1
0
mirror of synced 2026-07-08 20:30:04 +00:00

Compare commits

...

34 Commits

Author SHA1 Message Date
Spring Buildmaster 7be99ff7fa Next development version 2016-02-25 14:10:11 -08:00
Spring Buildmaster 0e9d9da46b Release version 4.0.4.RELEASE 2016-02-25 14:09:54 -08:00
Rob Winch a3a78e50cb Update to Spring 4.2.5
Fixes gh-3716
2016-02-25 11:33:55 -06:00
Rob Winch 8c8f499a69 Remove logging for "Skip invoking on" response committed
Fixes gh-3683
2016-02-25 11:00:16 -06:00
Rob Winch 80ca441e88 Remove check.dependsOn springSnapshotTest 2015-12-21 17:00:20 -06:00
Rob Winch cfd576316f SEC-3179: Set springIoVersion to explicit version 2015-12-21 17:00:18 -06:00
Alex Panchenko 409a74330e SEC-3158 findRequiredWebApplicationContext() compatibility with spring framework 4.1.x 2015-12-03 22:16:54 -06:00
Kazuki Shimizu 87247318f2 SEC-3152: Add @Retention to @WithMock documentation 2015-11-12 16:22:38 -06:00
petaure dbf883ba98 SEC-3150: Escape ' character in messages_fr.properties
Escape ' character, if not format doesn't work fine.
2015-11-12 15:44:10 -06:00
Kazuki Shimizu 675ac80926 SEC-3147: Add error parameter for default authentication-failure-url 2015-11-12 15:12:38 -06:00
Rob Winch 5f6e3855f1 Next Development Version 2015-10-30 16:41:18 -05:00
Spring Buildmaster 19f88e9179 Release version 4.0.3.RELEASE 2015-10-30 12:35:23 -07:00
Rob Winch cf9b6bc0de SEC-2848: LogoutConfigurer allows setting clearAuthentication 2015-10-30 13:54:30 -05:00
Rob Winch fc67550ff2 SEC-3135: antMatchers(<method>,new String[0]) now passive 2015-10-30 10:09:03 -05:00
Rob Winch af2a431f23 SEC-3120: Remove .and() from httpStrictTransportSecurity() doc 2015-10-30 09:10:57 -05:00
Rob Winch 8d9b06afb4 SEC-3082: make SavedRequest parameters case sensitive 2015-10-29 16:46:33 -05:00
Rob Winch 0ecdd0e856 SEC-3120: Reference hsts() -> httpStrictTransportSecurity() 2015-10-29 15:10:16 -05:00
Rob Winch edd2751ff1 SEC-3128: RoleVoter supports null Authentication 2015-10-29 14:03:47 -05:00
Rob Winch 8663ac4173 SEC-3135: antMatchers now allows method and no pattern
Previously, antMatchers(POST).authenticated() was not allowed. Instead
users had to use antMatchers(POST, "/**").authenticated().

Now we default the patterns to be "/**" if it is null or empty.
2015-10-29 12:48:56 -05:00
Rob Winch 72213b5c69 SEC-2190: Fix Javadoc 2015-10-29 11:42:03 -05:00
Rob Winch 2bbe70501b SEC-2190: Support WebApplicationContext in ServletContext attribute 2015-10-28 15:26:16 -05:00
Rob Winch da606d50c0 SEC-3108: DigestAuthenticationFilter should use SecurityContextHolder.createEmptyContext() 2015-10-27 13:57:18 -05:00
Rob Winch d648a56e16 SEC-2521: Improve StandardPasswordEncoder performance 2015-10-27 11:21:05 -05:00
Rob Winch 9c39a0e83e SEC-3109: Fix web tests 2015-10-26 21:31:40 -05:00
Rob Winch c8692b6d0b SEC-3109: DelegatingSecurityContextExecutor fails with same Thread
Previously DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable
would not setup the SecurityContext if it was on the same thread as it was created.
This was intended to fix SEC-3031 but simply caused more problems.

This commit changes the strategy to keep track of the previous SecurityContext
and restore it (or clear it out if it was originally empty).
2015-10-26 17:17:31 -05:00
Rob Winch 45bbabd485 SEC-3057: Include all *.txt & *.jar in dist zip 2015-10-26 14:04:48 -05:00
Rob Winch 43fbeab106 SEC-3133: Correct test doc username parameter 2015-10-26 13:00:27 -05:00
Rob Winch b719e0fbcc SEC-3132: securityBuilder cannot be null
If a custom SecurityConfiguererAdapter applies another
SecurityConfigurerAdapter it caused an error securityBuilder cannot be null.

This commit fixes this.
2015-10-23 10:28:27 -05:00
Rob Winch 09bf290583 SEC-3129: Update Spring 2015-10-22 10:04:52 -05:00
Rob Winch 9a6f026dff SEC-3052: Doc DEFAULT_MATCHER->DEFAULT_CSRF_MATCHER 2015-10-21 16:22:53 -05:00
Rob Winch 269127c2c6 SEC-2941: Default RequestPostProcessor overrides
Previously a default RequestPostProcessor overrode additional
RequestPostProcessor instances added to the request. This was due to
SPR-12945. Now that SPR-12945 is fixed, this commit adds a test to
ensure this stays fixed.
2015-10-21 16:09:15 -05:00
Rob Winch 7074daac0e SEC-3063: rm ConditionalOnMissingBean for @Primary
ConditionalOnMissingBean can only work in a Spring Boot environment. This
means this approach is flawed.

Instead users that wish to override requestDataValueProcessor can use
@Primary.
2015-10-21 15:41:32 -05:00
Rob Winch 69446ab80f SEC-3070: Logout invalidate-session=false and Spring Session doesn't
work
2015-10-20 15:13:01 -05:00
izeye 48bc0ad5f9 SEC-3124: Fix broken Javadoc related to < and > 2015-10-13 13:33:51 -05:00
94 changed files with 1259 additions and 750 deletions
+3 -9
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>spring-security-acl</name>
<description>spring-security-acl</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>aopalliance</groupId>
@@ -46,7 +40,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -151,7 +145,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+3 -9
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-aspects</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>spring-security-aspects</name>
<description>spring-security-aspects</description>
<url>http://spring.io/spring-security</url>
@@ -30,17 +30,11 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -130,7 +124,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+10 -5
View File
@@ -25,7 +25,7 @@ allprojects {
ext.releaseBuild = version.endsWith('RELEASE')
ext.snapshotBuild = version.endsWith('SNAPSHOT')
ext.springVersion = '4.1.6.RELEASE'
ext.springVersion = '4.2.5.RELEASE'
ext.springLdapVersion = '2.0.2.RELEASE'
group = 'org.springframework.security'
@@ -99,7 +99,7 @@ configure(coreModuleProjects) {
apply plugin: 'emma'
apply plugin: 'spring-io'
ext.springIoVersion = project.hasProperty('platformVersion') ? platformVersion : 'latest.integration'
ext.springIoVersion = project.hasProperty('platformVersion') ? platformVersion : '2.0.1.RELEASE'
configurations {
jacoco //Configuration Group used by Sonar to provide Code Coverage using JaCoCo
@@ -135,7 +135,7 @@ task coreBuild {
// Task for creating the distro zip
task dist(type: Zip) {
dependsOn subprojects*.tasks*.matching { task -> task.name == 'assemble' || task.name.endsWith('Zip') || task.name.endsWith('generatePom') }
dependsOn { subprojects*.tasks*.matching { task -> task.name.endsWith('generatePom') } }
classifier = 'dist'
evaluationDependsOn(':docs')
@@ -145,14 +145,19 @@ task dist(type: Zip) {
into(zipRootDir) {
from(rootDir) {
include '*.adoc'
include '*.txt'
}
into('docs') {
with(project(':docs').apiSpec)
with(project(':docs:manual').spec)
with(project(':docs:guides').spec)
}
into('dist') {
from coreModuleProjects.collect {project -> project.libsDir }
project.coreModuleProjects*.tasks*.withType(AbstractArchiveTask).flatten().each{ archiveTask ->
if(archiveTask!=dist){
into("$zipRootDir/dist") {
from archiveTask.outputs.files
}
}
}
sampleProjects.each { project->
into("$zipRootDir/samples/$project.name") {
+4 -10
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>spring-security-cas</name>
<description>spring-security-cas</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.jasig.cas.client</groupId>
@@ -46,13 +40,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -142,7 +136,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+9 -15
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>spring-security-config</name>
<description>spring-security-config</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>aopalliance</groupId>
@@ -46,7 +40,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -92,28 +86,28 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-messaging</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-openid</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
@@ -366,13 +360,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-aspects</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
@@ -396,7 +390,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -55,6 +55,7 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
private final Log logger = LogFactory.getLog(getClass());
private final LinkedHashMap<Class<? extends SecurityConfigurer<O, B>>, List<SecurityConfigurer<O, B>>> configurers = new LinkedHashMap<Class<? extends SecurityConfigurer<O, B>>, List<SecurityConfigurer<O, B>>>();
private final List<SecurityConfigurer<O, B>> configurersAddedInInitializing = new ArrayList<SecurityConfigurer<O, B>>();
private final Map<Class<Object>, Object> sharedObjects = new HashMap<Class<Object>, Object>();
@@ -126,9 +127,9 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
@SuppressWarnings("unchecked")
public <C extends SecurityConfigurerAdapter<O, B>> C apply(C configurer)
throws Exception {
add(configurer);
configurer.addObjectPostProcessor(objectPostProcessor);
configurer.setBuilder((B) this);
add(configurer);
return configurer;
}
@@ -202,7 +203,7 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
configs.add(configurer);
this.configurers.put(clazz, configs);
if (buildState.isInitializing()) {
configurer.init((B) this);
this.configurersAddedInInitializing.add(configurer);
}
}
}
@@ -368,6 +369,10 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
for (SecurityConfigurer<O, B> configurer : configurers) {
configurer.init((B) this);
}
for (SecurityConfigurer<O, B> configurer : configurersAddedInInitializing) {
configurer.init((B) this);
}
}
@SuppressWarnings("unchecked")
@@ -25,6 +25,7 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import org.springframework.security.web.util.matcher.RegexRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.ObjectUtils;
/**
* A base class for registering {@link RequestMatcher}'s. For example, it might allow for
@@ -48,6 +49,20 @@ public abstract class AbstractRequestMatcherRegistry<C> {
return requestMatchers(ANY_REQUEST);
}
/**
* Maps a {@link List} of
* {@link org.springframework.security.web.util.matcher.AntPathRequestMatcher}
* instances.
