Commit Graph

1012 Commits

Author SHA1 Message Date
Stephane Nicoll
752a91c75b Merge branch '1.5.x' 2017-01-14 04:36:47 -05:00
Stephane Nicoll
7e557662a5 Polish contribution
Closes gh-7916
2017-01-14 04:35:58 -05:00
Praveendra Singh
36de58f0fe Polish samples list in readme
See gh-7916
2017-01-14 04:34:10 -05:00
Andy Wilkinson
ae3434ba4c Merge branch '1.4.x' into 1.5.x 2017-01-13 18:45:50 -05:00
Andy Wilkinson
d2201d5284 Correct copyright dates and enforce that starting year is 2012
Closes gh-7923
2017-01-13 18:43:30 -05:00
Phillip Webb
b99c2daf31 Fixup broken version number 2017-01-06 00:05:25 -08:00
Phillip Webb
c35454e5f4 Merge branch '1.5.x' 2017-01-05 23:40:58 -08:00
Phillip Webb
f96294b63b Add LDAP sample
Add an LDAP sample application.

See gh-7733
2017-01-05 23:36:29 -08:00
Madhura Bhave
4ea47220e9 Match nested paths for insensitive actuators
Update `ManagementWebSecurityAutoConfiguration` to match nested path
for insensitive actuators.

Prior to this commit, when Spring Security was on the classpath
nested paths were considered sensitive (even if the actuator
endpoint was not sensitive). i.e. when setting
`endpoints.env.sensitive=false` `/env` could be accessed without
authentication but `/env/user` could not.

Fixes gh-7868
Closes gh-7881
2017-01-05 18:45:30 -08:00
Phillip Webb
18aa9be4fb Merge branch '1.4.x' into 1.5.x 2017-01-05 18:16:42 -08:00
Phillip Webb
21bfe52694 Add test to check class resources aren't exposed
Closes gh-7880
2017-01-05 18:15:50 -08:00
Phillip Webb
77f9bb09ca Further Polish Mockito 2 support
See gh-7770
2017-01-05 14:29:29 -08:00
Phillip Webb
7f99153daf Fixup parent POM version number 2017-01-05 13:57:30 -08:00
Phillip Webb
6776ec2704 Merge branch '1.5.x' 2017-01-05 11:04:37 -08:00
Phillip Webb
565f75438e Polish 2017-01-05 11:04:07 -08:00
Dave Syer
21be9ef666 Merge remote-tracking branch 'origin/1.5.x' 2017-01-05 11:59:49 +00:00
Dave Syer
fe344df9c5 Change default order of OAuth2 resource server filter chain
The default is now SecurityProperties.ACCESS_OVERRIDE_ORDER-1
(instead of 3), and the user can set it with
security.oauth2.resource.filter-order (as opposed to being hard
coded). The filter is provided by Spring OAuth2 so this change is
a BeanPostProcessor to call a setter on that object.

Fixes gh-5072
2017-01-05 11:58:36 +00:00
Phillip Webb
53f1df86a2 Merge branch '1.5.x' 2016-12-30 12:17:28 -08:00
Phillip Webb
aacf5d660f Update copyright year for changed files 2016-12-30 11:53:51 -08:00
Phillip Webb
be3fe12cf0 Polish 2016-12-30 11:46:24 -08:00
Phillip Webb
273beaa3ce Polish 2016-12-30 11:10:44 -08:00
Stephane Nicoll
4604bb7e8a Merge branch '1.5.x' 2016-12-30 18:01:59 +01:00
Stephane Nicoll
c903ff46a7 Polish samples 2016-12-30 17:57:14 +01:00
Stephane Nicoll
a19a28062f Fix actuator security in samples
Closes gh-7637
2016-12-30 17:56:19 +01:00
Stephane Nicoll
9dfaf4de06 Merge branch '1.5.x' 2016-12-30 15:53:16 +01:00
Stephane Nicoll
3ed5a723bb Polish log4j2 sample 2016-12-30 15:50:45 +01:00
Phillip Webb
519f9c6c54 Merge branch '1.5.x' 2016-12-28 15:35:32 -08:00
Phillip Webb
97d7ffd8e8 Merge branch '1.4.x' into 1.5.x 2016-12-28 14:48:05 -08:00
Phillip Webb
61c931943f Fix Devtools PatternResolver Servlet support
Update ClassLoaderFilesResourcePatternResolver to support servlet
resources when it's being used with a WebApplicationContext.

