1
0
mirror of synced 2026-07-13 06:40:03 +00:00

Compare commits

...

23 Commits

Author SHA1 Message Date
Spring Buildmaster 19f88e9179 Release version 4.0.3.RELEASE 2015-10-30 12:35:23 -07:00
Rob Winch cf9b6bc0de SEC-2848: LogoutConfigurer allows setting clearAuthentication 2015-10-30 13:54:30 -05:00
Rob Winch fc67550ff2 SEC-3135: antMatchers(<method>,new String[0]) now passive 2015-10-30 10:09:03 -05:00
Rob Winch af2a431f23 SEC-3120: Remove .and() from httpStrictTransportSecurity() doc 2015-10-30 09:10:57 -05:00
Rob Winch 8d9b06afb4 SEC-3082: make SavedRequest parameters case sensitive 2015-10-29 16:46:33 -05:00
Rob Winch 0ecdd0e856 SEC-3120: Reference hsts() -> httpStrictTransportSecurity() 2015-10-29 15:10:16 -05:00
Rob Winch edd2751ff1 SEC-3128: RoleVoter supports null Authentication 2015-10-29 14:03:47 -05:00
Rob Winch 8663ac4173 SEC-3135: antMatchers now allows method and no pattern
Previously, antMatchers(POST).authenticated() was not allowed. Instead
users had to use antMatchers(POST, "/**").authenticated().

Now we default the patterns to be "/**" if it is null or empty.
2015-10-29 12:48:56 -05:00
Rob Winch 72213b5c69 SEC-2190: Fix Javadoc 2015-10-29 11:42:03 -05:00
Rob Winch 2bbe70501b SEC-2190: Support WebApplicationContext in ServletContext attribute 2015-10-28 15:26:16 -05:00
Rob Winch da606d50c0 SEC-3108: DigestAuthenticationFilter should use SecurityContextHolder.createEmptyContext() 2015-10-27 13:57:18 -05:00
Rob Winch d648a56e16 SEC-2521: Improve StandardPasswordEncoder performance 2015-10-27 11:21:05 -05:00
Rob Winch 9c39a0e83e SEC-3109: Fix web tests 2015-10-26 21:31:40 -05:00
Rob Winch c8692b6d0b SEC-3109: DelegatingSecurityContextExecutor fails with same Thread
Previously DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable
would not setup the SecurityContext if it was on the same thread as it was created.
This was intended to fix SEC-3031 but simply caused more problems.

This commit changes the strategy to keep track of the previous SecurityContext
and restore it (or clear it out if it was originally empty).
2015-10-26 17:17:31 -05:00
Rob Winch 45bbabd485 SEC-3057: Include all *.txt & *.jar in dist zip 2015-10-26 14:04:48 -05:00
Rob Winch 43fbeab106 SEC-3133: Correct test doc username parameter 2015-10-26 13:00:27 -05:00
Rob Winch b719e0fbcc SEC-3132: securityBuilder cannot be null
If a custom SecurityConfiguererAdapter applies another
SecurityConfigurerAdapter it caused an error securityBuilder cannot be null.

This commit fixes this.
2015-10-23 10:28:27 -05:00
Rob Winch 09bf290583 SEC-3129: Update Spring 2015-10-22 10:04:52 -05:00
Rob Winch 9a6f026dff SEC-3052: Doc DEFAULT_MATCHER->DEFAULT_CSRF_MATCHER 2015-10-21 16:22:53 -05:00
Rob Winch 269127c2c6 SEC-2941: Default RequestPostProcessor overrides
Previously a default RequestPostProcessor overrode additional
RequestPostProcessor instances added to the request. This was due to
SPR-12945. Now that SPR-12945 is fixed, this commit adds a test to
ensure this stays fixed.
2015-10-21 16:09:15 -05:00
Rob Winch 7074daac0e SEC-3063: rm ConditionalOnMissingBean for @Primary
ConditionalOnMissingBean can only work in a Spring Boot environment. This
means this approach is flawed.

Instead users that wish to override requestDataValueProcessor can use
@Primary.
2015-10-21 15:41:32 -05:00
Rob Winch 69446ab80f SEC-3070: Logout invalidate-session=false and Spring Session doesn't
work
2015-10-20 15:13:01 -05:00
izeye 48bc0ad5f9 SEC-3124: Fix broken Javadoc related to < and > 2015-10-13 13:33:51 -05:00
89 changed files with 1196 additions and 724 deletions
+3 -9
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>spring-security-acl</name>
<description>spring-security-acl</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>aopalliance</groupId>
@@ -46,7 +40,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -151,7 +145,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+3 -9
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-aspects</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>spring-security-aspects</name>
<description>spring-security-aspects</description>
<url>http://spring.io/spring-security</url>
@@ -30,17 +30,11 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -130,7 +124,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+9 -4
View File
@@ -25,7 +25,7 @@ allprojects {
ext.releaseBuild = version.endsWith('RELEASE')
ext.snapshotBuild = version.endsWith('SNAPSHOT')
ext.springVersion = '4.1.6.RELEASE'
ext.springVersion = '4.2.2.RELEASE'
ext.springLdapVersion = '2.0.2.RELEASE'
group = 'org.springframework.security'
@@ -135,7 +135,7 @@ task coreBuild {
// Task for creating the distro zip
task dist(type: Zip) {
dependsOn subprojects*.tasks*.matching { task -> task.name == 'assemble' || task.name.endsWith('Zip') || task.name.endsWith('generatePom') }
dependsOn { subprojects*.tasks*.matching { task -> task.name.endsWith('generatePom') } }
classifier = 'dist'
evaluationDependsOn(':docs')
@@ -145,14 +145,19 @@ task dist(type: Zip) {
into(zipRootDir) {
from(rootDir) {
include '*.adoc'
include '*.txt'
}
into('docs') {
with(project(':docs').apiSpec)
with(project(':docs:manual').spec)
with(project(':docs:guides').spec)
}
into('dist') {
from coreModuleProjects.collect {project -> project.libsDir }
project.coreModuleProjects*.tasks*.withType(AbstractArchiveTask).flatten().each{ archiveTask ->
if(archiveTask!=dist){
into("$zipRootDir/dist") {
from archiveTask.outputs.files
}
}
}
sampleProjects.each { project->
into("$zipRootDir/samples/$project.name") {
+4 -10
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>spring-security-cas</name>
<description>spring-security-cas</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.jasig.cas.client</groupId>
@@ -46,13 +40,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -142,7 +136,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+9 -15
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>spring-security-config</name>
<description>spring-security-config</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>aopalliance</groupId>
@@ -46,7 +40,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -92,28 +86,28 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-messaging</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-openid</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
@@ -366,13 +360,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-aspects</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
@@ -396,7 +390,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -55,6 +55,7 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
private final Log logger = LogFactory.getLog(getClass());
private final LinkedHashMap<Class<? extends SecurityConfigurer<O, B>>, List<SecurityConfigurer<O, B>>> configurers = new LinkedHashMap<Class<? extends SecurityConfigurer<O, B>>, List<SecurityConfigurer<O, B>>>();
private final List<SecurityConfigurer<O, B>> configurersAddedInInitializing = new ArrayList<SecurityConfigurer<O, B>>();
private final Map<Class<Object>, Object> sharedObjects = new HashMap<Class<Object>, Object>();
@@ -126,9 +127,9 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
@SuppressWarnings("unchecked")
public <C extends SecurityConfigurerAdapter<O, B>> C apply(C configurer)
throws Exception {
add(configurer);
configurer.addObjectPostProcessor(objectPostProcessor);
configurer.setBuilder((B) this);
add(configurer);
return configurer;
}
@@ -202,7 +203,7 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
configs.add(configurer);
this.configurers.put(clazz, configs);
if (buildState.isInitializing()) {
configurer.init((B) this);
this.configurersAddedInInitializing.add(configurer);
}
}
}
@@ -368,6 +369,10 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
for (SecurityConfigurer<O, B> configurer : configurers) {
configurer.init((B) this);
}
for (SecurityConfigurer<O, B> configurer : configurersAddedInInitializing) {
configurer.init((B) this);
}
}
@SuppressWarnings("unchecked")
@@ -25,6 +25,7 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import org.springframework.security.web.util.matcher.RegexRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.ObjectUtils;
/**
* A base class for registering {@link RequestMatcher}'s. For example, it might allow for
@@ -48,6 +49,20 @@ public abstract class AbstractRequestMatcherRegistry<C> {
return requestMatchers(ANY_REQUEST);
}
/**
* Maps a {@link List} of
* {@link org.springframework.security.web.util.matcher.AntPathRequestMatcher}
* instances.
