Commit Graph

11898 Commits

Author SHA1 Message Date
Marcus Da Coregio 1c4d6ed098 Consistently handle RequestRejectedException if it is wrapped
Closes gh-11645
2022-08-09 08:30:15 -03:00
Igor Bolic efaee4e56b Allow customization of redirect strategy
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.

Closes gh-11373
2022-08-08 15:35:49 -05:00
Rob Winch 269c711a64 RequestAttributeSecurityContextRepository never null SecurityContext
Previously loadContext(HttpServletRequest) could return a Supplier that
returned a null SecurityContext

This commit ensures that null is never returned by the Supplier by
returning SecurityContextHolder.createEmptyContext() instead.

Closes gh-11606
2022-08-08 13:52:56 -05:00
Rob Winch c9f8d2b111 RequestAttributeSecurityContextRepository never null SecurityContext
Previously loadContext(HttpServletRequest) could return a Supplier that
returned a null SecurityContext

This commit ensures that null is never returned by the Supplier by
returning SecurityContextHolder.createEmptyContext() instead.

Closes gh-11606
2022-08-08 13:52:12 -05:00
Josh Cummings c2d79fcbd6
Add Conditions to Generating AuthnRequest
Closes gh-11657
2022-08-03 17:34:31 -06:00
Josh Cummings aa225943d2
Polish Tests
Issue gh-11657
2022-08-03 17:34:26 -06:00
Steve Riesenberg 99f768bab9 Polish HttpSecurity 2022-07-29 17:43:00 -05:00
Steve Riesenberg 984355e637 Remove references to WebSecurityConfigurerAdapter
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer

Closes gh-11288
2022-07-29 17:43:00 -05:00
Steve Riesenberg 09173c95d6 Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity
Closes gh-11277
2022-07-29 17:43:00 -05:00
Steve Riesenberg 07ea139ebf Polish HttpSecurity 2022-07-29 17:42:39 -05:00
Steve Riesenberg 67544f36f9 Remove references to WebSecurityConfigurerAdapter
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer

Closes gh-11288
2022-07-29 17:42:39 -05:00
Steve Riesenberg 05725af4d8 Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity
Closes gh-11277
2022-07-29 17:42:39 -05:00
Steve Riesenberg 02459919cc
Skip workflows on forks of spring-security 2022-07-28 15:13:56 -05:00
Steve Riesenberg 57d212ddca
Use cache and user.name system property on Windows 2022-07-28 15:13:55 -05:00
Steve Riesenberg 539b17f6da
Only run prerequisites job if on upstream repo 2022-07-28 15:13:54 -05:00
Steve Riesenberg 37e1ad27fe
Simplify dependency graph 2022-07-28 15:13:53 -05:00
Steve Riesenberg 043fdd6f03
Use Spring Gradle Build Action
Closes gh-11630
2022-07-28 15:13:52 -05:00
Steve Riesenberg 3234e05085
Polish gh-11367 2022-07-28 15:13:51 -05:00
naveen f957e3c051
Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.

- Included permissions for the action.

https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Closes gh-11367
2022-07-28 15:13:51 -05:00
Steve Riesenberg 24033be046
Skip workflows on forks of spring-security 2022-07-28 15:11:09 -05:00
Steve Riesenberg 47a5665767
Use cache and user.name system property on Windows 2022-07-28 15:11:08 -05:00
Steve Riesenberg aad60cc6af
Only run prerequisites job if on upstream repo 2022-07-28 15:11:07 -05:00
Steve Riesenberg 13e94935ae
Simplify dependency graph 2022-07-28 15:11:06 -05:00
Steve Riesenberg 6c29007fac
Use Spring Gradle Build Action
Closes gh-11630
2022-07-28 15:11:05 -05:00
Steve Riesenberg 6ad567f0fa
Polish gh-11367 2022-07-28 15:11:05 -05:00
naveen 8c634f8a9d
Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.

