Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-08-02 23:53:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,099 Commits 39 Branches 351 Tags
Commit Graph

2013 Commits

Author SHA1 Message Date
Daniel Garnier-Moiroux
5ee6b83953 Introduce OneTimeTokenAuthenticationFilter 
closes gh-16539

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-02-10 09:55:51 -06:00
Max Batischev
be81377235 Add Support ServerGenerateOneTimeTokenRequestResolver 
Closes gh-16488

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-02-05 14:14:16 -07:00
Steve Riesenberg
54a6a19e05 Polish gh-16214 
This commit applies the following changes:

* Added local Content-Security-Policy with script-src nonce directive
* Removed form-redirect.js and associated changes
* Renamed to FormPostRedirectStrategy
* Removed HtmlUtils usage
* Moved to same package as DefaultRedirectStrategy
 2025-02-03 14:52:30 -06:00
Craig Andrews
58534e7f60 Add FormRedirectStrategy to enable POST OIDC Logout 
FormRedirectStrategy redirects using an autosubmitting HTML form using the POST method versus DefaultRedirectStrategy which redirects using the GET method.

Can be used to implement POST binding for relying party initiated OIDC logout by setting FormRedirectStrategy as the redirection strategy on OidcClientInitiatedLogoutSuccessHandler.

Closes gh-13002

Signed-off-by: Craig Andrews <candrews@integralblue.com>
 2025-02-03 14:52:30 -06:00
Max Batischev
61d92e9db9 Fix assertion message in DefaultGenerateOneTimeTokenRequestResolver 
Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-02-03 12:15:20 -07:00
Josh Cummings
0f8e1936ff
Merge branch '6.4.x' 2025-02-03 10:19:31 -07:00
NeoTraveler
e31f04bebc
withValue used incorrectly 
Closes gh-16525
Closes gh-16527

Signed-off-by: NeoTraveler <55753029+NeoTraveler@users.noreply.github.com>
 2025-02-03 10:18:33 -07:00
Steve Riesenberg
b32f4f1afc Polish gh-16502 2025-02-03 09:21:53 -06:00
earlgrey02
1fa1848f9f Add HttpStatusAccessDeniedHandler 
Signed-off-by: earlgrey02 <san06036@naver.com>
 2025-02-03 09:21:53 -06:00
Max Batischev
c7bc4c98db
Make PublicKeyCredentialRequestOptions Serializable 
Closes gh-16432

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-01-23 20:13:10 -06:00
Josh Cummings
e1a42db845
Merge branch '6.4.x' 2025-01-23 17:03:53 -07:00
Josh Cummings
d043884e32
Support Serialization 
Issue gh-16276
 2025-01-23 16:44:45 -07:00
Rob Winch
177ce59a4b
Merge branch '6.4.x' 
Implement Serializable for WebAuthnAuthentication

Closes gh-16474
 2025-01-23 14:12:30 -06:00
Tran Ngoc Nhan
e557c7227b
Implement Serializable for WebAuthnAuthentication 
Closes gh-16273
Closes gh-16285

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-01-23 13:53:26 -06:00
Max Batischev
474b5e151a Add Support GenerateOneTimeTokenRequestResolver 
Closes gh-16291

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-01-22 17:09:55 -06:00
Rob Winch
dddab8e356
Merge branch '6.4.x' 
Closes gh-16465
 2025-01-22 16:04:19 -06:00
Daniel Garnier-Moiroux
bb8e757c4b
Fix GenerateOneTimeTokenWebFilter double publish of chain.filter(...) 
closes gh-16458

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-01-22 16:00:59 -06:00
Rob Winch
081dee042e
Merge branch '6.4.x' 
Add TestBytes

Closes gh-16462
 2025-01-21 15:12:49 -06:00
Rob Winch
3209930cca
Add TestBytes 
Closes gh-16461
 2025-01-21 15:12:31 -06:00
Max Batischev
80e8e14500 Add GenerateOneTimeTokenFilterTests 2025-01-21 10:59:57 -06:00
DingHao
f4491f388e
Set PublicKeyCredentialCreationOptionsRepository by DSL or Bean 
Closes gh-16369

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-01-17 18:57:08 -06:00
DingHao
8181cec06c
Set HttpMessageConverter by DSL 
Closes gh-16369

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-01-17 18:29:23 -06:00
Josh Cummings
c2a5709e0f
Merge branch '6.4.x' 2025-01-17 16:09:01 -07:00
Josh Cummings
bbe4f87641
Mark Serialization Support for Events 
Issue gh-16276
 2025-01-17 16:08:31 -07:00
DingHao
45f22a46e3 Use spring.security prefix instead of security.security 
Closes gh-16422

