Commit Graph

2229 Commits

Author SHA1 Message Date
Rob Winch
a24065c361 SEC-3109: DelegatingSecurityContextExecutor fails with same Thread
Previously DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable
would not setup the SecurityContext if it was on the same thread as it was created.
This was intended to fix SEC-3031 but simply caused more problems.

This commit changes the strategy to keep track of the previous SecurityContext
and restore it (or clear it out if it was originally empty).
2015-10-26 17:23:15 -05:00
Rob Winch
23de257508 SEC-3031: DelegatingSecurityContext(Runnable|Callable) only modify SecurityContext on new Thread
Modifying the SecurityContext on the same Thread can cause issues. For example, with a
RejectedExecutionHandler the SecurityContext may be cleared out on the original Thread.

This change modifies both the DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable to,
by default, only modify the SecurityContext if they are invoked on a new Thread. The behavior can be changed
by setting the property enableOnOrigionalThread to true.
2015-07-22 16:48:04 -05:00
Rob Winch
567b0ed030 SEC-3013: Add messages_en.properties 2015-07-13 23:26:04 -05:00
Rob Winch
13cb51c15f SEC-2918: Update Spring Version 3.2.13 2015-03-25 21:43:11 -05:00
james
b42cb9e3e1 SEC-2812: Fix german translations in 3.2.x 2015-01-12 13:48:50 +01:00
Rob Winch
cdac4d990b SEC-2747: Remove spring-core dependency from spring-security-crypto 2014-11-20 16:28:06 -06:00
Rob Winch
c36cc88ac4 SEC-2150: Support class level annotations on Spring Data Repositories 2014-11-20 12:17:47 -06:00
Rob Winch
7d82349b1e SEC-2150: Add tests to verify JSR-250 Spec behavior 2014-11-20 12:17:44 -06:00
Rob Winch
b6ab9c85e9 SEC-2682: DelegatingSecurityContextRunnable/Callable delegate toString() 2014-11-20 11:51:26 -06:00
Rob Winch
b71989ecde SEC-2574: JavaConfig default SessionRegistry processes SessionDestroyedEvents 2014-11-19 17:10:14 -06:00
Rob Winch
0a184a8d79 SEC-2697: Fix logging of Spring Version Check 2014-08-15 12:41:26 -05:00
Rob Winch
9a27f9f778 SEC-2579: Add springio-platform plugin 2014-04-29 16:59:32 -05:00
Rob Winch
13c5750f5d SEC-2571: Improve wording of UsernamePasswordAuthenticationToken#setAuthenticated() error 2014-04-24 17:03:34 -05:00
Rob Winch
414289d466 SEC-2571: Failure in UserDetailsService->InternalAuthenticationServiceException 2014-04-24 16:35:58 -05:00
Rob Winch
fd6f9da184 SEC-2542: Use exclusions to remove duplicate dependencies
A number of projects had duplicate dependencies on their classpaths
as a result of the same classes being available in more than one
artifact, each with different Maven coordinates. Typically this only
affected the tests, but meant that the actual classes that were
loaded was somewhat unpredictable and had the potential to vary
between an IDE and the command line depending on the order in which
the aritfacts appeared on the classpath. This commit adds a number of
exclusions to remove such duplicates.

In addition to the new exclusions, notable other changes are:

 - Spring Data JPA has been updated to 1.4.1. This brings its
   transitive dependency upon spring-data-commons into line with
   Spring LDAP's and prevents both spring-data-commons-core and
   spring-data-commons from being on the classpath
 - All Servlet API dependencies have been updated to use the official
   artifact with all transitive dependencies on unofficial servlet API
   artifacts being excluded.
 - In places, groovy has been replaced with groovy-all. This removes
   some duplicates caused by groovy's transitive dependencies.
 - JUnit has been updated to 4.11 which brings its transitive Hamcrest
   dependency into line with other components.

There appears to be a bug in Gradle which means that some exclusions
applied to an artifact do not work reliably. To work around this
problem it has been necessary to apply some exclusions at the
configuration level

