root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 21 Packages Projects Releases Wiki Activity
5,241 Commits 47 Branches 367 Tags 124 MiB
Commit Graph

5241 Commits

Author SHA1 Message Date
Spring Operator 11a61dc8cc URL Cleanup 
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

# Fixed URLs

## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://www.apache.org/licenses/ with 1 occurrences migrated to:
  https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 with 924 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.html with 1 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html) result 200).
 2019-03-14 20:21:25 -05:00
Rob Winch 2288d50f0e Polish URLs 
We have performed some polish on your URLs. We do not follow redirects to avoid expanding intentionally shorter URLs (i.e. URL shortened URLs)

# Fixed URLs

## Fixed But Review Recommended
These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request, so we migrated them. Your review is recommended.

| HTTP URL | Result URL | HTTPS Result | HTTP Result | Count |
| --- | --- | --- | --- | --- |
| http://repo.terracotta.org/maven2/ | https://repo.terracotta.org/maven2/ | HttpResponse(httpStatus = 403 FORBIDDEN) | HttpResponse(httpStatus = 403 FORBIDDEN) | 1 |
| http://maven-gae-plugin.googlecode.com/svn/repository | https://maven-gae-plugin.googlecode.com/svn/repository | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
| http://repository.springsource.com/maven/bundles/external | https://repository.springsource.com/maven/bundles/external | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
| http://repository.springsource.com/maven/bundles/release | https://repository.springsource.com/maven/bundles/release | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 404 NOT_FOUND) | 1 |
## Fixed Success
These URLs were fixed successfully.

| HTTP URL | Result URL | HTTPS Result | HTTP Result | Count |
| --- | --- | --- | --- | --- |
| http://docs.spring.io/spring-ldap/docs/1.3.x/apidocs/ | https://docs.spring.io/spring-ldap/docs/1.3.x/apidocs/ | HttpResponse(httpStatus = 200 OK) | null | 2 |
| http://docs.spring.io/spring/docs/3.2.x/javadoc-api | https://docs.spring.io/spring/docs/3.2.x/javadoc-api | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = http://docs.spring.io/spring/docs/3.2.x/javadoc-api/) | null | 1 |
| http://docs.spring.io/spring/docs/3.2.x/javadoc-api/ | https://docs.spring.io/spring/docs/3.2.x/javadoc-api/ | HttpResponse(httpStatus = 200 OK) | null | 1 |
| http://download.oracle.com/javase/6/docs/api/ | https://download.oracle.com/javase/6/docs/api/ | HttpResponse(httpStatus = 302 FOUND redirectUrl = https://docs.oracle.com/javase/6/docs/api/) | null | 2 |
| http://spring.io/ | https://spring.io/ | HttpResponse(httpStatus = 200 OK) | null | 42 |
| http://spring.io/spring-security | https://spring.io/spring-security | HttpResponse(httpStatus = 302 FOUND redirectUrl = https://projects.spring.io/spring-security) | null | 42 |
| http://www.apache.org/licenses/LICENSE-2.0.txt | https://www.apache.org/licenses/LICENSE-2.0.txt | HttpResponse(httpStatus = 200 OK) | null | 42 |
| http://forums.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property | https://discuss.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = https://discuss.gradle.org/gradle/topics/after_upgrade_gradle_to_2_0_version_the_maven_pom_not_support_build_property) | 1 |
| http://forums.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided | https://discuss.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided | HttpResponse(httpStatus = 404 NOT_FOUND) | HttpResponse(httpStatus = 301 MOVED_PERMANENTLY redirectUrl = https://discuss.gradle.org/gradle/topics/eclipse_wtp_deploys_testcode_to_server_example_provided) | 1 |