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-01-16 14:29:25 -07:00
Josh Cummings
443af32314
Move Servlet Mocks to Web 
Issue gh-13551
 2025-01-15 17:32:58 -07:00
Josh Cummings
6019803064
Merge branch '6.4.x' 2025-01-14 18:38:14 -07:00
Josh Cummings
244fd2eb51
Support Serialization in Exceptions 
Issue gh-16276
 2025-01-14 18:37:53 -07:00
Josh Cummings
acd1bb1777
Merge branch '6.4.x' 2025-01-14 17:35:45 -07:00
Josh Cummings
8e59fa1719
Don't Support Serialization for Jackson (De)serializers 
Issue gh-16276
 2025-01-14 17:35:33 -07:00
Josh Cummings
0af4cdbf5c
Merge branch '6.4.x' 2025-01-14 17:05:21 -07:00
Josh Cummings
8735368d9e
Don't Support Serialization of Jackson Modules 
Issu gh-16276
 2025-01-14 17:04:36 -07:00
Josh Cummings
28644aa966
Merge branch '6.4.x' 2025-01-14 16:17:34 -07:00
Josh Cummings
6f379aa907
Add Serializable to Csrf Components 
Issue gh-16276
 2025-01-14 16:07:20 -07:00
Max Batischev
fd267dfb71 Add Support JdbcPublicKeyCredentialUserEntityRepository 
Closes gh-16224
 2024-12-20 16:54:51 -06:00
Max Batischev
7b07ef5ff3 Add Support JdbcUserCredentialRepository 
Closes gh-16224
 2024-12-20 16:54:51 -06:00
Max Batischev
38523faaa0 Remove Unused loggers 
Closes gh-16319
 2024-12-20 16:51:38 -06:00
Max Batischev
e9bdb5b96e Polish SecurityFilterChain Validation 
Issue gh-15982
 2024-12-19 15:04:01 -07:00
Josh Cummings
1104b45832
Polish SessionLimit 
- Move to the web.authentication.session package since it is only needed
by web.authentication.session elements and does not access any other web
element itself.
- Add Kotlin support
- Add documentation

Issue gh-16206
 2024-12-18 18:32:28 -07:00
Claudenir Machado
1864577e98 Address SessionLimitStrategy 
Closes gh-16206
 2024-12-18 18:32:12 -07:00
Josh Cummings
3eeb4317f6 Add setFavorRelativeUris 
This places the new functionality behind a setting so that
we can remain passive until we can change the setting in
the next major release.

Issue gh-7273
 2024-12-17 22:35:41 -07:00
Michal Okosy
7848b959da Use relative URLs in /login redirects 
Closes gh-7273
 2024-12-17 22:35:41 -07:00
Josh Cummings
27c2a8ad11
Add Serializable Compatibility to Web Authentication Exceptions 
Issue gh-16276
 2024-12-17 13:05:23 -07:00
Yoshikazu Nojima
d7d5253607 Change attestation in PublicKeyCredentialCreationOptions to none 
The attestation option in PublicKeyCredentialCreationOptions is a
parameter that controls whether to request attestation from the security key.
However, Spring Security Passkeys currently doesn't implement attestation verification.
Therefore, requesting attestation is unnecessary.
Specifying `direct` to request attestation may trigger browsers to
display additional privacy related dialog to users, so it is best to
avoid specifying `direct` unnecessarily.
 2024-12-11 17:18:18 -06:00
Rob Winch
cb4c7e5886 Merge branch '6.3.x' 
Closes gh-16261
 2024-12-11 15:48:18 -06:00
Rob Winch
6a0b683e60 StrictFirewallHttpRequest.buid returns StrictFirewallHttpRequest 
Closes gh-16069
 2024-12-11 15:46:31 -06:00
Josh Cummings
4cbaabb239 Added Testing 
Issue gh-16177
 2024-12-10 14:09:46 -07:00
DingHao
f565b23b51 Restore Method Parameter Inheritance Support 
Closes gh-16177
 2024-12-10 14:09:46 -07:00
12OneTwo12
d39e329234 Add @inheritDoc to sessionIdChanged method 
Closes gh-16211
 2024-12-05 12:31:47 -07:00
Josh Cummings
d3a95c5c1e
Merge branch '6.3.x' 2024-12-05 09:52:55 -07:00