WIP: Resolve "Implement Spring Security" (!564) · Merge requests · minerva / core · GitLab

GitLab now enforces expiry dates on tokens that originally had no set expiration date. Those tokens were given an expiration date of one year later. Please review your personal access tokens, project access tokens, and group access tokens to ensure you are aware of upcoming expirations. Administrators of GitLab can find more information on how to identify and mitigate interruption in our documentation.

Sascha Herzinger requested to merge 563-spring-security into master Jan 08, 2019

Closes #563 (closed)

This is a WIP. Do not merge.

@piotr.gawron Spring Security is now active, does handle basic Dao authentication and manages the application security on an API level.

TODO:

LDAP AuthenticationProvider
Remove all custom security from the rest-api module
Add interface level security and filtering to the service module
Make all unit tests pass