*
* @param method the {@link HttpMethod} to use for any
* {@link HttpMethod}.
*
* @return the object that is chained after creating the {@link RequestMatcher}
*/
public C antMatchers(HttpMethod method) {
return antMatchers(method, new String[] { "/**" });
}
/**
* Maps a {@link List} of
* {@link org.springframework.security.web.util.matcher.AntPathRequestMatcher}
@@ -55,7 +70,7 @@ public abstract class AbstractRequestMatcherRegistry<C> {
*
* @param method the {@link HttpMethod} to use or {@code null} for any
* {@link HttpMethod}.
* @param antPatterns the ant patterns to create
* @param antPatterns the ant patterns to create. If {@code null} or empty, then matches on nothing.
* {@link org.springframework.security.web.util.matcher.AntPathRequestMatcher} from
*
* @return the object that is chained after creating the {@link RequestMatcher}
@@ -1,13 +0,0 @@
package org.springframework.security.config.annotation.web.configuration;
import org.springframework.context.annotation.Conditional;
/**
* @author Rob Winch
* @since 4.0
*/
@Conditional(OnMissingBeanCondition.class)
@interface ConditionalOnMissingBean {
Class<?> value();
}
@@ -1,40 +0,0 @@
/*
* Copyright 2002-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.springframework.security.config.annotation.web.configuration;
import java.util.Map;
import org.springframework.context.annotation.ConditionContext;
import org.springframework.context.annotation.ConfigurationCondition;
import org.springframework.core.type.AnnotatedTypeMetadata;
/**
* @author Rob Winch
*/
class OnMissingBeanCondition implements ConfigurationCondition {
public ConfigurationPhase getConfigurationPhase() {
return ConfigurationPhase.REGISTER_BEAN;
}
public boolean matches(ConditionContext context, AnnotatedTypeMetadata metadata) {
Map<String, Object> attrs = metadata
.getAnnotationAttributes(ConditionalOnMissingBean.class.getName());
Class<?> type = (Class<?>) attrs.get("value");
final Map<String, ?> beans = context.getBeanFactory().getBeansOfType(type);
return beans.isEmpty();
}
}
@@ -47,7 +47,6 @@ class WebMvcSecurityConfiguration extends WebMvcConfigurerAdapter {
argumentResolvers.add(new CsrfTokenArgumentResolver());
}
@ConditionalOnMissingBean(RequestDataValueProcessor.class)
@Bean
public RequestDataValueProcessor requestDataValueProcessor() {
return new CsrfRequestDataValueProcessor();
@@ -23,6 +23,7 @@ import javax.servlet.http.HttpSession;
import org.springframework.security.config.annotation.SecurityConfigurer;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.LogoutHandler;
@@ -88,6 +89,17 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends
return this;
}
/**
* Specifies if {@link SecurityContextLogoutHandler} should clear the {@link Authentication} at the time of logout.
* @param clearAuthentication true {@link SecurityContextLogoutHandler} should clear the {@link Authentication} (default), or false otherwise.
* @return the {@link LogoutConfigurer} for further customization
*/
public LogoutConfigurer<H> clearAuthentication(boolean clearAuthentication) {
contextLogoutHandler.setClearAuthentication(clearAuthentication);
return this;
}
/**
* Configures {@link SecurityContextLogoutHandler} to invalidate the
* {@link HttpSession} at the time of logout.
@@ -1,5 +1,5 @@
/*
* Copyright 2002-2012 the original author or authors.
* Copyright 2002-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -33,6 +33,7 @@ import org.w3c.dom.Element;
* @author Luke Taylor
* @author Ben Alex
* @author Rob Winch
* @author Kazuki Shimizu
*/
public class FormLoginBeanDefinitionParser {
protected final Log logger = LogFactory.getLog(getClass());
@@ -209,9 +210,9 @@ public class FormLoginBeanDefinitionParser {
BeanDefinitionBuilder failureHandler = BeanDefinitionBuilder
.rootBeanDefinition(SimpleUrlAuthenticationFailureHandler.class);
if (!StringUtils.hasText(authenticationFailureUrl)) {
// Fall back to redisplaying the custom login page, if one was specified.
// Fall back to re-displaying the custom login page, if one was specified.
if (StringUtils.hasText(loginPage)) {
authenticationFailureUrl = loginPage;
authenticationFailureUrl = loginPage + "?" + DefaultLoginPageGeneratingFilter.ERROR_PARAMETER_NAME;
}
else {
authenticationFailureUrl = DEF_FORM_LOGIN_AUTHENTICATION_FAILURE_URL;
@@ -144,4 +144,18 @@ class FormLoginConfigTests extends AbstractHttpConfigTests {
HttpServletResponse.SC_FORBIDDEN | false
HttpServletResponse.SC_MOVED_TEMPORARILY | true
}
def 'SEC-3147: authentication-failure-url should be contained "error" parameter if login-page="/login"'() {
xml.http {
'form-login'('login-page':'/login')
}
createAppContext()
def apf = getFilter(UsernamePasswordAuthenticationFilter.class);
expect:
apf.failureHandler.defaultFailureUrl == '/login?error'
}
}
@@ -0,0 +1,100 @@
/*
* Copyright 2002-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.annotation.web.configurers;
import static org.fest.assertions.Assertions.assertThat;
import javax.servlet.http.HttpServletResponse;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
/**
* @author Rob Winch
*
*/
public class AuthorizeRequestsTests {
AnnotationConfigWebApplicationContext context;
MockHttpServletRequest request;
MockHttpServletResponse response;
MockFilterChain chain;
@Autowired
FilterChainProxy springSecurityFilterChain;
@Before
public void setup() {
request = new MockHttpServletRequest();
response = new MockHttpServletResponse();
chain = new MockFilterChain();
}
@After
public void cleanup() {
if(context != null) {
context.close();
}
}
// SEC-3135
@Test
public void antMatchersMethodAndNoPatterns() throws Exception {
loadConfig(AntMatchersNoPatternsConfig.class);
request.setMethod("POST");
springSecurityFilterChain.doFilter(request, response, chain);
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
}
@EnableWebSecurity
@Configuration
static class AntMatchersNoPatternsConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(HttpMethod.POST).denyAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication();
}
}
public void loadConfig(Class<?>... configs) {
context = new AnnotationConfigWebApplicationContext();
context.register(configs);
context.refresh();
context.getAutowireCapableBeanFactory().autowireBean(this);
}
}
@@ -24,6 +24,7 @@ import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -78,6 +79,7 @@ public class CsrfConfigurerNoWebMvcTests {
@EnableWebSecurity
static class EnableWebOverrideRequestDataConfig {
@Bean
@Primary
public RequestDataValueProcessor requestDataValueProcessor() {
return mock(RequestDataValueProcessor.class);
}
@@ -0,0 +1,136 @@
/*
* Copyright 2002-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.annotation.web.configurers;
import static org.fest.assertions.Assertions.assertThat;
import javax.servlet.http.HttpServletResponse;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
/**
* @author Rob Winch
*
*/
public class HttpSecurityAntMatchersTests {
AnnotationConfigWebApplicationContext context;
MockHttpServletRequest request;
MockHttpServletResponse response;
MockFilterChain chain;
@Autowired
FilterChainProxy springSecurityFilterChain;
@Before
public void setup() {
request = new MockHttpServletRequest();
response = new MockHttpServletResponse();
chain = new MockFilterChain();
}
@After
public void cleanup() {
if(context != null) {
context.close();
}
}
// SEC-3135
@Test
public void antMatchersMethodAndNoPatterns() throws Exception {
loadConfig(AntMatchersNoPatternsConfig.class);
request.setMethod("POST");
springSecurityFilterChain.doFilter(request, response, chain);
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
}
@EnableWebSecurity
@Configuration
static class AntMatchersNoPatternsConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatchers()
.antMatchers(HttpMethod.POST)
.and()
.authorizeRequests()
.anyRequest().denyAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication();
}
}
// SEC-3135
@Test
public void antMatchersMethodAndEmptyPatterns() throws Exception {
loadConfig(AntMatchersEmptyPatternsConfig.class);
request.setMethod("POST");
springSecurityFilterChain.doFilter(request, response, chain);
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
}
@EnableWebSecurity
@Configuration
static class AntMatchersEmptyPatternsConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatchers()
.antMatchers("/never/")
.antMatchers(HttpMethod.POST, new String[0])
.and()
.authorizeRequests()
.anyRequest().denyAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication();
}
}
public void loadConfig(Class<?>... configs) {
