spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-30 07:42:52 +00:00

Author	SHA1	Message	Date
Tran Ngoc Nhan	709f5db0e5	Polish Webauthn4JRelyingPartyOperations Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-06-17 13:35:52 -05:00
Evgeniy Cheban	092bbfc8e7	ReactiveAuthorizationManager replace deprecated #check calls with #authorize Closes gh-16936 Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>	2025-06-12 11:11:49 -06:00
Evgeniy Cheban	b0cecb37d2	Replace deprecated #check calls with #authorize Closes gh-16936 Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>	2025-06-12 11:11:49 -06:00
Rob Winch	2b740b7f1f	Update SubjectX500PrincipalExtractor Javadoc - Provide more details on how the principalName is extracted - Update to specify an OID is used for emailAddress	2025-06-12 12:09:20 -05:00
Rob Winch	f690a7f3df	Encapsulate extractPrincipalNameFromEmail property This simplifies the logic when extracting the principal and allows more flexibility in the future by allowing the format and regex to be added as setters.	2025-06-12 12:09:20 -05:00
Rob Winch	5f2efbea6a	Remove unused statement	2025-06-12 12:09:20 -05:00
Max Batischev	aba437d469	Add Support SubjectX500PrincipalExtractor Closes gh-16980 Signed-off-by: Max Batischev <mblancer@mail.ru>	2025-06-12 12:09:20 -05:00
Joe Grandja	98c3453aa4	Merge branch '6.5.x'	2025-06-06 07:19:08 -04:00
Joe Grandja	d622183e62	Merge branch '6.4.x' into 6.5.x Closes gh-17216	2025-06-06 07:06:12 -04:00
Joe Grandja	a377175455	Merge branch '6.3.x' into 6.4.x Closes gh-17215	2025-06-06 06:50:45 -04:00
Andrey Litvitski	b0f8aa5ea0	Fix to allow multiple AuthenticationFilter instances to process each request Closes gh-17173 Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>	2025-06-06 06:37:03 -04:00
Josh Cummings	215547f8c8	Use UsernameNotFoundException Factory Issue gh-17179	2025-05-28 14:13:02 -06:00
Max Batischev	f4b8e2421a	Add Support Credentialless COEP Header Closes gh-16991 Signed-off-by: Max Batischev <mblancer@mail.ru>	2025-05-23 14:45:59 -06:00
John Niang	9ba5c7b2ce	Add SwitchUserGrantedAuthority to Web Jackson Module Closes gh-17041 Signed-off-by: John Niang <johnniang@foxmail.com>	2025-05-23 14:42:54 -06:00
Tran Ngoc Nhan	8e2067bb3e	Remove deprecated `MemberCategory#DECLARED_FIELDS` Issue gh-16889 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-05-23 14:36:54 -06:00
Josh Cummings	c9bbf3787b	Merge branch '6.5.x'	2025-05-23 11:36:22 -06:00
Josh Cummings	8aaa9c28fa	Merge branch '6.4.x' into 6.5.x	2025-05-23 11:36:01 -06:00
Josh Cummings	2989d12743	Merge branch '6.3.x' into 6.4.x	2025-05-23 11:35:25 -06:00
Joaquin Santana	c0568ea9b0	Log Request Mismatch Only When Mismatches Signed-off-by: Joaquin Santana <joaquinjsb@outlook.com>	2025-05-23 11:34:48 -06:00
universe	50f8ad55a8	Remove Redundant Punctation in JavaDoc Signed-off-by: universe <daofei8754@126.com>	2025-05-23 10:05:27 -05:00
Josh Cummings	e19c9995ae	Merge branch '6.5.x'	2025-05-19 09:46:36 -06:00
Josh Cummings	78dd02a4c1	Merge branch '6.4.x' into 6.5.x Closes gh-17147	2025-05-19 09:46:24 -06:00
Josh Cummings	edc8735eb8	Merge branch '6.3.x' into 6.4.x Closes gh-17146	2025-05-19 09:46:10 -06:00
Mark Putsiata	cae3467a8d	Improve AbstractPreAuthenticatedProcessingFilter docs Clarify misleading SecurityContextRepository setter documentation. Note that AbstractPreAuthenticatedProcessingFilter saves the SecurityContext upon successful authentication, and this behavior can be customized via the setSecurityContextRepository setter. Closes gh-14137 Signed-off-by: Mark Putsiata <m.putsiata@gmail.com>	2025-05-19 09:45:53 -06:00
Tran Ngoc Nhan	86550fb84b	Cleanup code Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-05-13 12:40:18 -06:00