- Included permissions for the action.

https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Closes gh-11367
2022-07-28 15:11:04 -05:00
Steve Riesenberg 4fbbfd2c8b
Skip workflows on forks of spring-security 2022-07-28 15:07:02 -05:00
Steve Riesenberg 66da4301fc
Use cache and user.name system property on Windows 2022-07-28 15:07:02 -05:00
Steve Riesenberg 8929bd5abc
Only run prerequisites job if on upstream repo 2022-07-28 15:07:02 -05:00
Steve Riesenberg e3d1405f67
Simplify dependency graph 2022-07-28 15:07:02 -05:00
Steve Riesenberg e756a1df19
Use Spring Gradle Build Action
Closes gh-11630
2022-07-28 15:07:02 -05:00
Steve Riesenberg 81fae2db2c
Polish gh-11367 2022-07-28 15:07:01 -05:00
naveen 054a3f0bc0
Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.

- Included permissions for the action.

https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Closes gh-11367
2022-07-28 15:07:00 -05:00
Ulrich Grave 409998a3fe Add hash-based Content-Security-Policy for SAML pages
Closes gh-11631
2022-07-27 17:59:42 -06:00
Marcus Da Coregio e5ae35ab71 Add Deprecated annotation to WebSecurity#securityInterceptor
Closes gh-11634
2022-07-27 14:39:33 -03:00
Marcus Da Coregio a996dfc55b Add Deprecated annotation to WebSecurity#securityInterceptor
Closes gh-11634
2022-07-27 14:38:50 -03:00
Marcus Da Coregio d66ad22652 Add Deprecated annotation to WebSecurity#securityInterceptor
Closes gh-11634
2022-07-27 14:32:44 -03:00
Rob Winch 7a860e1568 Fix Snapshot Sources/Javadoc
This commit merges a workaround to an issue in JFrog's Gradle plugin
which causes SNAPSHOT javadoc and sources to become out of sync and thus
prevents users from being able to download either.

Closes gh-10602
2022-07-26 16:26:31 -05:00
Rob Winch ad9e737bf2 Fix Snapshot Sources/Javadoc
This commit merges a workaround to an issue in JFrog's Gradle plugin
which causes SNAPSHOT javadoc and sources to become out of sync and thus
prevents users from being able to download either.

Closes gh-10602
2022-07-26 16:25:52 -05:00
Rob Winch 0d74da4f97 Fix Snapshot Sources/Javadoc
This commit merges a workaround to an issue in JFrog's Gradle plugin
which causes SNAPSHOT javadoc and sources to become out of sync and thus
prevents users from being able to download either.

Closes gh-10602
2022-07-26 16:24:54 -05:00
Desmond Silveira 0d3c3c676d
"Well-Know" should be "Well-Known" 2022-07-26 15:45:27 -05:00
Desmond Silveira 06aa3362dd
"Well-Know" should be "Well-Known" 2022-07-26 15:44:41 -05:00
Desmond Silveira 2a336d4f49 "Well-Know" should be "Well-Known" 2022-07-26 15:41:05 -05:00
Yuriy Savchenko 0f64d4c091 Add Kotlin example for WebTestClient setup docs
Closes gh-9998
2022-07-22 14:04:16 -03:00
Yuriy Savchenko 7c7751635d Add Kotlin example for WebTestClient setup docs
Closes gh-9998
2022-07-22 13:56:41 -03:00
Yuriy Savchenko 5322352427 Add Kotlin example for WebTestClient setup docs
Closes gh-9998
2022-07-22 13:49:21 -03:00
Josh Cummings 56a6133b20
Merge Same-named Attribute Elements
Closes gh-11042
2022-07-20 18:43:25 -06:00
Josh Cummings bced37f6a7
Merge Same-named Attribute Elements
Closes gh-11042
2022-07-20 18:41:55 -06:00
Josh Cummings 561f65b34d
Merge Same-named Attribute Elements
Closes gh-11042
2022-07-20 18:40:20 -06:00
Steve Riesenberg aaf20e7b61
Build only on branches
Issue gh-11480
2022-07-18 11:47:25 -05:00