2cc0d94481
Next development version
2014-03-25 12:05:00 -07:00
32c767a30d
SEC-2533: Global AuthenticationManagerBuilder disables clearing child credentials
2014-03-25 13:00:42 -05:00
a11746a8d1
SEC-2498: RequestCache allows POST when CSRF is disabled
2014-03-25 10:44:34 -05:00
a18265a163
SEC-2531: AuthenticationConfiguration#lazyBean should use BeanClassLoader
2014-03-24 14:54:02 -05:00
d7a2c0a98c
SEC-2177: Polish
2014-03-18 15:49:20 -05:00
9057fbe0ed
SEC-2177: Striping off all leading schemes
...
Striping off all leading schemes in the DefaultRedirectStrategy, so it
will be less vulnerable to open redirect phishing attacks. More info can
be found at SEC-2177 JIRA issue.
2014-03-18 15:49:20 -05:00
537d8f974f
SEC-2519: RememberMeAuthenticationException supports root cause
...
Added a constructor which keeps the root cause of the exception, and
added some documentation
2014-03-11 16:13:03 -05:00
783af4012b
SEC-2518: UserDetailsService javadoc repeats "insensitive"
...
Typo in javadoc, "case insensitive" was repeated twice.
2014-03-11 15:38:28 -05:00
5f5b8052d8
Next development version
2014-03-10 15:24:45 -07:00
7dbb8e777e
SEC-2500: Prevent anonymous bind for ActiveDirectoryLdapAuthenticator
2014-03-10 14:21:32 -05:00
bb563967cc
SEC-2507: WebExpressionVoter.supports support subclasses of FilterInvocation
2014-03-10 14:21:07 -05:00
974105ed19
SEC-2515: Detect object cycle for AuthenticationManager configuration
2014-03-10 14:04:10 -05:00
2cad2f401b
SEC-2325: Polish CSRF Tag support
...
- Rename csrfField to csrfInput
- Make AbstractCsrfTag package scope
- rename FormFieldTag to CsrfInputTag
- rename MetaTagsTag to CsrfMetaTagsTag
- removed whitespace from tag output so output is
minimized & improving browser performance
- Update @since
- changed test names to be more meaningful
2014-03-07 15:25:57 -06:00
3048e2c6e7
SEC-2325 Added JSP tags for CSRF meta tags and form fields
2014-03-07 13:18:46 -06:00
561f284718
SEC-2335 Added ACL schema files for MySQL, SQL Server, Oracle
2014-03-07 13:10:03 -06:00
afc6a6ee0d
SEC-2514: Fix typo in hellomvc.asc
...
packags -> packages
2014-03-07 10:26:31 -06:00
fa05e9c590
SEC-2513: Add link to SpringSource CLA form
2014-03-07 10:22:36 -06:00
818be86d46
SEC-2512: Fix typo in reference`
...
udates -> updates
2014-03-06 22:21:22 -06:00
60704eb50e
SEC-2511: Remove double ALLOW-FROM in X-Frame-Options header
2014-03-06 22:00:09 -06:00
f02b77794f
SEC-2511: Remove double ALLOW-FROM from X-Frame-Options header.
...
The interface documentation for getAllowFromValue states: Gets the value for ALLOW-FROM excluding the ALLOW-FROM.
2014-03-06 21:59:46 -06:00
1172d44397
SEC-2499: Allow MethodSecurityExpressionHandler in parent context
...
Previously a NoSuchBeanDefintionException was thrown when the
MethodSecurityExpressionHandler was defined in the parent context. This
happened due to trying to work around ordering issues related to SEC-2136
This commit resolves this by not marking the
MethodSecurityExpressionHandler bean as lazy unless it exists.