yybmion	d48c463c03	Add logging to CsrfTokenRequestHandler implementations Add trace-level logging to show the logical path of CSRF token processing - Log token source (header or parameter) in resolveCsrfTokenValue - Log request attribute names in handle methods - Log failures in XorCsrfTokenRequestAttributeHandler (especially Base64 decoding) - Add similar logging to XorServerCsrfTokenRequestAttributeHandler Improves debugging capabilities without changing functionality. Closes gh-13626 Signed-off-by: yybmion <yunyubin54@gmail.com>	2025-05-12 18:49:40 -06:00
yybmion	a90ce5142c	Add logging to CsrfTokenRequestHandler implementations Add trace-level logging to show the logical path of CSRF token processing - Log token source (header or parameter) in resolveCsrfTokenValue - Log request attribute names in handle methods - Log failures in XorCsrfTokenRequestAttributeHandler (especially Base64 decoding) - Add similar logging to XorServerCsrfTokenRequestAttributeHandler Improves debugging capabilities without changing functionality. Closes gh-13626 Signed-off-by: yybmion <yunyubin54@gmail.com>	2025-05-12 18:48:45 -06:00
Tran Ngoc Nhan	1e4dd713c5	Remove APPLICATION_JSON_UTF8 usage Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-05-07 14:59:14 -05:00
Rob Winch	6118587ff8	SavedCookieMixinTests uses readValue(String,Object.class) The test should not provide SavedCookie.class to the ObjectMapper since this is not done in production. In particular, it provides the type that it should be deserialized, but this must be provided in the JSON since the type is unknown at the time of deserialization. Issue gh-17006	2025-05-07 14:55:54 -05:00
M-Faheem-Khan	241c3cd35a	Remove deprecated Cookie usage Remove usage of comment and verison usage Signed-off-by: M-Faheem-Khan <faheem5948@gmail.com>	2025-05-07 14:55:54 -05:00
Rob Winch	5f833fa236	Fix Checkstyle Errors	2025-05-07 10:50:41 -05:00
milaneuh	7fda87aecd	Remove deprecated methods from CookieServerCsrfTokenRepository	2025-05-07 10:50:41 -05:00
Rob Winch	b453840c0a	HttpHeaders no longer a MultiValueMap Closes gh-17060	2025-05-06 13:27:13 -05:00
Rob Winch	e5e962ef90	Jakarta Cookie HttpOnly Serialization The new specification represents Cookie attribute using HttpOnly: "" vs HttpOnly: "true". This updates the test to correspond to the new Servlet specification and is a breaking change related to jakarta updates.	2025-05-06 13:27:13 -05:00
Rob Winch	607705347c	MediaType.sortBySpecificityAndQuality->sortBySpecificity Closes gh-17059	2025-05-06 13:26:17 -05:00
Rob Winch	66319fc3bc	MockServerHttpRequest.method(String,String)->method(HttpMethod,String) Closes gh-17058	2025-05-06 13:26:16 -05:00
Rob Winch	cb0fdef236	Remove MediaType.APPLICATION_JSON_UTF Closes gh-17050	2025-05-06 13:26:14 -05:00
Zhoudong	6624e302ac	Favor Spring Framework NonNull over Reactor NonNull Signed-off-by: Zhoudong <jearton@users.noreply.github.com>	2025-05-06 10:52:05 -06:00
Josh Cummings	aa338e9b0d	Merge branch '6.4.x'	2025-05-02 10:58:22 -06:00
Josh Cummings	57fc29e614	Merge branch '6.3.x' into 6.4.x Closes gh-17032	2025-05-02 10:57:55 -06:00
Josh Cummings	e48f26e51e	Propagate StrictFirewallRequest Wrapper Closes gh-16978	2025-05-02 10:57:07 -06:00
Max Batischev	c855453e40	Fix Typo In SubjectDnX509PrincipalExtractorTests Signed-off-by: Max Batischev <mblancer@mail.ru>	2025-04-29 12:25:41 -06:00
Tran Ngoc Nhan	29380a87a0	Polish javadoc Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-04-23 14:36:45 -06:00
Max Batischev	8525f0e3fd	Add FunctionalInterface To X509PrincipalExtractor Closes gh-16949 Signed-off-by: Max Batischev <mblancer@mail.ru>	2025-04-23 14:27:42 -06:00
Josh Cummings	7d6bdfedc8	Add Null Guard for Authorization Result	2025-04-23 12:11:10 -06:00
Josh Cummings	0ab01eac14	Update Deprecated Security Usage	2025-04-23 12:11:08 -06:00
Josh Cummings	216680bb50	Update Deprecated Spring Jdbc Usage	2025-04-23 11:29:18 -06:00
Josh Cummings	2ad859a63c	Add Missing Deprecation Markers	2025-04-23 11:29:18 -06:00
Josh Cummings	3f7f3dabe7	Correct JavaDoc Class Reference	2025-04-23 11:29:18 -06:00
Daeho Kwon	9908d96644	DeferredCsrfToken Implements Supplier Closes gh-16870 Signed-off-by: Daeho Kwon <trewq231@naver.com>	2025-04-09 14:24:11 -06:00

1 2 3 4 5 ...

1983 Commits