*
* @param method the {@link HttpMethod} to use for any
* {@link HttpMethod}.
*
* @return the object that is chained after creating the {@link RequestMatcher}
*/
public C antMatchers(HttpMethod method) {
return antMatchers(method, new String[] { "/**" });
}
/**
* Maps a {@link List} of
* {@link org.springframework.security.web.util.matcher.AntPathRequestMatcher}
@@ -55,7 +70,7 @@ public abstract class AbstractRequestMatcherRegistry<C> {
*
* @param method the {@link HttpMethod} to use or {@code null} for any
* {@link HttpMethod}.
* @param antPatterns the ant patterns to create
* @param antPatterns the ant patterns to create. If {@code null} or empty, then matches on nothing.
* {@link org.springframework.security.web.util.matcher.AntPathRequestMatcher} from
*
* @return the object that is chained after creating the {@link RequestMatcher}
@@ -1,13 +0,0 @@
package org.springframework.security.config.annotation.web.configuration;
import org.springframework.context.annotation.Conditional;
/**
* @author Rob Winch
* @since 4.0
*/
@Conditional(OnMissingBeanCondition.class)
@interface ConditionalOnMissingBean {
Class<?> value();
}
@@ -1,40 +0,0 @@
/*
* Copyright 2002-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.springframework.security.config.annotation.web.configuration;
import java.util.Map;
import org.springframework.context.annotation.ConditionContext;
import org.springframework.context.annotation.ConfigurationCondition;
import org.springframework.core.type.AnnotatedTypeMetadata;
/**
* @author Rob Winch
*/
class OnMissingBeanCondition implements ConfigurationCondition {
public ConfigurationPhase getConfigurationPhase() {
return ConfigurationPhase.REGISTER_BEAN;
}
public boolean matches(ConditionContext context, AnnotatedTypeMetadata metadata) {
Map<String, Object> attrs = metadata
.getAnnotationAttributes(ConditionalOnMissingBean.class.getName());
Class<?> type = (Class<?>) attrs.get("value");
final Map<String, ?> beans = context.getBeanFactory().getBeansOfType(type);
return beans.isEmpty();
}
}
@@ -47,7 +47,6 @@ class WebMvcSecurityConfiguration extends WebMvcConfigurerAdapter {
argumentResolvers.add(new CsrfTokenArgumentResolver());
}
@ConditionalOnMissingBean(RequestDataValueProcessor.class)
@Bean
public RequestDataValueProcessor requestDataValueProcessor() {
return new CsrfRequestDataValueProcessor();
@@ -23,6 +23,7 @@ import javax.servlet.http.HttpSession;
import org.springframework.security.config.annotation.SecurityConfigurer;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.LogoutHandler;
@@ -88,6 +89,17 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends
return this;
}
/**
* Specifies if {@link SecurityContextLogoutHandler} should clear the {@link Authentication} at the time of logout.
* @param clearAuthentication true {@link SecurityContextLogoutHandler} should clear the {@link Authentication} (default), or false otherwise.
* @return the {@link LogoutConfigurer} for further customization
*/
public LogoutConfigurer<H> clearAuthentication(boolean clearAuthentication) {
contextLogoutHandler.setClearAuthentication(clearAuthentication);
return this;
}
/**
* Configures {@link SecurityContextLogoutHandler} to invalidate the
* {@link HttpSession} at the time of logout.
@@ -0,0 +1,100 @@
/*
* Copyright 2002-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.annotation.web.configurers;
import static org.fest.assertions.Assertions.assertThat;
import javax.servlet.http.HttpServletResponse;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
/**
* @author Rob Winch
*
*/
public class AuthorizeRequestsTests {
AnnotationConfigWebApplicationContext context;
MockHttpServletRequest request;
MockHttpServletResponse response;
MockFilterChain chain;
@Autowired
FilterChainProxy springSecurityFilterChain;
@Before
public void setup() {
request = new MockHttpServletRequest();
response = new MockHttpServletResponse();
chain = new MockFilterChain();
}
@After
public void cleanup() {
if(context != null) {
context.close();
}
}
// SEC-3135
@Test
public void antMatchersMethodAndNoPatterns() throws Exception {
loadConfig(AntMatchersNoPatternsConfig.class);
request.setMethod("POST");
springSecurityFilterChain.doFilter(request, response, chain);
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
}
@EnableWebSecurity
@Configuration
static class AntMatchersNoPatternsConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(HttpMethod.POST).denyAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication();
}
}
public void loadConfig(Class<?>... configs) {
context = new AnnotationConfigWebApplicationContext();
context.register(configs);
context.refresh();
context.getAutowireCapableBeanFactory().autowireBean(this);
}
}
@@ -24,6 +24,7 @@ import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -78,6 +79,7 @@ public class CsrfConfigurerNoWebMvcTests {
@EnableWebSecurity
static class EnableWebOverrideRequestDataConfig {
@Bean
@Primary
public RequestDataValueProcessor requestDataValueProcessor() {
return mock(RequestDataValueProcessor.class);
}
@@ -0,0 +1,136 @@
/*
* Copyright 2002-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.annotation.web.configurers;
import static org.fest.assertions.Assertions.assertThat;
import javax.servlet.http.HttpServletResponse;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
/**
* @author Rob Winch
*
*/
public class HttpSecurityAntMatchersTests {
AnnotationConfigWebApplicationContext context;
MockHttpServletRequest request;
MockHttpServletResponse response;
MockFilterChain chain;
@Autowired
FilterChainProxy springSecurityFilterChain;
@Before
public void setup() {
request = new MockHttpServletRequest();
response = new MockHttpServletResponse();
chain = new MockFilterChain();
}
@After
public void cleanup() {
if(context != null) {
context.close();
}
}
// SEC-3135
@Test
public void antMatchersMethodAndNoPatterns() throws Exception {
loadConfig(AntMatchersNoPatternsConfig.class);
request.setMethod("POST");
springSecurityFilterChain.doFilter(request, response, chain);
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
}
@EnableWebSecurity
@Configuration
static class AntMatchersNoPatternsConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatchers()
.antMatchers(HttpMethod.POST)
.and()
.authorizeRequests()
.anyRequest().denyAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication();
}
}
// SEC-3135
@Test
public void antMatchersMethodAndEmptyPatterns() throws Exception {
loadConfig(AntMatchersEmptyPatternsConfig.class);
request.setMethod("POST");
springSecurityFilterChain.doFilter(request, response, chain);
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
}
@EnableWebSecurity
@Configuration
static class AntMatchersEmptyPatternsConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatchers()
.antMatchers("/never/")
.antMatchers(HttpMethod.POST, new String[0])
.and()
.authorizeRequests()
.anyRequest().denyAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication();
}
}
public void loadConfig(Class<?>... configs) {
context = new AnnotationConfigWebApplicationContext();
context.register(configs);
context.refresh();
context.getAutowireCapableBeanFactory().autowireBean(this);
}
}
@@ -0,0 +1,112 @@
/*
* Copyright 2002-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.annotation.web.configurers;
