ea27cb6593
Update springIoVersion to latest.integration
2015-03-25 21:43:11 -05:00
fe82c8ab4c
SEC-2897: ActiveDirectoryLdapAuthenticationProvider uses bindPrincipal
2015-03-10 16:37:26 -05:00
cf66f2f39e
Next development version
2015-02-25 08:20:55 -08:00
050407564c
SEC-2871: Polish README.adoc
2015-02-25 09:47:05 -06:00
1374898cd8
SEC-2879: Add Test
2015-02-24 23:19:27 -06:00
d5ed97eba6
SEC-2879: JdbcTokenRepositoryImpl updateToken should use lastUsed arg
2015-02-24 23:19:22 -06:00
8f29c2cc36
SEC-2878: Clean imports in UsernamePasswordAuthenticationFilter
2015-02-24 22:52:28 -06:00
99d503f0a9
SEC-2877: Fix doc typo in index.adoc
...
Replace "a`" with "a `"
2015-02-24 22:29:29 -06:00
6c185f649b
SEC-2876: HttpSecurityBuilder addFilterAfter javadoc before->after
2015-02-24 22:20:45 -06:00
58be282f70
SEC-2875: Fix typo in hellomvc guide
2015-02-24 22:14:16 -06:00
2df05ee2c3
SEC-1915: Polish
...
* Restore default search filter to remain passive
* Check the search filter in setSearchFilter
* Add additional tests
2015-02-24 21:39:39 -06:00
72bc6bf539
SEC-1915: Custom ActiveDirectory search filter
...
Currently the search filter used when retrieving user details is hard coded.
New property in ActiveDirectoryLdapAuthenticationProvider:
- searchFilter - the LDAP search filter to use when searching for authorities,
default to search using 'userPrincipalName' (current) OR 'sAMAccountName'
2015-02-24 21:39:27 -06:00
1b26d03479
SEC-2832: Fix config tests
2015-02-24 17:53:54 -06:00
dfaebfa63b
SEC-2872: CsrfAuthenticationStrategy Delay Saving CsrfToken
2015-02-24 17:35:08 -06:00
f794272bac
SEC-2832: Add Tests
2015-02-24 17:35:05 -06:00
aa0a5b96ab
SEC-2832: Update request attributes with new CsrfToken
2015-02-24 17:35:03 -06:00
27c7cd150b
SEC-2871: Polish README.adoc
2015-02-24 16:59:41 -06:00
b3d108fa44
SEC-2871: readme.txt->README.adoc
2015-02-24 16:59:33 -06:00
975e4ec019
SEC-2078: AbstractPreAuthenticatedProcessingFilter requriesAuthentication support for non-String Principals
...
Previously, if the Principal returned by getPreAuthenticatedPrincipal was not a String,
it prevented requiresAuthentication from detecting when the Principal was the same.
This caused the need to authenticate the user for every request even when the Principal
did not change.
Now requiresAuthentication will check to see if the result of
getPreAuthenticatedPrincipal is equal to the current Authentication.getPrincipal().
2015-02-24 16:44:21 -06:00
74f8534b17
SEC-2791: AbstractRememberMeServices sets the version
...
If the maxAge < 1 then the version must be 1 otherwise browsers ignore
the value.
2015-02-04 15:58:49 -06:00
478a9650aa
SEC-2831: Regex/AntPath RequestMatcher handle invalid HTTP method
2015-02-04 12:05:25 -06:00
b79ba12502
SEC-2777: Fix <header> attributes in doc
2015-01-20 16:28:25 -06:00
72de17d79a
SEC-2822: Make EnableGlobalAuthenticationAutowiredConfigurer static Bean
...
This ensures that EnableGlobalAuthenticationAutowiredConfigurer is actually
used in newer versions of Spring. See SPR-12646
2015-01-20 14:30:04 -06:00
e27200a255
SEC-2815: Delay looking up AuthenticationConfiguration
2015-01-20 14:30:04 -06:00
c3f72f7b79
Merge pull request #160 from ractive/3.2.x
...
SEC-2812: Fix german translations in 3.2.x
2015-01-14 16:29:54 -06:00
b42cb9e3e1
SEC-2812: Fix german translations in 3.2.x
2015-01-12 13:48:50 +01:00
b40088b73d
Merge pull request #155 from wilkinsona/powermock-upgrade
...
