Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 07:37:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
14,606 Commits 34 Branches 337 Tags
Commit Graph

2475 Commits

Author SHA1 Message Date
Daniel Garnier-Moiroux
27059ced87
Default X-Xss-Protection header value to "0" 
Closes gh-9631
 2022-10-07 17:42:55 -05:00
Steve Riesenberg
dcda899c8c
Merge branch '5.8.x' 2022-10-07 17:40:37 -05:00
Steve Riesenberg
37fa49b32d
Polish gh-11952 2022-10-07 17:40:12 -05:00
Steve Riesenberg
6753f9745e
Merge branch '5.8.x' 
# Conflicts:
#	config/src/test/kotlin/org/springframework/security/config/web/server/ServerCsrfDslTests.kt
#	docs/modules/ROOT/pages/reactive/exploits/csrf.adoc
 2022-10-07 17:29:07 -05:00
Steve Riesenberg
f462134e87
Add reactive support for BREACH 
Closes gh-11959
 2022-10-07 16:34:17 -05:00
Steve Riesenberg
f4ca90e719
Add reactive interfaces for CSRF request handling 
Issue gh-11959
 2022-10-07 16:34:16 -05:00
Marcus Da Coregio
398f5dee7f Remove deprecated RequestMatcher methods from Java Configuration 
Closes gh-11939
 2022-10-07 15:26:46 -03:00
Marcus Da Coregio
9fd195d419 Default to shouldFilterAllDispatcherTypes=true in XML 
Closes gh-11970
 2022-10-07 11:46:20 -03:00
Marcus Da Coregio
146d3269bc Merge branch '5.8.x' 
Closes gh-11971
 2022-10-07 10:28:14 -03:00
Marcus Da Coregio
f3321c256c Add XML support for shouldFilterAllDispatcherTypes 
Closes gh-11492
 2022-10-07 10:20:32 -03:00
Marcus Da Coregio
f650ebe545 Merge branch '5.8.x' 2022-10-06 13:50:50 -03:00
Marcus Da Coregio
8a5aed2983 Add deprecation warning to CsrfDsl#ignoringAntMatchers 
Issue gh-11347
 2022-10-06 13:50:38 -03:00
Marcus Da Coregio
d6302aabbc Merge branch '5.8.x' 2022-10-06 13:21:52 -03:00
Marcus Da Coregio
bc4ad52feb Add deprecation warning to mvcMatchers methods 
Issue gh-11347
 2022-10-06 13:21:27 -03:00
Josh Cummings
12b9f2e196
use-authorization-manager defaults to true 
Closes gh-11929
 2022-10-06 08:12:46 -06:00
Marcus Da Coregio
52ab2303da Fix failing test 
Issue gh-11061
 2022-10-06 09:28:06 -03:00
Marcus Da Coregio
c4d23f2b49 Use MvcRequestMatcher by default if Spring MVC is present 
Closes gh-11899
 2022-10-06 09:12:04 -03:00
Josh Cummings
12ac7acb2c
Merge remote-tracking branch 'origin/5.8.x' 2022-10-05 23:53:40 -06:00
Josh Cummings
2079309c5a
Add SecurityContextHolderStrategy XML Configuration for OAuth2 
Issue gh-11061
 2022-10-05 23:50:59 -06:00
Josh Cummings
7543effe89
Add SecurityContextHolderStrategy Java Configuration for OAuth2 
Issue gh-11061
 2022-10-05 23:50:58 -06:00
Josh Cummings
7e3841105b
Add SecurityContextHolderStrategy XML Configuration for Saml2 
Issue gh-11061
 2022-10-05 23:50:57 -06:00
Josh Cummings
19181a5afd
Add SecurityContextHolderStrategy Java Configuration for Saml2 
Issue gh-11061
 2022-10-05 23:50:56 -06:00
Josh Cummings
0c0e298aa7
Polish Saml2 XML Use of SecurityContextHolderStrategy 
Issue gh-11061
 2022-10-05 23:38:14 -06:00
Josh Cummings
72a46ddd31
Merge remote-tracking branch 'origin/5.8.x' 2022-10-05 22:48:33 -06:00
Josh Cummings
b4d13e7726
Polish use-authorization-manager 
- Use SecurityContextHolderStrategy
- Allow empty role prefix
- Disallow access-decision-manager-ref and authorization-manager-ref
together