import static org.fest.assertions.Assertions.assertThat;
import javax.servlet.http.HttpServletResponse;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
/**
* @author Rob Winch
*
*/
public class HttpSecurityLogoutTests {
AnnotationConfigWebApplicationContext context;
MockHttpServletRequest request;
MockHttpServletResponse response;
MockFilterChain chain;
@Autowired
FilterChainProxy springSecurityFilterChain;
@Before
public void setup() {
request = new MockHttpServletRequest();
response = new MockHttpServletResponse();
chain = new MockFilterChain();
}
@After
public void cleanup() {
if(context != null) {
context.close();
}
}
// SEC-2848
@Test
public void clearAuthenticationFalse() throws Exception {
loadConfig(ClearAuthenticationFalseConfig.class);
SecurityContext currentContext = SecurityContextHolder.createEmptyContext();
currentContext.setAuthentication(new TestingAuthenticationToken("user", "password","ROLE_USER"));
request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, currentContext);
request.setMethod("POST");
request.setServletPath("/logout");
springSecurityFilterChain.doFilter(request, response, chain);
assertThat(currentContext.getAuthentication()).isNotNull();
}
@EnableWebSecurity
@Configuration
static class ClearAuthenticationFalseConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.logout()
.clearAuthentication(false);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication();
}
}
public void loadConfig(Class<?>... configs) {
context = new AnnotationConfigWebApplicationContext();
context.register(configs);
context.refresh();
context.getAutowireCapableBeanFactory().autowireBean(this);
}
}
@@ -0,0 +1,67 @@
/*
* Copyright 2002-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.http.customconfigurer;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationContext;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer;
import org.springframework.security.web.DefaultSecurityFilterChain;
/**
* @author Rob Winch
*
*/
public class CustomConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain,HttpSecurity> {
@Value("${permitAllPattern}")
private String permitAllPattern;
private String loginPage = "/login";
/* (non-Javadoc)
* @see org.springframework.security.config.annotation.SecurityConfigurerAdapter#init(org.springframework.security.config.annotation.SecurityBuilder)
*/
@SuppressWarnings("unchecked")
@Override
public void init(HttpSecurity http) throws Exception {
// autowire this bean
ApplicationContext context = http.getSharedObject(ApplicationContext.class);
context.getAutowireCapableBeanFactory().autowireBean(this);
http
.authorizeRequests()
.antMatchers(permitAllPattern).permitAll()
.anyRequest().authenticated();
if(http.getConfigurer(FormLoginConfigurer.class) == null) {
// only apply if formLogin() was not invoked by the user
http
.formLogin()
.loginPage(loginPage);
}
}
public CustomConfigurer loginPage(String loginPage) {
this.loginPage = loginPage;
return this;
}
public static CustomConfigurer customConfigurer() {
return new CustomConfigurer();
}
}
@@ -0,0 +1,164 @@
/*
* Copyright 2002-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.http.customconfigurer;
import static org.fest.assertions.Assertions.assertThat;
import static org.springframework.security.config.http.customconfigurer.CustomConfigurer.customConfigurer;
import java.util.Properties;
import javax.servlet.http.HttpServletResponse;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.FilterChainProxy;
/**
* @author Rob Winch
*
*/
public class CustomHttpSecurityConfigurerTests {
@Autowired
ConfigurableApplicationContext context;
@Autowired
FilterChainProxy springSecurityFilterChain;
MockHttpServletRequest request;
MockHttpServletResponse response;
MockFilterChain chain;
@Before
public void setup() {
request = new MockHttpServletRequest();
response = new MockHttpServletResponse();
chain = new MockFilterChain();
request.setMethod("GET");
}
@After
public void cleanup() {
if(context != null) {
context.close();
}
}
@Test
public void customConfiguerPermitAll() throws Exception {
loadContext(Config.class);
request.setPathInfo("/public/something");
springSecurityFilterChain.doFilter(request, response, chain);
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
}
@Test
public void customConfiguerFormLogin() throws Exception {
loadContext(Config.class);
request.setPathInfo("/requires-authentication");
springSecurityFilterChain.doFilter(request, response, chain);
assertThat(response.getRedirectedUrl()).endsWith("/custom");
}
@Test
public void customConfiguerCustomizeDisablesCsrf() throws Exception {
loadContext(ConfigCustomize.class);
request.setPathInfo("/public/something");
request.setMethod("POST");
springSecurityFilterChain.doFilter(request, response, chain);
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
}
@Test
public void customConfiguerCustomizeFormLogin() throws Exception {
loadContext(ConfigCustomize.class);
request.setPathInfo("/requires-authentication");
springSecurityFilterChain.doFilter(request, response, chain);
assertThat(response.getRedirectedUrl()).endsWith("/other");
}
private void loadContext(Class<?> clazz) {
AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext(clazz);
context.getAutowireCapableBeanFactory().autowireBean(this);
}
@EnableWebSecurity
static class Config extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.apply(customConfigurer())
.loginPage("/custom");
}
@Bean
public static PropertyPlaceholderConfigurer propertyPlaceholderConfigurer() {
// Typically externalize this as a properties file
Properties properties = new Properties();
properties.setProperty("permitAllPattern", "/public/**");
PropertyPlaceholderConfigurer propertyPlaceholderConfigurer = new PropertyPlaceholderConfigurer();
propertyPlaceholderConfigurer.setProperties(properties);
return propertyPlaceholderConfigurer;
}
}
@EnableWebSecurity
static class ConfigCustomize extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.apply(customConfigurer())
.and()
.csrf().disable()
.formLogin()
.loginPage("/other");
}
@Bean
public static PropertyPlaceholderConfigurer propertyPlaceholderConfigurer() {
// Typically externalize this as a properties file
Properties properties = new Properties();
properties.setProperty("permitAllPattern", "/public/**");
PropertyPlaceholderConfigurer propertyPlaceholderConfigurer = new PropertyPlaceholderConfigurer();
propertyPlaceholderConfigurer.setProperties(properties);
return propertyPlaceholderConfigurer;
}
}
}
+2 -8
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>spring-security-core</name>
<description>spring-security-core</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>aopalliance</groupId>
@@ -275,7 +269,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -95,6 +95,9 @@ public class RoleVoter implements AccessDecisionVoter<Object> {
public int vote(Authentication authentication, Object object,
Collection<ConfigAttribute> attributes) {
if(authentication == null) {
return ACCESS_DENIED;
}
int result = ACCESS_ABSTAIN;
Collection<? extends GrantedAuthority> authorities = extractAuthorities(authentication);
@@ -25,10 +25,8 @@ import org.springframework.util.Assert;
* then removing the {@link SecurityContext} after the delegate has completed.
