Commit Graph

51 Commits (211f20b9c6ad19a4334809d5b6229f6f7bb0fef1)

Author SHA1 Message Date
Dave Syer 300910f7d5 Merge branch '1.1.x' 10 years ago
Dave Syer 0cf1c6f0e5 Refactor AuthenticationManagerConfiguration to make sure it works
if user also adds @EnableWebMvcSecurity. The problem is that the ordering
of the init() and configure() methods in the Spring Security configurers
can force things to happen too early unless we are careful. It's still a bit
twitchy I would say, but this relatively small change seems to fix the GS guide
and not break any existing tests.

I added a sample which mimic ths GS guide so we get an integration test that
executes the new code paths.

Fixes gh-1364
10 years ago
Spring Buildmaster 74d0c5185a Next development version 10 years ago
Stephane Nicoll 249e09d9bc Switch master to 1.2.0.BUILD-SNAPSHOT 11 years ago
Spring Buildmaster 40327e1ae6 Next development version 11 years ago
Phillip Webb fa88c481a5 Remote trailing whitespace 11 years ago
Spring Buildmaster 981669b7c0 Next development version 11 years ago
Phillip Webb 200cd535c2 Revert "Next development version"
This reverts commit 67189477fe.
11 years ago
Spring Buildmaster 67189477fe Next development version 11 years ago
Spring Buildmaster 542f3cbda8 Next development version 11 years ago
Spring Buildmaster 4ca26a21dc Next development version 11 years ago
Spring Buildmaster 05ed7b3bcd Next development version 11 years ago
Phillip Webb 3007a777d0 Roll back to 1.1.0.BUILD-SNAPSHOT 11 years ago
Spring Buildmaster c650f2391e Next development version 11 years ago
Phillip Webb 64a835e91a Move master to 1.1.0.BUILD-SNAPSHOT 11 years ago
Spring Buildmaster d3954a1703 Next development version 11 years ago
Spring Buildmaster a5864ebcd0 Next development version 11 years ago
Spring Buildmaster 15e9dbe98b Next development version 11 years ago
Phillip Webb 1e68b7e0a9 Remove superfluous <packaging> tags from POMs 11 years ago
Phillip Webb 0af7f7e347 Add missing POM info 11 years ago
Phillip Webb 488b03387f Polish POM formatting 11 years ago
Phillip Webb 6f9bb233ad Revert "Next development version"
This reverts commit b67bb70ee3.
11 years ago
Spring Buildmaster b67bb70ee3 Next development version 11 years ago
Phillip Webb ac4cdd33c3 Revert "Next development version"
This reverts commit 1d0eea12eb.
Returning to 1.0.0.BUILD-SNAPSHOT for an updated release.
11 years ago
Spring Buildmaster 1d0eea12eb Next development version 11 years ago
Phillip Webb 44d708ef7a Polish 11 years ago
Dave Syer 7a285cf65d Convert all sample tests to @IntegrationTest where appropriate
Makes them a lot more readable IMO, and also enables @Autowiring
from the context into the test case (sweeet). I added @DirtiesContext
to all of them as well to be on the safe side, but possbly that can be
optimized in some way as well.
11 years ago
Sebastien Deleuze ab6c8dfee3 Use org.springframework.boot groupId in spring-boot-samples
Use org.springframework.boot instead of ${project.groupId}
groupId in order to make it easier to use spring-boot-samples
modules as a starting point for new projects.
11 years ago
Dave Syer de9b6a6a22 Switch off debug in secure sample
Fixes gh-438
11 years ago
Spring Buildmaster b0d4e8ae69 Next development version 11 years ago
Spring Buildmaster cb8668a151 Release version 1.0.0.RC4 11 years ago
Phillip Webb 468728a2c0 Polish 11 years ago
Dave Syer b0b7bc0e7f Fix tests
Some assumptions were being made in tests, e.g. about
there being an AuthenticationManager @Bean, which were
false with the new Security 3.2.1 updates from Rob.

Also parent-child contexts with the actuator were
problematic because they didn't exclude the web configuration
for the management security in the parent context.

Fixes gh-244
11 years ago
Spring Buildmaster 1367d57e8c Next development version 11 years ago
Spring Buildmaster eaff1677a7 Release version 1.0.0.RC3 11 years ago
Phillip Webb ed9735361e Apply source cleanup and formatting 11 years ago
Dave Syer 4d608f20e9 Support for AuthenticationManagerBuilder injection into user code
Spring Boot provides a default AuthenticatiomManager for getting
started quickly with security and never exposing insecure
endpoints. To override that feature as users move to the next
stage in their project, they may have to do something slightly
different depending on whether it is a webapp or not.

In any app (web or not), providing a @Bean of type
AuthenticationManager always works, but you don't get the benefit of
the builder features.

In a webapp the user can also extend WebSecurityConfigurerAdapter
to provides a custom AuthenticationManager, and the preferred
way of doing that is via a void method that is autowired with an
AuthenticationManagerBuilder. The default AuthenticationManager is
built in a configurer with @Order(LOWEST_PRECEDENCE - 3) so
to override it the user's confugrer must have higher precedence
(lower @Order).

@EnableGlobalMethodSecurity can also be used in a non-webapp, and
Spring Boot will still provide a default AuthenticationManager.
To override it the user has to either extend
GlobalMethodSecurityConfiguration or provide a @Bean of type
AuthenticationManager (there's no other way to
capture the AuthenticationManagerBuilder that doesn't happen too late
in the beans lifecyle).

Fixes gh-244
11 years ago
Phillip Webb 0160760568 Apply latest eclipse cleanup rules 11 years ago
Phillip Webb cdda330acd Update copyright header for files changed in 2014 11 years ago
Phillip Webb 68293f34af Upgrade version to 1.0.0.BUILD-SNAPSHOT
Fixes fg-243
11 years ago
Dave Syer 559f907b54 Use explicit test dependencies in samples 11 years ago
Phillip Webb 47da8a817a Polish 11 years ago
Dave Syer 5bbb01c071 Move properties file to correct location 11 years ago
Dave Syer b1db714c23 Allow @EnableGlobalMethodSecurity in a non webapp
Fixes gh-202
11 years ago
Phillip Webb 1bcd3de7b5 Polish 11 years ago
Dave Syer f448e79f29 Remove long package names from samples
Long package names are really unnecessary in samples and they
just clutter things up. Also Spring Loaded doesn't work with
org.sfw packages, so to demo that technology you need a
different package name.
11 years ago
Dave Syer e2c962ac28 Switch to thymeleaf-spring4 11 years ago
Dave Syer bd26b28aa5 Extract actuator security into separate classes
So spring-security + a web app is secure by default
(you don't need the actuator).
11 years ago
Dave Syer 0c79c8913f Ensure AutoConfigurationReport is always present 11 years ago
Greg Turnquist b63016d8fc Create a report based on Boot's autoconfiguration decisions
- Gather autoconfiguration conditional decisiions (true and false)
- Provide an actuator endpoint as one means to read the report
- Define @EnableAutConfigurationReport annotation to turn this feature on
- Tidy up autoconfig report a bit and log it if --debug=true
11 years ago