Commit Graph

180 Commits (23cff6fb0941a3e254f44ca79fd0c4109ae267a8)

Author SHA1 Message Date
Phillip Webb 1e4d974ec0 Merge remote-tracking branch 'local12x/1.2.x' 9 years ago
Phillip Webb a79131f8d2 Organize imports with new settings
See gh-4234
9 years ago
Spring Buildmaster 2b38a861e3 Next Development Version 9 years ago
Phillip Webb aae38db9af Fix compiler warnings only shown in Eclipse Mars 9 years ago
Phillip Webb e473364e4e Merge branch '1.2.x' 9 years ago
Phillip Webb 6ab376e2e8 Reformat code use Eclipse Mars 9 years ago
Spring Buildmaster 9409c49c10 Next development version 9 years ago
Phillip Webb 2615990ffb Organize imports 9 years ago
Stephane Nicoll 7c0c953f81 Add value alias for SpringApplicationConfiguration
Given that Spring Boot uses java config accross the board, a new `value`
attribute is now aliased to the existing `classes` attribute such that
one could write the following:

@SpringApplicationConfiguration(MyConfig.class)
public class MyTest {}

Closes gh-3635
9 years ago
Dave Syer e5d3fa0c6c Merge remote-tracking branch '1.2.x' 9 years ago
Dave Syer d0cf6b534b Add 3xx redirects to the "unmapped" class of requests for metrics
When Spring Security sends 302 responses to a login page we don't get
any information about the request matching in Spring MVC. Consequently
apps can end up with a lot of counter.status.302.* metrics (where
"*" can be whatever the user sent).

This change treats 3xx the same as 4xx (if it is unmapped it just gets
added to a metric called "unmapped" instead of using the actual request
path).

Fixes gh-2563
9 years ago
Spring Buildmaster 7ce391db4f Next development version 10 years ago
Rob Baily 3c50386970 Fix logout in sample secure web applications
Fixes gh-1536
10 years ago
Phillip Webb 61fc4f3f12 Polish copyright headers 10 years ago
Phillip Webb 1ce617f1ae Polish sample package names 10 years ago
Spring Buildmaster 5d81c87b43 Next Development Version 10 years ago
Spring Buildmaster e03c11dda8 Next development version 10 years ago
Phillip Webb a57a88f5cf Move master to 1.3.0.BUILD-SNAPSHOT 10 years ago
Spring Buildmaster 8f0ad02237 Next development version 10 years ago
Spring Buildmaster 60725cd8bd Next development version 10 years ago
Spring Buildmaster 1a788c1741 Next development version 10 years ago
Dave Syer 389c4f3e0b Merge branch '1.1.x' 10 years ago
Dave Syer bf0c8fc8bb Remove JDBC from secure-web sample
Fixes gh-1534
10 years ago
Dave Syer 9902f98a3d Ensure the AuthenticationManager is created when needed
There was too much state really in the old implementation of
AuthenticationManagerConfiguration, and it was leading occasionally
to null pointers when method A assumed that method B had already
been called and it hadn't. This change manages to concentrate all the
references to an AuthenticationManagerBuilder into a single method
call, removoing the need for storing it at all.

Fixes gh-1556
10 years ago
Spring Buildmaster d63e4b4329 Next development version 10 years ago
Spring Buildmaster 74d0c5185a Next development version 10 years ago
Stephane Nicoll 249e09d9bc Switch master to 1.2.0.BUILD-SNAPSHOT 11 years ago
Spring Buildmaster 40327e1ae6 Next development version 11 years ago
Phillip Webb fa88c481a5 Remote trailing whitespace 11 years ago
Dave Syer fd757cb371 Add logging.level to application.properties
E.g.

logging.level.org.springframework: DEBUG
logging.level.org.hibernate: WARN

Fixed gh-788
11 years ago
Spring Buildmaster 981669b7c0 Next development version 11 years ago
Phillip Webb 200cd535c2 Revert "Next development version"
This reverts commit 67189477fe.
11 years ago
Spring Buildmaster 67189477fe Next development version 11 years ago
Phillip Webb 9632abf825 Formatting and cleanup 11 years ago
Spring Buildmaster 542f3cbda8 Next development version 11 years ago
Phillip Webb 179e1558f6 Polish 11 years ago
Dave Syer f8e847a6fc Change ordering of DataSourceInitializer a bit
It needs to run as soon as the DataSource is available really otherwise
anything else that depends on the DataSource (like Security JDBC
initializers) might fail when it tries to use it.

One change from 1.1.1 is that if you have a schema.sql you had better
make sure your data.sql talks to the same tables. In 1.1.1 you could
sometimes get away with letting Hibernate initialize the tables for
your data.sql and *also* have a schema.sql. This was fragile and doomed
to fail eventually if the DataSourceInitializer somehow got
initialized earlier (e.g. through a @DependsOn), so in the spririt
of honesty being the best policy we explicitly disallow it now.

Fixes gh-1115
11 years ago
Dave Syer e39fafcc33 Add JDBC user details to web-secure sample
See gh-1115
11 years ago
Spring Buildmaster 4ca26a21dc Next development version 11 years ago
Spring Buildmaster 05ed7b3bcd Next development version 11 years ago
Phillip Webb 3007a777d0 Roll back to 1.1.0.BUILD-SNAPSHOT 11 years ago
Spring Buildmaster c650f2391e Next development version 11 years ago
Javier Gayoso b7d94d1364 Optimized login form - delegated CSRF token creation to thymeleaf
Also added additional test to verify behaviour.