# Ignored
These URLs were intentionally ignored so we didn't migrate them.

| HTTP URL |
| --- |
| http://maven.apache.org/POM/4.0.0 |
| http://maven.apache.org/xsd/maven-4.0.0.xsd |
| http://www.w3.org/2001/XMLSchema-instance |
 2019-03-01 15:49:15 -06:00
Spring Buildmaster d0c7fd92de Next development version 2016-12-22 20:05:20 +00:00
Spring Buildmaster 7f246e1c0e Release version 3.2.10.RELEASE 2016-12-22 20:05:14 +00:00
Rob Winch 53ccda1549 Fix pom.xml 2016-12-22 13:08:51 -06:00
Rob Winch 5413251132 Set Default Spring IO to 1.1.5.RELEASE 
Fixes gh-4008
 2016-12-22 09:42:24 -06:00
Rob Winch 0896d22995 Update to Spring 3.2.18 2016-12-22 09:42:24 -06:00
Rob Winch 6d30da2e1f Block URL Encoded "/" in DefaultHttpFirewall 
Fixes gh-4171
 2016-12-22 09:42:21 -06:00
Rob Winch 55a25fa213 Use BUILD-SNAPSHOT 
See if this avoids the conflict resolution
 2016-12-20 20:44:14 -06:00
Rob Winch cdc485d121 Update to spring 3.2.17 2016-12-20 20:24:59 -06:00
Rob Winch 5e19ac5e7e Update pom.xml 2016-12-20 20:24:59 -06:00
Rob Winch bab3c8fa33 Gradle 2.14.1 2016-12-20 20:24:58 -06:00
Rob Winch 9e56424567 SEC-2784: Update to Gradle 2.2.1 2016-12-20 20:24:58 -06:00
Rob Winch f75ebb22d8 Next Development Version 2015-10-30 16:38:34 -05:00
Spring Buildmaster 980edebefa Release version 3.2.9.RELEASE 2015-10-30 16:37:59 -05:00
Rob Winch 07848a1060 SEC-2848: LogoutConfigurer allows setting clearAuthentication 2015-10-30 13:56:07 -05:00
Rob Winch 8207a29e52 SEC-3135: antMatchers(<method>,new String[0]) now passive 2015-10-30 10:55:45 -05:00
Rob Winch 1c22ec19e6 SEC-3082: make SavedRequest parameters case sensitive 2015-10-29 16:52:10 -05:00
Rob Winch 56e41df964 SEC-3128: RoleVoter supports null Authentication 2015-10-29 14:04:55 -05:00
Rob Winch f232f5ef05 SEC-3135: antMatchers now allows method and no pattern 
Previously, antMatchers(POST).authenticated() was not allowed. Instead
users had to use antMatchers(POST, "/**").authenticated().

Now we default the patterns to be "/**" if it is null or empty.
 2015-10-29 12:58:40 -05:00
Rob Winch d467146e49 SEC-2190: Support WebApplicationContext in ServletContext 2015-10-28 15:52:05 -05:00
Rob Winch c64b80564e SEC-3108: DigestAuthenticationFilter should use SecurityContextHolder.createEmptyContext() 2015-10-27 14:00:02 -05:00
Rob Winch 90f230cbfa SEC-2521: Improve StandardPasswordEncoder performance 2015-10-27 11:25:31 -05:00
Rob Winch 4cc2ffaa2d SEC-3109: Fix web tests 2015-10-26 21:45:23 -05:00
Rob Winch a24065c361 SEC-3109: DelegatingSecurityContextExecutor fails with same Thread 
Previously DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable
would not setup the SecurityContext if it was on the same thread as it was created.
This was intended to fix SEC-3031 but simply caused more problems.

This commit changes the strategy to keep track of the previous SecurityContext
and restore it (or clear it out if it was originally empty).
 2015-10-26 17:23:15 -05:00
Rob Winch 789d29b26b SEC-3057: Add *.txt to dist zip 2015-10-26 14:10:10 -05:00
Rob Winch 29632ee9ea SEC-3132: securityBuilder cannot be null 
If a custom SecurityConfiguererAdapter applies another
SecurityConfigurerAdapter it caused an error securityBuilder cannot be null.