* </p>
* <p>
* By default the {@link SecurityContext} is only setup if {@link #call()} is
* invoked on a separate {@link Thread} than the
* {@link DelegatingSecurityContextCallable} was created on. This can be
* overridden by setting {@link #setEnableOnOriginalThread(boolean)} to true.
* If there is a {@link SecurityContext} that already exists, it will be
* restored after the {@link #call()} method is invoked.
* </p>
*
* @author Rob Winch
@@ -38,11 +36,18 @@ public final class DelegatingSecurityContextCallable<V> implements Callable<V> {
private final Callable<V> delegate;
private final SecurityContext securityContext;
private final Thread originalThread;
/**
* The {@link SecurityContext} that the delegate {@link Callable} will be
* ran as.
*/
private final SecurityContext delegateSecurityContext;
private boolean enableOnOriginalThread;
/**
* The {@link SecurityContext} that was on the {@link SecurityContextHolder}
* prior to being set to the delegateSecurityContext.
*/
private SecurityContext originalSecurityContext;
/**
* Creates a new {@link DelegatingSecurityContextCallable} with a specific
@@ -57,8 +62,7 @@ public final class DelegatingSecurityContextCallable<V> implements Callable<V> {
Assert.notNull(delegate, "delegate cannot be null");
Assert.notNull(securityContext, "securityContext cannot be null");
this.delegate = delegate;
this.securityContext = securityContext;
this.originalThread = Thread.currentThread();
this.delegateSecurityContext = securityContext;
}
/**
@@ -71,33 +75,21 @@ public final class DelegatingSecurityContextCallable<V> implements Callable<V> {
this(delegate, SecurityContextHolder.getContext());
}
/**
* Determines if the SecurityContext should be transfered if {@link #call()}
* is invoked on the same {@link Thread} the
* {@link DelegatingSecurityContextCallable} was created on.
*
* @param enableOnOriginalThread
* if false (default), will only transfer the
* {@link SecurityContext} if {@link #call()} is invoked on a
* different {@link Thread} than the
* {@link DelegatingSecurityContextCallable} was created on.
*
* @since 4.0.2
*/
public void setEnableOnOriginalThread(boolean enableOnOriginalThread) {
this.enableOnOriginalThread = enableOnOriginalThread;
}
public V call() throws Exception {
if(!enableOnOriginalThread && originalThread == Thread.currentThread()) {
return delegate.call();
}
this.originalSecurityContext = SecurityContextHolder.getContext();
try {
SecurityContextHolder.setContext(securityContext);
SecurityContextHolder.setContext(delegateSecurityContext);
return delegate.call();
}
finally {
SecurityContextHolder.clearContext();
SecurityContext emptyContext = SecurityContextHolder.createEmptyContext();
if(emptyContext.equals(originalSecurityContext)) {
SecurityContextHolder.clearContext();
} else {
SecurityContextHolder.setContext(originalSecurityContext);
}
this.originalSecurityContext = null;
}
}
@@ -23,10 +23,8 @@ import org.springframework.util.Assert;
* {@link SecurityContext} after the delegate has completed.
* </p>
* <p>
* By default the {@link SecurityContext} is only setup if {@link #run()} is
* invoked on a separate {@link Thread} than the
* {@link DelegatingSecurityContextRunnable} was created on. This can be
* overridden by setting {@link #setEnableOnOriginalThread(boolean)} to true.
* If there is a {@link SecurityContext} that already exists, it will be
* restored after the {@link #run()} method is invoked.
* </p>
*
* @author Rob Winch
@@ -36,11 +34,17 @@ public final class DelegatingSecurityContextRunnable implements Runnable {
private final Runnable delegate;
private final SecurityContext securityContext;
/**
* The {@link SecurityContext} that the delegate {@link Runnable} will be
* ran as.
*/
private final SecurityContext delegateSecurityContext;
private final Thread originalThread;
private boolean enableOnOriginalThread;
/**
* The {@link SecurityContext} that was on the {@link SecurityContextHolder}
* prior to being set to the delegateSecurityContext.
*/
private SecurityContext originalSecurityContext;
/**
* Creates a new {@link DelegatingSecurityContextRunnable} with a specific
@@ -55,8 +59,7 @@ public final class DelegatingSecurityContextRunnable implements Runnable {
Assert.notNull(delegate, "delegate cannot be null");
Assert.notNull(securityContext, "securityContext cannot be null");
this.delegate = delegate;
this.securityContext = securityContext;
this.originalThread = Thread.currentThread();
this.delegateSecurityContext = securityContext;
}
/**
@@ -69,33 +72,21 @@ public final class DelegatingSecurityContextRunnable implements Runnable {
this(delegate, SecurityContextHolder.getContext());
}
/**
* Determines if the SecurityContext should be transfered if {@link #run()}
* is invoked on the same {@link Thread} the
* {@link DelegatingSecurityContextCallable} was created on.
*
* @param enableOnOriginalThread
* if false (default), will only transfer the
* {@link SecurityContext} if {@link #run()} is invoked on a
* different {@link Thread} than the
* {@link DelegatingSecurityContextCallable} was created on.