context = new AnnotationConfigWebApplicationContext();
context.register(configs);
context.refresh();
context.getAutowireCapableBeanFactory().autowireBean(this);
}
}
@@ -0,0 +1,112 @@
/*
* Copyright 2002-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.annotation.web.configurers;
import static org.fest.assertions.Assertions.assertThat;
import javax.servlet.http.HttpServletResponse;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
/**
* @author Rob Winch
*
*/
public class HttpSecurityLogoutTests {
AnnotationConfigWebApplicationContext context;
MockHttpServletRequest request;
MockHttpServletResponse response;
MockFilterChain chain;
@Autowired
FilterChainProxy springSecurityFilterChain;
@Before
public void setup() {
request = new MockHttpServletRequest();
response = new MockHttpServletResponse();
chain = new MockFilterChain();
}
@After
public void cleanup() {
if(context != null) {
context.close();
}
}
// SEC-2848
@Test
public void clearAuthenticationFalse() throws Exception {
loadConfig(ClearAuthenticationFalseConfig.class);
SecurityContext currentContext = SecurityContextHolder.createEmptyContext();
currentContext.setAuthentication(new TestingAuthenticationToken("user", "password","ROLE_USER"));
request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, currentContext);
request.setMethod("POST");
request.setServletPath("/logout");
springSecurityFilterChain.doFilter(request, response, chain);
assertThat(currentContext.getAuthentication()).isNotNull();
}
@EnableWebSecurity
@Configuration
static class ClearAuthenticationFalseConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.logout()
.clearAuthentication(false);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication();
}
}
public void loadConfig(Class<?>... configs) {
context = new AnnotationConfigWebApplicationContext();
context.register(configs);
context.refresh();
context.getAutowireCapableBeanFactory().autowireBean(this);
}
}
@@ -0,0 +1,67 @@
/*
* Copyright 2002-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.http.customconfigurer;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationContext;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer;
import org.springframework.security.web.DefaultSecurityFilterChain;
/**
* @author Rob Winch
*
*/
public class CustomConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain,HttpSecurity> {
@Value("${permitAllPattern}")
private String permitAllPattern;
private String loginPage = "/login";
/* (non-Javadoc)
* @see org.springframework.security.config.annotation.SecurityConfigurerAdapter#init(org.springframework.security.config.annotation.SecurityBuilder)
*/
@SuppressWarnings("unchecked")
@Override
public void init(HttpSecurity http) throws Exception {
// autowire this bean
ApplicationContext context = http.getSharedObject(ApplicationContext.class);
context.getAutowireCapableBeanFactory().autowireBean(this);
http
.authorizeRequests()
.antMatchers(permitAllPattern).permitAll()
.anyRequest().authenticated();
if(http.getConfigurer(FormLoginConfigurer.class) == null) {
// only apply if formLogin() was not invoked by the user
http
.formLogin()
.loginPage(loginPage);
}
}
public CustomConfigurer loginPage(String loginPage) {
this.loginPage = loginPage;
return this;
}
public static CustomConfigurer customConfigurer() {
return new CustomConfigurer();
}
}
@@ -0,0 +1,164 @@
/*
* Copyright 2002-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.http.customconfigurer;
import static org.fest.assertions.Assertions.assertThat;
import static org.springframework.security.config.http.customconfigurer.CustomConfigurer.customConfigurer;
import java.util.Properties;
import javax.servlet.http.HttpServletResponse;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.FilterChainProxy;
/**
* @author Rob Winch
*
*/
public class CustomHttpSecurityConfigurerTests {
@Autowired
ConfigurableApplicationContext context;
@Autowired
FilterChainProxy springSecurityFilterChain;
MockHttpServletRequest request;
MockHttpServletResponse response;
MockFilterChain chain;
@Before
public void setup() {
request = new MockHttpServletRequest();
response = new MockHttpServletResponse();
chain = new MockFilterChain();
request.setMethod("GET");
}
@After
public void cleanup() {
if(context != null) {
context.close();
}
}
@Test
public void customConfiguerPermitAll() throws Exception {
loadContext(Config.class);
request.setPathInfo("/public/something");
springSecurityFilterChain.doFilter(request, response, chain);
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
}
@Test
public void customConfiguerFormLogin() throws Exception {
loadContext(Config.class);
request.setPathInfo("/requires-authentication");
springSecurityFilterChain.doFilter(request, response, chain);
assertThat(response.getRedirectedUrl()).endsWith("/custom");
}
@Test
public void customConfiguerCustomizeDisablesCsrf() throws Exception {
loadContext(ConfigCustomize.class);
request.setPathInfo("/public/something");
request.setMethod("POST");
springSecurityFilterChain.doFilter(request, response, chain);
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
}
@Test
public void customConfiguerCustomizeFormLogin() throws Exception {
loadContext(ConfigCustomize.class);
request.setPathInfo("/requires-authentication");
springSecurityFilterChain.doFilter(request, response, chain);
assertThat(response.getRedirectedUrl()).endsWith("/other");
}
private void loadContext(Class<?> clazz) {
AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext(clazz);
context.getAutowireCapableBeanFactory().autowireBean(this);
}
@EnableWebSecurity
static class Config extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.apply(customConfigurer())
.loginPage("/custom");
}
@Bean
public static PropertyPlaceholderConfigurer propertyPlaceholderConfigurer() {
// Typically externalize this as a properties file
Properties properties = new Properties();
properties.setProperty("permitAllPattern", "/public/**");
PropertyPlaceholderConfigurer propertyPlaceholderConfigurer = new PropertyPlaceholderConfigurer();
propertyPlaceholderConfigurer.setProperties(properties);
return propertyPlaceholderConfigurer;
}
}
@EnableWebSecurity
static class ConfigCustomize extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.apply(customConfigurer())
.and()
.csrf().disable()
.formLogin()
.loginPage("/other");
}
@Bean
public static PropertyPlaceholderConfigurer propertyPlaceholderConfigurer() {
// Typically externalize this as a properties file
Properties properties = new Properties();
properties.setProperty("permitAllPattern", "/public/**");
PropertyPlaceholderConfigurer propertyPlaceholderConfigurer = new PropertyPlaceholderConfigurer();
propertyPlaceholderConfigurer.setProperties(properties);
return propertyPlaceholderConfigurer;
}
}
}
+2 -8
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>spring-security-core</name>
<description>spring-security-core</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>aopalliance</groupId>
@@ -275,7 +269,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -95,6 +95,9 @@ public class RoleVoter implements AccessDecisionVoter<Object> {
public int vote(Authentication authentication, Object object,
Collection<ConfigAttribute> attributes) {
if(authentication == null) {
return ACCESS_DENIED;
}
int result = ACCESS_ABSTAIN;
Collection<? extends GrantedAuthority> authorities = extractAuthorities(authentication);
@@ -25,10 +25,8 @@ import org.springframework.util.Assert;
* then removing the {@link SecurityContext} after the delegate has completed.
* </p>
* <p>
* By default the {@link SecurityContext} is only setup if {@link #call()} is
* invoked on a separate {@link Thread} than the
* {@link DelegatingSecurityContextCallable} was created on. This can be
* overridden by setting {@link #setEnableOnOriginalThread(boolean)} to true.
* If there is a {@link SecurityContext} that already exists, it will be
* restored after the {@link #call()} method is invoked.
* </p>
*
* @author Rob Winch
@@ -38,11 +36,18 @@ public final class DelegatingSecurityContextCallable<V> implements Callable<V> {
private final Callable<V> delegate;
private final SecurityContext securityContext;
private final Thread originalThread;
/**
* The {@link SecurityContext} that the delegate {@link Callable} will be
* ran as.
*/
private final SecurityContext delegateSecurityContext;
private boolean enableOnOriginalThread;
/**
* The {@link SecurityContext} that was on the {@link SecurityContextHolder}
* prior to being set to the delegateSecurityContext.
