135e602472
Use SecurityContextHolderStrategy for Digest
...
Issue gh-11060
2022-06-28 13:54:29 -06:00
44d99f41a3
Use SecurityContextHolderStrategy for Switch User
...
Issue gh-11060
2022-06-28 13:35:39 -06:00
e1c211c11f
Use SecurityContextHolderStrategy for Switch User
...
Issue gh-11060
2022-06-28 13:34:04 -06:00
83b3bb3209
Add SecurityContextHolderStrategy to Pre-authenticated scenarios
...
Issue gh-11060
Issue gh-11061
2022-06-28 12:10:07 -06:00
98995f2225
Add SecurityContextHolderStrategy to Pre-authenticated scenarios
...
Issue gh-11060
Issue gh-11061
2022-06-28 12:04:37 -06:00
944f565c16
Use SecurityContextHolderStrategy for Remember-me
...
Issue gh-11060
Isuse gh-11061
2022-06-28 11:09:38 -06:00
4a2d77d3f2
Use SecurityContextHolderStrategy for Remember-me
...
Issue gh-11060
Isuse gh-11061
2022-06-28 11:08:57 -06:00
b316a3217b
Add SecurityContextHolderStrategy for Jaas
...
Issue gh-11060
Issue gh-11061
2022-06-28 09:35:54 -06:00
ee66850aed
Add SecurityContextHolderStrategy for Jaas
...
Issue gh-11060
Issue gh-11061
2022-06-28 09:26:05 -06:00
f3d99f557b
Use SecurityContextHolderStrategy for AuthenticationFilter
...
Issue gh-11060
2022-06-27 16:28:37 -06:00
0fee05d023
Use SecurityContextHolderStrategy for AuthenticationFilter
...
Issue gh-11060
2022-06-27 16:26:42 -06:00
a7b58c2299
Polish SecurityContextHolderStrategy for Defaults
...
gh-11060
2022-06-27 13:17:44 -06:00
772f29e063
Polish SecurityContextHolderStrategy for Defaults
...
gh-11060
2022-06-27 13:00:24 -06:00
a8c30f79e6
Add Core, MVC and MethodSecurity runtime hints
...
Closes gh-11431
2022-06-27 09:25:49 -03:00
7841827169
Adds the ability to set the CSRF Token cookie max age value
...
Closes gh-11432
2022-06-24 16:42:32 -06:00
1ac1271972
Adds the ability to set the CSRF Token cookie max age value
...
Closes gh-11432
2022-06-24 16:42:05 -06:00
d32f74d19d
SecurityContextHolder Deferred SecurityContext
...
Closes gh-10913
2022-06-17 17:03:19 -05:00
b6d43e58c0
SecurityContextHolder Deferred SecurityContext
...
Closes gh-10913
2022-06-17 16:59:09 -05:00
d4a03dc2b1
Cache SecurityContextRepository.loadContext(HttpServletRequest) Result
...
Closes gh-11390
2022-06-17 15:28:57 -05:00
591d1edc7d
Cache SecurityContextRepository.loadContext(HttpServletRequest) Result
...
Closes gh-11390
2022-06-17 14:52:01 -05:00
a31a99b591
Add SecurityContextHolderStrategy to Default Components
...
Issue gh-11060
2022-06-17 11:58:36 -06:00
31e25b115e
Add SecurityContextHolderStrategy to Default Components
...
Issue gh-11060
2022-06-17 11:28:10 -06:00
29ba67b6d7
Remove dependency on commons-codec by using java.util.Base64
...
Closes gh-11318
2022-06-09 06:50:01 -06:00
f3c96fa9cd
Remove dependency on commons-codec by using java.util.Base64
...
Closes gh-11318
2022-06-09 06:49:39 -06:00
cf69cdf008
Reverse content type check
...
When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.
closes gh-11204
Closes gh-11205
2022-06-06 15:46:28 -05:00
1483a57018
Reverse content type check
...
When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.
closes gh-11204
2022-06-06 15:45:55 -05:00
57fe5b8b5c
Fix Import Order Checkstyle Error
...
Issue gh-9667
2022-05-23 15:55:21 -06:00
5540bbcf0b
createEvaluationContext should defer lookup of Authentication
...
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication
Closes gh-9667
2022-05-18 17:36:17 -06:00
362f15534e
createEvaluationContext should defer lookup of Authentication
...
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication
Closes gh-9667
2022-05-18 17:34:14 -06:00
5b0dab5d3e
StrictHttpFirewall allows CJKV characters
...
Closes gh-11264
2022-05-18 09:54:16 -05:00
7d97839235
StrictHttpFirewall allows CJKV characters
...
Closes gh-11264
2022-05-18 09:53:29 -05:00
472c25b5e8
AntRegexRequestMatcher Optimization
...
Closes gh-11234
2022-05-16 11:32:01 -05:00
0df5ece758
Extract rejectNonPrintableAsciiCharactersInFieldName
...