* @since 4.0.2
*/
public void setEnableOnOriginalThread(boolean enableOnOriginalThread) {
this.enableOnOriginalThread = enableOnOriginalThread;
}
public void run() {
if(!enableOnOriginalThread && originalThread == Thread.currentThread()) {
delegate.run();
return;
}
this.originalSecurityContext = SecurityContextHolder.getContext();
try {
SecurityContextHolder.setContext(securityContext);
SecurityContextHolder.setContext(delegateSecurityContext);
delegate.run();
}
finally {
SecurityContextHolder.clearContext();
SecurityContext emptyContext = SecurityContextHolder.createEmptyContext();
if(emptyContext.equals(originalSecurityContext)) {
SecurityContextHolder.clearContext();
} else {
SecurityContextHolder.setContext(originalSecurityContext);
}
this.originalSecurityContext = null;
}
}
@@ -24,7 +24,7 @@ public class SpringSecurityCoreVersion {
*/
public static final long SERIAL_VERSION_UID = 400L;
static final String MIN_SPRING_VERSION = "4.1.6.RELEASE";
static final String MIN_SPRING_VERSION = "4.2.2.RELEASE";
static {
performVersionChecks();
@@ -1,5 +1,6 @@
package org.springframework.security.access.vote;
import static org.fest.assertions.Assertions.assertThat;
import static org.junit.Assert.*;
import org.junit.Test;
@@ -22,4 +23,13 @@ public class RoleVoterTests {
assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
voter.vote(userAB, this, SecurityConfig.createList("A", "C")));
}
// SEC-3128
@Test
public void nullAuthenticationDenies() {
RoleVoter voter = new RoleVoter();
voter.setRolePrefix("");
Authentication notAuthenitcated = null;
assertThat(voter.vote(notAuthenitcated, this, SecurityConfig.createList("A"))).isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
}
}
@@ -50,9 +50,12 @@ public class DelegatingSecurityContextCallableTests {
private ExecutorService executor;
private SecurityContext originalSecurityContext;
@Before
@SuppressWarnings("serial")
public void setUp() throws Exception {
originalSecurityContext = SecurityContextHolder.createEmptyContext();
when(delegate.call()).thenAnswer(new Returns(callableResult) {
@Override
public Object answer(InvocationOnMock invocation) throws Throwable {
@@ -111,17 +114,10 @@ public class DelegatingSecurityContextCallableTests {
// SEC-3031
@Test
public void callOnSameThread() throws Exception {
originalSecurityContext = securityContext;
SecurityContextHolder.setContext(originalSecurityContext);
callable = new DelegatingSecurityContextCallable<Object>(delegate,
securityContext);
securityContext = SecurityContextHolder.createEmptyContext();
assertWrapped(callable.call());
}
@Test
public void callOnSameThreadExplicitlyEnabled() throws Exception {
DelegatingSecurityContextCallable<Object> callable = new DelegatingSecurityContextCallable<Object>(delegate,
securityContext);
callable.setEnableOnOriginalThread(true);
assertWrapped(callable.call());
}
@@ -170,6 +166,6 @@ public class DelegatingSecurityContextCallableTests {
private void assertWrapped(Object callableResult) throws Exception {
verify(delegate).call();
assertThat(SecurityContextHolder.getContext()).isEqualTo(
SecurityContextHolder.createEmptyContext());
originalSecurityContext);
}
}
@@ -51,8 +51,11 @@ public class DelegatingSecurityContextRunnableTests {
private ExecutorService executor;
private SecurityContext originalSecurityContext;
@Before
public void setUp() throws Exception {
originalSecurityContext = SecurityContextHolder.createEmptyContext();
doAnswer(new Answer<Object>() {
public Object answer(InvocationOnMock invocation) throws Throwable {
assertThat(SecurityContextHolder.getContext()).isEqualTo(securityContext);
@@ -110,19 +113,11 @@ public class DelegatingSecurityContextRunnableTests {
// SEC-3031
@Test
public void callOnSameThread() throws Exception {
originalSecurityContext = securityContext;
SecurityContextHolder.setContext(originalSecurityContext);
executor = synchronousExecutor();
runnable = new DelegatingSecurityContextRunnable(delegate,
securityContext);
securityContext = SecurityContextHolder.createEmptyContext();
assertWrapped(runnable);
}
@Test
public void callOnSameThreadExplicitlyEnabled() throws Exception {
executor = synchronousExecutor();
DelegatingSecurityContextRunnable runnable = new DelegatingSecurityContextRunnable(delegate,
securityContext);
runnable.setEnableOnOriginalThread(true);
assertWrapped(runnable);
}
@@ -167,7 +162,7 @@ public class DelegatingSecurityContextRunnableTests {
submit.get();
verify(delegate).run();
assertThat(SecurityContextHolder.getContext()).isEqualTo(
SecurityContextHolder.createEmptyContext());
originalSecurityContext);
}
private static ExecutorService synchronousExecutor() {
+2 -8
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-crypto</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>spring-security-crypto</name>
<description>spring-security-crypto</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>commons-logging</groupId>
@@ -85,7 +79,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -17,7 +17,6 @@ package org.springframework.security.crypto.password;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
/**
* Helper for working with the MessageDigest API.
@@ -30,7 +29,7 @@ import java.security.NoSuchProviderException;
*/
final class Digester {
private final MessageDigest messageDigest;
private final String algorithm;
private final int iterations;
@@ -40,22 +39,26 @@ final class Digester {
* @param iterations the number of times to apply the digest algorithm to the input
*/
public Digester(String algorithm, int iterations) {
try {
messageDigest = MessageDigest.getInstance(algorithm);
}
catch (NoSuchAlgorithmException e) {
throw new IllegalStateException("No such hashing algorithm", e);
}
// eagerly validate the algorithm
createDigest(algorithm);
this.algorithm = algorithm;
this.iterations = iterations;
}
public byte[] digest(byte[] value) {
synchronized (messageDigest) {
for (int i = 0; i < iterations; i++) {
value = messageDigest.digest(value);
}
return value;
MessageDigest messageDigest = createDigest(algorithm);
for (int i = 0; i < iterations; i++) {
value = messageDigest.digest(value);
}
return value;
}
private static MessageDigest createDigest(String algorithm) {
try {
return MessageDigest.getInstance(algorithm);
}
catch (NoSuchAlgorithmException e) {
throw new IllegalStateException("No such hashing algorithm", e);
}
}
}
+3 -9
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-data</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>spring-security-data</name>
<description>spring-security-data</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.data</groupId>
@@ -46,7 +40,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -108,7 +102,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -506,7 +506,7 @@ For example, this is the above request modified to include the username on the H
[source,java]
----
mvc
.perform(formLogin("/auth").user("a","admin").password("p","pass"))
.perform(formLogin("/auth").user("u","admin").password("p","pass"))
----
[[test-logout]]
@@ -388,7 +388,7 @@ For example:
<b:bean id="csrfMatcher"
class="AndRequestMatcher">
<b:constructor-arg value="#{T(org.springframework.security.web.csrf.CsrfFilter).DEFAULT_MATCHER}"/>
<b:constructor-arg value="#{T(org.springframework.security.web.csrf.CsrfFilter).DEFAULT_CSRF_MATCHER}"/>
<b:constructor-arg>
<b:bean class="org.springframework.security.web.util.matcher.NegatedRequestMatcher">
<b:bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
+9 -11
View File
@@ -3510,18 +3510,16 @@ You can easily do this with the following Java Configuration:
----
@EnableWebSecurity
public class WebSecurityConfig extends
WebSecurityConfigurerAdapter {
WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// ...
.headers()
.frameOptions()
.sameOrigin()
.and()
.hsts().disable();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// ...
