fea03536d6
SEC-2853: Rename WebSocket XML Namespace elements
11 years ago
6a8475adbb
SEC-2830: Provide Same Origin support for SockJS
11 years ago
a27c33754c
SEC-2859: Add CsrfTokenArgumentResolver
11 years ago
c4fe630f8e
SEC-2846: Security HTTP Response Headers Configuration Cleanup
11 years ago
6627f76df7
SEC-2758: Make ROLE_ consistent
11 years ago
081f84844c
SEC-2777: Fix <header> attributes in doc
11 years ago
c30c97005b
SEC-2572: Document Spring Test
11 years ago
aab0eea9cf
SEC-2800 Documentation typo in class name
11 years ago
1677836d53
SEC-2790: Deprecate @EnableWebMvcConfig
11 years ago
3171cc4364
SEC-2788: Add @Configuration as meta annotation to @Enable* annotations
11 years ago
c67ff42b8a
SEC-2783: XML Configuration Defaults Should Match JavaConfig
...
* j_username -> username
* j_password -> password
* j_spring_security_check -> login
* j_spring_cas_security_check -> login/cas
* j_spring_cas_security_proxyreceptor -> login/cas/proxyreceptor
* j_spring_openid_security_login -> login/openid
* j_spring_security_switch_user -> login/impersonate
* j_spring_security_exit_user -> logout/impersonate
* login_error -> error
* use-expressions=true by default
11 years ago
87a52ffbfd
SEC-2784: Update to Gradle 2.2.1
11 years ago
6e204fff72
SEC-2781: Remove deprecations
11 years ago
2cb2657f5b
SEC-2702: Clean WebSocket Namespace documentation
11 years ago
3c487c0348
SEC-2348: Update doc headers enabled by default with XML
11 years ago
4392205f63
SEC-2347: CSRF Enabled by default w/ XML Config
11 years ago
eedbf44235
SEC-2348: Security HTTP Response Headers enabled by default w/ XML
11 years ago
4dcc89fab0
SEC-2674: Documentation refers to httpStrictTransportSecurity() instead of hsts()
11 years ago
55d6d5a86a
SEC-2615: accesscontrollist tag hasPermission performs OR not AND
...
In 3.1 the accesscontrollist tag began performing an and on the
permissions. This may have been accidental, but I think that it is more
intuitive & secure for it to behave this way. When compared to hasAnyRole
and hasRoles the hasPermission tag implies it is an and. If users end up
needing OR support, then the authorize tag can be used along with the
hasPermission expression. For example:
<sec:authorize access="hasPermission(#domain, 'read') or hasPermission(#domain, 'write') ">
In general, the authorize tag should be preferred as it is the more
powerful way of performing authorization checks.
11 years ago
e7edb77cae
SEC-2716: Fix doc spelling of AbstractPreAuthenticatedProcessingFilter
11 years ago
bd322542ca
Fixed broken url to Clickjacking description.
12 years ago
934937d9c1
SEC-2688: CAS Proxy Ticket Authentication uses Service for host & port
12 years ago
b97b84063a
SEC-2665: Fix samples/ldap-jc link in reference
12 years ago
d9efd08bfd
SEC-2577: Add missing whitespace in reference
12 years ago
5b216bd0b2
Revert "SEC-2547: Consistent CAS client version"
...
This reverts commit f6cc9d87d5
12 years ago
f6cc9d87d5
SEC-2547: Consistent CAS client version
12 years ago
71ba977dad
Fix package name in manual code
12 years ago
32d3e29c65
SEC-2325: Polish CSRF Tag support
...
- Rename csrfField to csrfInput
- Make AbstractCsrfTag package scope
- rename FormFieldTag to CsrfInputTag
- rename MetaTagsTag to CsrfMetaTagsTag
- removed whitespace from tag output so output is
minimized & improving browser performance
- Update @since
- changed test names to be more meaningful
12 years ago
a3e0475998
SEC-2325 Added JSP tags for CSRF meta tags and form fields
12 years ago
26cee61b98
SEC-2335 Added ACL schema files for MySQL, SQL Server, Oracle
12 years ago
1d6536fa71
SEC-2512: Fix typo in reference`
...
udates -> updates
12 years ago
4a1a2dfed4
Update min Spring version of 4.0.2.REELASE
12 years ago
6c35c33abe
SEC-2447: Fix AuthenticationManagerBuilder ordering issues
12 years ago
b5f5665ea6
SEC-2463: CSRF documentation includes EnableWebMvcSecurity
12 years ago
3b05fd6fed
SEC-2466: Add link to MultipartFilter in CSRF multipart section
12 years ago
4c84805ac9
SEC-2466: CSRF MutipartFilter doc now uses <url-pattern>
12 years ago
f09ce267b3
Polish MVC doc
12 years ago
5205bf57c6
SEC-2453: Create 403 CSRF FAQ Entry
12 years ago
0d12397662
SEC-2385: Polish Gradle Spring 4 usage doc
12 years ago
035067caf4
SEC-2385: Polish Gradle Spring 4 usage doc
12 years ago
feeb380b51
Polish Guides
12 years ago
74a6303b6f
SEC-2385: Document how to use with Spring 4
12 years ago
4308e72573
Polish CSRF log in caveat with link
12 years ago
b8cc42e3a3
SEC-2426: Add CSRF and logout with non-post example
12 years ago
ab08d99a52
SEC-2421: Remove filterProcessUrl from UsernamePasswordAuthenticationFilter doc
12 years ago
135df149a3
SEC-2423: Document differences between defaults in Java & XML Config
12 years ago
0b996c669f
SEC-2424: Document ObjectPostProcessor
12 years ago
5a59c74d02
SEC-2327: Document SecurityExpressionRoot
12 years ago
4944e602cb
SEC-2402: Reference cleanup
...
* Fix link rendering in CSRF section
* Remove static from MultiHttpSecurityConfig sample
* Decrease indention since can render w/ PDF now
* Remove invalid characters
12 years ago
c135179029
Update to latest Asciidoctor version
...
We will temporarily remove PDF support until the plugin supports it.
12 years ago
Rob Winch
Christopher Pelloux
Bloshchetsov Andrey Evgenyevich
Alexander Grüneberg
Hans-Joachim Kliemeck
Luke Taylor
Rob Winch
beamerblvd
Manimaran Selvan