Fixes gh-1039
11 years ago
Dave Syer 0ccfba939e Switch to a matches-none filter for security.basic.enabled=false
There were some residual issues to do with the changes to the implementation
of security.basic.enabled=false. It was a good idea to have a filetr chain
triggered by the flag being off because it smooths the way for user-defined
filter chains to use the Boot AuthenticationManager (as a first step at least),
but it wasn't a goog idea to add any actual secuity features to that filter.
E.g. if it has HSTS then even an app like Sagan that has some secure endpoints
that it manages itself and the rest is unsecured has issues because it can't
accept connections over HTTP even on unsecure endpoints.

TODO: find a way for security.ssl_enabled=true to apply to only the user-
defined security filter (maybe not possible or worth the effort, since they
can inject a SecurityProperties if they need it?).

See gh-928
11 years ago
Dave Syer 1d7caf8e31 Man up and deal with CSRF in integration test
Fixes gh-979
11 years ago
Dave Syer 5e3cc95ccf Adjust security.basic.enabled=false behaviour
Actually the web-secure sample is misusing
security.basic.enabled=false (IMO) - it should be a flag
to say that you want to temporarily disable the basic security
fallback on application endpoins, not  way to disable all
security autoconfiguration.

Added test case to web-secure sample to ensure a user
can log in.

Fixes gh-979
11 years ago
Phillip Webb 8bcda1bcbe Polish 11 years ago
Dave Syer 14d3b46809 Add constants to SecurityProperties and ManagementServerProperties
For the convenience of users who want to selectively override the
access rules in an application without taking complete control of the
security configuration we now have some constants:

* SecurityProperties.ACCESS_OVERRIDE_ORDER for overriding just the
application endpoint access rules

* ManagementServerProperties.ACCESS_OVERRIDE_ORDER for overriding the
application endpoint and management endpoint access rules

Fixes gh-803
11 years ago
Phillip Webb 64a835e91a Move master to 1.1.0.BUILD-SNAPSHOT 11 years ago
Spring Buildmaster d3954a1703 Next development version 11 years ago
Phillip Webb fad5ce45db Polish 11 years ago
Dave Syer 7b07fe8ce0 Convert remaining samples to use random port
Partial fix for gh-337. See also gh-607 which complements this, but might
conflict on a merge.
11 years ago
Spring Buildmaster a5864ebcd0 Next development version 11 years ago
Spring Buildmaster 15e9dbe98b Next development version 11 years ago
Phillip Webb 1e68b7e0a9 Remove superfluous <packaging> tags from POMs 11 years ago
Phillip Webb 0af7f7e347 Add missing POM info 11 years ago
Phillip Webb 488b03387f Polish POM formatting 11 years ago
Phillip Webb 6f9bb233ad Revert "Next development version"
This reverts commit b67bb70ee3.
11 years ago
Spring Buildmaster b67bb70ee3 Next development version 11 years ago
Phillip Webb ac4cdd33c3 Revert "Next development version"
This reverts commit 1d0eea12eb.
Returning to 1.0.0.BUILD-SNAPSHOT for an updated release.
11 years ago
Spring Buildmaster 1d0eea12eb Next development version 11 years ago
Phillip Webb aca67066bf Rename RestTemplates to TestRestTemplate
Rename the RestTemplates to TestRestTemplate to help indicate that it's
primarily intended for testing. Also now extend RestTemplate to allow
direct use, rather than via factory methods.

Fixes gh-599
11 years ago
Phillip Webb beaddb2362 Polish 11 years ago
Dave Syer 809a5a711f Add a @EnableWebSecurity if it looks like the user needs one
If the user explicitly disables the basic security features and forgets to
@EnableWebSecurity, and yet still wants a bean of type
WebSecurityConfigurerAdapter, he is trying to use a custom
security setup and the app would fail in a confusing way without
this change.

Fixes gh-568
11 years ago
Dave Syer b21fdd3463 Switch default security filter back on
If the user sets security.basic.enabled=false he has to remember
to @EnableWebSecurity.  Possibly we could be more helpful about the
exception, but I think this might be pilot error.

Fixes gh-568
11 years ago
Phillip Webb 80ac1fb0cd Polish 11 years ago
Dave Syer 7a285cf65d Convert all sample tests to @IntegrationTest where appropriate
Makes them a lot more readable IMO, and also enables @Autowiring
from the context into the test case (sweeet). I added @DirtiesContext
to all of them as well to be on the safe side, but possbly that can be
optimized in some way as well.
11 years ago
Sebastien Deleuze ab6c8dfee3 Use org.springframework.boot groupId in spring-boot-samples
Use org.springframework.boot instead of ${project.groupId}
groupId in order to make it easier to use spring-boot-samples
modules as a starting point for new projects.
11 years ago
Spring Buildmaster b0d4e8ae69 Next development version 11 years ago
Spring Buildmaster cb8668a151 Release version 1.0.0.RC4 11 years ago
Spring Buildmaster 1367d57e8c Next development version 11 years ago
Spring Buildmaster eaff1677a7 Release version 1.0.0.RC3 11 years ago
Phillip Webb ed9735361e Apply source cleanup and formatting 11 years ago
Dave Syer 607b371706 Add thymeleaf starter
Fixes gh-264
11 years ago
Dave Syer d23dab3bd0 Change package name in sample 11 years ago
Phillip Webb 0160760568 Apply latest eclipse cleanup rules 11 years ago
Phillip Webb cdda330acd Update copyright header for files changed in 2014 11 years ago
Phillip Webb 68293f34af Upgrade version to 1.0.0.BUILD-SNAPSHOT
Fixes fg-243
11 years ago
Dave Syer 559f907b54 Use explicit test dependencies in samples 11 years ago
Dave Syer b1db714c23 Allow @EnableGlobalMethodSecurity in a non webapp
Fixes gh-202
11 years ago