2014-03-06 20:51:24 -06:00
49738e4588
SEC-2508: Passivity test for SEC-2357
2014-03-06 15:13:34 -06:00
3b13c1fdf4
SEC-2495: CSRF disables logout on GET
2014-02-20 09:33:30 -06:00
8f6450ede1
Next development version
2014-02-19 10:52:05 -06:00
f2cde4ffa3
SEC-2486: Update tests to Spring LDAP 2.0.1.RELEASE
2014-02-19 09:32:37 -06:00
9810768186
SEC-2485: Update test to Spring 4.0.2.RELEASE
2014-02-19 09:31:46 -06:00
7f99a2dfbb
SEC-2487: Update to Spring 3.2.8.RELEASE
2014-02-19 09:30:40 -06:00
85305050c0
SEC-2455: Fix XML default login generation
2014-02-18 13:52:05 -06:00
8a3a7961cb
SEC-2492: ExpressionUrlAuthorizationConfigurer private interceptUrl to void
2014-02-15 14:41:26 -06:00
fc8e4868ce
SEC-2468: Fix tests
2014-02-15 14:25:46 -06:00
65367e6547
SEC-2468: JdbcUserDetailsManager#createNewAuthentication uses null credentials
2014-02-14 16:53:26 -06:00
bf2df220ca
SEC-2490: LdapAuthenticationProviderConfigurer allows custom LdapAuthoritiesPopulator
2014-02-13 16:37:33 -06:00
152f41f61e
SEC-2392: KeyBasedPersistenceTokenService uses bytes instead of bits
...
The method setPseudoRandomNumberBits actually sets the number of bytes. This
commit deprecates setPseudoRandomNumberBits and adds
setPseudoRandomNumberBytes. The default value is still 256 to remain passive
but will be updated in 4.x.
2014-02-13 15:36:47 -06:00
7a3da28987
SEC-2479: Search parent context for AuthenticationManager
2014-02-12 08:11:26 -06:00
e17adad878
SEC-2469: Support Spring LDAP 2.0.1+
2014-02-12 08:11:26 -06:00
058b9debef
Minor slapd config changes
2014-02-11 14:23:54 +00:00
6c35c33abe
SEC-2447: Fix AuthenticationManagerBuilder ordering issues
2014-02-09 21:17:51 -06:00
c42e13c966
loginProcessing test
2014-02-07 17:01:11 -06:00
6b42a2eae1
SEC-2461: Multi WebSecurityConfiguration does not create null springSecurityFilterChain
2014-02-07 17:01:11 -06:00
ec8b48150d
SEC-2474: Update poms
2014-02-07 17:01:11 -06:00
4eff50b48b
SEC-2474: Update tests against Spring 4.0.1
2014-01-30 09:44:26 -06:00
087b56da96
SEC-2473: Update to Spring 3.2.7
2014-01-30 09:44:26 -06:00
8d8475deb1
SEC-2455: form-login@login-processing-url & logout@logout-url use matchers
...
Remove the deprecation warnings of using setFilterProcessingUrl by invoking
the matcher methods instead.
2014-01-29 15:35:18 -06:00
b5f5665ea6
SEC-2463: CSRF documentation includes EnableWebMvcSecurity
2014-01-29 09:28:51 -06:00
3b05fd6fed
SEC-2466: Add link to MultipartFilter in CSRF multipart section
2014-01-28 22:04:35 -06:00
4c84805ac9
SEC-2466: CSRF MutipartFilter doc now uses <url-pattern>
2014-01-28 16:51:05 -06:00
a99c6db327
SEC-2467: Fix Small errors in itest-web's jsps
2014-01-28 16:03:59 -06:00
1f833b0d6b
Add ExpressionUrlAuthorizationCOnfigurer tests
...
- Demo custom expression root
- Demo @Bean in expression example
2014-01-23 11:21:21 -06:00
add3aae6ef
Next development version
2013-12-16 11:27:25 -08:00
f09ce267b3
Polish MVC doc
2013-12-16 12:30:25 -06:00
Spring Buildmaster
Rob Winch
Rob Winch
Maciej Zasada
Julien Dubois
Alexander Kjäll
beamerblvd
John Tims
Manimaran Selvan
getvictor
Luke Taylor
james