Commit Graph

139 Commits (f1a38c461f56a48740f40cd9a28a3f99c35316a4)

Author SHA1 Message Date
Spring Buildmaster c650f2391e Next development version 11 years ago
Javier Gayoso b7d94d1364 Optimized login form - delegated CSRF token creation to thymeleaf
Also added additional test to verify behaviour.

Fixes gh-1039
11 years ago
Dave Syer 0ccfba939e Switch to a matches-none filter for security.basic.enabled=false
There were some residual issues to do with the changes to the implementation
of security.basic.enabled=false. It was a good idea to have a filetr chain
triggered by the flag being off because it smooths the way for user-defined
filter chains to use the Boot AuthenticationManager (as a first step at least),
but it wasn't a goog idea to add any actual secuity features to that filter.
E.g. if it has HSTS then even an app like Sagan that has some secure endpoints
that it manages itself and the rest is unsecured has issues because it can't
accept connections over HTTP even on unsecure endpoints.

TODO: find a way for security.ssl_enabled=true to apply to only the user-
defined security filter (maybe not possible or worth the effort, since they
can inject a SecurityProperties if they need it?).

See gh-928
11 years ago
Dave Syer 1d7caf8e31 Man up and deal with CSRF in integration test
Fixes gh-979
11 years ago
Dave Syer 5e3cc95ccf Adjust security.basic.enabled=false behaviour
Actually the web-secure sample is misusing
security.basic.enabled=false (IMO) - it should be a flag
to say that you want to temporarily disable the basic security
fallback on application endpoins, not  way to disable all
security autoconfiguration.

Added test case to web-secure sample to ensure a user
can log in.

Fixes gh-979
11 years ago
Phillip Webb 8bcda1bcbe Polish 11 years ago
Dave Syer 14d3b46809 Add constants to SecurityProperties and ManagementServerProperties
For the convenience of users who want to selectively override the
access rules in an application without taking complete control of the
security configuration we now have some constants:

* SecurityProperties.ACCESS_OVERRIDE_ORDER for overriding just the
application endpoint access rules

* ManagementServerProperties.ACCESS_OVERRIDE_ORDER for overriding the
application endpoint and management endpoint access rules

Fixes gh-803
11 years ago
Phillip Webb 64a835e91a Move master to 1.1.0.BUILD-SNAPSHOT 11 years ago
Spring Buildmaster d3954a1703 Next development version 11 years ago
Phillip Webb fad5ce45db Polish 11 years ago
Dave Syer 7b07fe8ce0 Convert remaining samples to use random port
Partial fix for gh-337. See also gh-607 which complements this, but might
conflict on a merge.
11 years ago
Spring Buildmaster a5864ebcd0 Next development version 11 years ago
Spring Buildmaster 15e9dbe98b Next development version 11 years ago
Phillip Webb 1e68b7e0a9 Remove superfluous <packaging> tags from POMs 11 years ago
Phillip Webb 0af7f7e347 Add missing POM info 11 years ago
Phillip Webb 488b03387f Polish POM formatting 11 years ago
Phillip Webb 6f9bb233ad Revert "Next development version"
This reverts commit b67bb70ee3.
11 years ago
Spring Buildmaster b67bb70ee3 Next development version 11 years ago
Phillip Webb ac4cdd33c3 Revert "Next development version"
This reverts commit 1d0eea12eb.
Returning to 1.0.0.BUILD-SNAPSHOT for an updated release.
11 years ago
Spring Buildmaster 1d0eea12eb Next development version 11 years ago
Phillip Webb aca67066bf Rename RestTemplates to TestRestTemplate
Rename the RestTemplates to TestRestTemplate to help indicate that it's
primarily intended for testing. Also now extend RestTemplate to allow
direct use, rather than via factory methods.

Fixes gh-599
11 years ago
Phillip Webb beaddb2362 Polish 11 years ago
Dave Syer 809a5a711f Add a @EnableWebSecurity if it looks like the user needs one
If the user explicitly disables the basic security features and forgets to
@EnableWebSecurity, and yet still wants a bean of type
WebSecurityConfigurerAdapter, he is trying to use a custom
security setup and the app would fail in a confusing way without
this change.

Fixes gh-568
11 years ago
Dave Syer b21fdd3463 Switch default security filter back on
If the user sets security.basic.enabled=false he has to remember
to @EnableWebSecurity.  Possibly we could be more helpful about the
exception, but I think this might be pilot error.

Fixes gh-568
11 years ago
Phillip Webb 80ac1fb0cd Polish 11 years ago
Dave Syer 7a285cf65d Convert all sample tests to @IntegrationTest where appropriate
Makes them a lot more readable IMO, and also enables @Autowiring
from the context into the test case (sweeet). I added @DirtiesContext
to all of them as well to be on the safe side, but possbly that can be
optimized in some way as well.
11 years ago
Sebastien Deleuze ab6c8dfee3 Use org.springframework.boot groupId in spring-boot-samples
Use org.springframework.boot instead of ${project.groupId}
groupId in order to make it easier to use spring-boot-samples
modules as a starting point for new projects.
11 years ago
Spring Buildmaster b0d4e8ae69 Next development version 11 years ago
Spring Buildmaster cb8668a151 Release version 1.0.0.RC4 11 years ago
Spring Buildmaster 1367d57e8c Next development version 11 years ago
Spring Buildmaster eaff1677a7 Release version 1.0.0.RC3 11 years ago
Phillip Webb ed9735361e Apply source cleanup and formatting 11 years ago
Dave Syer 607b371706 Add thymeleaf starter
Fixes gh-264
11 years ago
Dave Syer d23dab3bd0 Change package name in sample 11 years ago
Phillip Webb 0160760568 Apply latest eclipse cleanup rules 11 years ago
Phillip Webb cdda330acd Update copyright header for files changed in 2014 11 years ago
Phillip Webb 68293f34af Upgrade version to 1.0.0.BUILD-SNAPSHOT
Fixes fg-243
11 years ago
Dave Syer 559f907b54 Use explicit test dependencies in samples 11 years ago
Dave Syer b1db714c23 Allow @EnableGlobalMethodSecurity in a non webapp
Fixes gh-202
11 years ago