Commit Graph

83 Commits (753341c9ffa65f24cef5ee96d138e24840680a10)

Author SHA1 Message Date
Spring Buildmaster 3f6f57a80e Next Development Version 9 years ago
Dave Syer cc3f673874 Narrow range of events listened for in security audit
The InteractiveAuthenticationSuccessEvent is always shadowed by a
regulat AuthenticationSuccessEvent, so there's no need to listen for
all AbstractAuthenticationSuccessEvents.

Fixes gh-4355
9 years ago
Huang YunKun 1c5e445554 Update the samples to use @WebIntegrationTest and randomPort=true
Closes gh-4294
Closes gh-4271
9 years ago
Phillip Webb 1e4d974ec0 Merge remote-tracking branch 'local12x/1.2.x' 9 years ago
Phillip Webb a79131f8d2 Organize imports with new settings
See gh-4234
9 years ago
Spring Buildmaster 2b38a861e3 Next Development Version 9 years ago
Phillip Webb aae38db9af Fix compiler warnings only shown in Eclipse Mars 9 years ago
Phillip Webb e473364e4e Merge branch '1.2.x' 9 years ago
Phillip Webb 6ab376e2e8 Reformat code use Eclipse Mars 9 years ago
Spring Buildmaster 9409c49c10 Next development version 9 years ago
Phillip Webb 2615990ffb Organize imports 9 years ago
Stephane Nicoll 7c0c953f81 Add value alias for SpringApplicationConfiguration
Given that Spring Boot uses java config accross the board, a new `value`
attribute is now aliased to the existing `classes` attribute such that
one could write the following:

@SpringApplicationConfiguration(MyConfig.class)
public class MyTest {}

Closes gh-3635
9 years ago
Dave Syer e5d3fa0c6c Merge remote-tracking branch '1.2.x' 9 years ago
Dave Syer d0cf6b534b Add 3xx redirects to the "unmapped" class of requests for metrics
When Spring Security sends 302 responses to a login page we don't get
any information about the request matching in Spring MVC. Consequently
apps can end up with a lot of counter.status.302.* metrics (where
"*" can be whatever the user sent).

This change treats 3xx the same as 4xx (if it is unmapped it just gets
added to a metric called "unmapped" instead of using the actual request
path).

Fixes gh-2563
9 years ago
Spring Buildmaster 7ce391db4f Next development version 10 years ago
Rob Baily 3c50386970 Fix logout in sample secure web applications
Fixes gh-1536
10 years ago
Phillip Webb 61fc4f3f12 Polish copyright headers 10 years ago
Phillip Webb 1ce617f1ae Polish sample package names 10 years ago
Spring Buildmaster 5d81c87b43 Next Development Version 10 years ago
Spring Buildmaster e03c11dda8 Next development version 10 years ago
Phillip Webb a57a88f5cf Move master to 1.3.0.BUILD-SNAPSHOT 10 years ago
Spring Buildmaster 8f0ad02237 Next development version 10 years ago
Spring Buildmaster 60725cd8bd Next development version 10 years ago
Spring Buildmaster 1a788c1741 Next development version 10 years ago
Dave Syer 389c4f3e0b Merge branch '1.1.x' 10 years ago
Dave Syer bf0c8fc8bb Remove JDBC from secure-web sample
Fixes gh-1534
10 years ago
Dave Syer 9902f98a3d Ensure the AuthenticationManager is created when needed
There was too much state really in the old implementation of
AuthenticationManagerConfiguration, and it was leading occasionally
to null pointers when method A assumed that method B had already
been called and it hadn't. This change manages to concentrate all the
references to an AuthenticationManagerBuilder into a single method
call, removoing the need for storing it at all.

Fixes gh-1556
10 years ago
Spring Buildmaster d63e4b4329 Next development version 10 years ago
Spring Buildmaster 74d0c5185a Next development version 10 years ago
Stephane Nicoll 249e09d9bc Switch master to 1.2.0.BUILD-SNAPSHOT 11 years ago
Spring Buildmaster 40327e1ae6 Next development version 11 years ago
Phillip Webb fa88c481a5 Remote trailing whitespace 11 years ago
Dave Syer fd757cb371 Add logging.level to application.properties
E.g.

logging.level.org.springframework: DEBUG
logging.level.org.hibernate: WARN

Fixed gh-788
11 years ago
Spring Buildmaster 981669b7c0 Next development version 11 years ago
Phillip Webb 200cd535c2 Revert "Next development version"
This reverts commit 67189477fe.
11 years ago
Spring Buildmaster 67189477fe Next development version 11 years ago
Phillip Webb 9632abf825 Formatting and cleanup 11 years ago
Spring Buildmaster 542f3cbda8 Next development version 11 years ago
Phillip Webb 179e1558f6 Polish 11 years ago
Dave Syer f8e847a6fc Change ordering of DataSourceInitializer a bit
It needs to run as soon as the DataSource is available really otherwise
anything else that depends on the DataSource (like Security JDBC
initializers) might fail when it tries to use it.

One change from 1.1.1 is that if you have a schema.sql you had better
make sure your data.sql talks to the same tables. In 1.1.1 you could
sometimes get away with letting Hibernate initialize the tables for
your data.sql and *also* have a schema.sql. This was fragile and doomed
to fail eventually if the DataSourceInitializer somehow got
initialized earlier (e.g. through a @DependsOn), so in the spririt
of honesty being the best policy we explicitly disallow it now.

Fixes gh-1115
11 years ago
Dave Syer e39fafcc33 Add JDBC user details to web-secure sample
See gh-1115
11 years ago
Spring Buildmaster 4ca26a21dc Next development version 11 years ago
Spring Buildmaster 05ed7b3bcd Next development version 11 years ago
Phillip Webb 3007a777d0 Roll back to 1.1.0.BUILD-SNAPSHOT 11 years ago
Spring Buildmaster c650f2391e Next development version 11 years ago
Javier Gayoso b7d94d1364 Optimized login form - delegated CSRF token creation to thymeleaf
Also added additional test to verify behaviour.

Fixes gh-1039
11 years ago
Dave Syer 0ccfba939e Switch to a matches-none filter for security.basic.enabled=false
There were some residual issues to do with the changes to the implementation
of security.basic.enabled=false. It was a good idea to have a filetr chain
triggered by the flag being off because it smooths the way for user-defined
filter chains to use the Boot AuthenticationManager (as a first step at least),
but it wasn't a goog idea to add any actual secuity features to that filter.
E.g. if it has HSTS then even an app like Sagan that has some secure endpoints
that it manages itself and the rest is unsecured has issues because it can't
accept connections over HTTP even on unsecure endpoints.

TODO: find a way for security.ssl_enabled=true to apply to only the user-
defined security filter (maybe not possible or worth the effort, since they
can inject a SecurityProperties if they need it?).

See gh-928
11 years ago
Dave Syer 1d7caf8e31 Man up and deal with CSRF in integration test
Fixes gh-979
11 years ago
Dave Syer 5e3cc95ccf Adjust security.basic.enabled=false behaviour
Actually the web-secure sample is misusing
security.basic.enabled=false (IMO) - it should be a flag
to say that you want to temporarily disable the basic security
fallback on application endpoins, not  way to disable all
security autoconfiguration.

Added test case to web-secure sample to ensure a user
can log in.

Fixes gh-979
11 years ago
Phillip Webb 8bcda1bcbe Polish 11 years ago