dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #37354
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 19123: update to spring security 4.0.1
------------------------------------------------------------
revno: 19123
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Mon 2015-05-11 11:36:57 +0700
message:
update to spring security 4.0.1
modified:
dhis-2/dhis-web/dhis-web-api/src/main/resources/META-INF/dhis/servlet.xml
dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml
dhis-2/dhis-web/dhis-web-ohie/src/main/resources/META-INF/dhis/webapi-ohie.xml
dhis-2/pom.xml
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/resources/META-INF/dhis/servlet.xml'
--- dhis-2/dhis-web/dhis-web-api/src/main/resources/META-INF/dhis/servlet.xml 2014-12-16 17:00:41 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/resources/META-INF/dhis/servlet.xml 2015-05-11 04:36:57 +0000
@@ -6,7 +6,7 @@
xmlns:sec="http://www.springframework.org/schema/security";
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
+ http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd";>
<sec:global-method-security pre-post-annotations="enabled" />
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2015-02-26 08:12:03 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2015-05-11 04:36:57 +0000
@@ -2,7 +2,7 @@
<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:sec="http://www.springframework.org/schema/security";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd";>
+ http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd";>
<bean id="mappedRedirectStrategy" class="org.hisp.dhis.security.MappedRedirectStrategy">
<property name="redirectMap">
@@ -59,17 +59,20 @@
authentication-success-handler-ref="defaultAuthenticationSuccessHandler" />
<sec:form-login default-target-url="/" always-use-default-target="false"
+ username-parameter="j_username" password-parameter="j_password"
authentication-failure-handler-ref="securityExceptionTranslationHandler"
login-processing-url="/dhis-web-commons-security/login.action"
login-page="/dhis-web-commons/security/login.action"
authentication-success-handler-ref="defaultAuthenticationSuccessHandler" />
- <sec:headers>
+ <sec:headers defaults-disabled="true">
<sec:content-type-options />
<sec:frame-options />
<sec:xss-protection />
</sec:headers>
+ <sec:csrf disabled="true"/>
+
<sec:http-basic />
<sec:logout logout-url="/dhis-web-commons-security/logout.action" />
<sec:intercept-url pattern="/dhis-web-commons/i18nJavaScript.action" access="permitAll()" />
=== modified file 'dhis-2/dhis-web/dhis-web-ohie/src/main/resources/META-INF/dhis/webapi-ohie.xml'
--- dhis-2/dhis-web/dhis-web-ohie/src/main/resources/META-INF/dhis/webapi-ohie.xml 2014-12-04 06:39:46 +0000
+++ dhis-2/dhis-web/dhis-web-ohie/src/main/resources/META-INF/dhis/webapi-ohie.xml 2015-05-11 04:36:57 +0000
@@ -7,7 +7,7 @@
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd
- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
+ http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd";>
<sec:global-method-security pre-post-annotations="enabled" />
=== modified file 'dhis-2/pom.xml'
--- dhis-2/pom.xml 2015-05-08 20:54:18 +0000
+++ dhis-2/pom.xml 2015-05-11 04:36:57 +0000
@@ -1008,7 +1008,7 @@
<rootDir></rootDir>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<spring.version>4.1.6.RELEASE</spring.version>
- <spring.security.version>3.2.6.RELEASE</spring.security.version>
+ <spring.security.version>4.0.1.RELEASE</spring.security.version>
<struts.version>2.3.16.3</struts.version>
<hibernate.version>4.2.0.Final</hibernate.version>
<hibernate-validator.version>4.3.1.Final</hibernate-validator.version>