.headers()
.frameOptions().sameOrigin()
.httpStrictTransportSecurity().disable();
}
}
----
+1 -1
View File
@@ -1 +1 @@
version=4.0.3.CI-SNAPSHOT
version=4.0.3.RELEASE
+5 -11
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>itest-context</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>itest-context</name>
<description>itest-context</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>aopalliance</groupId>
@@ -52,7 +46,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -127,13 +121,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
@@ -152,7 +146,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+7 -13
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>itest-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>itest-web</name>
<description>itest-web</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
@@ -145,31 +139,31 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
@@ -200,7 +194,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+3 -9
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>spring-security-ldap</name>
<description>spring-security-ldap</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.ldap</groupId>
@@ -68,7 +62,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -200,7 +194,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+4 -10
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-messaging</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>spring-security-messaging</name>
<description>spring-security-messaging</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>aopalliance</groupId>
@@ -46,7 +40,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -97,7 +91,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
@@ -232,7 +226,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+4 -10
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-openid</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>spring-security-openid</name>
<description>spring-security-openid</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>com.google.inject</groupId>
@@ -58,13 +52,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -164,7 +158,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+3 -9
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-remoting</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>spring-security-remoting</name>
<description>spring-security-remoting</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>aopalliance</groupId>
@@ -46,7 +40,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -123,7 +117,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+5 -11
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-aspectj-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>spring-security-samples-aspectj-jc</name>
<description>spring-security-samples-aspectj-jc</description>
<url>http://spring.io/spring-security</url>
@@ -30,23 +30,17 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -66,7 +60,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-aspects</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -110,7 +104,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+5 -11
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-aspectj-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>spring-security-samples-aspectj-xml</name>
<description>spring-security-samples-aspectj-xml</description>
<url>http://spring.io/spring-security</url>
@@ -30,17 +30,11 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -60,13 +54,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-aspects</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -110,7 +104,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-cassample-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-cassample-xml</name>
<description>spring-security-samples-cassample-xml</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.jasig.cas.client</groupId>
@@ -47,13 +41,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -90,13 +84,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -193,7 +187,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+2 -8
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-casserver</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-casserver</name>
<description>spring-security-samples-casserver</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>commons-logging</groupId>
@@ -86,7 +80,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-chat-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-chat-jc</name>
<description>spring-security-samples-chat-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
@@ -125,25 +119,25 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-data</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-messaging</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -239,7 +233,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-concurrency-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-concurrency-jc</name>
<description>spring-security-samples-concurrency-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -83,25 +77,25 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -186,7 +180,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+7 -13
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-contacts-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-contacts-xml</name>
<description>spring-security-samples-contacts-xml</description>
@@ -31,23 +31,17 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -137,19 +131,19 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -234,7 +228,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+4 -10
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-data-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>spring-security-samples-data-jc</name>
<description>spring-security-samples-data-jc</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.validation</groupId>
@@ -76,13 +70,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-data</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -133,7 +127,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+5 -11
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-dms-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>spring-security-samples-dms-xml</name>
<description>spring-security-samples-dms-xml</description>
<url>http://spring.io/spring-security</url>
@@ -30,23 +30,17 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -87,7 +81,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -141,7 +135,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-form-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-form-jc</name>
<description>spring-security-samples-form-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -83,25 +77,25 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -234,7 +228,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-gae-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-gae-xml</name>
<description>spring-security-samples-gae-xml</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>com.google.appengine</groupId>
@@ -65,13 +59,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -139,13 +133,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -201,7 +195,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-hellojs-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-hellojs-jc</name>
<description>spring-security-samples-hellojs-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
@@ -89,25 +83,25 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -192,7 +186,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+7 -13
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-hellomvc-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-hellomvc-jc</name>
<description>spring-security-samples-hellomvc-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -83,25 +77,25 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -178,7 +172,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
@@ -192,7 +186,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+4 -10
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-helloworld-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-helloworld-jc</name>
<description>spring-security-samples-helloworld-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -59,13 +53,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -170,7 +164,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+4 -10
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-helloworld-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-helloworld-xml</name>
<description>spring-security-samples-helloworld-xml</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -59,13 +53,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -170,7 +164,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+7 -13
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-inmemory-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-inmemory-jc</name>
<description>spring-security-samples-inmemory-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -83,25 +77,25 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -178,7 +172,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
@@ -192,7 +186,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+2 -8
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-insecure</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-insecure</name>
<description>spring-security-samples-insecure</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -158,7 +152,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+3 -9
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-insecuremvc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-insecuremvc</name>
<description>spring-security-samples-insecuremvc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -83,7 +77,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -168,7 +162,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-jaas-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-jaas-xml</name>
<description>spring-security-samples-jaas-xml</description>
@@ -31,17 +31,11 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -99,19 +93,19 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -196,7 +190,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-jdbc-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-jdbc-jc</name>
<description>spring-security-samples-jdbc-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -83,25 +77,25 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -234,7 +228,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+7 -13
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-ldap-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-ldap-jc</name>
<description>spring-security-samples-ldap-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -119,31 +113,31 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -276,7 +270,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-ldap-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-ldap-xml</name>
<description>spring-security-samples-ldap-xml</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -53,7 +47,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -120,19 +114,19 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -212,7 +206,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+4 -10
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>spring-security-samples-messages-jc</name>
<description>spring-security-samples-messages-jc</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.validation</groupId>
@@ -88,13 +82,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -208,7 +202,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+7 -13
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-openid-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-openid-jc</name>
<description>spring-security-samples-openid-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -83,31 +77,31 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-openid</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -198,7 +192,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-openid-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-openid-xml</name>
<description>spring-security-samples-openid-xml</description>
@@ -31,23 +31,17 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-openid</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -95,13 +89,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -133,7 +127,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-preauth-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-preauth-jc</name>
<description>spring-security-samples-preauth-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -83,25 +77,25 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -186,7 +180,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+4 -10
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-preauth-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-preauth-xml</name>
<description>spring-security-samples-preauth-xml</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>commons-logging</groupId>
@@ -66,13 +60,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -104,7 +98,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-rememberme-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-rememberme-jc</name>
<description>spring-security-samples-rememberme-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -83,25 +77,25 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -186,7 +180,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-servletapi-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-servletapi-xml</name>
<description>spring-security-samples-servletapi-xml</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -47,13 +41,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -110,13 +104,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -153,7 +147,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-tutorial-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-tutorial-xml</name>
<description>spring-security-samples-tutorial-xml</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.slf4j</groupId>
@@ -47,7 +41,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -111,19 +105,19 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -155,7 +149,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-x509-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-x509-jc</name>
<description>spring-security-samples-x509-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -83,25 +77,25 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -186,7 +180,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+5 -11
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>spring-security-taglibs</name>
<description>spring-security-taglibs</description>
<url>http://spring.io/spring-security</url>
@@ -30,29 +30,23 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -187,7 +181,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -37,6 +37,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.WebAttributes;
import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
import org.springframework.security.web.context.support.SecurityWebApplicationContextUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.context.support.WebApplicationContextUtils;
@@ -201,8 +202,7 @@ public abstract class AbstractAuthorizeTag {
@SuppressWarnings({ "unchecked", "rawtypes" })
private SecurityExpressionHandler<FilterInvocation> getExpressionHandler()
throws IOException {
ApplicationContext appContext = WebApplicationContextUtils
.getRequiredWebApplicationContext(getServletContext());
ApplicationContext appContext = SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(getServletContext());
Map<String, SecurityExpressionHandler> handlers = appContext
.getBeansOfType(SecurityExpressionHandler.class);
@@ -225,8 +225,7 @@ public abstract class AbstractAuthorizeTag {
return privEvaluatorFromRequest;
}
ApplicationContext ctx = WebApplicationContextUtils
.getRequiredWebApplicationContext(getServletContext());
ApplicationContext ctx = SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(getServletContext());
Map<String, WebInvocationPrivilegeEvaluator> wipes = ctx
.getBeansOfType(WebInvocationPrivilegeEvaluator.class);
@@ -14,6 +14,16 @@
*/
package org.springframework.security.taglibs.authz;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletContext;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.tagext.Tag;
import javax.servlet.jsp.tagext.TagSupport;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationContext;
@@ -21,15 +31,9 @@ import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.taglibs.TagLibConfig;
import org.springframework.security.web.context.support.SecurityWebApplicationContextUtils;
import org.springframework.web.context.support.WebApplicationContextUtils;
import javax.servlet.ServletContext;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.tagext.Tag;
import javax.servlet.jsp.tagext.TagSupport;
import java.util.*;
/**
* An implementation of {@link Tag} that allows its body through if all authorizations are
* granted to the request's principal.