*/
private SecurityContext originalSecurityContext;
/**
* Creates a new {@link DelegatingSecurityContextCallable} with a specific
@@ -57,8 +62,7 @@ public final class DelegatingSecurityContextCallable<V> implements Callable<V> {
Assert.notNull(delegate, "delegate cannot be null");
Assert.notNull(securityContext, "securityContext cannot be null");
this.delegate = delegate;
this.securityContext = securityContext;
this.originalThread = Thread.currentThread();
this.delegateSecurityContext = securityContext;
}
/**
@@ -71,33 +75,21 @@ public final class DelegatingSecurityContextCallable<V> implements Callable<V> {
this(delegate, SecurityContextHolder.getContext());
}
/**
* Determines if the SecurityContext should be transfered if {@link #call()}
* is invoked on the same {@link Thread} the
* {@link DelegatingSecurityContextCallable} was created on.
*
* @param enableOnOriginalThread
* if false (default), will only transfer the
* {@link SecurityContext} if {@link #call()} is invoked on a
* different {@link Thread} than the
* {@link DelegatingSecurityContextCallable} was created on.
*
* @since 4.0.2
*/
public void setEnableOnOriginalThread(boolean enableOnOriginalThread) {
this.enableOnOriginalThread = enableOnOriginalThread;
}
public V call() throws Exception {
if(!enableOnOriginalThread && originalThread == Thread.currentThread()) {
return delegate.call();
}
this.originalSecurityContext = SecurityContextHolder.getContext();
try {
SecurityContextHolder.setContext(securityContext);
SecurityContextHolder.setContext(delegateSecurityContext);
return delegate.call();
}
finally {
SecurityContextHolder.clearContext();
SecurityContext emptyContext = SecurityContextHolder.createEmptyContext();
if(emptyContext.equals(originalSecurityContext)) {
SecurityContextHolder.clearContext();
} else {
SecurityContextHolder.setContext(originalSecurityContext);
}
this.originalSecurityContext = null;
}
}
@@ -23,10 +23,8 @@ import org.springframework.util.Assert;
* {@link SecurityContext} after the delegate has completed.
* </p>
* <p>
* By default the {@link SecurityContext} is only setup if {@link #run()} is
* invoked on a separate {@link Thread} than the
* {@link DelegatingSecurityContextRunnable} was created on. This can be
* overridden by setting {@link #setEnableOnOriginalThread(boolean)} to true.
* If there is a {@link SecurityContext} that already exists, it will be
* restored after the {@link #run()} method is invoked.
* </p>
*
* @author Rob Winch
@@ -36,11 +34,17 @@ public final class DelegatingSecurityContextRunnable implements Runnable {
private final Runnable delegate;
private final SecurityContext securityContext;
/**
* The {@link SecurityContext} that the delegate {@link Runnable} will be
* ran as.
*/
private final SecurityContext delegateSecurityContext;
private final Thread originalThread;
private boolean enableOnOriginalThread;
/**
* The {@link SecurityContext} that was on the {@link SecurityContextHolder}
* prior to being set to the delegateSecurityContext.
*/
private SecurityContext originalSecurityContext;
/**
* Creates a new {@link DelegatingSecurityContextRunnable} with a specific
@@ -55,8 +59,7 @@ public final class DelegatingSecurityContextRunnable implements Runnable {
Assert.notNull(delegate, "delegate cannot be null");
Assert.notNull(securityContext, "securityContext cannot be null");
this.delegate = delegate;
this.securityContext = securityContext;
this.originalThread = Thread.currentThread();
this.delegateSecurityContext = securityContext;
}
/**
@@ -69,33 +72,21 @@ public final class DelegatingSecurityContextRunnable implements Runnable {
this(delegate, SecurityContextHolder.getContext());
}
/**
* Determines if the SecurityContext should be transfered if {@link #run()}
* is invoked on the same {@link Thread} the
* {@link DelegatingSecurityContextCallable} was created on.
*
* @param enableOnOriginalThread
* if false (default), will only transfer the
* {@link SecurityContext} if {@link #run()} is invoked on a
* different {@link Thread} than the
* {@link DelegatingSecurityContextCallable} was created on.
* @since 4.0.2
*/
public void setEnableOnOriginalThread(boolean enableOnOriginalThread) {
this.enableOnOriginalThread = enableOnOriginalThread;
}
public void run() {
if(!enableOnOriginalThread && originalThread == Thread.currentThread()) {
delegate.run();
return;
}
this.originalSecurityContext = SecurityContextHolder.getContext();
try {
SecurityContextHolder.setContext(securityContext);
SecurityContextHolder.setContext(delegateSecurityContext);
delegate.run();
}
finally {
SecurityContextHolder.clearContext();
SecurityContext emptyContext = SecurityContextHolder.createEmptyContext();
if(emptyContext.equals(originalSecurityContext)) {
SecurityContextHolder.clearContext();
} else {
SecurityContextHolder.setContext(originalSecurityContext);
}
this.originalSecurityContext = null;
}
}
@@ -24,7 +24,7 @@ public class SpringSecurityCoreVersion {
*/
public static final long SERIAL_VERSION_UID = 400L;
static final String MIN_SPRING_VERSION = "4.1.6.RELEASE";
static final String MIN_SPRING_VERSION = "4.2.5.RELEASE";
static {
performVersionChecks();
@@ -4,48 +4,48 @@
# Translation by Valentin Crettaz (valentin.crettaz@consulthys.com)
AbstractAccessDecisionManager.accessDenied=Acc\u00E8s refus\u00E9
AbstractLdapAuthenticationProvider.emptyPassword=Le mot de passe est obligatoire
AbstractSecurityInterceptor.authenticationNotFound=Aucun objet Authentication n'a \u00E9t\u00E9 trouv\u00E9 dans le SecurityContext
AbstractSecurityInterceptor.authenticationNotFound=Aucun objet Authentication n''a \u00E9t\u00E9 trouv\u00E9 dans le SecurityContext
AbstractUserDetailsAuthenticationProvider.badCredentials=Les identifications sont erron\u00E9es
AbstractUserDetailsAuthenticationProvider.credentialsExpired=Les identifications de l'utilisateur ont expir\u00E9
AbstractUserDetailsAuthenticationProvider.credentialsExpired=Les identifications de l''utilisateur ont expir\u00E9
AbstractUserDetailsAuthenticationProvider.disabled=Le compte utilisateur est d\u00E9sactiv\u00E9
AbstractUserDetailsAuthenticationProvider.expired=Le compte utilisateur a expir\u00E9
AbstractUserDetailsAuthenticationProvider.locked=Le compte utilisateur est bloqu\u00E9
AbstractUserDetailsAuthenticationProvider.onlySupports=Seul UsernamePasswordAuthenticationToken est pris en charge
AccountStatusUserDetailsChecker.credentialsExpired=Les identifications de l'utilisateur ont expir\u00E9
AccountStatusUserDetailsChecker.credentialsExpired=Les identifications de l''utilisateur ont expir\u00E9
AccountStatusUserDetailsChecker.disabled=Le compte utilisateur est d\u00E9sactiv\u00E9
AccountStatusUserDetailsChecker.expired=Le compte utilisateur a expir\u00E9
AccountStatusUserDetailsChecker.locked=Le compte utilisateur est bloqu\u00E9
AclEntryAfterInvocationProvider.noPermission=L'authentification {0} n'a AUCUNE permission pour l'objet de domaine {1}
AnonymousAuthenticationProvider.incorrectKey=L'AnonymousAuthenticationToken pr\u00E9sent\u00E9 ne contient pas la cl\u00E9 attendue
AclEntryAfterInvocationProvider.noPermission=L''authentification {0} n''a AUCUNE permission pour l''objet de domaine {1}
AnonymousAuthenticationProvider.incorrectKey=L''AnonymousAuthenticationToken pr\u00E9sent\u00E9 ne contient pas la cl\u00E9 attendue
BindAuthenticator.badCredentials=Les identifications sont erron\u00E9es
BindAuthenticator.emptyPassword=Le mot de passe est obligatoire
CasAuthenticationProvider.incorrectKey=Le CasAuthenticationToken pr\u00E9sent\u00E9 ne contient pas la cl\u00E9 attendue
CasAuthenticationProvider.noServiceTicket=Echec d'obtention d'un ticket CAS \u00E0 valider
CasAuthenticationProvider.noServiceTicket=Echec d''obtention d''un ticket CAS \u00E0 valider
ConcurrentSessionControlStrategy.exceededAllowed=Le maximum de {0} sessions a \u00E9t\u00E9 d\u00E9pass\u00E9 pour cet utilisateur
DigestAuthenticationFilter.incorrectRealm=Le nom de domaine de la r\u00E9ponse {0} ne correspond pas au nom de domaine du syst\u00E8me {1}
