pom.xml
2014-03-06 08:13:52 -06:00
6be4e3a9fc
SEC-2506: Remove Bundlor Support
2014-03-05 13:32:16 -06:00
04a527d4ec
SEC-2495: CSRF disables logout on GET
2014-02-20 09:40:00 -06:00
7f99a2dfbb
SEC-2487: Update to Spring 3.2.8.RELEASE
2014-02-19 09:30:40 -06:00
85305050c0
SEC-2455: Fix XML default login generation
2014-02-18 13:52:05 -06:00
8a3a7961cb
SEC-2492: ExpressionUrlAuthorizationConfigurer private interceptUrl to void
2014-02-15 14:41:26 -06:00
bf2df220ca
SEC-2490: LdapAuthenticationProviderConfigurer allows custom LdapAuthoritiesPopulator
2014-02-13 16:37:33 -06:00
7a3da28987
SEC-2479: Search parent context for AuthenticationManager
2014-02-12 08:11:26 -06:00
6c35c33abe
SEC-2447: Fix AuthenticationManagerBuilder ordering issues
2014-02-09 21:17:51 -06:00
c42e13c966
loginProcessing test
2014-02-07 17:01:11 -06:00
6b42a2eae1
SEC-2461: Multi WebSecurityConfiguration does not create null springSecurityFilterChain
2014-02-07 17:01:11 -06:00
ec8b48150d
SEC-2474: Update poms
2014-02-07 17:01:11 -06:00
8d8475deb1
SEC-2455: form-login@login-processing-url & logout@logout-url use matchers
...
Remove the deprecation warnings of using setFilterProcessingUrl by invoking
the matcher methods instead.
2014-01-29 15:35:18 -06:00
1f833b0d6b
Add ExpressionUrlAuthorizationCOnfigurer tests
...
- Demo custom expression root
- Demo @Bean in expression example
2014-01-23 11:21:21 -06:00
994117ad75
SEC-2436: Fix CsrfConfigurerNoWebMvcTests
2013-12-14 14:48:47 -06:00
b7041ed00e
SEC-2436: Add @EnableWebMvcSecurity
2013-12-14 14:40:01 -06:00
053c890a69
SEC-2450: WebSecurityConfigurerAdapter have default Order of 100
2013-12-14 13:00:48 -06:00
2df5541905
SEC-2448: Update to HSQL 2.3.1
2013-12-14 10:19:06 -06:00
04fac30d75
SEC-2449: <ldap-server> default port should fallback to dynamic value
2013-12-14 10:19:06 -06:00
54ffa28bde
remove apacheDSWorkDir since custom tmp dir is created
2013-12-13 16:38:35 -06:00
a34178bc40
SEC-2434: Update to Spring 3.2.6 and Spring 4.0 GA
2013-12-12 08:16:59 -06:00
aaa7cec32e
SEC-2326: CsrfRequestDataValueProcessor implements RequestDataValueProcessor
...
Previously there was unecessary complexity in CsrfRequestDataValueProcessor
due to the non-passive changes in RequestDataValueProcessor. Now it simply
implements the interface with the methods for both versions of the interface.
This works since linking happens at runtime.
2013-12-12 08:07:22 -06:00
7f714ebb23
SEC-2422: Session timeout detection with CSRF protection
2013-12-11 17:38:17 -06:00
00d668dc5c
SEC-2431: UrlAuthorizationConfigurer missing <HttpSecurity> in doc
2013-12-11 11:07:05 -06:00
4460e84b29
Updates to pom.xml author and repo
2013-12-09 08:57:30 -06:00
8e8bdad8e6
SEC-2386: Remove stack for AuthenticationManagerBuilder with no authenticationProviders
2013-12-04 15:53:32 -06:00
f2fdc9d1f5
SEC-2425: Add Test for EnableGlobalMethodSecurity works on parent config
2013-12-04 14:54:56 -06:00
595b16d836
SEC-2377: Fix tests
2013-12-03 11:48:25 -06:00
2a632a061e
SEC-2377: Hhandle EnableWebSecurity in both child & parent ApplicationContext
2013-12-03 10:45:25 -06:00
0b996c669f
SEC-2424: Document ObjectPostProcessor
2013-12-02 10:17:08 -06:00
13c5af5b91
SEC-2407: Better error message for missing securityFilterChainBuilders
2013-11-26 10:12:55 -06:00
c7b93e6cee
SEC-2404: Fix CSRF config tests
2013-11-21 15:35:26 -06:00
9dbe30c81d
SEC-2165: remember-me@token-validity-seconds can be parameterized
2013-11-15 14:58:53 -06:00
Rob Winch
Stijn
Alex Panchenko
Kazuki Shimizu
Romain Fromi
Michael Cramer
Michael Oberwasserlechner
Spring Buildmaster
Oliver Gierke
Nándor István Krácser
Mirko Zeibig
Andy Wilkinson
Rob Winch