@@ -142,8 +146,7 @@ public class AccessControlListTag extends TagSupport {
protected ApplicationContext getContext(PageContext pageContext) {
ServletContext servletContext = pageContext.getServletContext();
return WebApplicationContextUtils
.getRequiredWebApplicationContext(servletContext);
return SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(servletContext);
}
public Object getDomainObject() {
@@ -12,12 +12,16 @@
*/
package org.springframework.security.taglibs.authz;
import static org.fest.assertions.Assertions.*;
import static org.mockito.Matchers.any;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import java.io.IOException;
import java.util.Collections;
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
@@ -29,10 +33,14 @@ import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.security.access.expression.SecurityExpressionHandler;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.WebAttributes;
import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
import org.springframework.web.context.WebApplicationContext;
/**
*
@@ -71,6 +79,33 @@ public class AbstractAuthorizeTagTests {
verify(expected).isAllowed(eq(""), eq(uri), eq("GET"), any(Authentication.class));
}
@Test
public void privilegeEvaluatorFromChildContext() throws IOException {
String uri = "/something";
WebInvocationPrivilegeEvaluator expected = mock(WebInvocationPrivilegeEvaluator.class);
tag.setUrl(uri);
WebApplicationContext wac = mock(WebApplicationContext.class);
when(wac.getBeansOfType(WebInvocationPrivilegeEvaluator.class)).thenReturn(Collections.singletonMap("wipe", expected));
servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
tag.authorizeUsingUrlCheck();
verify(expected).isAllowed(eq(""), eq(uri), eq("GET"), any(Authentication.class));
}
@Test
@SuppressWarnings("rawtypes")
public void expressionFromChildContext() throws IOException {
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "pass","USER"));
DefaultWebSecurityExpressionHandler expected = new DefaultWebSecurityExpressionHandler();
tag.setAccess("permitAll");
WebApplicationContext wac = mock(WebApplicationContext.class);
when(wac.getBeansOfType(SecurityExpressionHandler.class)).thenReturn(Collections.<String,SecurityExpressionHandler>singletonMap("wipe", expected));
servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
assertThat(tag.authorize()).isTrue();
}
private class AuthzTag extends AbstractAuthorizeTag {
@Override
@@ -26,6 +26,7 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.context.WebApplicationContext;
import javax.servlet.ServletContext;
import javax.servlet.jsp.tagext.Tag;
import java.util.*;
@@ -83,6 +84,27 @@ public class AccessControlListTagTests {
assertTrue((Boolean) pageContext.getAttribute("allowed"));
}
@Test
public void childContext() throws Exception {
ServletContext servletContext = pageContext.getServletContext();
WebApplicationContext wac = (WebApplicationContext) servletContext
.getAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
servletContext.removeAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
Object domainObject = new Object();
when(pe.hasPermission(bob, domainObject, "READ")).thenReturn(true);
tag.setDomainObject(domainObject);
tag.setHasPermission("READ");
tag.setVar("allowed");
assertSame(domainObject, tag.getDomainObject());
assertEquals("READ", tag.getHasPermission());
assertEquals(Tag.EVAL_BODY_INCLUDE, tag.doStartTag());
assertTrue((Boolean) pageContext.getAttribute("allowed"));
}
// SEC-2022
@Test
public void multiHasPermissionsAreSplit() throws Exception {
+5 -11
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>spring-security-test</name>
<description>spring-security-test</description>
<url>http://spring.io/spring-security</url>
@@ -30,23 +30,17 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -75,7 +69,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
@@ -168,7 +162,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -103,7 +103,7 @@ public class Sec2935Tests {
.andExpect(authenticated().withUsername("user"));
}
@Ignore
// SEC-2941
@Test
public void defaultRequest() throws Exception {
mvc = MockMvcBuilders.webAppContextSetup(context)
+3 -9
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<name>spring-security-web</name>
<description>spring-security-web</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>aopalliance</groupId>
@@ -46,7 +40,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -236,7 +230,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -41,7 +41,7 @@ import java.util.*;
* version 2.0, you shouldn't need to explicitly configure a {@code FilterChainProxy} bean
* in your application context unless you need very fine control over the filter chain
* contents. Most cases should be adequately covered by the default
* {@code &lt;security:http /&gt;} namespace configuration options.
* {@code <security:http />} namespace configuration options.
* <p>
* The {@code FilterChainProxy} is linked into the servlet container filter chain by
* adding a standard Spring {@link DelegatingFilterProxy} declaration in the application
@@ -54,7 +54,7 @@ import java.util.*;
* and a list of filters which should be applied to matching requests. Most applications
* will only contain a single filter chain, and if you are using the namespace, you don't
* have to set the chains explicitly. If you require finer-grained control, you can make
* use of the {@code &lt;filter-chain&gt;} namespace element. This defines a URI pattern
* use of the {@code <filter-chain>} namespace element. This defines a URI pattern
* and the list of filters (as comma-separated bean names) which should be applied to
* requests which match the pattern. An example configuration might look like this:
*
@@ -43,7 +43,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
* <p>
* The most common method creating an instance is using the Spring Security namespace. For
* example, the {@code pattern} and {@code access} attributes of the
* {@code &lt;intercept-url&gt;} elements defined as children of the {@code &lt;http&gt;}
* {@code <intercept-url>} elements defined as children of the {@code <http>}
* element are combined to build the instance used by the
* {@code FilterSecurityInterceptor}.
*
@@ -38,6 +38,7 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserCache;
import org.springframework.security.core.userdetails.UserDetails;
@@ -224,8 +225,10 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements
+ "' with response: '" + digestAuth.getResponse() + "'");
}
SecurityContextHolder.getContext().setAuthentication(
createSuccessfulAuthentication(request, user));
Authentication authentication = createSuccessfulAuthentication(request, user);
SecurityContext context = SecurityContextHolder.createEmptyContext();
context.setAuthentication(authentication);
SecurityContextHolder.setContext(context);
chain.doFilter(request, response);
}
@@ -337,7 +337,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
logger.debug("SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.");
}
if (httpSession != null && !contextObject.equals(contextBeforeExecution)) {
if (httpSession != null && authBeforeExecution != null) {
// SEC-1587 A non-anonymous context may still be in the session
// SEC-1735 remove if the contextBeforeExecution was not anonymous
httpSession.removeAttribute(springSecurityContextKey);
@@ -0,0 +1,52 @@
/*
* Copyright 2002-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.context.support;
import javax.servlet.ServletContext;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
/**
* Spring Security extension to Spring's {@link WebApplicationContextUtils}.
*
* @author Rob Winch
*/
public abstract class SecurityWebApplicationContextUtils extends WebApplicationContextUtils {
/**
* Find a unique {@code WebApplicationContext} for this web app: either the
* root web app context (preferred) or a unique {@code WebApplicationContext}
* among the registered {@code ServletContext} attributes (typically coming
* from a single {@code DispatcherServlet} in the current web application).