DigestAuthenticationFilter.incorrectResponse=R\u00E9ponse incorrecte
DigestAuthenticationFilter.missingAuth=Une valeur obligatoire manque au condens\u00E9 pour 'auth' QOP; re\u00E7u l'ent\u00EAte {0}
DigestAuthenticationFilter.missingMandatory=Une valeur obligatoire manque au condens\u00E9; re\u00E7u l'ent\u00EAte {0}
DigestAuthenticationFilter.missingAuth=Une valeur obligatoire manque au condens\u00E9 pour ''auth'' QOP; re\u00E7u l''ent\u00EAte {0}
DigestAuthenticationFilter.missingMandatory=Une valeur obligatoire manque au condens\u00E9; re\u00E7u l''ent\u00EAte {0}
DigestAuthenticationFilter.nonceCompromised=Le jeton nonce est compromis {0}
DigestAuthenticationFilter.nonceEncoding=Le nonce n'est pas encod\u00E9 en Base64; re\u00E7u le nonce {0}
DigestAuthenticationFilter.nonceEncoding=Le nonce n''est pas encod\u00E9 en Base64; re\u00E7u le nonce {0}
DigestAuthenticationFilter.nonceExpired=Le nonce a expir\u00E9
DigestAuthenticationFilter.nonceNotNumeric=Le jeton nonce aurait d\u00FB g\u00E9n\u00E9rer d'abord un jeton num\u00E9rique, mais \u00E9tait {0}
DigestAuthenticationFilter.nonceNotNumeric=Le jeton nonce aurait d\u00FB g\u00E9n\u00E9rer d''abord un jeton num\u00E9rique, mais \u00E9tait {0}
DigestAuthenticationFilter.nonceNotTwoTokens=Le nonce aurait d\u00FB g\u00E9n\u00E9rer deux jetons, mais \u00E9tait {0}
DigestAuthenticationFilter.usernameNotFound=Le nom d'utilisateur {0} n'a pas \u00E9t\u00E9 trouv\u00E9
JdbcDaoImpl.noAuthority=Le compte utilisateur {0} n'a pas de permission
JdbcDaoImpl.notFound=Le nom d'utilisateur {0} n'a pas \u00E9t\u00E9 trouv\u00E9
DigestAuthenticationFilter.usernameNotFound=Le nom d''utilisateur {0} n''a pas \u00E9t\u00E9 trouv\u00E9
JdbcDaoImpl.noAuthority=Le compte utilisateur {0} n''a pas de permission
JdbcDaoImpl.notFound=Le nom d''utilisateur {0} n''a pas \u00E9t\u00E9 trouv\u00E9
LdapAuthenticationProvider.badCredentials=Les identifications sont erron\u00E9es
LdapAuthenticationProvider.credentialsExpired=Les identifications de l'utilisateur ont expir\u00E9
LdapAuthenticationProvider.credentialsExpired=Les identifications de l''utilisateur ont expir\u00E9
LdapAuthenticationProvider.disabled=Le compte utilisateur est d\u00E9sactiv\u00E9
LdapAuthenticationProvider.expired=Le compte utilisateur a expir\u00E9
LdapAuthenticationProvider.locked=Le compte utilisateur est bloqu\u00E9
LdapAuthenticationProvider.emptyUsername=Le nom d'utilisateur est obligatoire
LdapAuthenticationProvider.emptyUsername=Le nom d''utilisateur est obligatoire
LdapAuthenticationProvider.onlySupports=Seul UsernamePasswordAuthenticationToken est pris en charge
PasswordComparisonAuthenticator.badCredentials=Les identifications sont erron\u00E9es
PersistentTokenBasedRememberMeServices.cookieStolen=Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.
ProviderManager.providerNotFound=Aucun AuthenticationProvider n'a \u00E9t\u00E9 trouv\u00E9 pour {0}
ProviderManager.providerNotFound=Aucun AuthenticationProvider n''a \u00E9t\u00E9 trouv\u00E9 pour {0}
RememberMeAuthenticationProvider.incorrectKey=Le RememberMeAuthenticationToken pr\u00E9sent\u00E9 ne contient pas la cl\u00E9 attendue
RunAsImplAuthenticationProvider.incorrectKey=Le RunAsUserToken pr\u00E9sent\u00E9 ne contient pas la cl\u00E9 attendue
SubjectDnX509PrincipalExtractor.noMatching=Aucun motif concordant n'a \u00E9t\u00E9 trouv\u00E9 dans le subjectDN\: {0}
SwitchUserFilter.noCurrentUser=Aucun utilisateur n'est associ\u00E9 \u00E0 la requ\u00EAte en cours
SwitchUserFilter.noOriginalAuthentication=L'objet Authentication original n'a pas \u00E9t\u00E9 trouv\u00E9
SubjectDnX509PrincipalExtractor.noMatching=Aucun motif concordant n''a \u00E9t\u00E9 trouv\u00E9 dans le subjectDN\: {0}
SwitchUserFilter.noCurrentUser=Aucun utilisateur n''est associ\u00E9 \u00E0 la requ\u00EAte en cours
SwitchUserFilter.noOriginalAuthentication=L''objet Authentication original n''a pas \u00E9t\u00E9 trouv\u00E9
@@ -1,5 +1,6 @@
package org.springframework.security.access.vote;
import static org.fest.assertions.Assertions.assertThat;
import static org.junit.Assert.*;
import org.junit.Test;
@@ -22,4 +23,13 @@ public class RoleVoterTests {
assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
voter.vote(userAB, this, SecurityConfig.createList("A", "C")));
}
// SEC-3128
@Test
public void nullAuthenticationDenies() {
RoleVoter voter = new RoleVoter();
voter.setRolePrefix("");
Authentication notAuthenitcated = null;
assertThat(voter.vote(notAuthenitcated, this, SecurityConfig.createList("A"))).isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
}
}
@@ -50,9 +50,12 @@ public class DelegatingSecurityContextCallableTests {
private ExecutorService executor;
private SecurityContext originalSecurityContext;
@Before
@SuppressWarnings("serial")
public void setUp() throws Exception {
originalSecurityContext = SecurityContextHolder.createEmptyContext();
when(delegate.call()).thenAnswer(new Returns(callableResult) {
@Override
public Object answer(InvocationOnMock invocation) throws Throwable {
@@ -111,17 +114,10 @@ public class DelegatingSecurityContextCallableTests {
// SEC-3031
@Test
public void callOnSameThread() throws Exception {
originalSecurityContext = securityContext;
SecurityContextHolder.setContext(originalSecurityContext);
callable = new DelegatingSecurityContextCallable<Object>(delegate,
securityContext);
securityContext = SecurityContextHolder.createEmptyContext();
assertWrapped(callable.call());
}
@Test
public void callOnSameThreadExplicitlyEnabled() throws Exception {
DelegatingSecurityContextCallable<Object> callable = new DelegatingSecurityContextCallable<Object>(delegate,
securityContext);
callable.setEnableOnOriginalThread(true);
assertWrapped(callable.call());
}
@@ -170,6 +166,6 @@ public class DelegatingSecurityContextCallableTests {
private void assertWrapped(Object callableResult) throws Exception {
verify(delegate).call();
assertThat(SecurityContextHolder.getContext()).isEqualTo(
SecurityContextHolder.createEmptyContext());
originalSecurityContext);
}
}
@@ -51,8 +51,11 @@ public class DelegatingSecurityContextRunnableTests {
private ExecutorService executor;
private SecurityContext originalSecurityContext;
@Before
public void setUp() throws Exception {
originalSecurityContext = SecurityContextHolder.createEmptyContext();
doAnswer(new Answer<Object>() {
public Object answer(InvocationOnMock invocation) throws Throwable {
assertThat(SecurityContextHolder.getContext()).isEqualTo(securityContext);
@@ -110,19 +113,11 @@ public class DelegatingSecurityContextRunnableTests {
// SEC-3031
@Test
public void callOnSameThread() throws Exception {
originalSecurityContext = securityContext;
SecurityContextHolder.setContext(originalSecurityContext);
executor = synchronousExecutor();
runnable = new DelegatingSecurityContextRunnable(delegate,
securityContext);
securityContext = SecurityContextHolder.createEmptyContext();
assertWrapped(runnable);
}
@Test
public void callOnSameThreadExplicitlyEnabled() throws Exception {
executor = synchronousExecutor();
DelegatingSecurityContextRunnable runnable = new DelegatingSecurityContextRunnable(delegate,
securityContext);
runnable.setEnableOnOriginalThread(true);
assertWrapped(runnable);
}
@@ -167,7 +162,7 @@ public class DelegatingSecurityContextRunnableTests {
submit.get();
verify(delegate).run();
assertThat(SecurityContextHolder.getContext()).isEqualTo(
SecurityContextHolder.createEmptyContext());
originalSecurityContext);
}
private static ExecutorService synchronousExecutor() {
+2 -8
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-crypto</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>spring-security-crypto</name>
<description>spring-security-crypto</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>commons-logging</groupId>
@@ -85,7 +79,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -17,7 +17,6 @@ package org.springframework.security.crypto.password;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
/**
* Helper for working with the MessageDigest API.
