Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,855 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

8855 Commits

Author SHA1 Message Date
Ellie Bahadori 7319e81701 Change pipeline to run for all base branches 
Issue gh-8680
 2020-06-17 16:05:41 -05:00
Josh Cummings 9895d01257
Simplify Multitenancy Example 
Closes gh-8713
 2020-06-17 14:04:58 -06:00
Rob Winch 145bb89394 Use Spring Releases for Now 
Works around https://github.com/spring-projects/spring-framework/issues/25271
 2020-06-17 14:39:48 -05:00
yukihane c177b391d4
Polish ProviderManagerTests 
- Renamed test to follow naming convention
- Simplified mock with Mockito
- Added note regarding related ticket

Issue gh-8689
 2020-06-16 15:56:04 -06:00
yukihane 5302fb776c
ProviderManager Uses CollectionUtils#contains 
Closes gh-8689
 2020-06-16 15:56:04 -06:00
Ellie Bahadori 27e1c582b9
Merge pull request #8680 from elliedori/github-actions-pr-pipeline 
Set up Github Actions pipeline for PRs
 2020-06-16 11:19:37 -07:00
Eleftheria Stein 224361cb4a Fix typo in Javadoc 2020-06-16 09:38:09 -04:00
Rob Winch eb351f455b
Use `Closes gh-<number>` 
We now use Closes because it makes sense for enhancements and bugs
 2020-06-11 15:34:35 -05:00
Ellie Bahadori e213e6430a Create Github Actions pipeline for PR build workflow 2020-06-11 11:07:34 -07:00
Evgeniy Cheban 4e7be2078f DefaultWebSecurityExpressionHandler uses RoleHierarchy bean 
Fixes gh-7059
 2020-06-10 16:43:01 -04:00
Rob Winch ccbad61ae8 Change blacklist to blocklist 
Closes gh-8676
 2020-06-10 11:49:49 -05:00
Rob Winch ca1252be94 Replace whitelist with allowlist 
Issue gh-8676
 2020-06-10 11:49:21 -05:00
Rob Winch a907026eae Deprecate X-FRAME-OPTIONS ALLOW-FROM Directive 
Closes gh-8677
 2020-06-10 11:48:56 -05:00
Rob Winch 6fbe58e624 Update RSocket Sample to use RSocket 1.0.1 
Fixes the integration tests from hanging.

Issue gh-8664
 2020-06-10 11:44:10 -05:00
Joe Grandja da4b626bf1 OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException 
Issue gh-8609
 2020-06-09 17:28:21 -04:00
Joe Grandja 4c902bb857 OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException 
Fixes gh-8609
 2020-06-09 17:28:21 -04:00
Robin Dupret bb0fac66d6 Fix a few typos in the documentation 2020-06-09 14:40:39 -05:00
Josh Cummings 1d821a2664
Add Ticket Number to Test 
Issue gh-8650
 2020-06-05 14:24:49 -06:00
Erik Bakker cd3fd6762f
Don't Consume Request Body 
Per the servlet spec, getParameter(name) consumes the request body for
POST requests.

This commit prevents DefaultOAuth2AuthorizationRequestResolver from
consuming the request body for non-Authorization requests.

Closes gh-8650
 2020-06-05 14:21:00 -06:00
Rob Winch 24a04f9c5f Add subscriberContext to PayloadSocketAcceptor delegate.accept 
Closes gh-8654
 2020-06-05 12:22:19 -05:00
Parikshit Dutta 28d2cfa14a Add ServerRequestCache setter in OAuth2AuthorizationCodeGrantWebFilter 
Fixes gh-8536
 2020-06-02 21:54:09 -04:00
Josh Cummings aa84c79e87
Use Nimbus Multiple Algorithm Support 
Closes gh-8623
 2020-06-02 12:49:21 -06:00
Dayan d8aa208a9f Fix broken link in spring security reference document 
Fixes:#8593
 2020-06-02 05:36:19 -06:00
Rob Winch 748538d19f Delay AuthenticationPrincipalArgumentResolver Creation 
Use ObjectProvider<AuthenticationPrincipalArgumentResolver> to delay its
lookup.