* <p>Note that {@code DispatcherServlet}'s exposure of its context can be
* controlled through its {@code publishContext} property, which is {@code true}
* by default but can be selectively switched to only publish a single context
* despite multiple {@code DispatcherServlet} registrations in the web app.
* @param servletContext ServletContext to find the web application context for
* @return the desired WebApplicationContext for this web app
* @see #getWebApplicationContext(ServletContext)
* @see ServletContext#getAttributeNames()
* @throws IllegalStateException if no WebApplicationContext can be found
*/
public static WebApplicationContext findRequiredWebApplicationContext(ServletContext servletContext) {
WebApplicationContext wac = findWebApplicationContext(servletContext);
if (wac == null) {
throw new IllegalStateException("No WebApplicationContext found: no ContextLoaderListener registered?");
}
return wac;
}
}
@@ -62,8 +62,7 @@ public class DefaultSavedRequest implements SavedRequest {
private final ArrayList<Locale> locales = new ArrayList<Locale>();
private final Map<String, List<String>> headers = new TreeMap<String, List<String>>(
String.CASE_INSENSITIVE_ORDER);
private final Map<String, String[]> parameters = new TreeMap<String, String[]>(
String.CASE_INSENSITIVE_ORDER);
private final Map<String, String[]> parameters = new TreeMap<String, String[]>();
private final String contextPath;
private final String method;
private final String pathInfo;
@@ -19,7 +19,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.security.web.context.support.SecurityWebApplicationContextUtils;
import org.springframework.web.context.support.WebApplicationContextUtils;
import javax.servlet.ServletContext;
@@ -28,7 +28,7 @@ import javax.servlet.http.HttpSessionListener;
/**
* Declared in web.xml as
*
*
* <pre>
* &lt;listener&gt;
* &lt;listener-class&gt;org.springframework.security.web.session.HttpSessionEventPublisher&lt;/listener-class&gt;
@@ -53,8 +53,7 @@ public class HttpSessionEventPublisher implements HttpSessionListener {
// ========================================================================================================
ApplicationContext getContext(ServletContext servletContext) {
return WebApplicationContextUtils
.getRequiredWebApplicationContext(servletContext);
return SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(servletContext);
}
/**
@@ -15,11 +15,20 @@
package org.springframework.security.web.authentication.www;
import static org.junit.Assert.*;
import static org.mockito.Mockito.*;
import static org.fest.assertions.Assertions.*;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import java.io.IOException;
import java.util.*;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
@@ -32,7 +41,9 @@ import org.junit.Before;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
@@ -473,4 +484,27 @@ public class DigestAuthenticationFilterTests {
assertNull(SecurityContextHolder.getContext().getAuthentication());
assertEquals(401, response.getStatus());
}
// SEC-3108
@Test
public void authenticationCreatesEmptyContext() throws Exception {
SecurityContext existingContext = SecurityContextHolder.createEmptyContext();
TestingAuthenticationToken existingAuthentication = new TestingAuthenticationToken("existingauthenitcated", "pass", "ROLE_USER");
existingContext.setAuthentication(existingAuthentication);
SecurityContextHolder.setContext(existingContext);
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
request.addHeader(
"Authorization",
createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI,
responseDigest, QOP, NC, CNONCE));
filter.setCreateAuthenticatedToken(true);
executeFilterInContainerSimulator(filter, request, true);
assertThat(existingAuthentication).isSameAs(existingContext.getAuthentication());
}
}
@@ -501,6 +501,24 @@ public class HttpSessionSecurityContextRepositoryTests {
request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY));
}
// SEC-3070
@Test
public void logoutInvalidateSessionFalseFails() throws Exception {
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
MockHttpServletRequest request = new MockHttpServletRequest();
SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext();
ctxInSession.setAuthentication(testToken);
request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, ctxInSession);
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
repo.loadContext(holder);
ctxInSession.setAuthentication(null);
repo.saveContext(ctxInSession, holder.getRequest(), holder.getResponse());
assertNull(request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY));
}
@Test
@SuppressWarnings("deprecation")
public void sessionDisableUrlRewritingPreventsSessionIdBeingWrittenToUrl()
@@ -600,4 +618,4 @@ public class HttpSessionSecurityContextRepositoryTests {
repo.saveContext(context, request, response);
}
}
}
@@ -32,13 +32,15 @@ public class DefaultSavedRequestTests {
assertTrue(saved.getHeaderValues("if-none-match").isEmpty());
}
// TODO: Why are parameters case insensitive. I think this is a mistake
// SEC-3082
@Test
public void parametersAreCaseInsensitive() throws Exception {
public void parametersAreCaseSensitive() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter("ThisIsATest", "Hi mom");
request.addParameter("AnotHerTest", "Hi dad");
request.addParameter("thisisatest", "Hi mom");
DefaultSavedRequest saved = new DefaultSavedRequest(request,
new MockPortResolver(8080, 8443));
assertEquals("Hi mom", saved.getParameterValues("thisisatest")[0]);
assertNull(saved.getParameterValues("anothertest"));
}
}
@@ -319,7 +319,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
verify(asyncContext).start(runnableCaptor.capture());
DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor
.getValue();
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, SecurityContext.class))
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, "delegateSecurityContext"))
.isEqualTo(context);
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, "delegate"))
.isEqualTo(runnable);
@@ -346,7 +346,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
verify(asyncContext).start(runnableCaptor.capture());
DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor
.getValue();
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, SecurityContext.class))
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, "delegateSecurityContext"))
.isEqualTo(context);
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, "delegate"))
.isEqualTo(runnable);
@@ -373,7 +373,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
verify(asyncContext).start(runnableCaptor.capture());
DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor
.getValue();
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, SecurityContext.class))
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, "delegateSecurityContext"))
.isEqualTo(context);
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, "delegate"))
.isEqualTo(runnable);
@@ -73,6 +73,42 @@ public class HttpSessionEventPublisherTests {
assertEquals(session, listener.getDestroyedEvent().getSession());
}
@Test
public void publishedEventIsReceivedbyListenerChildContext() {
HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
StaticWebApplicationContext context = new StaticWebApplicationContext();
MockServletContext servletContext = new MockServletContext();
servletContext.setAttribute(
"org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher",
context);
context.setServletContext(servletContext);
context.registerSingleton("listener", MockApplicationListener.class, null);
context.refresh();
MockHttpSession session = new MockHttpSession(servletContext);
MockApplicationListener listener = (MockApplicationListener) context
.getBean("listener");
HttpSessionEvent event = new HttpSessionEvent(session);
publisher.sessionCreated(event);
assertNotNull(listener.getCreatedEvent());
assertNull(listener.getDestroyedEvent());
assertEquals(session, listener.getCreatedEvent().getSession());
listener.setCreatedEvent(null);
listener.setDestroyedEvent(null);
publisher.sessionDestroyed(event);
assertNotNull(listener.getDestroyedEvent());
assertNull(listener.getCreatedEvent());
assertEquals(session, listener.getDestroyedEvent().getSession());
}
// SEC-2599
@Test(expected = IllegalStateException.class)
public void sessionCreatedNullApplicationContext() {