@@ -30,7 +29,7 @@ import java.security.NoSuchProviderException;
*/
final class Digester {
private final MessageDigest messageDigest;
private final String algorithm;
private final int iterations;
@@ -40,22 +39,26 @@ final class Digester {
* @param iterations the number of times to apply the digest algorithm to the input
*/
public Digester(String algorithm, int iterations) {
try {
messageDigest = MessageDigest.getInstance(algorithm);
}
catch (NoSuchAlgorithmException e) {
throw new IllegalStateException("No such hashing algorithm", e);
}
// eagerly validate the algorithm
createDigest(algorithm);
this.algorithm = algorithm;
this.iterations = iterations;
}
public byte[] digest(byte[] value) {
synchronized (messageDigest) {
for (int i = 0; i < iterations; i++) {
value = messageDigest.digest(value);
}
return value;
MessageDigest messageDigest = createDigest(algorithm);
for (int i = 0; i < iterations; i++) {
value = messageDigest.digest(value);
}
return value;
}
private static MessageDigest createDigest(String algorithm) {
try {
return MessageDigest.getInstance(algorithm);
}
catch (NoSuchAlgorithmException e) {
throw new IllegalStateException("No such hashing algorithm", e);
}
}
}
+3 -9
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-data</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>spring-security-data</name>
<description>spring-security-data</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.data</groupId>
@@ -46,7 +40,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -108,7 +102,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -188,6 +188,7 @@ For example, we might create an annotation named `@WithMockCustomUser` as shown
[source,java]
----
@Retention(RetentionPolicy.RUNTIME)
@WithSecurityContext(factory = WithMockCustomUserSecurityContextFactory.class)
public @interface WithMockCustomUser {
@@ -506,7 +507,7 @@ For example, this is the above request modified to include the username on the H
[source,java]
----
mvc
.perform(formLogin("/auth").user("a","admin").password("p","pass"))
.perform(formLogin("/auth").user("u","admin").password("p","pass"))
----
[[test-logout]]
@@ -388,7 +388,7 @@ For example:
<b:bean id="csrfMatcher"
class="AndRequestMatcher">
<b:constructor-arg value="#{T(org.springframework.security.web.csrf.CsrfFilter).DEFAULT_MATCHER}"/>
<b:constructor-arg value="#{T(org.springframework.security.web.csrf.CsrfFilter).DEFAULT_CSRF_MATCHER}"/>
<b:constructor-arg>
<b:bean class="org.springframework.security.web.util.matcher.NegatedRequestMatcher">
<b:bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
+9 -11
View File
@@ -3510,18 +3510,16 @@ You can easily do this with the following Java Configuration:
----
@EnableWebSecurity
public class WebSecurityConfig extends
WebSecurityConfigurerAdapter {
WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// ...
.headers()
.frameOptions()
.sameOrigin()
.and()
.hsts().disable();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// ...
.headers()
.frameOptions().sameOrigin()
.httpStrictTransportSecurity().disable();
}
}
----
+1 -1
View File
@@ -1 +1 @@
version=4.0.3.CI-SNAPSHOT
version=4.0.5.CI-SNAPSHOT
-1
View File
@@ -143,7 +143,6 @@ task springSnapshotTest(type: Test) {
junitXml.destination = project.file("$buildDir/reports/spring-snapshot-tests/")
}
}
check.dependsOn springSnapshotTest
dependencies {
optional "commons-logging:commons-logging:$commonsLoggingVersion"
+5 -11
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>itest-context</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>itest-context</name>
<description>itest-context</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>aopalliance</groupId>
@@ -52,7 +46,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -127,13 +121,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
@@ -152,7 +146,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+7 -13
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>itest-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>itest-web</name>
<description>itest-web</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
@@ -145,31 +139,31 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
@@ -200,7 +194,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+3 -9
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>spring-security-ldap</name>
<description>spring-security-ldap</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.ldap</groupId>
@@ -68,7 +62,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -200,7 +194,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+4 -10
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-messaging</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>spring-security-messaging</name>
<description>spring-security-messaging</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>aopalliance</groupId>
@@ -46,7 +40,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -97,7 +91,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
@@ -232,7 +226,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+4 -10
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-openid</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>spring-security-openid</name>
<description>spring-security-openid</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>com.google.inject</groupId>
@@ -58,13 +52,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -164,7 +158,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+3 -9
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-remoting</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>spring-security-remoting</name>
<description>spring-security-remoting</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>aopalliance</groupId>
@@ -46,7 +40,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -123,7 +117,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+5 -11
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-aspectj-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>spring-security-samples-aspectj-jc</name>
<description>spring-security-samples-aspectj-jc</description>
<url>http://spring.io/spring-security</url>
@@ -30,23 +30,17 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -66,7 +60,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-aspects</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -110,7 +104,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+5 -11
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-aspectj-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>spring-security-samples-aspectj-xml</name>
<description>spring-security-samples-aspectj-xml</description>
<url>http://spring.io/spring-security</url>
@@ -30,17 +30,11 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -60,13 +54,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-aspects</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -110,7 +104,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-cassample-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-cassample-xml</name>
<description>spring-security-samples-cassample-xml</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.jasig.cas.client</groupId>
@@ -47,13 +41,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -90,13 +84,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -193,7 +187,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+2 -8
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-casserver</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-casserver</name>
<description>spring-security-samples-casserver</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>commons-logging</groupId>
@@ -86,7 +80,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-chat-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-chat-jc</name>
<description>spring-security-samples-chat-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
@@ -125,25 +119,25 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-data</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-messaging</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -239,7 +233,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-concurrency-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-concurrency-jc</name>
<description>spring-security-samples-concurrency-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -83,25 +77,25 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -186,7 +180,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+7 -13
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-contacts-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-contacts-xml</name>
<description>spring-security-samples-contacts-xml</description>
@@ -31,23 +31,17 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -137,19 +131,19 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -234,7 +228,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+4 -10
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-data-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>spring-security-samples-data-jc</name>
<description>spring-security-samples-data-jc</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.validation</groupId>
@@ -76,13 +70,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-data</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -133,7 +127,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+5 -11
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-dms-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>spring-security-samples-dms-xml</name>
<description>spring-security-samples-dms-xml</description>
<url>http://spring.io/spring-security</url>
@@ -30,23 +30,17 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -87,7 +81,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -141,7 +135,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-form-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-form-jc</name>
<description>spring-security-samples-form-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -83,25 +77,25 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -234,7 +228,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-gae-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-gae-xml</name>
<description>spring-security-samples-gae-xml</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>com.google.appengine</groupId>
@@ -65,13 +59,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -139,13 +133,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -201,7 +195,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-hellojs-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-hellojs-jc</name>
<description>spring-security-samples-hellojs-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
@@ -89,25 +83,25 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -192,7 +186,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+7 -13
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-hellomvc-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-hellomvc-jc</name>
<description>spring-security-samples-hellomvc-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -83,25 +77,25 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -178,7 +172,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
@@ -192,7 +186,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+4 -10
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-helloworld-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-helloworld-jc</name>
<description>spring-security-samples-helloworld-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -59,13 +53,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -170,7 +164,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+4 -10
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-helloworld-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-helloworld-xml</name>
<description>spring-security-samples-helloworld-xml</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -59,13 +53,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -170,7 +164,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+7 -13
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-inmemory-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-inmemory-jc</name>
<description>spring-security-samples-inmemory-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -83,25 +77,25 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -178,7 +172,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
@@ -192,7 +186,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+2 -8
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-insecure</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-insecure</name>
<description>spring-security-samples-insecure</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -158,7 +152,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+3 -9
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-insecuremvc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-insecuremvc</name>
<description>spring-security-samples-insecuremvc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -83,7 +77,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -168,7 +162,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-jaas-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-jaas-xml</name>
<description>spring-security-samples-jaas-xml</description>
@@ -31,17 +31,11 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -99,19 +93,19 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -196,7 +190,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-jdbc-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-jdbc-jc</name>
<description>spring-security-samples-jdbc-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -83,25 +77,25 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -234,7 +228,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+7 -13
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-ldap-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-ldap-jc</name>
<description>spring-security-samples-ldap-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -119,31 +113,31 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -276,7 +270,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-ldap-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-ldap-xml</name>
<description>spring-security-samples-ldap-xml</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -53,7 +47,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -120,19 +114,19 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -212,7 +206,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+4 -10
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>spring-security-samples-messages-jc</name>
<description>spring-security-samples-messages-jc</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.validation</groupId>
@@ -88,13 +82,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -208,7 +202,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+7 -13
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-openid-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-openid-jc</name>
<description>spring-security-samples-openid-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -83,31 +77,31 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-openid</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -198,7 +192,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-openid-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-openid-xml</name>
<description>spring-security-samples-openid-xml</description>
@@ -31,23 +31,17 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-openid</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -95,13 +89,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -133,7 +127,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-preauth-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-preauth-jc</name>
<description>spring-security-samples-preauth-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -83,25 +77,25 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -186,7 +180,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+4 -10
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-preauth-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-preauth-xml</name>
<description>spring-security-samples-preauth-xml</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>commons-logging</groupId>
@@ -66,13 +60,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -104,7 +98,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-rememberme-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-rememberme-jc</name>
<description>spring-security-samples-rememberme-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -83,25 +77,25 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -186,7 +180,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-servletapi-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-servletapi-xml</name>
<description>spring-security-samples-servletapi-xml</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -47,13 +41,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -110,13 +104,13 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -153,7 +147,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-tutorial-xml</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-tutorial-xml</name>
<description>spring-security-samples-tutorial-xml</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.slf4j</groupId>
@@ -47,7 +41,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -111,19 +105,19 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>runtime</scope>
</dependency>
<dependency>
@@ -155,7 +149,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+6 -12
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-x509-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<packaging>war</packaging>
<name>spring-security-samples-x509-jc</name>
<description>spring-security-samples-x509-jc</description>
@@ -31,12 +31,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
@@ -83,25 +77,25 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -186,7 +180,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
+5 -11
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>spring-security-taglibs</name>
<description>spring-security-taglibs</description>
<url>http://spring.io/spring-security</url>
@@ -30,29 +30,23 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -187,7 +181,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -37,6 +37,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.WebAttributes;
import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
import org.springframework.security.web.context.support.SecurityWebApplicationContextUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.context.support.WebApplicationContextUtils;
@@ -201,8 +202,7 @@ public abstract class AbstractAuthorizeTag {
@SuppressWarnings({ "unchecked", "rawtypes" })
private SecurityExpressionHandler<FilterInvocation> getExpressionHandler()
throws IOException {
ApplicationContext appContext = WebApplicationContextUtils
.getRequiredWebApplicationContext(getServletContext());
ApplicationContext appContext = SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(getServletContext());
Map<String, SecurityExpressionHandler> handlers = appContext
.getBeansOfType(SecurityExpressionHandler.class);
@@ -225,8 +225,7 @@ public abstract class AbstractAuthorizeTag {
return privEvaluatorFromRequest;
}
ApplicationContext ctx = WebApplicationContextUtils
.getRequiredWebApplicationContext(getServletContext());
ApplicationContext ctx = SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(getServletContext());
Map<String, WebInvocationPrivilegeEvaluator> wipes = ctx
.getBeansOfType(WebInvocationPrivilegeEvaluator.class);
@@ -14,6 +14,16 @@
*/
package org.springframework.security.taglibs.authz;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletContext;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.tagext.Tag;
import javax.servlet.jsp.tagext.TagSupport;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationContext;
@@ -21,15 +31,9 @@ import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.taglibs.TagLibConfig;
import org.springframework.security.web.context.support.SecurityWebApplicationContextUtils;
import org.springframework.web.context.support.WebApplicationContextUtils;
import javax.servlet.ServletContext;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.tagext.Tag;
import javax.servlet.jsp.tagext.TagSupport;
import java.util.*;
/**
* An implementation of {@link Tag} that allows its body through if all authorizations are
* granted to the request's principal.