Prior to commit 918e122ddc a `ResourceLoader` was not added to the
`ApplicationContext`, meaning that servlet resources could be found by
virtue of the protected `getResourceByPath()` method. Following commit
918e122ddc, the context `ResourceLoader` is set, meaning that all calls
to `getResource` delegate to the `ResourceLoader` and the
`ApplicationContext` methods are not invoked. Since the devtools
`ResourceLoader` wasn't Servlet aware, servlet resources could not
be found.

Fixes gh-7752
2016-12-28 14:25:11 -08:00
Phillip Webb
49fa702708 Merge branch '1.5.x' 2016-12-27 15:06:22 -08:00
Phillip Webb
85504e74a6 Merge branch '1.4.x' into 1.5.x 2016-12-27 15:05:15 -08:00
Mesut Can Gurle
ab2290eecd Improve Cassandra sample README documentation
Update the README file in `spring-boot-sample-data-cassandra` with
details of how to setup the keyspace and create the tables.

Closes gh-7737
2016-12-27 12:56:22 -08:00
Phillip Webb
61f65ea10e Add test for devtools + serving from /public
Add a simple test to show that basic serving of `/public` resources
works with devtoos.

See gh-7752
2016-12-27 12:24:32 -08:00
Stephane Nicoll
80df396e3c Fix parent version 2016-12-27 12:43:15 +01:00
Phillip Webb
291752a317 Merge branch '1.5.x' 2016-12-24 11:26:50 -08:00
Phillip Webb
a116579cfc Work around Jetty websocket client bug
Add workaround for Jetty JsrSession NullPointerException bug
(https://github.com/eclipse/jetty.project/issues/1202) in
`spring-boot-sample-websocket-jetty`.

See gh-7599
2016-12-24 11:22:58 -08:00
Phillip Webb
a23591e047 Support Jetty 9.4 and upgrade to 9.4.0.v20161208
Update `JettyEmbeddedServletContainerFactory` to support Jetty 9.4
directly and Jetty 9.3 via reflection. The primary difference between
Jetty 9.3 and 9.4 are the session management classes. Websocket suppport
has also been updates, but this is handled transparently by the
Spring Framework support.

Fixes gh-7599
2016-12-24 11:22:38 -08:00
Phillip Webb
c3edf9e341 Fixup version numbers following release 2016-12-22 19:03:09 -08:00
Spring Buildmaster
9057f9ae1f Next development version 2016-12-23 00:15:23 +00:00
Phillip Webb
6e02fe59f7 Merge branch '1.5.x' 2016-12-21 22:32:43 -08:00
Phillip Webb
982f41b70c Polish @IntegrationComponentScan auto-configuration
See gh-2037
See gh-7718
2016-12-21 22:22:50 -08:00
Stephane Nicoll
ac9eb8a9a9 Fix Maven warning in samples
Closes gh-7716
2016-12-21 11:40:14 +01:00
Phillip Webb
1f417997f3 Merge branch '1.5.x' 2016-12-19 13:21:18 -08:00
Phillip Webb
6121208cbb Polish formatting 2016-12-19 12:47:03 -08:00
Phillip Webb
bd74c3d327 Polish formatting 2016-12-19 12:25:09 -08:00
Andy Wilkinson
943262bb97 Raise the minimum supported version of Hibernate to 5.2.x
Closes gh-7586
2016-12-15 21:31:53 +00:00
Madhura Bhave
1cd1054514 Merge branch '1.5.x' 2016-12-06 11:08:24 -08:00
Madhura Bhave
1be5812cf0 Require ACTUATOR role rather than ADMIN
Update management security to require an `ACTUATOR` role rather than
`ADMIN` by default. This should reduce the risk of users accidentally
exposing actuator endpoints because they happen to use a role named
`ADMIN`.

Fixes gh-7569
2016-12-05 17:58:16 -08:00
Madhura Bhave
d09aafacda Add a security interceptor for actuator endpoints
Update `AbstractEndpointHandlerMapping` to support a security
interceptor that can be used to enforce endpoint security.

Fixes gh-6889
2016-12-05 17:57:00 -08:00
Andy Wilkinson
2adb002275 Merge branch '1.5.x' 2016-12-02 11:21:10 +00:00