Closes gh-11234
2022-05-16 11:32:01 -05:00
538252cf07
AntRegexRequestMatcher Optimization
...
Closes gh-11234
2022-05-16 10:22:30 -05:00
04ca7ef91b
Extract rejectNonPrintableAsciiCharactersInFieldName
...
Closes gh-11234
2022-05-16 10:22:30 -05:00
0814136ee8
Polish WebExpressionAuthorizationManager
...
- Add support for request variables
- Added additional tests
Issue gh-11105
2022-05-13 14:14:42 -06:00
c4766e64fe
Add AuthorizationManager that uses ExpressionHandler
...
Closes gh-11105
2022-05-13 14:05:34 -06:00
ffaf5b4e61
Polish WebExpressionAuthorizationManager
...
- Add support for request variables
- Added additional tests
Issue gh-11105
2022-05-13 13:53:38 -06:00
07b0be3f42
Add AuthorizationManager that uses ExpressionHandler
...
Closes gh-11105
2022-05-13 13:52:49 -06:00
f34ea188e2
RequestRejectedException is 400 by Default
...
Closes gh-7568
2022-05-12 10:32:27 -05:00
000b87f9aa
Revert "Use Spring Framework version 6.0.0-M3"
...
This reverts commit b803e845e7
2022-05-11 08:36:14 -03:00
806e05855c
Replace removed context-related operators
...
Closes gh-11194
2022-05-10 14:58:02 -03:00
b803e845e7
Use Spring Framework version 6.0.0-M3
...
Closes gh-11193
2022-05-10 14:49:02 -03:00
ce86f4e4b5
Polish ServerWebExchangeDelegatingServerHttpHeadersWriter
...
Issue gh-11073
2022-05-06 09:51:28 -03:00
57cededd49
Add DelegatingServerHttpHeadersWriter
...
Servlet Spring Security has DelegatingRequestMatcherHeaderWriter
the reactive world of Spring Security was missing a class to
conditionally write headers.
Closes gh-11073
2022-05-06 09:51:28 -03:00
195d767d98
Polish ServerWebExchangeDelegatingServerHttpHeadersWriter
...
Issue gh-11073
2022-05-06 09:43:34 -03:00
0e2fc51bad
Add DelegatingServerHttpHeadersWriter
...
Servlet Spring Security has DelegatingRequestMatcherHeaderWriter
the reactive world of Spring Security was missing a class to
conditionally write headers.
Closes gh-11073
2022-05-06 09:43:34 -03:00
768267c131
Fix WebSessionReactiveSecurityRepository Supports Cache
...
Fix the checkstyle for this feature
Closes gh-8422
2022-05-03 21:09:41 -05:00
3c259b4be5
Fix WebSessionReactiveSecurityRepository Supports Cache
...
Fix the checkstyle for this feature
Closes gh-8422
2022-05-03 21:08:51 -05:00
dbe7e37f2b
WebSessionReactiveSecurityRepository Supports Cache
2022-05-03 16:40:51 -05:00
1ef738ba34
WebSessionReactiveSecurityRepository Supports Cache
2022-05-03 16:15:22 -05:00
9a9a43a0c0
ForceEagerSessionCreationFilter
...
Closes gh-11109
2022-04-15 14:18:25 -05:00
aaf78330b1
ForceEagerSessionCreationFilter
...
Closes gh-11109
2022-04-15 14:16:35 -05:00
5367524030
Change the default of shouldFilterAllDispatchTypes to true
...
Closes gh-11107
2022-04-14 16:30:42 -03:00
84b5c76a7b
Add Option to Filter All Dispatcher Types
...
Closes gh-11092
2022-04-14 16:10:36 -03:00
7fea639a43
Add Option to Filter All Dispatcher Types
...
Closes gh-11092
2022-04-14 15:58:00 -03:00
3a9b080bbe
Deprecate loadContext(RequestResponseHolder)
...
Fix gh-11032
2022-04-12 16:36:08 -05:00
0c2b9758fc
Deprecate loadContext(RequestResponseHolder)
...
Fix gh-11032
2022-04-12 16:35:38 -05:00
50f8df6f07
Use HttpStatusCode
...
Closes gh-11091
2022-04-11 09:19:56 -03:00
bc50146f60
Fix tests in AntPathRequestMatcherTests
...
Closes gh-11090
2022-04-11 09:19:56 -03:00
39b0620a84
Add DisableUrlRewritingFilter
...
Closes gh-11084
2022-04-08 16:13:44 -05:00
7be32872e9
Add DisableUrlRewritingFilter
...
Closes gh-11084
2022-04-08 16:13:24 -05:00
c4e88415a5
Remove MessageSourceAware from ExceptionTranslationWebFilter
...
Closes gh-11057
2022-04-05 16:13:41 +02:00
ae8e77f9ff
Remove blocking call from ExceptionTranslationWebFilter
...