@@ -142,8 +146,7 @@ public class AccessControlListTag extends TagSupport {
protected ApplicationContext getContext(PageContext pageContext) {
ServletContext servletContext = pageContext.getServletContext();
return WebApplicationContextUtils
.getRequiredWebApplicationContext(servletContext);
return SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(servletContext);
}
public Object getDomainObject() {
@@ -12,12 +12,16 @@
*/
package org.springframework.security.taglibs.authz;
import static org.fest.assertions.Assertions.*;
import static org.mockito.Matchers.any;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import java.io.IOException;
import java.util.Collections;
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
@@ -29,10 +33,14 @@ import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.security.access.expression.SecurityExpressionHandler;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.WebAttributes;
import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
import org.springframework.web.context.WebApplicationContext;
/**
*
@@ -71,6 +79,33 @@ public class AbstractAuthorizeTagTests {
verify(expected).isAllowed(eq(""), eq(uri), eq("GET"), any(Authentication.class));
}
@Test
public void privilegeEvaluatorFromChildContext() throws IOException {
String uri = "/something";
WebInvocationPrivilegeEvaluator expected = mock(WebInvocationPrivilegeEvaluator.class);
tag.setUrl(uri);
WebApplicationContext wac = mock(WebApplicationContext.class);
when(wac.getBeansOfType(WebInvocationPrivilegeEvaluator.class)).thenReturn(Collections.singletonMap("wipe", expected));
servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
tag.authorizeUsingUrlCheck();
verify(expected).isAllowed(eq(""), eq(uri), eq("GET"), any(Authentication.class));
}
@Test
@SuppressWarnings("rawtypes")
public void expressionFromChildContext() throws IOException {
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "pass","USER"));
DefaultWebSecurityExpressionHandler expected = new DefaultWebSecurityExpressionHandler();
tag.setAccess("permitAll");
WebApplicationContext wac = mock(WebApplicationContext.class);
when(wac.getBeansOfType(SecurityExpressionHandler.class)).thenReturn(Collections.<String,SecurityExpressionHandler>singletonMap("wipe", expected));
servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
assertThat(tag.authorize()).isTrue();
}
private class AuthzTag extends AbstractAuthorizeTag {
@Override
@@ -26,6 +26,7 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.context.WebApplicationContext;
import javax.servlet.ServletContext;
import javax.servlet.jsp.tagext.Tag;
import java.util.*;
@@ -83,6 +84,27 @@ public class AccessControlListTagTests {
assertTrue((Boolean) pageContext.getAttribute("allowed"));
}
@Test
public void childContext() throws Exception {
ServletContext servletContext = pageContext.getServletContext();
WebApplicationContext wac = (WebApplicationContext) servletContext
.getAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
servletContext.removeAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
Object domainObject = new Object();
when(pe.hasPermission(bob, domainObject, "READ")).thenReturn(true);
tag.setDomainObject(domainObject);
tag.setHasPermission("READ");
tag.setVar("allowed");
assertSame(domainObject, tag.getDomainObject());
assertEquals("READ", tag.getHasPermission());
assertEquals(Tag.EVAL_BODY_INCLUDE, tag.doStartTag());
assertTrue((Boolean) pageContext.getAttribute("allowed"));
}
// SEC-2022
@Test
public void multiHasPermissionsAreSplit() throws Exception {
+5 -11
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>spring-security-test</name>
<description>spring-security-test</description>
<url>http://spring.io/spring-security</url>
@@ -30,23 +30,17 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -75,7 +69,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
@@ -168,7 +162,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -103,7 +103,7 @@ public class Sec2935Tests {
.andExpect(authenticated().withUsername("user"));
}
@Ignore
// SEC-2941
@Test
public void defaultRequest() throws Exception {
mvc = MockMvcBuilders.webAppContextSetup(context)
+3 -9
View File
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<name>spring-security-web</name>
<description>spring-security-web</description>
<url>http://spring.io/spring-security</url>
@@ -30,12 +30,6 @@
<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
<url>https://github.com/spring-projects/spring-security</url>
</scm>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>aopalliance</groupId>
@@ -46,7 +40,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.3.CI-SNAPSHOT</version>
<version>4.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -236,7 +230,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.1.6.RELEASE</version>
<version>4.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -41,7 +41,7 @@ import java.util.*;
* version 2.0, you shouldn't need to explicitly configure a {@code FilterChainProxy} bean
* in your application context unless you need very fine control over the filter chain
* contents. Most cases should be adequately covered by the default
* {@code &lt;security:http /&gt;} namespace configuration options.
* {@code <security:http />} namespace configuration options.
* <p>
* The {@code FilterChainProxy} is linked into the servlet container filter chain by
* adding a standard Spring {@link DelegatingFilterProxy} declaration in the application
@@ -54,7 +54,7 @@ import java.util.*;
* and a list of filters which should be applied to matching requests. Most applications
* will only contain a single filter chain, and if you are using the namespace, you don't
* have to set the chains explicitly. If you require finer-grained control, you can make
* use of the {@code &lt;filter-chain&gt;} namespace element. This defines a URI pattern
* use of the {@code <filter-chain>} namespace element. This defines a URI pattern
* and the list of filters (as comma-separated bean names) which should be applied to
* requests which match the pattern. An example configuration might look like this:
*
@@ -43,7 +43,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
* <p>
* The most common method creating an instance is using the Spring Security namespace. For
* example, the {@code pattern} and {@code access} attributes of the
* {@code &lt;intercept-url&gt;} elements defined as children of the {@code &lt;http&gt;}
* {@code <intercept-url>} elements defined as children of the {@code <http>}
* element are combined to build the instance used by the
* {@code FilterSecurityInterceptor}.