This commit fixes this.
 2015-10-23 13:34:27 -05:00
Rob Winch 37aacc5e02 SEC-3070: Logout invalidate-session=false and Spring Session doesn't 
work
 2015-10-20 13:50:04 -05:00
Rob Winch 0284845289 SEC-3127: Upgrade to Powermock 1.6.2 2015-10-20 11:19:54 -05:00
Spring Buildmaster e6231584c8 Next development version 2015-07-22 22:00:32 -07:00
Rob Winch 23de257508 SEC-3031: DelegatingSecurityContext(Runnable|Callable) only modify SecurityContext on new Thread 
Modifying the SecurityContext on the same Thread can cause issues. For example, with a
RejectedExecutionHandler the SecurityContext may be cleared out on the original Thread.

This change modifies both the DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable to,
by default, only modify the SecurityContext if they are invoked on a new Thread. The behavior can be changed
by setting the property enableOnOrigionalThread to true.
 2015-07-22 16:48:04 -05:00
Rob Winch 12ed990aa2 SEC-3051: Add AbstractPreAuthenticatedProcessingFilter#principalChanged 2015-07-22 09:02:25 -05:00
Rob Winch d7d4ac9dc1 SEC-2993: OpenID Sample now uses me.yahoo.com 2015-07-21 11:12:53 -05:00
Rob Winch 7c62164392 SEC-3011: AbstractUrlAuthorizationConfigurer postProcess default AccessDecisionManager 2015-07-21 09:22:06 -05:00
Rob Winch eceb6a3587 SEC-2924: Add README.adoc in -dist.zip 2015-07-16 15:34:45 -05:00
Rob Winch c4a1f1b4a8 SEC-2965: Fix invalid formatted links in reference documentation 2015-07-16 15:26:43 -05:00
Rob Winch 7ecee8e733 SEC-3003: Document invalid intercept-url attributes for filter-security-metadata-source 2015-07-16 15:04:11 -05:00
Rob Winch 63a334317b SEC-3019: Java Config for Http Basic supports Rememberme 2015-07-16 11:13:12 -05:00
Rob Winch 704b114842 SEC-3002: Add JUnit Assume to GCM encryption tests 
Not all JDKs have GCM installed on them.
 2015-07-14 14:58:21 -05:00
Rob Winch fcc9a34356 SEC-2973: Add OnCommittedResponseWrapper 
This ensures that Spring Session & Security's logic for performing
a save on the response being committed can easily be kept in synch.
Further this ensures that the SecurityContext is now persisted when
the response body meets the content length.
 2015-07-14 14:49:12 -05:00
Rob Winch 00042ff70b SEC-2931: Fix CsrfFilter Javadoc 2015-07-14 13:41:44 -05:00
Rob Winch fc1450f72c SEC-2493: Fix javadoc for DefaultLdapAuthoritiesPopulator 2015-07-14 13:36:41 -05:00
Rob Winch a6cd1b6066 SEC-3034: AclPermissionEvaluator specifies Locale.ENGLISH 2015-07-13 23:57:14 -05:00
Rob Winch 567b0ed030 SEC-3013: Add messages_en.properties 2015-07-13 23:26:04 -05:00
Rob Winch 4e6b12f8b4 SEC-3002: Add new option for AES encryption with GCM 
The Galois Counter Mode (GCM) is held to be superior than the current
default CBC. This change adds an extra parameter to the constructor
of AesBytesEncryptor and a new convenience method in Encryptors.
 2015-07-10 00:01:13 -05:00
Rob Winch ae772294cb SEC-2851: Remove DataAccessException import from Persistent RememberMe 2015-04-21 15:04:51 -05:00
Spring Buildmaster c01f2d8501 Next development version 2015-03-25 20:56:37 -07:00
Rob Winch 28c6e9a8af SEC-2899: Update Spring OSGi version 2015-03-25 21:47:05 -05:00
Rob Winch 13cb51c15f SEC-2918: Update Spring Version 3.2.13 2015-03-25 21:43:11 -05:00
Rob Winch b0ad8173b0 SEC-2913: Post Process default session fixation AuthenticationStrategy 
Before the default session fixation AuthenticationStrategy used a
NullEventPublisher when using the Java Configuration. This was due to the
fact that it is not exposed as a Bean and is not post processed.

We now post process the default session fixation AuthenticationStrategy
which initializes the EventPublisher properly.
 2015-03-25 21:43:11 -05:00