Commit Graph

22 Commits

Author SHA1 Message Date
Phillip Webb
5fba43aa31 Merge branch '1.5.x' into 2.0.x 2019-06-04 00:05:57 -07:00
Phillip Webb
32068c21a3 Polish resource files to all end with a new line 2019-06-03 23:48:43 -07:00
Andy Wilkinson
ba4671f0ab Merge branch '1.5.x' into 2.0.x 2019-03-27 19:59:36 +00:00
Andy Wilkinson
94633cfd89 Merge branch '1.4.x' into 1.5.x 2019-03-27 14:04:32 +00:00
Spring Operator
e401d02ced Use HTTPS for external links wherever possible
See gh-16316
2019-03-27 11:35:54 +00:00
Andy Wilkinson
9fbd38ab3c Merge branch '1.5.x' into 2.0.x 2019-03-20 16:45:26 +00:00
Andy Wilkinson
4b6bddd476 Merge branch '1.4.x' into 1.5.x 2019-03-20 16:30:04 +00:00
Andy Wilkinson
0e009ef047 Use HTTPS to link to the Apache license 2019-03-20 15:00:10 +00:00
Phillip Webb
21d80d87a3 Merge branch '1.5.x' into 2.0.x 2018-05-25 18:45:37 -07:00
Phillip Webb
e69296d7d3 Fix checkstyle violations in samples 2018-05-25 18:18:00 -07:00
Madhura Bhave
47ed096981 Make default username and password configurable
Closes gh-10963
2017-12-11 15:15:47 -08:00
Stephane Nicoll
e05e04014b Move security.* to spring.security.*
This commit also removes `security.basic.enabled` as this property is
no longer required.

Closes gh-10296
2017-09-14 17:33:37 +02:00
Madhura Bhave
e08ddbf838 Rework security autoconfiguration
This commit combines security autoconfigurations for
management endpoints and the rest of the application. By default,
if Spring Security is on the classpath, it turns on @EnableWebSecurity.
In the presence of another WebSecurityConfigurerAdapter this backs off
completely. A default AuthenticationManager is also provided with a user
and generated password. This can be turned off by specifying a bean of
type AuthenticationManager, AuthenticationProvider or UserDetailsService.

Closes gh-7958
2017-08-27 23:15:18 -07:00
Dave Syer
cc3f673874 Narrow range of events listened for in security audit
The InteractiveAuthenticationSuccessEvent is always shadowed by a
regulat AuthenticationSuccessEvent, so there's no need to listen for
all AbstractAuthenticationSuccessEvents.

Fixes gh-4355
2015-11-02 10:01:45 +00:00
Rob Baily
3c50386970 Fix logout in sample secure web applications
Fixes gh-1536
2015-06-26 16:44:04 -07:00
Dave Syer
fd757cb371 Add logging.level to application.properties
E.g.

logging.level.org.springframework: DEBUG
logging.level.org.hibernate: WARN

Fixed gh-788
2014-06-27 15:49:17 +01:00
Dave Syer
e39fafcc33 Add JDBC user details to web-secure sample
See gh-1115
2014-06-18 12:48:26 +01:00
Javier Gayoso
b7d94d1364 Optimized login form - delegated CSRF token creation to thymeleaf
Also added additional test to verify behaviour.

Fixes gh-1039
2014-06-09 10:56:01 +01:00
Dave Syer
1d7caf8e31 Man up and deal with CSRF in integration test
Fixes gh-979
2014-05-30 08:21:57 +01:00
Dave Syer
5e3cc95ccf Adjust security.basic.enabled=false behaviour
Actually the web-secure sample is misusing
security.basic.enabled=false (IMO) - it should be a flag
to say that you want to temporarily disable the basic security
fallback on application endpoins, not  way to disable all
security autoconfiguration.

Added test case to web-secure sample to ensure a user
can log in.

Fixes gh-979
2014-05-29 13:25:01 +01:00
Dave Syer
809a5a711f Add a @EnableWebSecurity if it looks like the user needs one
If the user explicitly disables the basic security features and forgets to
@EnableWebSecurity, and yet still wants a bean of type
WebSecurityConfigurerAdapter, he is trying to use a custom
security setup and the app would fail in a confusing way without
this change.

Fixes gh-568
2014-03-25 12:19:56 +00:00
Dave Syer
b1db714c23 Allow @EnableGlobalMethodSecurity in a non webapp
Fixes gh-202
2014-01-09 17:13:59 +00:00