This also means that the exception message is no longer retrieved from a MessageSource. This is consistent with the other WebFilters.
Closes gh-10864
2022-04-05 14:05:56 +02:00
725a57fccc
Remove blocking call from ExceptionTranslationWebFilter
...
This also means that the exception message is no longer retrieved from a MessageSource. This is consistent with the other WebFilters.
Closes gh-10864
2022-04-05 13:12:17 +02:00
1edfa07d27
Use RequestMatcherEntry
...
Closes gh-11046
2022-03-30 14:40:06 -06:00
c175118f62
Use RequestMatcherEntry
...
Closes gh-11046
2022-03-30 14:31:11 -06:00
bdd5f86526
Polish Authorization Event Support
...
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support
Issue gh-9288
2022-03-29 16:37:21 -06:00
990831db85
Add authorization events
...
Closes gh-9288
2022-03-29 16:22:43 -06:00
061f69eb70
Polish Authorization Event Support
...
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support
Issue gh-9288
2022-03-29 16:03:19 -06:00
bd9434882f
Add authorization events
...
Closes gh-9288
2022-03-29 15:44:21 -06:00
8c34af711e
Use ServletContext in AuthorizationManagerWebInvocationPrivilegeEvaluator
...
Closes gh-10908
2022-03-28 10:01:51 -03:00
6c52c52a68
Use ServletContext in AuthorizationManagerWebInvocationPrivilegeEvaluator
...
Closes gh-10908
2022-03-28 09:45:23 -03:00
e176d764ba
Add SecurityContextRepository.loadContext(HttpServletRequest)
...
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.
Closes gh-11028
2022-03-25 14:38:37 -05:00
67fd46bfa6
Add SecurityContextRepository.loadContext(HttpServletRequest)
...
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.
Closes gh-11028
2022-03-25 14:21:52 -05:00
1e3106f3a2
HttpSessionSecurityContextRepository support null HttpServletResponse
...
Closes gh-11029
2022-03-25 13:03:33 -05:00
8940719dbb
HttpSessionSecurityContextRepository support null HttpServletResponse
...
Closes gh-11029
2022-03-25 13:01:40 -05:00
8aa7029d07
Fix checkstyle errors
...
Issue gh-10989
2022-03-18 22:53:29 -05:00
987ee2e67a
Polish gh-10911
2022-03-17 12:53:56 -05:00
1b29c43a11
Use configurable charset in ServerHttpBasicAuthenticationConverter
...
Closes gh-10903
2022-03-17 12:53:55 -05:00
946e24e1c2
Polish gh-10911
2022-03-17 12:34:16 -05:00
2b6bc5dd0b
Use configurable charset in ServerHttpBasicAuthenticationConverter
...
Closes gh-10903
2022-03-17 12:34:16 -05:00
90fe1b3a69
Polish UsernamePasswordAuthenticationFilter method
...
Closes gh-10970
2022-03-16 16:41:03 +01:00
7955e5ac52
Polish UsernamePasswordAuthenticationFilter method
...
Closes gh-10970
2022-03-16 16:29:40 +01:00
972039e65c
Add SecurityContextHolderFilter
...
Closes gh-9635
2022-03-12 13:31:04 -06:00
cbba7ea4de
AbstractAuthenticationProcessingFilter.securityContextRepository
...
Issue gh-10953
2022-03-12 13:23:47 -06:00
87ed31a99c
Add SecurityContextHolderFilter
...
Closes gh-9635
2022-03-11 17:22:23 -06:00
abd33389be
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:49:29 -07:00
ac9c29b2a0
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:23:35 -07:00
4462b73fd9
AbstractPreAuthenticatedProcessingFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:47:34 -06:00
ba7fb0cb14
DigestAuthenticationFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:47:34 -06:00
09e730734b
BasicAuthenticationFilter.setSecurityContextRepository
...
Issue gh-10953
2022-03-09 15:47:34 -06:00
d909d3bc40
RememberMeAuthenticationFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:47:34 -06:00
7c5b939bbd
AuthenticationFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:47:34 -06:00
636f3e1d5d
AbstractPreAuthenticatedProcessingFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:33:42 -06:00
e6b6104b52
DigestAuthenticationFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:33:42 -06:00
9b0cd5a0a8
BasicAuthenticationFilter.setSecurityContextRepository
...
Issue gh-10953
2022-03-09 15:33:42 -06:00
120f2a356f
RememberMeAuthenticationFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:33:42 -06:00
014c471ff1
AuthenticationFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:33:42 -06:00
f11cb988a9
AbstractAuthenticationProcessingFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:33:42 -06:00
Josh Cummings
Marcus Da Coregio
Alonso Araya Calvo
Rob Winch
j3graham
Zhivko Delchev
Evgeniy Cheban
David Herberth
Eleftheria Stein
Parikshit Dutta
Steve Riesenberg
David Kirstein
ShinDongHun1
Norbert Nowak