Upgrade to PowerMock 1.6.1
2015-01-05 09:03:52 -06:00
4116596a6c
Upgrade to PowerMock 1.6.1
...
The Platform would like to move to JUnit 4.12 but cannot do so at the
moment as Spring Security uses a version of PowerMock which is
incompatible with JUnit 4.12. This commit updates Spring Security to use
PowerMock 1.6.1 with is compatible with JUnit 4.12.
2015-01-05 09:52:26 +00:00
9de369c25f
SEC-2800 Documentation typo in class name
2014-12-23 09:15:24 -06:00
bf2d2d4597
SEC-2773: Add Test for static delegatingApplicationListener
2014-12-01 12:07:07 -06:00
c05f27af6c
SEC-2773: Prevent premature container initialization in WebSecurityConfiguration.
...
Changed the bean definition method for the DelegatingApplicationListener
to be static to avoid the need to instantiate the configuration class which
caused further premature initializations to satisfy the dependencies
expressed in setFilterChainProxySecurityConfigurer(…).
2014-12-01 12:07:05 -06:00
cdac4d990b
SEC-2747: Remove spring-core dependency from spring-security-crypto
2014-11-20 16:28:06 -06:00
db66843e0b
SEC-2749: CsrfConfigurer.requireCsrfProtectionMatcher correct null check
2014-11-20 14:42:53 -06:00
c36cc88ac4
SEC-2150: Support class level annotations on Spring Data Repositories
2014-11-20 12:17:47 -06:00
7d82349b1e
SEC-2150: Add tests to verify JSR-250 Spec behavior
2014-11-20 12:17:44 -06:00
b6ab9c85e9
SEC-2682: DelegatingSecurityContextRunnable/Callable delegate toString()
2014-11-20 11:51:26 -06:00
29a8da4aa6
SEC-2574: Fix Bundlr
2014-11-20 11:10:58 -06:00
b71989ecde
SEC-2574: JavaConfig default SessionRegistry processes SessionDestroyedEvents
2014-11-19 17:10:14 -06:00
eeef91498a
SEC-2674: Documentation refers to httpStrictTransportSecurity() instead of hsts()
2014-11-19 13:33:27 -06:00
91bf099b01
Next development version
2014-08-15 11:20:59 -07:00
137589325d
SEC-2547: Update to cas-client-core-3.3.3
2014-08-15 12:42:07 -05:00
0a184a8d79
SEC-2697: Fix logging of Spring Version Check
2014-08-15 12:41:26 -05:00
2cb99f0791
SEC-2688: CAS Proxy Ticket Authentication uses Service for host & port
2014-08-11 15:20:58 -05:00
d85a0a20bc
SEC-2595: @EnableGlobalMethodSecurity AspectJ tweaks for Spring 3.2.x
2014-07-29 09:39:55 -05:00
0a45d3170c
SEC-2595: @EnableGlobalMethodSecurity AspectJ fixes
2014-07-25 16:27:49 -05:00
89c5c56849
SEC-2599: HttpSessionEventPublisher get required ApplicationContext
...
In order to get better error messages (avoid NullPointerException) the
HttpSessionEventPublisher now gets the required ApplicationContext which
throws an IllegalStateException with a good error message.
2014-07-22 09:20:38 -05:00
47acf17323
SEC-2588: Javadoc fix channelSecurity->requiresChannel
2014-07-21 14:23:47 -05:00
52c585aef1
SEC-2665: Fix samples/ldap-jc link in reference
2014-07-21 14:21:05 -05:00
89d80ed5c9
SEC-2683: Correct spelling of assignamble in AuthenticationPrincipalResolver Exception
2014-07-18 13:57:40 -05:00
85a37bdc02
SEC-2656: Fix <frame-options> with whitelist strategy
2014-06-18 09:07:41 -05:00
Rob Winch
Spring Buildmaster
Michael Cramer
Marcin Mielnicki
Eugene Wolfson
Romain Fromi
izeye
Mateusz Rasiński
Stillglade
shaehnel
Rob Winch
Rob Winch
james
Andy Wilkinson
Christopher Pelloux
Oliver Gierke
Mirko Zeibig