Closes gh-8613
 2020-05-29 16:49:01 -05:00
Eleftheria Stein a63a0e3765 Add reactive CSRF samples to docs 
Issue gh-8172
 2020-05-28 13:16:35 -04:00
Josh Cummings da05543ef6
Update OAuth 2.0 Client Testing Docs 
Issue gh-8603
 2020-05-28 10:33:02 -06:00
Josh Cummings 42a8635cde
Remove @MockBean ClientRegistrationRepository 
Fixes gh-8606
 2020-05-28 10:33:02 -06:00
Josh Cummings d5b8981678
Polish OAuth 2.0 Samples 
- Favor @TestConfiguration so as to not disable Spring Boot's
auto-configuration of ClientRegistrationRepository and
OAuth2AuthorizedClientRepository
 2020-05-28 10:33:02 -06:00
Josh Cummings 8d84bc58f6
Remove Unneeded OAuth2AuthorizedClientRepository 
Issue gh-8603
 2020-05-28 10:33:02 -06:00
Josh Cummings 900f551890
Inject TestOAuth2AuthorizedClientRepository 
Fixes gh-8603
 2020-05-28 10:33:02 -06:00
Josh Cummings d014d29199
Update to Spring Boot 2.3.0 
Fixes gh-8605
 2020-05-27 16:12:23 -06:00
Josh Cummings b6f5464fb4
Update to Latest rsocket-core 
Now that the RSocket Authentication Extension is GA, it's no longer
necessary to override the version locally in the sample.

Issue gh-7935
 2020-05-27 16:12:23 -06:00
Josh Cummings 23db372962
Update to Gradle 6.4.1 
Fixes gh-8604
 2020-05-27 16:12:23 -06:00
Eleftheria Stein 61060b3a4f Add multipart configuration to CSRF Kotlin DSL 
Fixes gh-8602
 2020-05-27 17:01:12 -04:00
Eleftheria Stein 6f5947cab7 Fix test warnings 2020-05-27 17:00:48 -04:00
Eleftheria Stein fa11ae3c33 Remove unused import 2020-05-27 14:27:29 -04:00
Markus Engelbrecht 7463583c1b Fix typos in BCryptPasswordEncoder documentation 
Resolves gh-8585
 2020-05-27 10:35:49 -05:00
Spencer Gilson 551f9114a9 Fixing typo in README 
@pivotal-issuemaster This is an Obvious Fix
 2020-05-27 07:50:33 -05:00
Eleftheria Stein 67d2efde1c Resolve package tangles with security marker annotation 2020-05-27 07:33:24 -05:00
Eleftheria Stein bc272ddf73 Resolve package tangles in Kotlin server package 2020-05-27 07:33:24 -05:00
Eleftheria Stein 0a42aa26c8 Mock request with non-standard HTTP method in test 
Fixes gh-8594
 2020-05-26 10:16:56 -04:00
Craig Andrews f1db7167cb Polish 
Use `getBeanOrNull` in `registerDelegateApplicationListener` to simplify implementation.

This change does not alter behavior.
 2020-05-22 20:33:32 -05:00
Craig Andrews dbdeec4216 Check for an existing SessionRegistry bean 
If a SessionRegistry is necessary, check for one in the ApplicationContext before creating one.
 2020-05-22 20:33:32 -05:00
Evgeniy Cheban 0fa339f75b Allow port=0 for ApacheDSContainer 
Fixes gh-8144
 2020-05-21 16:14:01 -05:00
justmehyp 06254a4fd4 Remove unused field 'digester' in Md4PasswordEncoder 
`private Digester digester;`  defined in Md4PasswordEncoder is never used. So remove it.
 2020-05-21 11:19:03 -05:00
Mazharul Islam bf9e8295d6 mentioning the default strength of BCryptPasswordEncoder 2020-05-21 11:15:45 -05:00
Thomas Turrell-Croft 014df98ebb Polish 
* Correct documented default schema to match default schema exposed as classpath resource
* Fix Java example of adding users to JdbcUserDetailsManager
 2020-05-21 11:09:31 -05:00
Maksim Vinogradov 4f58576952 Prevent StackOverflowError for AccessControlEntryImpl.hashCode 
Getting StackOverflowError when invoke AclImpl.hashCode because of
cross-references between AclImpl and AccessControlEntryImpl

Remove from AccessControlEntryImpl.hashCode method invocation of
acl.hashCode

fixes gh-5401
 2020-05-21 09:53:35 -05:00
Astushi Yoshikawa f08ca4e688 Throw exception if URL does not include context path when context relative 
Issue: gh-8399
 2020-05-20 14:02:17 -04:00
Rob Winch dc514b369e FilterInvocation Support Default Methods on HttpServletRequest 
Closes gh-8566
 2020-05-20 10:13:59 -05:00