Conflicts:
	samples/messages-jc/pom.xml
2014-04-02 08:48:55 -05:00
Rob Winch
ea0466d666 Next developmenet version in pom.xml 2014-04-02 08:44:06 -05:00
Alexander Kjäll
783af4012b SEC-2518: UserDetailsService javadoc repeats "insensitive"
Typo in javadoc, "case insensitive" was repeated twice.
2014-03-11 15:38:28 -05:00
Rob Winch
7dbb8e777e SEC-2500: Prevent anonymous bind for ActiveDirectoryLdapAuthenticator 2014-03-10 14:21:32 -05:00
Rob Winch
7f99a2dfbb SEC-2487: Update to Spring 3.2.8.RELEASE 2014-02-19 09:30:40 -06:00
Rob Winch
fc8e4868ce SEC-2468: Fix tests 2014-02-15 14:25:46 -06:00
Rob Winch
65367e6547 SEC-2468: JdbcUserDetailsManager#createNewAuthentication uses null credentials 2014-02-14 16:53:26 -06:00
Rob Winch
152f41f61e SEC-2392: KeyBasedPersistenceTokenService uses bytes instead of bits
The method setPseudoRandomNumberBits actually sets the number of bytes. This
commit deprecates setPseudoRandomNumberBits and adds
setPseudoRandomNumberBytes. The default value is still 256 to remain passive
but will be updated in 4.x.
2014-02-13 15:36:47 -06:00
Rob Winch
ec8b48150d SEC-2474: Update poms 2014-02-07 17:01:11 -06:00
Rob Winch
087b56da96 SEC-2473: Update to Spring 3.2.7 2014-01-30 09:44:26 -06:00
Rob Winch
2df5541905 SEC-2448: Update to HSQL 2.3.1 2013-12-14 10:19:06 -06:00
Rob Winch
a34178bc40 SEC-2434: Update to Spring 3.2.6 and Spring 4.0 GA 2013-12-12 08:16:59 -06:00
Rob Winch
4460e84b29 Updates to pom.xml author and repo 2013-12-09 08:57:30 -06:00
Rob Winch
fa39ecd719 SEC-2367: ProviderManager rethrows InternalAuthenticationServiceExceptions 2013-12-04 16:19:33 -06:00
Rob Winch
7e274ea5b6 Fix typo in InternalAuthenticationServiceException javadoc 2013-12-04 16:18:59 -06:00
Rob Winch
5a59c74d02 SEC-2327: Document SecurityExpressionRoot 2013-11-20 16:59:05 -06:00
Rob Winch
2d2f91484d SEC-2350: Fix broken test 2013-11-15 14:01:35 -06:00
Rob Winch
1745715865 SEC-2350: Remove warning whe using Spring 4 2013-11-15 13:43:43 -06:00
Rob Winch
2c8946c406 Next development version 2013-11-01 14:20:55 -05:00
Spring Buildmaster
9c703a3051 Release version 3.2.0.RC2 2013-11-01 14:20:49 -05:00
Rob Winch
e696890e8e SEC-2151: Fix spring4Test 2013-09-27 12:36:43 -05:00
Rob Winch
61e6acb3f4 SEC-2151: AnnotationParameterNameDiscoverer support single annotated param
This makes sense since often times only a single argument is necessary in
the expression.
2013-09-27 11:53:39 -05:00
Rob Winch
e5f034bdef SEC-2151: Fix tests 2013-09-27 11:52:32 -05:00
Rob Winch
a09756745f SEC-2151: Support binding method arguments with Annotations
This allow utilizing method arguments for method access control on
interfaces prior to JDK 8.
2013-09-27 11:18:37 -05:00
Rob Winch
fb0a8d19e8 SEC-2322: Support StandardReflectionParameterNameDiscoverer 2013-09-26 15:55:11 -05:00
Rob Winch
88f41cdf62 SEC-2341: Update to Gradle 1.8
Some dependencies were necessary to update due to issues with JUnit
integration.
2013-09-24 15:35:51 -05:00
Rob Winch
788ba9a1fa SEC-2329: Allow injecting of AuthenticationTrustResolver 2013-09-20 15:26:52 -05:00
Rob Winch
3d2f23602f SEC-2294: Update Spring Version to 3.2.4.RELEASE 2013-08-31 11:26:43 -05:00
Rob Winch
664220f304 SEC-2295: Remove error logging when Spring version equals Spring Security 2013-08-29 16:48:49 -05:00
Rob Winch
aca2e4ff3a SEC-2289: Add spring4Test 2013-08-27 16:43:10 -05:00
Rob Winch
086056f191 SEC-2289: Make compatible with Spring 4 as well
There are a few subtle changes in Spring 4 that this commit addresses
2013-08-27 16:43:10 -05:00
Rob Winch
976d9a9016 SEC-2194: Polish java config sample apps 2013-08-08 14:33:54 -05:00
Guillaume Smet
d20a8e0373 SEC-2245: Cast to interface instead of implementation
Makes our life easier when we want to override the
MethodSecurityExpressionRoot.
2013-08-05 17:07:12 -05:00
Rob Winch
9d58317731 Use included configuration instead of sourceSets.main.output
Previously the crypto module was not exported in Eclipse because it was
listed as a test dependency to have it added as a dependency. Note that
this was all to work around GRADLE-1116

Now we add an included configuration that is exported for Eclipse, but not
added to the Maven pom (since all the crypto module is included in core).
2013-08-05 16:49:34 -05:00
Rob Winch
5e6ca12b01 SEC-2097: Update integrationTestCompile to use optional and provided
Also update slf4j version and remove explicit commons-logging from pom generation
2013-07-16 15:59:06 -05:00
Rob Winch
955a60cf49 SEC-2208: Use std docbook plugin and workspace cleanup 2013-07-16 15:15:47 -05:00