Issue gh-11305
 2022-10-05 22:21:09 -06:00
Josh Cummings
7043ef6ccb
Polish OpaqueTokenAuthenticationConverterTests 
Issue gh-11665
 2022-10-05 22:18:41 -06:00
Steve Riesenberg
8b490de08d
Merge branch '5.8.x' 
# Conflicts:
#	docs/modules/ROOT/pages/servlet/exploits/csrf.adoc
 2022-10-05 14:46:15 -05:00
Steve Riesenberg
dce1c30522
Add support for BREACH 
Closes gh-4001
 2022-10-05 14:21:13 -05:00
Steve Riesenberg
6bbf20be93
Fix failing tests 
Issue gh-11952
 2022-10-05 14:19:40 -05:00
Steve Riesenberg
a7000a053b
Merge branch '5.8.x' 2022-10-05 13:46:26 -05:00
Steve Riesenberg
1d706ae13d
Add csrfTokenRequestResolver to CsrfDsl 
Closes gh-11952
 2022-10-05 13:35:23 -05:00
Marcus Da Coregio
c2ed65c67a Fix failing tests 
Issue gh-9159
 2022-10-05 14:59:33 -03:00
Marcus Da Coregio
22ba358e57 Merge branch '5.8.x' 2022-10-05 13:44:54 -03:00
Marcus Da Coregio
bf6e85ec15 Accept String varargs in securityMatcher 
Issue gh-9159
 2022-10-05 13:44:08 -03:00
Marcus Da Coregio
76d7a85bc0 Use modified classpath test support for tests that depend on the classpath 
Issue gh-11347
 2022-10-04 15:32:19 -03:00
Marcus Da Coregio
77dcc691b3 Add modified classpath test support 
Closes gh-11951
 2022-10-04 15:32:18 -03:00
Marcus Da Coregio
5002199be3 Revert "Disable tests that need Spring MVC mocked in classpath" 
This reverts commit c6978fba7c53c5bec765dba672b0ccb084e3048f.
 2022-10-04 15:32:18 -03:00
Marcus Da Coregio
35f7e46d05 Remove WebSecurityConfigurerAdapter 
Closes gh-10902
 2022-10-04 15:13:04 -03:00
Steve Riesenberg
3bc76815c2
Update csrf.request-handler-ref in 6.0 
Issue gh-11918
 2022-10-04 11:24:54 -05:00
Steve Riesenberg
5de6da890b
Merge branch '5.8.x' 
Closes gh-dry-run
 2022-10-04 11:18:00 -05:00
Marcus Da Coregio
c6978fba7c Disable tests that need Spring MVC mocked in classpath 
Issue gh-11347
 2022-10-04 08:56:06 -03:00
Steve Riesenberg
475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken 
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler

Issue gh-11892
Closes gh-11918
 2022-10-03 17:10:54 -05:00
Steve Riesenberg
c847efd3fd
Fix servlet import 
Issue gh-11347
Issue gh-9159
 2022-10-03 15:10:56 -05:00
Steve Riesenberg
c98de7af2f
Add xss-protection.header-value in 6.0 
Issue gh-9631
 2022-10-03 14:31:04 -05:00
Steve Riesenberg
7c3cc1e386
Merge branch '5.8.x' 2022-10-03 14:29:51 -05:00
Daniel Garnier-Moiroux
0e215a21ad
Add X-Xss-Protection headerValue to XML config 
Issue gh-9631
 2022-10-03 14:29:34 -05:00
Marcus Da Coregio
ad2abd39dc Merge branch '5.8.x' 
Closes gh-11347 in 6.0.x
Closes gh-11945
 2022-10-03 16:02:18 -03:00
Marcus Da Coregio
039e0328e1 Simplify Java Configuration RequestMatcher Usage 
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity

Closes gh-11347
Closes gh-9159
 2022-10-03 15:55:20 -03:00
Steve Riesenberg
d9a682a414
Polish gh-11896 2022-10-03 10:00:43 -05:00
Steve Riesenberg
bf9339d88e
Merge branch '5.8.x' 2022-10-03 09:57:40 -05:00