*
@@ -38,6 +38,7 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserCache;
import org.springframework.security.core.userdetails.UserDetails;
@@ -224,8 +225,10 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements
+ "' with response: '" + digestAuth.getResponse() + "'");
}
SecurityContextHolder.getContext().setAuthentication(
createSuccessfulAuthentication(request, user));
Authentication authentication = createSuccessfulAuthentication(request, user);
SecurityContext context = SecurityContextHolder.createEmptyContext();
context.setAuthentication(authentication);
SecurityContextHolder.setContext(context);
chain.doFilter(request, response);
}
@@ -337,7 +337,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
logger.debug("SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.");
}
if (httpSession != null && !contextObject.equals(contextBeforeExecution)) {
if (httpSession != null && authBeforeExecution != null) {
// SEC-1587 A non-anonymous context may still be in the session
// SEC-1735 remove if the contextBeforeExecution was not anonymous
httpSession.removeAttribute(springSecurityContextKey);
@@ -207,8 +207,6 @@ abstract class OnCommittedResponseWrapper extends HttpServletResponseWrapper {
if(!disableOnCommitted) {
onResponseCommitted();
disableOnResponseCommitted();
} else if(logger.isDebugEnabled()){
logger.debug("Skip invoking on");
}
}
@@ -0,0 +1,76 @@
/*
* Copyright 2002-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.context.support;
import java.util.Enumeration;
import javax.servlet.ServletContext;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
/**
* Spring Security extension to Spring's {@link WebApplicationContextUtils}.
*
* @author Rob Winch
*/
public abstract class SecurityWebApplicationContextUtils extends WebApplicationContextUtils {
/**
* Find a unique {@code WebApplicationContext} for this web app: either the
* root web app context (preferred) or a unique {@code WebApplicationContext}
* among the registered {@code ServletContext} attributes (typically coming
* from a single {@code DispatcherServlet} in the current web application).
* <p>Note that {@code DispatcherServlet}'s exposure of its context can be
* controlled through its {@code publishContext} property, which is {@code true}
* by default but can be selectively switched to only publish a single context
* despite multiple {@code DispatcherServlet} registrations in the web app.
* @param servletContext ServletContext to find the web application context for
* @return the desired WebApplicationContext for this web app
* @see #getWebApplicationContext(ServletContext)
* @see ServletContext#getAttributeNames()
* @throws IllegalStateException if no WebApplicationContext can be found
*/
public static WebApplicationContext findRequiredWebApplicationContext(ServletContext servletContext) {
WebApplicationContext wac = _findWebApplicationContext(servletContext);
if (wac == null) {
throw new IllegalStateException("No WebApplicationContext found: no ContextLoaderListener registered?");
}
return wac;
}
/**
* Copy of {@link #findWebApplicationContext(ServletContext)} for compatibility with spring framework 4.1.x.
* @see #findWebApplicationContext(ServletContext)
*/
private static WebApplicationContext _findWebApplicationContext(ServletContext sc) {
WebApplicationContext wac = getWebApplicationContext(sc);
if (wac == null) {
Enumeration<String> attrNames = sc.getAttributeNames();
while (attrNames.hasMoreElements()) {
String attrName = attrNames.nextElement();
Object attrValue = sc.getAttribute(attrName);
if (attrValue instanceof WebApplicationContext) {
if (wac != null) {
throw new IllegalStateException("No unique WebApplicationContext found: more than one " +
"DispatcherServlet registered with publishContext=true?");
}
wac = (WebApplicationContext) attrValue;
}
}
}
return wac;
}
}
@@ -62,8 +62,7 @@ public class DefaultSavedRequest implements SavedRequest {
private final ArrayList<Locale> locales = new ArrayList<Locale>();
private final Map<String, List<String>> headers = new TreeMap<String, List<String>>(
String.CASE_INSENSITIVE_ORDER);
private final Map<String, String[]> parameters = new TreeMap<String, String[]>(
String.CASE_INSENSITIVE_ORDER);
private final Map<String, String[]> parameters = new TreeMap<String, String[]>();
private final String contextPath;
private final String method;
private final String pathInfo;
@@ -19,7 +19,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.security.web.context.support.SecurityWebApplicationContextUtils;
import org.springframework.web.context.support.WebApplicationContextUtils;
import javax.servlet.ServletContext;
@@ -28,7 +28,7 @@ import javax.servlet.http.HttpSessionListener;
/**
* Declared in web.xml as
*
*
* <pre>
* &lt;listener&gt;
* &lt;listener-class&gt;org.springframework.security.web.session.HttpSessionEventPublisher&lt;/listener-class&gt;
@@ -53,8 +53,7 @@ public class HttpSessionEventPublisher implements HttpSessionListener {
// ========================================================================================================
ApplicationContext getContext(ServletContext servletContext) {
return WebApplicationContextUtils
.getRequiredWebApplicationContext(servletContext);
return SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(servletContext);
}
/**
@@ -15,11 +15,20 @@
package org.springframework.security.web.authentication.www;
import static org.junit.Assert.*;
import static org.mockito.Mockito.*;
import static org.fest.assertions.Assertions.*;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import java.io.IOException;
import java.util.*;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
@@ -32,7 +41,9 @@ import org.junit.Before;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
@@ -473,4 +484,27 @@ public class DigestAuthenticationFilterTests {
assertNull(SecurityContextHolder.getContext().getAuthentication());
assertEquals(401, response.getStatus());
}
// SEC-3108
@Test
public void authenticationCreatesEmptyContext() throws Exception {
SecurityContext existingContext = SecurityContextHolder.createEmptyContext();
TestingAuthenticationToken existingAuthentication = new TestingAuthenticationToken("existingauthenitcated", "pass", "ROLE_USER");
existingContext.setAuthentication(existingAuthentication);
SecurityContextHolder.setContext(existingContext);
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
request.addHeader(
"Authorization",
createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI,
responseDigest, QOP, NC, CNONCE));
filter.setCreateAuthenticatedToken(true);
executeFilterInContainerSimulator(filter, request, true);
assertThat(existingAuthentication).isSameAs(existingContext.getAuthentication());
}
}
@@ -501,6 +501,24 @@ public class HttpSessionSecurityContextRepositoryTests {
request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY));
}
// SEC-3070
@Test
public void logoutInvalidateSessionFalseFails() throws Exception {
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
MockHttpServletRequest request = new MockHttpServletRequest();
SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext();
ctxInSession.setAuthentication(testToken);
request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, ctxInSession);
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
repo.loadContext(holder);
ctxInSession.setAuthentication(null);
repo.saveContext(ctxInSession, holder.getRequest(), holder.getResponse());
assertNull(request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY));
}
@Test
@SuppressWarnings("deprecation")
public void sessionDisableUrlRewritingPreventsSessionIdBeingWrittenToUrl()
@@ -600,4 +618,4 @@ public class HttpSessionSecurityContextRepositoryTests {
repo.saveContext(context, request, response);
}
}
}
@@ -32,13 +32,15 @@ public class DefaultSavedRequestTests {
assertTrue(saved.getHeaderValues("if-none-match").isEmpty());
}
// TODO: Why are parameters case insensitive. I think this is a mistake
// SEC-3082
@Test
public void parametersAreCaseInsensitive() throws Exception {
public void parametersAreCaseSensitive() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter("ThisIsATest", "Hi mom");
request.addParameter("AnotHerTest", "Hi dad");
request.addParameter("thisisatest", "Hi mom");
DefaultSavedRequest saved = new DefaultSavedRequest(request,
new MockPortResolver(8080, 8443));
assertEquals("Hi mom", saved.getParameterValues("thisisatest")[0]);
assertNull(saved.getParameterValues("anothertest"));
}
}
@@ -319,7 +319,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
verify(asyncContext).start(runnableCaptor.capture());
DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor
.getValue();
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, SecurityContext.class))
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, "delegateSecurityContext"))
.isEqualTo(context);
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, "delegate"))
.isEqualTo(runnable);
@@ -346,7 +346,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
verify(asyncContext).start(runnableCaptor.capture());
DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor
.getValue();
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, SecurityContext.class))
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, "delegateSecurityContext"))
.isEqualTo(context);
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, "delegate"))
.isEqualTo(runnable);
@@ -373,7 +373,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
verify(asyncContext).start(runnableCaptor.capture());
DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor
.getValue();
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, SecurityContext.class))
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, "delegateSecurityContext"))
.isEqualTo(context);
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, "delegate"))
.isEqualTo(runnable);
@@ -73,6 +73,42 @@ public class HttpSessionEventPublisherTests {
assertEquals(session, listener.getDestroyedEvent().getSession());
}
@Test
public void publishedEventIsReceivedbyListenerChildContext() {
HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
StaticWebApplicationContext context = new StaticWebApplicationContext();
MockServletContext servletContext = new MockServletContext();
servletContext.setAttribute(
"org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher",
context);
context.setServletContext(servletContext);
context.registerSingleton("listener", MockApplicationListener.class, null);
context.refresh();
MockHttpSession session = new MockHttpSession(servletContext);
MockApplicationListener listener = (MockApplicationListener) context
.getBean("listener");
HttpSessionEvent event = new HttpSessionEvent(session);
publisher.sessionCreated(event);
assertNotNull(listener.getCreatedEvent());
assertNull(listener.getDestroyedEvent());
assertEquals(session, listener.getCreatedEvent().getSession());
listener.setCreatedEvent(null);
listener.setDestroyedEvent(null);
publisher.sessionDestroyed(event);
assertNotNull(listener.getDestroyedEvent());
assertNull(listener.getCreatedEvent());
assertEquals(session, listener.getDestroyedEvent().getSession());
}
// SEC-2599
@Test(expected = IllegalStateException.class)
public void sessionCreatedNullApplicationContext() {